Bugfix (bug introduced 20210102): panic in some postconf
commands due to duplicate initialization of compatibility
level comparison operators. File: global/compat_level.c.
+
+ Cleanup: stricter parsing of known_tcp_port settings. Files:
+ util/argv_split_at.c, util/argv.h, global/config_known_tcp_ports.c.
+
+20210420
+
+ Documentation: typofixes by Paul Menzel. File: RELEASE_NOTES.
+
+ Documentation: numeric IP address examples. File: conf/master.cf.
+
+ Documentation: added "-Wl,-R,/path/to/directory" hints to
+ optional build instructions. Files: proto/DB_README.html,
+ proto/LDAP_README.html, proto/LMDB_README.html,
+ proto/MYSQL_README.html, proto/PGSQL_README.html,
+ proto/SASL_README.html, proto/SQLITE_README.html,
+ proto/TLS_README.html.
AUXLIBS="-L/usr/local/BerkeleyDB/lib -ldb"
% make
+If your Berkeley DB shared library is in a directory that the RUN-TIME linker
+does not know about, add a "-Wl,-R,/path/to/directory" option after "-ldb".
+
Solaris needs this:
% make makefiles CCARGS="-DHAS_DB -I/usr/local/BerkeleyDB/include" \
% make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
AUXLIBS_LDAP="-L/usr/local/lib -lldap -L/usr/local/lib -llber"
+If your LDAP shared library is in a directory that the RUN-TIME linker does not
+know about, add a "-Wl,-R,/path/to/directory" option after "-lldap".
+
Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LDAP. With Postfix
3.0 and later, the old AUXLIBS variable still supports building a statically-
loaded LDAP database client, but only the new AUXLIBS_LDAP variable supports
AUXLIBS_LMDB="-L/usr/local/lib -llmdb"
% make
+If your LMDB shared library is in a directory that the RUN-TIME linker does not
+know about, add a "-Wl,-R,/path/to/directory" option after "-llmdb".
+
Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LMDB. With Postfix
3.0 and later, the old AUXLIBS variable still supports building a statically-
loaded LMDB database client, but only the new AUXLIBS_LMDB variable supports
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include' \
'AUXLIBS_MYSQL=-L/usr/local/mysql/lib -lmysqlclient -lz -lm'
+If your MySQL shared library is in a directory that the RUN-TIME linker does
+not know about, add a "-Wl,-R,/path/to/directory" option after "-lmysqlclient".
+
Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_MYSQL. With Postfix
3.0 and later, the old AUXLIBS variable still supports building a statically-
loaded MySQL database client, but only the new AUXLIBS_MYSQL variable supports
'CCARGS=-DHAS_PGSQL -I/usr/local/include/pgsql' \
'AUXLIBS_PGSQL=-L/usr/local/lib -lpq'
+If your PostgreSQL shared library is in a directory that the RUN-TIME linker
+does not know about, add a "-Wl,-R,/path/to/directory" option after "-lpq".
+
Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_PGSQL. With Postfix
3.0 and later, the old AUXLIBS variable still supports building a statically-
loaded PostgreSQL database client, but only the new AUXLIBS_PGSQL variable
% m\bma\bak\bke\be m\bma\bak\bke\bef\bfi\bil\ble\bes\bs C\bCC\bCA\bAR\bRG\bGS\bS=\b="\b"-\b-D\bDU\bUS\bSE\bE_\b_S\bSA\bAS\bSL\bL_\b_A\bAU\bUT\bTH\bH -\b-D\bDU\bUS\bSE\bE_\b_C\bCY\bYR\bRU\bUS\bS_\b_S\bSA\bAS\bSL\bL \\b\
-\b-I\bI/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/i\bin\bnc\bcl\blu\bud\bde\be/\b/s\bsa\bas\bsl\bl"\b" A\bAU\bUX\bXL\bLI\bIB\bBS\bS=\b="\b"-\b-L\bL/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/l\bli\bib\bb -\b-l\bls\bsa\bas\bsl\bl2\b2"\b"
+ If your Cyrus SASL shared library is in a directory that the RUN-TIME
+ linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+ "-lsasl2".
