Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2019-04-04 12:01:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new.3908 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Thu Apr 4 12:01:04 2019 rev:168 rq:690296 version:3.4.5 Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2019-03-13 16:41:19.166686837 +0100 +++ /work/SRC/openSUSE:Factory/.postfix.new.3908/postfix.changes 2019-04-04 12:01:07.241300264 +0200 @@ -1,0 +2,83 @@ +Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder <[email protected]> + +- Update to 3.4.5: + Bugfix (introduced: Postfix 3.0): LMTP connections over + UNIX-domain sockets were cached but not reused, due to a + cache lookup key mismatch. Therefore, idle cached connections + could exhaust LMTP server resources, resulting in two-second + pauses between email deliveries. This problem was investigated + by Juliana Rodrigueiro. File: smtp/smtp_connect.c. + +------------------------------------------------------------------- +Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly <[email protected]> + +- Update to 3.4.4 + + o Incompatible changes + - The Postfix SMTP server announces CHUNKING (BDAT + command) by default. In the unlikely case that this breaks some + important remote SMTP client, disable the feature as follows: + + /etc/postfix/main.cf: + # The logging alternative: + smtpd_discard_ehlo_keywords = chunking + # The non-logging alternative: + smtpd_discard_ehlo_keywords = chunking, silent_discard + - This introduces a new master.cf service 'postlog' + with type 'unix-dgram' that is used by the new postlogd(8) daemon. + Before backing out to an older Postfix version, edit the master.cf + file and remove the postlog entry. + - Postfix 3.4 drops support for OpenSSL 1.0.1 + - To avoid performance loss under load, the + tlsproxy(8) daemon now requires a zero process limit in master.cf + (this setting is provided with the default master.cf file). By + default, a tlsproxy(8) process will retire after several hours. + - To set the tlsproxy process limit to zero: + postconf -F tlsproxy/unix/process_limit=0 + postfix reload + o Major changes + - Postfix SMTP server support for RFC 3030 CHUNKING + (the BDAT command) without BINARYMIME, in both smtpd(8) and + postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, + and smtpd_proxy_filter. See BDAT_README for more. + - Support for logging to file or stdout, instead of using syslog. + - Logging to file solves a usability problem for MacOS, and + eliminates multiple problems with systemd-based systems. + - Logging to stdout is useful when Postfix runs in a container, as + it eliminates a syslogd dependency. + - Better handling of undocumented(!) Linux behavior + whether or not signals are delivered to a PID=1 process. + - Support for (key, list of filenames) in map source text. + Currently, this feature is used only by tls_server_sni_maps. + - Automatic retirement: dnsblog(8) and tlsproxy(8) process + will now voluntarily retire after after max_idle*max_use, or some + sane limit if either limit is disabled. Without this, a process + could stay busy for days or more. + - Postfix SMTP client support for multiple deliveries + per TLS-encrypted connection. This is primarily to improve mail + delivery performance for destinations that throttle clients when + they don't combine deliveries. + This feature is enabled with "smtp_tls_connection_reuse=yes" in + main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. + It supports all Postfix TLS security levels including dane and + dane-only. + - SNI support in the Postfix SMTP server, the + Postfix SMTP client, and in the tlsproxy(8) daemon (both server and + client roles). See the postconf(5) documentation for the new + tls_server_sni_maps and smtp_tls_servername parameters. + - Support for files that contain multiple (key, certificate, trust chain) + instances. This was required to implement + server-side SNI table lookups, but it also eliminates the need for + separate cert/key files for RSA, DSA, Elliptic Curve, and so on. + - Support for smtpd_reject_footer_maps (as well as the postscreen + variant postscreen_reject_footer_maps) for more informative reject + messages. This is indexed with the Postfix SMTP server response + text, and overrides the footer specified with smtpd_reject_footer. + One will want to use a pcre: or regexp: map with this. + o Bugfixes + - Andreas Schulze discovered that reject_multi_recipient_bounce + was producing false rejects with BDAT commands. This problem + already existed with Postfix 2.2 smtpd_end_of_data_restrictons. + Postfix 3.4.4 fixes both. + +------------------------------------------------------------------- Old: ---- postfix-3.3.3.tar.gz New: ---- postfix-3.4.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.hvXL7o/_old 2019-04-04 12:01:09.741302266 +0200 +++ /var/tmp/diff_new_pack.hvXL7o/_new 2019-04-04 12:01:09.761302283 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -55,7 +55,7 @@ %bcond_with libnsl %endif Name: postfix -Version: 3.3.3 +Version: 3.4.5 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 OR EPL-2.0 ++++++ postfix-3.3.3.tar.gz -> postfix-3.4.5.tar.gz ++++++ ++++ 39714 lines of diff (skipped) ++++++ postfix-linux45.patch ++++++ --- /var/tmp/diff_new_pack.hvXL7o/_old 2019-04-04 12:01:10.997303273 +0200 +++ /var/tmp/diff_new_pack.hvXL7o/_new 2019-04-04 12:01:10.997303273 +0200 @@ -1,15 +1,13 @@ ---- - makedefs | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- makedefs -+++ makedefs -@@ -546,7 +546,7 @@ EOF +--- makedefs.orig 2019-03-11 13:54:48.176455533 +0100 ++++ makedefs 2019-03-11 13:55:44.512455319 +0100 +@@ -557,8 +557,8 @@ : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${PLUGIN_LD="${CC-gcc} -shared"} ;; -- Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR -+ Linux.[3-9].*|Linux.[1-9][0-9].*) SYSTYPE=LINUX3 - case "$CCARGS" in +- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR +- case "$CCARGS" in ++ Linux.[3-9].*|Linux.[1-9][0-9].*) SYSTYPE=LINUX3 ++ case "$CCARGS" in *-DNO_DB*) ;; *-DHAS_DB*) ;; + *) if [ -f /usr/include/db.h ] ++++++ postfix-master.cf.patch ++++++ --- /var/tmp/diff_new_pack.hvXL7o/_old 2019-04-04 12:01:11.005303279 +0200 +++ /var/tmp/diff_new_pack.hvXL7o/_new 2019-04-04 12:01:11.005303279 +0200 @@ -1,8 +1,6 @@ -Index: conf/master.cf -=================================================================== ---- conf/master.cf.orig -+++ conf/master.cf -@@ -10,33 +10,39 @@ +--- conf/master.cf.orig 2019-03-11 13:45:38.792457629 +0100 ++++ conf/master.cf 2019-03-11 13:50:08.312456601 +0100 +@@ -10,6 +10,11 @@ # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - n - - smtpd @@ -14,59 +12,18 @@ #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog - #tlsproxy unix - - n - 0 tlsproxy - #submission inet n - n - - smtpd --# -o syslog_name=postfix/submission --# -o smtpd_tls_security_level=encrypt --# -o smtpd_sasl_auth_enable=yes --# -o smtpd_tls_auth_only=yes --# -o smtpd_reject_unlisted_recipient=no --# -o smtpd_client_restrictions=$mua_client_restrictions --# -o smtpd_helo_restrictions=$mua_helo_restrictions --# -o smtpd_sender_restrictions=$mua_sender_restrictions --# -o smtpd_recipient_restrictions= --# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject --# -o milter_macro_daemon_name=ORIGINATING -+# -o syslog_name=postfix/submission -+# -o smtpd_tls_security_level=encrypt -+# -o smtpd_sasl_auth_enable=yes -+# -o smtpd_tls_auth_only=yes -+# -o smtpd_reject_unlisted_recipient=no -+# -o smtpd_client_restrictions=$mua_client_restrictions -+# -o smtpd_helo_restrictions=$mua_helo_restrictions -+# -o smtpd_sender_restrictions=$mua_sender_restrictions -+# -o