From: Wietse Z Venema Date: Wed, 29 Oct 2025 05:00:00 +0000 (-0500) Subject: postfix-3.11-20251029 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d8c6ae5b7abca02a94448ce34bd6bd0a368e504;p=thirdparty%2Fpostfix.git postfix-3.11-20251029 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 6262adf1a..bd3cd5d0b 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -29739,3 +29739,14 @@ Apologies for any names omitted. documentation that has been obsolete since Postfix 2.11. Files: proto/postconf.proto, proto/DEPRECATION_README.html, postconf/postconf_unused.c. + + Cleanup: Postfix version info for postqueue JSON output + features. File: postqueue/postqueue.c. + + Cleanup: add missing unit tests for newly deprecated parameters. + Files: postconf/Makefile.in, postconf/test79.ref + + Postpone the deprecation of the tls_eecdh_auto_curves and + tls_ffdhe_auto_groups parameters because doing this now + would make migration noisy. Files: proto/DEPRECATION_README.html, + proto/postconf.proto, postconf/postconf_unused.c. diff --git a/postfix/README_FILES/DEPRECATION_README b/postfix/README_FILES/DEPRECATION_README index cb297e250..eccc37f9e 100644 --- a/postfix/README_FILES/DEPRECATION_README +++ b/postfix/README_FILES/DEPRECATION_README @@ -82,12 +82,6 @@ the "obsolete feature" name for a more detailed description. |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |virtual_maps | 3.11 | - |virtual_alias_maps | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |tls_eecdh_auto_curves | 3.11 | - |do not specify with OpenSSL 3.5 or | - | | | |later | - |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |tls_ffdhe_auto_groups | 3.11 | - |do not specify with OpenSSL 3.5 or | - | | | |later | - |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |smtp_cname_overrides_servername | 3.11 | - |do not specify (leave at default) | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |lmtp_cname_overrides_servername | 3.11 | - |do not specify (leave at default) | @@ -154,19 +148,6 @@ clutter and confusion To silence these warning messages, edit main.cf or master.cf, and replace each obsolete parameter name with its replacement. -OObbssoolleettee aauuttoo ggrroouupp//ccuurrvvee ccoonnffiigguurraattiioonn - -The postconf(1) command logs one of the following: - - * support for parameter "tls_eecdh_auto_curves" will be removed; instead, do - not specify with OpenSSL 3.5 or later - * support for parameter "tls_ffdhe_auto_groups" will be removed; instead, do - not specify with OpenSSL 3.5 or later - -The empty value is the default setting for both as of Postfix 3.11, when -compiled with OpenSSL 3.5 or later. See tls_config_file for a configuration -example - OObbssoolleettee CCNNAAMMEE oovveerrrriiddee ffoorr ppeeeerr nnaammee ccoonnffiigguurraattiioonn The postconf(1) command logs one of the following: diff --git a/postfix/html/DEPRECATION_README.html b/postfix/html/DEPRECATION_README.html index eb7c16c82..3960f7b86 100644 --- a/postfix/html/DEPRECATION_README.html +++ b/postfix/html/DEPRECATION_README.html @@ -154,6 +154,8 @@ align="center"> 3.11 - 3.11 - virtual_alias_maps + + smtp_cname_overrides_servername 3.11 - do not specify (leave at default) @@ -279,6 +283,8 @@ eventually be removed to eliminate clutter and confusion

To silence these warning messages, edit main.cf or master.cf, and replace each obsolete parameter name with its replacement.

+ +

Obsolete CNAME override for peer name configuration

diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index b13f6ca3d..359e046b6 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -20257,9 +20257,8 @@ MinProtocol = TLSv1 tls_config_name = postfix # Clear Postfix curve/group settings to let OpenSSL settings take # effect. - # Uncomment only with Postfix < 3.11 or OpenSSL < 3.5. - # tls_eecdh_auto_curves = - # tls_ffdhe_auto_groups = + tls_eecdh_auto_curves = + tls_ffdhe_auto_groups = 
diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html
index 4ef6188ec..a33319808 100644
--- a/postfix/html/postqueue.1.html
+++ b/postfix/html/postqueue.1.html
@@ -130,12 +130,10 @@ POSTQUEUE(1)                                                      POSTQUEUE(1)
               mately equal to the number of bytes that  would  be  transmitted
               via SMTP including the <CR><LF> line endings.
 
