Module Name: src
Committed By: riz
Date: Wed Jun 13 19:29:06 UTC 2012
Modified Files:
src/doc [netbsd-6]: 3RDPARTY CHANGES
src/external/ibm-public/postfix/dist [netbsd-6]: HISTORY RELEASE_NOTES
src/external/ibm-public/postfix/dist/README_FILES [netbsd-6]:
RELEASE_NOTES TLS_README
src/external/ibm-public/postfix/dist/html [netbsd-6]: TLS_README.html
lmtp.8.html postconf.5.html smtp.8.html smtpd.8.html
src/external/ibm-public/postfix/dist/man/man5 [netbsd-6]: postconf.5
src/external/ibm-public/postfix/dist/man/man8 [netbsd-6]: smtp.8
smtpd.8
src/external/ibm-public/postfix/dist/proto [netbsd-6]: TLS_README.html
postconf.proto
src/external/ibm-public/postfix/dist/src/cleanup [netbsd-6]:
cleanup_milter.c
src/external/ibm-public/postfix/dist/src/dnsblog [netbsd-6]: dnsblog.c
src/external/ibm-public/postfix/dist/src/global [netbsd-6]:
mail_params.h mail_version.h
src/external/ibm-public/postfix/dist/src/local [netbsd-6]: Makefile.in
src/external/ibm-public/postfix/dist/src/postlog [netbsd-6]: postlog.c
src/external/ibm-public/postfix/dist/src/postqueue [netbsd-6]:
Makefile.in postqueue.c
src/external/ibm-public/postfix/dist/src/smtp [netbsd-6]: smtp.c
src/external/ibm-public/postfix/dist/src/smtpd [netbsd-6]: smtpd.c
src/external/ibm-public/postfix/dist/src/tls [netbsd-6]: tls.h
tls_client.c tls_misc.c tls_server.c
src/external/ibm-public/postfix/dist/src/util [netbsd-6]: events.c
src/external/ibm-public/postfix/dist/src/xsasl [netbsd-6]:
xsasl_cyrus.h xsasl_cyrus_client.c xsasl_cyrus_server.c
Log Message:
Pull up following revision(s) (requested by tron in ticket #333):
doc/3RDPARTY 1.940 via patch
doc/CHANGES 1.1708 via patch
external/ibm-public/postfix/dist/HISTORY patch
external/ibm-public/postfix/dist/RELEASE_NOTES patch
external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES patch
external/ibm-public/postfix/dist/README_FILES/TLS_README patch
external/ibm-public/postfix/dist/html/TLS_README.html patch
external/ibm-public/postfix/dist/html/lmtp.8.html patch
external/ibm-public/postfix/dist/html/postconf.5.html patch
external/ibm-public/postfix/dist/html/smtp.8.html patch
external/ibm-public/postfix/dist/html/smtpd.8.html patch
external/ibm-public/postfix/dist/man/man5/postconf.5 patch
external/ibm-public/postfix/dist/man/man8/smtp.8 patch
external/ibm-public/postfix/dist/man/man8/smtpd.8 patch
external/ibm-public/postfix/dist/proto/TLS_README.html patch
external/ibm-public/postfix/dist/proto/postconf.proto patch
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.c patch
external/ibm-public/postfix/dist/src/dnsblog/dnsblog.c patch
external/ibm-public/postfix/dist/src/global/mail_params.h patch
external/ibm-public/postfix/dist/src/global/mail_version.h patch
external/ibm-public/postfix/dist/src/local/Makefile.in patch
external/ibm-public/postfix/dist/src/postlog/postlog.c patch
external/ibm-public/postfix/dist/src/postqueue/Makefile.in patch
external/ibm-public/postfix/dist/src/postqueue/postqueue.c patch
external/ibm-public/postfix/dist/src/smtp/smtp.c patch
external/ibm-public/postfix/dist/src/smtpd/smtpd.c patch
external/ibm-public/postfix/dist/src/tls/tls.h patch
external/ibm-public/postfix/dist/src/tls/tls_client.c patch
external/ibm-public/postfix/dist/src/tls/tls_misc.c patch
external/ibm-public/postfix/dist/src/tls/tls_server.c patch
external/ibm-public/postfix/dist/src/util/events.c patch
external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus.h patch
external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_client.c patch
external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_server.c patch
Update Postfix to version 2.8.11:
- The "change header" milter request could replace the wrong header.
A long header name could match a shorter one, because a length check
was done on the wrong string. Reported by Vladimir Vassiliev.
- Core dump when postlog emitted the "usage" message, caused by an
extraneous null assignment. Reported by Kant (fnord.hammer).
- These releases add support to turn off the TLSv1.1 and TLSv1.2
protocols. Introduced with OpenSSL version 1.0.1, these protocols
are known to cause inter-operability problems, for example with some
hotmail services. The radical workaround is to temporarily turn off
problematic protocols globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic
protocols for broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
Notes:
Note the use of ":" instead of comma or space. Also, note that there
is NO space around the "=" in "protocols=".
