Prereq: "2.7.0"
diff -cr --new-file /var/tmp/postfix-2.7.0/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.7.0/src/global/mail_version.h Sat Feb 13 21:02:01 2010
--- ./src/global/mail_version.h Tue Jun 8 08:30:42 2010
***************
*** 20,27 ****
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20100213"
! #define MAIL_VERSION_NUMBER "2.7.0"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
--- 20,27 ----
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20100608"
! #define MAIL_VERSION_NUMBER "2.7.1"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-2.7.0/HISTORY ./HISTORY
*** /var/tmp/postfix-2.7.0/HISTORY Tue Feb 9 19:32:33 2010
--- ./HISTORY Fri Jun 4 08:42:42 2010
***************
*** 15729,15731 ****
--- 15729,15770 ----
The tcp_table(5) interface is now part of the stable release.
The last protocol change was in Postfix 2.1. File:
util/dict_open.c.
+
+ 20100515
+
+ Bugfix (introduced Postfix 2.6): the Postfix SMTP client
+ XFORWARD implementation did not skip "unknown" SMTP client
+ attributes, causing a syntax error when sending a PORT
+ attribute. Reported by Victor Duchovni. File: smtp/smtp_proto.c.
+
+ 20100526
+
+ Cleanup: a unit-test driver (for stand-alone tests) was not
+ updated after an internal API change. Vesa-Matti J Kari
+ File: milter/milter.c.
+
+ 20100529
+
+ Portability: OpenSSL 1.0.0 changes the priority of anonymous
+ cyphers. Victor Duchovni. Files: postconf.proto,
+ global/mail_params.h, tls/tls_certkey.c, tls/tls_client.c,
+ tls/tls_dh.c, tls/tls_server.c.
+
+ Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
+ instead of <nameser8_compat.h>. Files: makedefs, util/sys_defs.h,
+ dns/dns.h.
+
+ 20100531
+
+ Robustness: skip LDAP queries with non-ASCII search strings.
+ The LDAP library requires well-formed UTF-8. Victor Duchovni.
+ File: global/dict_ldap.c.
+
+ 20100601
+
+ Safety: Postfix processes log a warning when a matchlist
+ has a #comment at the end of a line (for example mynetworks
+ or relay_domains). File: util/match_list.c.
+
+ Portability: Berkeley DB 5.x has the same API as Berkeley
+ DB 4.1 and later. File: util/dict_db.c.
diff -cr --new-file /var/tmp/postfix-2.7.0/html/postconf.5.html ./html/postconf.5.html
*** /var/tmp/postfix-2.7.0/html/postconf.5.html Sat Feb 13 20:51:19 2010
--- ./html/postconf.5.html Tue Jun 1 20:01:35 2010
***************
*** 4428,4434 ****
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 4428,4434 ----
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 4440,4446 ****
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 4440,4446 ----
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 9357,9363 ****
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 9357,9363 ----
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 9375,9381 ****
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 9375,9381 ----
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 12936,12942 ****
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 12936,12942 ----
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 12954,12960 ****
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 12954,12960 ----
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 12988,12994 ****
</dl>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 12988,12994 ----
</dl>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 13776,13782 ****
latter name. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 13776,13782 ----
latter name. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 13799,13805 ****
classified as TOP SECRET. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
</DD>
--- 13799,13805 ----
classified as TOP SECRET. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
</DD>
***************
*** 13812,13818 ****
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
! strongly encouraged to not change this setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
--- 13812,13822 ----
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
***************
*** 13825,13831 ****
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
! strongly encouraged to not change this setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
--- 13829,13839 ----
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
***************
*** 13838,13844 ****
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
! strongly encouraged to not change this setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
--- 13846,13856 ----
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
***************
*** 13854,13860 ****
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
certificates). You are strongly encouraged to not change this
! setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
--- 13866,13875 ----
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
certificates). You are strongly encouraged to not change this
! setting. With OpenSSL 1.0.0 and later the cipherlist may start with an
! "aNULL:" prefix, which restores the 0.9.8-compatible ordering of the
! aNULL ciphers to the top of the list when they are enabled. This prefix
! is not needed with previous OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
diff -cr --new-file /var/tmp/postfix-2.7.0/makedefs ./makedefs
*** /var/tmp/postfix-2.7.0/makedefs Wed Feb 3 15:58:58 2010
--- ./makedefs Thu Jun 3 09:00:02 2010
***************
*** 421,426 ****
--- 421,431 ----
[1-6].*) CCARGS="$CCARGS -DNO_IPV6";;
*) CCARGS="$CCARGS -DBIND_8_COMPAT -DNO_NETINFO";;
esac
+ # Darwin 10.3.0 no longer has <nameser8_compat.h>.