-       forced_expire
+       forced_expire (Postfix >= 3.5)
               The  message is forced to expire (true or false).  See the post-
               super(1) options -e or -f.
 
-              This feature is available in Postfix 3.5 and later.
-
        sender The envelope sender address.
 
        recipients
@@ -144,7 +142,7 @@ POSTQUEUE(1)                                                      POSTQUEUE(1)
               address
                      One recipient address.
 
-              orig_address
+              orig_address (Postfix >= 3.11)
                      One original recipient address.
 
               delay_reason
diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1
index 4959609d2..4d2b6d4b5 100644
--- a/postfix/man/man1/postqueue.1
+++ b/postfix/man/man1/postqueue.1
@@ -127,11 +127,9 @@ The number of bytes in the message header and body. This
 number does not include message envelope information. It
 is approximately equal to the number of bytes that would
 be transmitted via SMTP including the  line endings.
-.IP \fBforced_expire\fR
+.IP "\fBforced_expire\fR (Postfix >= 3.5)
 The message is forced to expire (\fBtrue\fR or \fBfalse\fR).
 See the \fBpostsuper\fR(1) options \fB\-e\fR or \fB\-f\fR.
-.sp
-This feature is available in Postfix 3.5 and later.
 .IP \fBsender\fR
 The envelope sender address.
 .IP \fBrecipients\fR
@@ -139,7 +137,7 @@ An array containing zero or more objects with members:
 .RS
 .IP \fBaddress\fR
 One recipient address.
-.IP \fBorig_address\fR
+.IP "\fBorig_address\fR (Postfix >= 3.11)
 One original recipient address.
 .IP \fBdelay_reason\fR
 If present, the reason for delayed delivery.  Delayed
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 7c824b4f7..87d39ab8e 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -14107,9 +14107,8 @@ main.cf:
     tls_config_name = postfix
     # Clear Postfix curve/group settings to let OpenSSL settings take
     # effect.
-    # Uncomment only with Postfix < 3.11 or OpenSSL < 3.5.
-    # tls_eecdh_auto_curves =
-    # tls_ffdhe_auto_groups =
+    tls_eecdh_auto_curves =
+    tls_ffdhe_auto_groups =
 .fi
 .ad
 .PP
diff --git a/postfix/proto/DEPRECATION_README.html b/postfix/proto/DEPRECATION_README.html
index 8dbcb11fb..e9d68ed7e 100644
--- a/postfix/proto/DEPRECATION_README.html
+++ b/postfix/proto/DEPRECATION_README.html
@@ -154,6 +154,8 @@ tlsproxy_client_policy_maps  
 3.11   -   virtual_alias_maps 
 
 
+
+
   
 smtp_cname_overrides_servername    3.11
   -   do not specify (leave at default)
@@ -279,6 +283,8 @@ eventually be removed to eliminate clutter and confusion  

 
 To silence these warning messages, edit main.cf or master.cf,
 and replace each obsolete parameter name with its replacement. 

 
+
+
 
  Obsolete CNAME override
 for peer name configuration  

 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index c9733aee4..5f94cb366 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -19297,9 +19297,8 @@ main.cf:
     tls_config_name = postfix
     # Clear Postfix curve/group settings to let OpenSSL settings take
     # effect. 
-    # Uncomment only with Postfix < 3.11 or OpenSSL < 3.5.
-    # tls_eecdh_auto_curves =
-    # tls_ffdhe_auto_groups =
+    tls_eecdh_auto_curves =
+    tls_ffdhe_auto_groups =
 
diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history
index 89f28c530..3534e30a5 100644
--- a/postfix/proto/stop.double-history
+++ b/postfix/proto/stop.double-history
@@ -206,3 +206,4 @@ proto  proto COMPATIBILITY_README html
  postqueue showq_compat c postqueue showq_json c showq showq c 
  role is received File tlsproxy tlsproxy c 
  Files proto postconf proto proto DEPRECATION_README html 
+ features File postqueue postqueue c 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 0970dd873..9c379e9ea 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20251028"
+#define MAIL_RELEASE_DATE	"20251029"
 #define MAIL_VERSION_NUMBER	"3.11"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in
index dcb5a78c0..f607792d7 100644
--- a/postfix/src/postconf/Makefile.in
+++ b/postfix/src/postconf/Makefile.in
@@ -56,7 +56,7 @@ tests: test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 \
 	test42 test43 test44 test45 test46 test47 test48 test49 test50 test51 \
 	test52 test53 test54 test55 test56 test57 test58 test59 test60 test61 \
 	test62 test63 test64 test65 test66 test67 test68 test69 test70 test71 \
-	test72 test73 test74 test75 test76 test78
+	test72 test73 test74 test75 test76 test78 test79
 
 root_tests:
 
@@ -1094,6 +1094,38 @@ test78:	$(PROG) test78.ref
 	diff /dev/null test78.tmp
 	rm -f main.cf master.cf test78.tmp
 