+
Cyrus SASL version 1.5.x
% m\bma\bak\bke\be t\bti\bid\bdy\by # if you have left-over files from a previous build
'CCARGS=-DHAS_SQLITE -I/usr/local/include' \
'AUXLIBS_SQLITE=-L/usr/local/lib -lsqlite3 -lpthread'
+If your SQLite shared library is in a directory that the RUN-TIME linker does
+not know about, add a "-Wl,-R,/path/to/directory" option after "-lsqlite3".
+
Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_SQLITE. With Postfix
3.0 and later, the old AUXLIBS variable still supports building a statically-
loaded SQLite database client, but only the new AUXLIBS_SQLITE variable
% m\bma\bak\bke\be m\bma\bak\bke\bef\bfi\bil\ble\bes\bs C\bCC\bCA\bAR\bRG\bGS\bS=\b="\b"-\b-D\bDU\bUS\bSE\bE_\b_T\bTL\bLS\bS -\b-I\bI/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/i\bin\bnc\bcl\blu\bud\bde\be"\b" \\b\
A\bAU\bUX\bXL\bLI\bIB\bBS\bS=\b="\b"-\b-L\bL/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/l\bli\bib\bb -\b-l\bls\bss\bsl\bl -\b-l\blc\bcr\bry\byp\bpt\bto\bo"\b"
+ If your OpenSSL shared library is in a directory that the RUN-TIME linker
+ does not know about, add a "-Wl,-R,/path/to/directory" option after "-
+ lcrypto".
+
On Solaris, specify the -R option as shown below:
% m\bma\bak\bke\be t\bti\bid\bdy\by # if you have left-over files from a previous build
Postfix version 3.6 deprecates terminology that implies white is
better than black. Instead, Postfix prefers 'allowlist', 'denylist',
-and variations on those words.
+and variations on those words.
Set "respectful_logging = no" in main.cf to keep using the old
behavior (parameter names and logging).
To stop the reminder, configure the respectful_logging parameter to
"yes" or "no", or configure "compatibility_level = 3.6".
-Major changes with snapshot 20220109
+Major changes with snapshot 20210109
====================================
Starting with Postfix version 3.6, the "latest" compatibility level
==========================================
The minimum OpenSSL version is 1.1.1, which will reach the end
-of life by 20203-09-11.
+of life by 2023-09-11.
The default digest has changed from md5 to sha256 (Postfix 3.6 with
compatibility_level >= 3). With a lower compatibility_level setting,
==========================================
Postfix delivery agents now log an explicit record when delegating
-delivery to a different Postfix delivery agent.
+delivery to a different Postfix delivery agent.
For example, with "best_mx_transport = local", an SMTP delivery
agent will now log when a recipient will be delivered locally. This
Wish list:
+ Add verp=+= to the qmgr "from=" logging.
+
Make smtpd_relay_before_recipient_restrictions settable
in smtpd_checks tests.
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
+# Choose one: enable submission for loopback clients only, or for any client.
+#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
+# Choose one: enable smtps for loopback clients only, or for any client.
+#127.0.0.1:smtps inet n - n - - smtpd
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
</pre>
</blockquote>
+<p> If your Berkeley DB shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-ldb". </p>
+
<p> Solaris needs this: </p>
<blockquote>
</pre>
</blockquote>
+<p> If your LDAP shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lldap". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="LDAP_README.html">AUXLIBS_LDAP</a>.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded LDAP database client, but only the new
</pre>
</blockquote>
+<p> If your LMDB shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-llmdb". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="LMDB_README.html">AUXLIBS_LMDB</a>.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded LMDB database client, but only the new
</pre>
</blockquote>
+<p> If your MySQL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lmysqlclient". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="MYSQL_README.html">AUXLIBS_MYSQL</a>.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded MySQL database client, but only the new
</pre>
</blockquote>
+<p> If your PostgreSQL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lpq". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="PGSQL_README.html">AUXLIBS_PGSQL</a>.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded PostgreSQL database client, but only
-I/usr/local/include/sasl" AUXLIBS="-L/usr/local/lib -lsasl2"</strong>
</pre>
+<p> If your Cyrus SASL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lsasl2". </p>
+
</dd>
<dt>Cyrus SASL version 1.5.x</dt>
</pre>
</blockquote>
+<p> If your SQLite shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lsqlite3". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="SQLITE_README.html">AUXLIBS_SQLITE</a>.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded SQLite database client, but only the new
</pre>
</blockquote>
+<p> If your OpenSSL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lcrypto". </p>
+
<p> On Solaris, specify the <tt>-R</tt> option as shown below:
<blockquote>
</pre>
</blockquote>
+<p> If your Berkeley DB shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-ldb". </p>
+
<p> Solaris needs this: </p>
<blockquote>
</pre>
</blockquote>
+<p> If your LDAP shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lldap". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LDAP.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded LDAP database client, but only the new
</pre>
</blockquote>
+<p> If your LMDB shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-llmdb". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LMDB.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded LMDB database client, but only the new
</pre>
</blockquote>
+<p> If your MySQL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lmysqlclient". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_MYSQL.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded MySQL database client, but only the new
</pre>
</blockquote>
+<p> If your PostgreSQL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lpq". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_PGSQL.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded PostgreSQL database client, but only
-I/usr/local/include/sasl" AUXLIBS="-L/usr/local/lib -lsasl2"</strong>
</pre>
+<p> If your Cyrus SASL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lsasl2". </p>
+
</dd>
<dt>Cyrus SASL version 1.5.x</dt>
</pre>
</blockquote>
+<p> If your SQLite shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lsqlite3". </p>
+
<p> Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_SQLITE.