+ case $RELEASE in
+ ?.*) CCARGS="$CCARGS -DRESOLVE_H_NEEDS_NAMESER8_COMPAT_H";;
+ *) CCARGS="$CCARGS -DRESOLVE_H_NEEDS_ARPA_NAMESER_COMPAT_H";;
+ esac
# kqueue and/or poll are broken up to and including MacOS X 10.5
CCARGS="$CCARGS -DNO_KQUEUE"
# # Darwin 8.11.1 has kqueue support, but let's play safe
diff -cr --new-file /var/tmp/postfix-2.7.0/man/man5/postconf.5 ./man/man5/postconf.5
*** /var/tmp/postfix-2.7.0/man/man5/postconf.5 Sat Feb 13 20:51:20 2010
--- ./man/man5/postconf.5 Tue Jun 1 20:01:35 2010
***************
*** 2414,2426 ****
parameter. See there for details.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH lmtp_tls_eckey_file (default: empty)
The LMTP-specific version of the smtp_tls_eckey_file configuration
parameter. See there for details.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH lmtp_tls_enforce_peername (default: yes)
The LMTP-specific version of the smtp_tls_enforce_peername
configuration parameter. See there for details.
--- 2414,2426 ----
parameter. See there for details.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH lmtp_tls_eckey_file (default: empty)
The LMTP-specific version of the smtp_tls_eckey_file configuration
parameter. See there for details.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH lmtp_tls_enforce_peername (default: yes)
The LMTP-specific version of the smtp_tls_enforce_peername
configuration parameter. See there for details.
***************
*** 5423,5429 ****
.ft R
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH smtp_tls_eckey_file (default: $smtp_tls_eccert_file)
File with the Postfix SMTP client ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP client ECDSA
--- 5423,5429 ----
.ft R
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH smtp_tls_eckey_file (default: $smtp_tls_eccert_file)
File with the Postfix SMTP client ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP client ECDSA
***************
*** 5435,5441 ****
to anyone else.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH smtp_tls_enforce_peername (default: yes)
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
--- 5435,5441 ----
to anyone else.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH smtp_tls_enforce_peername (default: yes)
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
***************
*** 8129,8135 ****
.ft R
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH smtpd_tls_eckey_file (default: $smtpd_tls_eccert_file)
File with the Postfix SMTP server ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP server ECDSA certificate
--- 8129,8135 ----
.ft R
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH smtpd_tls_eckey_file (default: $smtpd_tls_eccert_file)
File with the Postfix SMTP server ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP server ECDSA certificate
***************
*** 8141,8147 ****
to anyone else.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH smtpd_tls_eecdh_grade (default: see "postconf -d" output)
The Postfix SMTP server security grade for ephemeral elliptic-curve
Diffie-Hellman (EECDH) key exchange.
--- 8141,8147 ----
to anyone else.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH smtpd_tls_eecdh_grade (default: see "postconf -d" output)
The Postfix SMTP server security grade for ephemeral elliptic-curve
Diffie-Hellman (EECDH) key exchange.
***************
*** 8165,8171 ****
users.
.PP
This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH smtpd_tls_exclude_ciphers (default: empty)
List of ciphers or cipher types to exclude from the SMTP server
cipher list at all TLS security levels. Excluding valid ciphers
--- 8165,8171 ----
users.