smtpd_recipient_restrictions= -+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -+# -o milter_macro_daemon_name=ORIGINATING +@@ -29,6 +34,7 @@ #smtps inet n - n - - smtpd --# -o syslog_name=postfix/smtps --# -o smtpd_tls_wrappermode=yes --# -o smtpd_sasl_auth_enable=yes --# -o smtpd_reject_unlisted_recipient=no --# -o smtpd_client_restrictions=$mua_client_restrictions --# -o smtpd_helo_restrictions=$mua_helo_restrictions --# -o smtpd_sender_restrictions=$mua_sender_restrictions --# -o smtpd_recipient_restrictions= --# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject --# -o milter_macro_daemon_name=ORIGINATING -+# -o syslog_name=postfix/smtps -+# -o smtpd_tls_wrappermode=yes -+# -o content_filter=smtp:[127.0.0.1]:10024 -+# -o smtpd_sasl_auth_enable=yes -+# -o smtpd_reject_unlisted_recipient=no -+# -o smtpd_client_restrictions=$mua_client_restrictions -+# -o smtpd_helo_restrictions=$mua_helo_restrictions -+# -o smtpd_sender_restrictions=$mua_sender_restrictions -+# -o smtpd_recipient_restrictions= -+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -+# -o milter_macro_daemon_name=ORIGINATING - #628 inet n - n - - qmqpd - pickup unix n - n 60 1 pickup - cleanup unix n - n - 0 cleanup -@@ -64,6 +70,27 @@ virtual unix - n n - lmtp unix - - n - - lmtp + # -o syslog_name=postfix/smtps + # -o smtpd_tls_wrappermode=yes ++# -o content_filter=smtp:[127.0.0.1]:10024 + # -o smtpd_sasl_auth_enable=yes + # -o smtpd_reject_unlisted_recipient=no + # -o smtpd_client_restrictions=$mua_client_restrictions +@@ -65,6 +71,26 @@ anvil unix - - n - 1 anvil scache unix - - n - 1 scache + postlog unix-dgram n - n - 1 postlogd +#localhost:10025 inet n - n - - smtpd +# -o content_filter= +# -o smtpd_delay_reject=no @@ -87,11 +44,10 @@ +# -o local_header_rewrite_clients= +# -o local_recipient_maps= +# -o relay_recipient_maps= -+ # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual -@@ -97,7 +124,7 @@ scache unix - - n +@@ -98,7 +124,7 @@ # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe @@ -100,7 +56,7 @@ # # ==================================================================== # -@@ -130,3 +157,10 @@ scache unix - - n +@@ -131,3 +157,10 @@ #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} ++++++ postfix-ssl-release-buffers.patch ++++++ --- /var/tmp/diff_new_pack.hvXL7o/_old 2019-04-04 12:01:11.025303295 +0200 +++ /var/tmp/diff_new_pack.hvXL7o/_new 2019-04-04 12:01:11.025303295 +0200 @@ -1,34 +1,27 @@ -Index: src/tls/tls_client.c -=================================================================== ---- src/tls/tls_client.c.orig -+++ src/tls/tls_client.c -@@ -363,6 +363,12 @@ TLS_APPL_STATE *tls_client_init(const TL +--- src/tls/tls_client.c.orig 2019-03-11 14:24:34.492448719 +0100 ++++ src/tls/tls_client.c 2019-03-11 14:27:42.824448001 +0100 +@@ -397,6 +397,11 @@ SSL_CTX_set_security_level(client_ctx, 0); #endif -+ /* Keep memory usage as low as possible */ -+ +#ifdef SSL_MODE_RELEASE_BUFFERS ++ /* Keep memory usage as low as possible */ + SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif + /* * See the verify callback in tls_verify.c */ -Index: src/tls/tls_server.c -=================================================================== ---- src/tls/tls_server.c.orig -+++ src/tls/tls_server.c -@@ -454,6 +454,12 @@ TLS_APPL_STATE *tls_server_init(const TL - SSL_CTX_set_security_level(server_ctx, 0); +--- src/tls/tls_server.c.orig 2019-03-11 14:26:04.700448375 +0100 ++++ src/tls/tls_server.c 2019-03-11 14:27:49.184447977 +0100 +@@ -455,6 +455,10 @@ + SSL_CTX_set_security_level(sni_ctx, 0); #endif -+ /* Keep memory usage as low as possible */ -+ +#ifdef SSL_MODE_RELEASE_BUFFERS ++ /* Keep memory usage as low as possible */ + SSL_CTX_set_mode(server_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif -+ /* * See the verify callback in tls_verify.c */
