From: Wietse Venema Date: Wed, 7 Jul 2010 05:00:00 +0000 (-0500) Subject: postfix-2.7.2-RC2 X-Git-Tag: v2.7.2-RC2^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19b171950302ce36f44eba6411e54b4152492d4f;p=thirdparty%2Fpostfix.git postfix-2.7.2-RC2 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 9341ca66b..72ec08c6b 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15771,11 +15771,12 @@ Apologies for any names omitted. 20100610 - Bugfix: Postfix no longer appends the system default CAs - to the lists specified with *_tls_CAfile or with *_tls_CApath. - This prevents third-party certificates from being trusted - and given mail relay permission with permit_tls_all_clientcerts. - This change may break valid configurations that do not use + Bugfix (introduced Postfix 2.2): Postfix no longer appends + the system default CA certificates to the lists specified + with *_tls_CAfile or with *_tls_CApath. This prevents + third-party certificates from being trusted and given mail + relay permission with permit_tls_all_clientcerts. This + change may break valid configurations that do not use permit_tls_all_clientcerts. To get the old behavior, specify "tls_append_default_CA = yes". Files: tls/tls_certkey.c, tls/tls_misc.c, global/mail_params.h. proto/postconf.proto, diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index ddc1ee3d2..fd52b840f 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -17,10 +17,10 @@ before proceeding. Incompatibility with Postfix 2.7.2 ---------------------------------- -Postfix no longer appends the system-supplied default CAs to the -lists specified with *_tls_CAfile or with *_tls_CApath. This prevents -third-party certificates from being trusted and given mail relay -permission with permit_tls_all_clientcerts. +Postfix no longer appends the system-supplied default CA certificates +to the lists specified with *_tls_CAfile or with *_tls_CApath. This +prevents third-party certificates from being trusted and given mail +relay permission with permit_tls_all_clientcerts. Unfortunately this change may break certificate verification on sites that don't use permit_tls_all_clientcerts. Specify diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 7e9bdaf20..14ad11179 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -13767,10 +13767,10 @@ The default is "no"; this prevents Postfix from trusting third-party certificates and giving them relay permission with permit_tls_all_clientcerts.

-

This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and -later versions. Specify "tls_append_default_CA = yes" for backwards -compatibility, to avoid breaking certificate verification with sites -that don't use permit_tls_all_clientcerts.

+

This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, +2.7.2 and later versions. Specify "tls_append_default_CA = yes" for +backwards compatibility, to avoid breaking certificate verification +with sites that don't use permit_tls_all_clientcerts.

diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 0fe7c2d40..674d9cb4d 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -8737,10 +8737,10 @@ The default is "no"; this prevents Postfix from trusting third-party certificates and giving them relay permission with permit_tls_all_clientcerts. .PP -This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and -later versions. Specify "tls_append_default_CA = yes" for backwards -compatibility, to avoid breaking certificate verification with sites -that don't use permit_tls_all_clientcerts. +This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, +2.7.2 and later versions. Specify "tls_append_default_CA = yes" for +backwards compatibility, to avoid breaking certificate verification +with sites that don't use permit_tls_all_clientcerts. .SH tls_daemon_random_bytes (default: 32) The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) process requests from the \fBtlsmgr\fR(8) server in order to seed its diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index aae536c4e..fa45ce42c 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -9378,10 +9378,10 @@ The default is "no"; this prevents Postfix from trusting third-party certificates and giving them relay permission with permit_tls_all_clientcerts.

-

This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and -later versions. Specify "tls_append_default_CA = yes" for backwards -compatibility, to avoid breaking certificate verification with sites -that don't use permit_tls_all_clientcerts.

+

This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, +2.7.2 and later versions. Specify "tls_append_default_CA = yes" for +backwards compatibility, to avoid breaking certificate verification +with sites that don't use permit_tls_all_clientcerts.

%PARAM tls_random_exchange_name see "postconf -d" output diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 8f1e0fdc7..570260265 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20100615" -#define MAIL_VERSION_NUMBER "2.7.2-RC1" +#define MAIL_RELEASE_DATE "20100707" +#define MAIL_VERSION_NUMBER "2.7.2-RC2" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index 1a8e26da7..918a9732f 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -101,6 +101,7 @@ tls_bio_ops.o: ../../include/vstring.h tls_bio_ops.o: tls.h tls_bio_ops.o: tls_bio_ops.c tls_certkey.o: ../../include/argv.h +tls_certkey.o: ../../include/mail_params.h tls_certkey.o: ../../include/msg.h tls_certkey.o: ../../include/name_code.h tls_certkey.o: ../../include/name_mask.h diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index c1fd1c52a..1a324b939 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -421,6 +421,7 @@ void tls_param_init(void) get_mail_conf_str_table(str_table); get_mail_conf_int_table(int_table); + get_mail_conf_bool_table(bool_table); } /* tls_set_ciphers - Set SSL context cipher list */