.PP
This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH smtpd_tls_exclude_ciphers (default: empty)
List of ciphers or cipher types to exclude from the SMTP server
cipher list at all TLS security levels. Excluding valid ciphers
***************
*** 8740,8746 ****
latter name.
.PP
This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH tls_eecdh_ultra_curve (default: secp384r1)
The elliptic curve used by the SMTP server for maximally strong
ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
--- 8740,8746 ----
latter name.
.PP
This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH tls_eecdh_ultra_curve (default: secp384r1)
The elliptic curve used by the SMTP server for maximally strong
ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
***************
*** 8757,8784 ****
classified as TOP SECRET.
.PP
This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later.
.SH tls_export_cipherlist (default: ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
! strongly encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_high_cipherlist (default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)
The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
! strongly encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_low_cipherlist (default: ALL:!EXPORT:+RC4:@STRENGTH)
The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
! strongly encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_medium_cipherlist (default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH)
--- 8757,8796 ----
classified as TOP SECRET.
.PP
This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later.
.SH tls_export_cipherlist (default: ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_high_cipherlist (default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)
The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_low_cipherlist (default: ALL:!EXPORT:+RC4:@STRENGTH)
The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_medium_cipherlist (default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH)
***************
*** 8788,8794 ****
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
certificates). You are strongly encouraged to not change this
! setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_null_cipherlist (default: eNULL:!aNULL)
--- 8800,8809 ----
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
certificates). You are strongly encouraged to not change this
! setting. With OpenSSL 1.0.0 and later the cipherlist may start with an
! "aNULL:" prefix, which restores the 0.9.8-compatible ordering of the
! aNULL ciphers to the top of the list when they are enabled. This prefix
! is not needed with previous OpenSSL releases.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_null_cipherlist (default: eNULL:!aNULL)
diff -cr --new-file /var/tmp/postfix-2.7.0/proto/postconf.proto ./proto/postconf.proto
*** /var/tmp/postfix-2.7.0/proto/postconf.proto Sat Feb 13 20:50:59 2010
--- ./proto/postconf.proto Tue Jun 1 19:52:06 2010
***************
*** 10992,10998 ****
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
! strongly encouraged to not change this setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
--- 10992,11002 ----
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
***************
*** 11004,11010 ****
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
certificates). You are strongly encouraged to not change this
! setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
--- 11008,11017 ----
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
certificates). You are strongly encouraged to not change this
! setting. With OpenSSL 1.0.0 and later the cipherlist may start with an
! "aNULL:" prefix, which restores the 0.9.8-compatible ordering of the
! aNULL ciphers to the top of the list when they are enabled. This prefix
! is not needed with previous OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
***************
*** 11013,11019 ****
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
! strongly encouraged to not change this setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
--- 11020,11030 ----
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
***************
*** 11024,11030 ****
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