+# Warn about unused, deprecated, or deleted parameters.
+test79:	$(PROG) test79.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -c. \
+	    config_directory=. \
+	    authorized_verp_clients=x \
+	    fallback_relay=x \
+	    lmtp_per_request_deadline=x \
+	    postscreen_blacklist_action=x \
+	    postscreen_dnsbl_ttl=x \
+	    postscreen_dnsbl_whitelist_threshold=x \
+	    postscreen_whitelist_interfaces=x \
+	    smtpd_client_connection_limit_exceptions=x \
+	    smtp_per_request_deadline=x \
+	    tlsproxy_client_level=x \
+	    tlsproxy_client_policy=x \
+	    virtual_maps=x \
+	    lmtp_cname_overrides_servername=x \
+	    smtp_cname_overrides_servername=x \
+	    >test79.tmp 2>&1
+	touch -t 197601010000 main.cf
+	echo foo unix - n n - 0 other >> master.cf
+	echo ' -o lmtp_tls_enforce_peername=no' >> master.cf
+	echo ' -o smtp_tls_enforce_peername=no' >> master.cf
+	touch -t 197601010000 master.cf
+	$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -nc. >>test79.tmp 2>&1
+	diff test79.ref test79.tmp
+	$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -qnc. >/dev/null 2>test79.tmp
+	diff /dev/null test79.tmp
+	rm -f main.cf master.cf test79.tmp
+
 clean:
 	rm -f *.o *core $(PROG) $(TESTPROG) junk $(MAKES) $(AUTOS) $(DUMMIES) \
 	$(TEST_TMP) $(DB_MAKES)
diff --git a/postfix/src/postconf/postconf_unused.c b/postfix/src/postconf/postconf_unused.c
index fc6a07bf9..c77c8b622 100644
--- a/postfix/src/postconf/postconf_unused.c
+++ b/postfix/src/postconf/postconf_unused.c
@@ -117,7 +117,7 @@ static const PCF_DEPR_PARAM_INFO pcf_depr_param_info[] = {
     "tlsproxy_client_level", "specify \"tlsproxy_client_security_level\"",
     "tlsproxy_client_policy", "specify \"tlsproxy_client_policy_maps\"",
     "virtual_maps", "specify \"virtual_alias_maps\"",
-#if OPENSSL_VERSION_PREREQ(3,5)
+#if 0 && OPENSSL_VERSION_PREREQ(3,5)
     "tls_eecdh_auto_curves", "do not specify with OpenSSL 3.5 or later",
     "tls_ffdhe_auto_groups", "do not specify with OpenSSL 3.5 or later",
 #endif
diff --git a/postfix/src/postconf/test79.ref b/postfix/src/postconf/test79.ref
new file mode 100644
index 000000000..a9fe23e3f
--- /dev/null
+++ b/postfix/src/postconf/test79.ref
@@ -0,0 +1,32 @@
+authorized_verp_clients = x
+config_directory = .
+fallback_relay = x
+lmtp_cname_overrides_servername = x
+lmtp_per_request_deadline = x
+postscreen_blacklist_action = x
+postscreen_dnsbl_ttl = x
+postscreen_dnsbl_whitelist_threshold = x
+postscreen_whitelist_interfaces = x
+smtp_cname_overrides_servername = x
+smtp_per_request_deadline = x
+smtpd_client_connection_limit_exceptions = x
+tlsproxy_client_level = x
+tlsproxy_client_policy = x
+virtual_maps = x
+./postconf: warning: ./main.cf: support for parameter "lmtp_per_request_deadline" will be removed; instead, specify "lmtp_per_request_deadline"
+./postconf: warning: ./main.cf: support for parameter "tlsproxy_client_policy" will be removed; instead, specify "tlsproxy_client_policy_maps"
+./postconf: warning: ./main.cf: support for parameter "virtual_maps" will be removed; instead, specify "virtual_alias_maps"
+./postconf: warning: ./main.cf: support for parameter "authorized_verp_clients" will be removed; instead, specify "smtpd_authorized_verp_clients"
+./postconf: warning: ./main.cf: support for parameter "tlsproxy_client_level" will be removed; instead, specify "tlsproxy_client_security_level"
+./postconf: warning: ./main.cf: support for parameter "smtpd_client_connection_limit_exceptions" will be removed; instead, specify "smtpd_client_event_limit_exceptions"
+./postconf: warning: ./main.cf: support for parameter "postscreen_whitelist_interfaces" will be removed; instead, specify "postscreen_allowlist_interfaces"
+./postconf: warning: ./main.cf: support for parameter "fallback_relay" will be removed; instead, specify "smtp_fallback_relay"
+./postconf: warning: ./main.cf: support for parameter "postscreen_dnsbl_ttl" will be removed; instead, specify "postscreen_dnsbl_max_ttl"
+./postconf: warning: ./main.cf: support for parameter "lmtp_cname_overrides_servername" will be removed; instead, do not specify
+./postconf: warning: ./main.cf: support for parameter "smtp_cname_overrides_servername" will be removed; instead, do not specify
+./postconf: warning: ./main.cf: support for parameter "postscreen_dnsbl_whitelist_threshold" will be removed; instead, specify "postscreen_dnsbl_allowlist_threshold"
+./postconf: warning: ./main.cf: support for parameter "postscreen_blacklist_action" will be removed; instead, specify "postscreen_denylist_action"
+./postconf: warning: ./main.cf: support for parameter "smtp_per_request_deadline" will be removed; instead, specify "smtp_per_request_deadline"
+./postconf: warning: ./master.cf: support for parameter "smtp_tls_enforce_peername" will be removed; instead, specify "smtp_tls_security_level"
+./postconf: warning: ./master.cf: support for parameter "lmtp_tls_enforce_peername" will be removed; instead, specify "lmtp_tls_security_level"
+./postconf: warning: See https://www.postfix.org/DEPRECATION_README.html for details
diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c
index 6c376416f..7f20a9866 100644
--- a/postfix/src/postqueue/postqueue.c
+++ b/postfix/src/postqueue/postqueue.c
@@ -119,11 +119,9 @@
 /*	number does not include message envelope information. It
 /*	is approximately equal to the number of bytes that would
 /*	be transmitted via SMTP including the  line endings.
-/* .IP \fBforced_expire\fR
+/* .IP "\fBforced_expire\fR (Postfix >= 3.5)
 /*	The message is forced to expire (\fBtrue\fR or \fBfalse\fR).
 /*	See the \fBpostsuper\fR(1) options \fB-e\fR or \fB-f\fR.
-/* .sp
-/*	This feature is available in Postfix 3.5 and later.
 /* .IP \fBsender\fR
 /*	The envelope sender address.
 /* .IP \fBrecipients\fR
@@ -131,7 +129,7 @@
 /* .RS
 /* .IP \fBaddress\fR
 /*	One recipient address.
-/* .IP \fBorig_address\fR
+/* .IP "\fBorig_address\fR (Postfix >= 3.11)
 /*	One original recipient address.
 /* .IP \fBdelay_reason\fR
 /*	If present, the reason for delayed delivery.  Delayed