The smtp_tls_policy_maps lookup key must match the "next-hop"
destination that is given to the Postfix SMTP client. If you
override the next-hop destination with transport_maps, relayhost,
sender_dependent_relayhost_maps, or otherwise, you need to specify
the same destination for the smtp_tls_policy_maps lookup key.
- OpenSSL related (all supported Postfix versions).
Some people have reported program crashes when the OpenSSL library
was updated while Postfix was accessing the Postfix TLS session
cache. To avoid this, the Postfix TLS session cache ID now includes
the OpenSSL library version number. This cache ID is not shared via
the network.
- The OpenSSL workaround introduced with the previous stable and legacy
releases did not compile with older gcc compilers. These compilers
cant handle #ifdef inside a macro invocation (NOT: definition).
- To avoid repeated warnings from postscreen(8) with "connect to
private/dnsblog service: Connection refused" on FreeBSD, the
dnsblog(8) daemon now uses the single_server program driver instead
of the multi_server driver. This one-line code change has no
performance impact for other systems, and eliminates a high-frequency
accept() race on a shared socket that appears to cause trouble on
FreeBSD. The same single_server program driver has proven itself for
many years in smtpd(8). Problem reported by Sahil Tandon.
- Laptop-friendly support (all supported Postfix versions). A
little-known secret is that Postfix has always had support to avoid
unnecessary disk spin-up for MTIME updates, by doing s/fifo/unix/
in master.cf (this is currently not supported on Solaris systems).
However, two minor fixes are needed to make this bullet-proof.
- In laptop-friendly mode, the "postqueue -f" and "sendmail -q"
commands did not wait until their requests had reached the pickup
and qmgr servers before closing their UNIX-domain request sockets.
- In laptop-friendly mode, the unused postkick command waited for more
than a minute because the event_drain() function was comparing
bitmasks incorrectly on systems with kqueue(2), epoll(2) or
/dev/poll support.
To generate a diff of this commit:
cvs rdiff -u -r1.909.2.7 -r1.909.2.8 src/doc/3RDPARTY
cvs rdiff -u -r1.1670.2.4 -r1.1670.2.5 src/doc/CHANGES
cvs rdiff -u -r1.1.1.12.2.1 -r1.1.1.12.2.2 \
src/external/ibm-public/postfix/dist/HISTORY
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.6.1 \
src/external/ibm-public/postfix/dist/RELEASE_NOTES
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.6.1 \
src/external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES
cvs rdiff -u -r1.4 -r1.4.6.1 \
src/external/ibm-public/postfix/dist/README_FILES/TLS_README
cvs rdiff -u -r1.5 -r1.5.4.1 \
src/external/ibm-public/postfix/dist/html/TLS_README.html
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.6.1 \
src/external/ibm-public/postfix/dist/html/lmtp.8.html \
src/external/ibm-public/postfix/dist/html/smtp.8.html
cvs rdiff -u -r1.8 -r1.8.4.1 \
src/external/ibm-public/postfix/dist/html/postconf.5.html
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.4.1 \
src/external/ibm-public/postfix/dist/html/smtpd.8.html
cvs rdiff -u -r1.8 -r1.8.4.1 \
src/external/ibm-public/postfix/dist/man/man5/postconf.5
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.6.1 \
src/external/ibm-public/postfix/dist/man/man8/smtp.8 \
src/external/ibm-public/postfix/dist/man/man8/smtpd.8
cvs rdiff -u -r1.4 -r1.4.6.1 \
src/external/ibm-public/postfix/dist/proto/TLS_README.html
cvs rdiff -u -r1.8 -r1.8.4.1 \
src/external/ibm-public/postfix/dist/proto/postconf.proto
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.4.1 \
src/external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.6.1 \
src/external/ibm-public/postfix/dist/src/dnsblog/dnsblog.c
cvs rdiff -u -r1.7 -r1.7.6.1 \
src/external/ibm-public/postfix/dist/src/global/mail_params.h
cvs rdiff -u -r1.1.1.12.2.1 -r1.1.1.12.2.2 \
src/external/ibm-public/postfix/dist/src/global/mail_version.h
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.4.1 \
src/external/ibm-public/postfix/dist/src/local/Makefile.in
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.12.1 \
src/external/ibm-public/postfix/dist/src/postlog/postlog.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.12.1 \
src/external/ibm-public/postfix/dist/src/postqueue/Makefile.in
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.8.1 \
src/external/ibm-public/postfix/dist/src/postqueue/postqueue.c
cvs rdiff -u -r1.4 -r1.4.6.1 \
src/external/ibm-public/postfix/dist/src/smtp/smtp.c
cvs rdiff -u -r1.7 -r1.7.4.1 \
src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.6.1 \
src/external/ibm-public/postfix/dist/src/tls/tls.h
cvs rdiff -u -r1.4 -r1.4.6.1 \
src/external/ibm-public/postfix/dist/src/tls/tls_client.c \
src/external/ibm-public/postfix/dist/src/tls/tls_server.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.6.1 \
src/external/ibm-public/postfix/dist/src/tls/tls_misc.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.6.1 \
src/external/ibm-public/postfix/dist/src/util/events.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.12.1 \
src/external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus.h \
src/external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_client.c \
src/external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_server.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