! strongly encouraged to not change this setting. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
--- 11035,11045 ----
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
! strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
! later the cipherlist may start with an "aNULL:" prefix, which restores
! the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
! list when they are enabled. This prefix is not needed with previous
! OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
***************
*** 11550,11556 ****
latter name. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM tls_eecdh_ultra_curve secp384r1
--- 11565,11571 ----
latter name. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM tls_eecdh_ultra_curve secp384r1
***************
*** 11569,11575 ****
classified as TOP SECRET. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM smtpd_tls_eecdh_grade see "postconf -d" output
--- 11584,11590 ----
classified as TOP SECRET. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtpd_tls_eecdh_grade see "postconf -d" output
***************
*** 11599,11605 ****
</dl>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM smtpd_tls_eccert_file
--- 11614,11620 ----
</dl>
<p> This feature is available in Postfix 2.6 and later, when it is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtpd_tls_eccert_file
***************
*** 11615,11621 ****
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM smtpd_tls_eckey_file $smtpd_tls_eccert_file
--- 11630,11636 ----
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtpd_tls_eckey_file $smtpd_tls_eccert_file
***************
*** 11629,11635 ****
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM smtp_tls_eccert_file
--- 11644,11650 ----
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtp_tls_eccert_file
***************
*** 11646,11652 ****
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM smtp_tls_eckey_file $smtp_tls_eccert_file
--- 11661,11667 ----
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtp_tls_eckey_file $smtp_tls_eccert_file
***************
*** 11660,11666 ****
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM lmtp_tls_eccert_file
--- 11675,11681 ----
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM lmtp_tls_eccert_file
***************
*** 11668,11674 ****
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM lmtp_tls_eckey_file
--- 11683,11689 ----
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM lmtp_tls_eckey_file
***************
*** 11676,11682 ****
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 0.9.9 or later. </p>
%PARAM smtp_header_checks
--- 11691,11697 ----
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
! compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtp_header_checks
diff -cr --new-file /var/tmp/postfix-2.7.0/src/dns/dns.h ./src/dns/dns.h
*** /var/tmp/postfix-2.7.0/src/dns/dns.h Sun Nov 9 16:42:03 2008
--- ./src/dns/dns.h Thu Jun 3 08:57:05 2010
***************
*** 22,27 ****
--- 22,30 ----
#ifdef RESOLVE_H_NEEDS_NAMESER8_COMPAT_H
#include <nameser8_compat.h>
#endif
+ #ifdef RESOLVE_H_NEEDS_ARPA_NAMESER_COMPAT_H
+ #include <arpa/nameser_compat.h>
+ #endif
#include <resolv.h>
/*
diff -cr --new-file /var/tmp/postfix-2.7.0/src/global/dict_ldap.c ./src/global/dict_ldap.c
*** /var/tmp/postfix-2.7.0/src/global/dict_ldap.c Tue Mar 3 20:25:53 2009
--- ./src/global/dict_ldap.c Sat May 29 18:08:26 2010
***************
*** 1082,1093 ****
--- 1082,1102 ----
static VSTRING *result;
int rc = 0;
int sizelimit;
+ const char *cp;
dict_errno = 0;
if (msg_verbose)
msg_info("%s: In dict_ldap_lookup", myname);
+ for (cp = name; *cp; ++cp)
+ if (!ISASCII(*cp)) {
+ if (msg_verbose)
+ msg_info("%s: %s: Skipping lookup of non-ASCII key '%s'",
+ myname, dict_ldap->parser->name, name);
+ return (0);
+ }
+
/*
* Optionally fold the key.
*/
***************
*** 1105,1111 ****
*/
if (db_common_check_domain(dict_ldap->ctx, name) == 0) {
if (msg_verbose)
! msg_info("%s: Skipping lookup of '%s'", myname, name);
return (0);
}
#define INIT_VSTR(buf, len) do { \
--- 1114,1121 ----
*/
if (db_common_check_domain(dict_ldap->ctx, name) == 0) {
if (msg_verbose)
! msg_info("%s: %s: Skipping lookup of key '%s': domain mismatch",
! myname, dict_ldap->parser->name, name);
return (0);
}
#define INIT_VSTR(buf, len) do { \
