./mail/postfix-sqlite, Postfix SMTP server SQLite backend module

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.9.0nb3, Package name: postfix-sqlite-3.9.0nb3, Maintainer: pkgsrc-users

Postfix SMTP server SQLite backend module


Required to run:
[mail/postfix]

Master sites:

Filesize: 4837.044 KB

Version history: (Expand)


CVS history: (Expand)


   2023-12-22 18:29:18 by Thomas Klausner | Files touched by this commit (10) | Package updated
Log message:
postfix*: update to 3.8.4

20230815

	Bugfix (bug introduced: 20140218): when opportunistic TLS fails
	during or after the handshake, don't require that a probe
	message spent a minimum time-in-queue before falling back to
	plaintext. Problem reported by Serg. File: smtp/smtp.h.

20230819

	Bugfix (defect introduced: 19980207): the valid_hostname()
	check in the Postfix DNS client library was blocking unusual
	but legitimate wildcard names (*.name) in some DNS lookup
	results and lookup requests. Examples:

            name          class/type value
            *.one.example   IN CNAME *.other.example
            *.other.example IN A     10.0.0.1
            *.other.example IN TLSA  ..certificate info...

	Such syntax is blesed in RFC 1034 section 4.3.3.

	This problem was reported first in the context of TLSA
	record lookups. Files: util/valid_hostname.[hc],
	dns/dns_lookup.c.

20230929

	Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix
	SMTP server was waiting for a client command instead of
	replying immediately, after a client certificate verification
	error in TLS wrappermode. Reported by Andreas Kinzler. File:
	smtpd/smtpd.c.

20231006

	Usability: the Postfix SMTP server now attempts to log the
	SASL username after authentication failure. In Postfix
	logging, this appends ", sasl_username=xxx" after the reason
	for SASL authentication failure. The logging replaces an
	unavailable reason with "(reason unavailable)", and replaces
	an unavailable sasl_username with "(unavailable)". Based
	on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
	xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.

20231026

	Bugfix (defect introduced: Postfix 2.11): in forward_path,
	the expression ${recipient_delimiter} would expand to an
	empty string when a recipient address had no recipient
	delimiter. Fixed by restoring Postfix 2.10 behavior to use
	a configured recipient delimiter value. Reported by Tod
	A. Sandman. Files: proto/postconf.proto, local/local_expand.c.

20231221

	Security: with "smtpd_forbid_bare_newline = yes" (default
	"no" for Postfix < 3.9), reply with "Error: bare <LF>
	received" and disconnect when an SMTP client sends a line
	ending in <LF>, violating the RFC 5321 requirement that
	lines must end in <CR><LF>. This prevents SMTP smuggling
	attacks that target a recipient at a Postfix server. For
	backwards compatibility, local clients are excluded by
	default with "smtpd_forbid_bare_newline_exclusions =
	$mynetworks". Files: mantools/postlink, proto/postconf.proto,
	global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
	smtpd/smtpd.c.
   2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377)
Log message:
*: recursive bump for icu 74.1
   2023-05-08 06:33:40 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1)
Log message:
postfix-sqlite: Update to 3.8.0
   2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | Package updated
Log message:
revbump after textproc/icu update
   2023-01-28 10:28:31 by Takahiro Kambe | Files touched by this commit (5) | Package updated
Log message:
mail/postfix: update to 3.7.4

Postfix 3.7.4 (2023-01-22)

  * Workaround: with OpenSSL 3 and later always turn on
    SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
    opportunities for TLS session reuse. This is safe because the SMTP
    protocol implements application-level framing, and is therefore not
    affected by TLS truncation attacks. Fix by Viktor Dukhovni.

  * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return
    lazily-bound handles for digest implementations. In sufficiently
    hostile configurations, Postfix could mistakenly believe that a digest
    algorithm is available, and fail when it is not. A similar workaround
    may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni.

  * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
    tls/tls_fprint.c evaluated its argument unconditionally; it should
    evaluate the argument only if there was no prior error. Found during
    code review.

  * Bugfix (bug introduced in Postfix 2.8): postscreen died with a
    segmentation violation when postscreen_dnsbl_threshold < 1. It
    should reject such input with a fatal error instead. Discovered by
    Benny Pedersen.

  * Bitrot: fixes for linker warnings from newer Darwin (MacOS)
    versions. Viktor Dukhovni.

  * Portability: Linux 6 support.

  * Added missing documentation that cidr:, pcre: and regexp: tables
    support inline specification only in Postfix 3.7 and later.
   2022-11-23 17:21:30 by Adam Ciarcinski | Files touched by this commit (1878) | Package updated
Log message:
massive revision bump after textproc/icu update
   2022-07-21 17:08:40 by Takahiro Kambe | Files touched by this commit (7) | Package updated
Log message:
mail/postfix: update to 3.7.2

3.7.0 (2022-02-07)

  * Support to inline the content of small cidr:, pcre:, and regexp:
    tables in Postfix parameter values. An example is the new
    smtpd_forbidden_commands default value, "CONNECT GET POST
    regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from
    clients that send garbage.

  * To make the maillog_file feature more useful, including stdout
    logging from a container, the postlog(1) command is now set-gid
    postdrop, so that unprivileged programs can use it to write
    logging through the postlogd(8) daemon. This required hardening
    the postlog(1) command against privilege escalation attacks.

  * Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.

  * Postfix programs now randomize the initial state of in-memory
    hash tables, to defend against hash collision attacks involving
    a large number of attacker-chosen lookup keys. Presently, the
    only known opportunity for such attacks involves remote SMTP
    client IPv6 addresses in the anvil(8) service, and requires
    making hundreds of short-lived connections per second while
    cycling through thousands of different client IP addresses.

  * Updated defense against remote clients or servers that 'trickle'
    SMTP or LMTP traffic. This replaces the old per-record deadlines
    with per-request deadlines and minimum data rates.

  * Many typofixes by raf and Wietse.

3.7.1 (2022-04-18)

  * (problem introduced: Postfix 2.7) The milter_header_checks maps
    are now opened before the cleanup(8) server enters the chroot
    jail. Problem reported by Jesper Dybdal.

  * In an internal client module, "host or service not found" was
    a fatal error, causing the milter_default_action setting to be
    ignored. It is now a non-fatal error, just like a failure to
    connect. Problem reported by Christian Degenkolb.

  * The proxy_read_maps default value was missing up to 27 parameter
    names. The corresponding lookup tables were not automatically
    authorized for use with the proxymap(8) service. The parameter
    names were ending in _checks, _reply_footer, _reply_filter,
    _command_filter, and _delivery_status_filter.

  * (problem introduced: Postfix 3.0) With dynamic map loading
    enabled, an attempt to create a map with "postmap regexp:path"
    would result in a bogus error message "Is the postfix-regexp
    package installed?" instead of "unsupported map type for this
    operation". This happened with all non-dynamic map types (static,
    cidr, etc.) that have no 'bulk create' support. Problem reported
    by Greg Klanderman.

  * In PCRE_README, "pcre2 --libs" should be "pcre2 \ 
--libs8". Problem
    reported by Carlos Velasco.

  * Documented in the postlogd(8) daemon manpage that the Postfix
    >= 3.7 postlog(1) command can run with setgid permissions.

3.7.2 (2022-04-28)

This reverts an overly complex change in the postscreen SMTP engine
(made during Postfix 3.7 development), and replaces it with much
simpler code. The bad change was crashing postscreen on some systems
after receiving malformed input (for example, a TLS "hello" message).
   2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | Package updated
Log message:
revbump for textproc/icu update