With Postfix 3.0 and later, the old AUXLIBS variable still supports
building a statically-loaded SQLite database client, but only the new
</pre>
</blockquote>
+<p> If your OpenSSL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lcrypto". </p>
+
<p> On Solaris, specify the <tt>-R</tt> option as shown below:
<blockquote>
for (cpp = associations->argv; *cpp != 0; cpp++) {
char *temp = concatenate(" ", *cpp, " ", (char *) 0);
- association = argv_split(temp, "=");
+ association = argv_split_at(temp, '=');
myfree(temp);
if (association->argc == 0) {
/* warning */ "",
/* export */ "lmtp=24 smtp=25 smtps=465 submissions=465"
},
+ {"equal-equal",
+ /* config */ "smtp = 25, smtps == submissions = 465, lmtp = 24",
+ /* warning */ "config_known_tcp_ports: warning: equal-equal: "
+ "in \" smtps == submissions = 465\": missing service name before "
+ "\"=\"\n",
+ /* export */ "lmtp=24 smtp=25 smtps=465 submissions=465"
+ },
{"port test 1",
/* config */ "smtps = submission =",
/* warning */ "config_known_tcp_ports: warning: port test 1: "
config_known_tcp_ports: good: PASS
+config_known_tcp_ports: equal-equal: PASS
config_known_tcp_ports: port test 1: PASS
config_known_tcp_ports: port test 2: PASS
config_known_tcp_ports: port test 3: PASS
config_known_tcp_ports: service name test 1: PASS
config_known_tcp_ports: service name test 2: PASS
-config_known_tcp_ports: PASS=6 FAIL=0
+config_known_tcp_ports: PASS=7 FAIL=0
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20210419"
+#define MAIL_RELEASE_DATE "20210422"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT
extpar.c dict_inline.c casefold.c dict_utf8.c strcasecmp_utf8.c \
split_qnameval.c argv_attr_print.c argv_attr_scan.c dict_file.c \
msg_logger.c logwriter.c unix_dgram_connect.c unix_dgram_listen.c \
- byte_mask.c known_tcp_ports.c
+ byte_mask.c known_tcp_ports.c argv_split_at.c
OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
extpar.o dict_inline.o casefold.o dict_utf8.o strcasecmp_utf8.o \
split_qnameval.o argv_attr_print.o argv_attr_scan.o dict_file.o \
msg_logger.o logwriter.o unix_dgram_connect.o unix_dgram_listen.o \
- byte_mask.o known_tcp_ports.o
+ byte_mask.o known_tcp_ports.o argv_split_at.o
# MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf.
# When hard-linking these, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ),
# otherwise it sets the PLUGIN_* macros.
argv_split.o: sys_defs.h
argv_split.o: vbuf.h
argv_split.o: vstring.h
+argv_split_at.o: argv.h
+argv_split_at.o: argv_split_at.c
+argv_split_at.o: check_arg.h
+argv_split_at.o: msg.h
+argv_split_at.o: mymalloc.h
+argv_split_at.o: split_at.h
+argv_split_at.o: stringops.h
+argv_split_at.o: sys_defs.h
+argv_split_at.o: vbuf.h
+argv_split_at.o: vstring.h
argv_splitq.o: argv.h
argv_splitq.o: argv_splitq.c
argv_splitq.o: check_arg.h
load_file.o: vstream.h
load_file.o: warn_stat.h
load_lib.o: load_lib.c
+load_lib.o: load_lib.h
+load_lib.o: msg.h
load_lib.o: sys_defs.h
logwriter.o: check_arg.h
logwriter.o: iostuff.h
extern ARGV *argv_splitq_count(const char *, const char *, const char *, ssize_t);
extern ARGV *argv_splitq_append(ARGV *, const char *, const char *, const char *);
+extern ARGV *argv_split_at(const char *, int);
+extern ARGV *argv_split_at_count(const char *, int, ssize_t);
+extern ARGV *argv_split_at_append(ARGV *, const char *, int);
+
#define ARGV_FAKE_BEGIN(fake_argv, arg) { \
ARGV fake_argv; \
char *__fake_argv_args__[2]; \
--- /dev/null
+/*++
+/* NAME
+/* argv_split_at 3
+/* SUMMARY
+/* string array utilities
+/* SYNOPSIS
+/* #include <argv.h>
+/*
+/* ARGV *argv_split_at(string, sep)
+/* const char *string;
+/* int sep;
+/*
+/* ARGV *argv_split_at_count(string, sep, count)
+/* const char *string;
+/* int sep;
+/* ssize_t count;
+/*
+/* ARGV *argv_split_at_append(argv, string, sep)
+/* ARGV *argv;
+/* const char *string;
+/* int sep;
+/* DESCRIPTION
+/* argv_split_at() splits \fIstring\fR into fields using a
+/* single separator specified in \fIsep\fR. The result is a
+/* null-terminated string array.
+/*
+/* argv_split_at_count() is like argv_split_at() but stops
+/* splitting input after at most \fIcount\fR -1 times and
+/* leaves the remainder, if any, in the last array element.
+/* It is an error to specify a count < 1.
+/*
+/* argv_split_at_append() performs the same operation as
+/* argv_split_at(), but appends the result to an existing
+/* string array.
+/* SEE ALSO
+/* split_at(), trivial string splitter.
+/* DIAGNOSTICS
+/* Fatal errors: memory allocation problem.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*--*/
+
+/* System libraries. */
+
+#include <sys_defs.h>
+#include <string.h>
+
+/* Application-specific. */
+
+#include <mymalloc.h>
+#include <stringops.h>
+#include <argv.h>
+#include <msg.h>
+#include <split_at.h>
+
+/* argv_split_at - split string into field array */
+
+ARGV *argv_split_at(const char *string, int sep)
+{
+ ARGV *argvp = argv_alloc(1);
+ char *saved_string = mystrdup(string);
+ char *bp = saved_string;
+ char *arg;
+
+ while ((arg = split_at(bp, sep)) != 0) {
+ argv_add(argvp, bp, (char *) 0);
+ bp = arg;
+ }
+ argv_add(argvp, bp, (char *) 0);
+ argv_terminate(argvp);
+ myfree(saved_string);
+ return (argvp);
+}
+
+/* argv_split_at_count - split string into field array */
+
+ARGV *argv_split_at_count(const char *string, int sep, ssize_t count)
+{
+ ARGV *argvp = argv_alloc(1);
+ char *saved_string = mystrdup(string);
+ char *bp = saved_string;
+ char *arg;
+
+ if (count < 1)
+ msg_panic("argv_split_at_count: bad count: %ld", (long) count);
+ while (count-- > 1 && (arg = split_at(bp, sep)) != 0) {
+ argv_add(argvp, bp, (char *) 0);
+ bp = arg;
+ }
+ argv_add(argvp, bp, (char *) 0);
+ argv_terminate(argvp);
+ myfree(saved_string);
+ return (argvp);
+}
+
+/* argv_split_at_append - split string into field array, append to array */
+
+ARGV *argv_split_at_append(ARGV *argvp, const char *string, int sep)
+{
+ char *saved_string = mystrdup(string);
+ char *bp = saved_string;
+ char *arg;
+
+ while ((arg = split_at(bp, sep)) != 0) {
+ argv_add(argvp, bp, (char *) 0);
+ bp = arg;
+ }
+ argv_add(argvp, bp, (char *) 0);
+ argv_terminate(argvp);
+ myfree(saved_string);
+ return (argvp);
+}
projects / thirdparty / postfix.git / commitdiff