diff -cr --new-file /var/tmp/postfix-2.7.0/src/global/mail_params.h ./src/global/mail_params.h
*** /var/tmp/postfix-2.7.0/src/global/mail_params.h Sun Jan 17 15:54:35 2010
--- ./src/global/mail_params.h Wed Jun 2 06:57:55 2010
***************
*** 2919,2938 ****
/*
* TLS cipherlists
*/
#define VAR_TLS_HIGH_CLIST "tls_high_cipherlist"
! #define DEF_TLS_HIGH_CLIST "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
extern char *var_tls_high_clist;
#define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist"
! #define DEF_TLS_MEDIUM_CLIST "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
extern char *var_tls_medium_clist;
#define VAR_TLS_LOW_CLIST "tls_low_cipherlist"
! #define DEF_TLS_LOW_CLIST "ALL:!EXPORT:+RC4:@STRENGTH"
extern char *var_tls_low_clist;
#define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist"
! #define DEF_TLS_EXPORT_CLIST "ALL:+RC4:@STRENGTH"
extern char *var_tls_export_clist;
#define VAR_TLS_NULL_CLIST "tls_null_cipherlist"
--- 2919,2949 ----
/*
* TLS cipherlists
*/
+ #ifdef USE_TLS
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x1000000fL
+ #define PREFER_aNULL "aNULL:-aNULL:"
+ #else
+ #define PREFER_aNULL ""
+ #endif
+ #else
+ #define PREFER_aNULL ""
+ #endif
+
#define VAR_TLS_HIGH_CLIST "tls_high_cipherlist"
! #define DEF_TLS_HIGH_CLIST PREFER_aNULL "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
extern char *var_tls_high_clist;
#define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist"
! #define DEF_TLS_MEDIUM_CLIST PREFER_aNULL "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
extern char *var_tls_medium_clist;
#define VAR_TLS_LOW_CLIST "tls_low_cipherlist"
! #define DEF_TLS_LOW_CLIST PREFER_aNULL "ALL:!EXPORT:+RC4:@STRENGTH"
extern char *var_tls_low_clist;
#define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist"
! #define DEF_TLS_EXPORT_CLIST PREFER_aNULL "ALL:+RC4:@STRENGTH"
extern char *var_tls_export_clist;
#define VAR_TLS_NULL_CLIST "tls_null_cipherlist"
diff -cr --new-file /var/tmp/postfix-2.7.0/src/milter/milter.c ./src/milter/milter.c
*** /var/tmp/postfix-2.7.0/src/milter/milter.c Mon Apr 27 10:57:04 2009
--- ./src/milter/milter.c Wed May 26 10:28:24 2010
***************
*** 901,907 ****
msg_warn("no milters");
continue;
}
! resp = milter_rcpt_event(milters, (const char **) args);
} else if (strcmp(cmd, "unknown") == 0 && argv->argc > 0) {
if (milters == 0) {
msg_warn("no milters");
--- 901,907 ----
msg_warn("no milters");
continue;
}
! resp = milter_rcpt_event(milters, 0, (const char **) args);
} else if (strcmp(cmd, "unknown") == 0 && argv->argc > 0) {
if (milters == 0) {
msg_warn("no milters");
diff -cr --new-file /var/tmp/postfix-2.7.0/src/smtp/smtp_proto.c ./src/smtp/smtp_proto.c
*** /var/tmp/postfix-2.7.0/src/smtp/smtp_proto.c Tue Nov 10 20:48:13 2009
--- ./src/smtp/smtp_proto.c Tue Jun 1 16:17:30 2010
***************
*** 1204,1224 ****
* Build the XFORWARD command. With properly sanitized
* information, the command length stays within the 512 byte
* command line length limit.
! */
case SMTP_STATE_XFORWARD_NAME_ADDR:
vstring_strcpy(next_command, XFORWARD_CMD);
if ((session->features & SMTP_FEATURE_XFORWARD_NAME)
! && DEL_REQ_ATTR_AVAIL(request->client_name)) {
vstring_strcat(next_command, " " XFORWARD_NAME "=");
xtext_quote_append(next_command, request->client_name, "");
}
if ((session->features & SMTP_FEATURE_XFORWARD_ADDR)
! && DEL_REQ_ATTR_AVAIL(request->client_addr)) {
vstring_strcat(next_command, " " XFORWARD_ADDR "=");
xtext_quote_append(next_command, request->client_addr, "");
}
if ((session->features & SMTP_FEATURE_XFORWARD_PORT)
! && DEL_REQ_ATTR_AVAIL(request->client_port)) {
vstring_strcat(next_command, " " XFORWARD_PORT "=");
xtext_quote_append(next_command, request->client_port, "");
}
--- 1204,1242 ----
* Build the XFORWARD command. With properly sanitized
* information, the command length stays within the 512 byte
* command line length limit.
! *
! * XXX smtpd_xforward_preset() initializes some fields as "unknown"
! * and some as null; historically, pickup(8) does not send any of
! * these, and the queue manager presets absent fields to "not
! * available" except for the rewrite context which is preset to
! * local by way of migration aid. These definitions need to be
! * centralized for maintainability.
! */
! #ifndef CAN_FORWARD_CLIENT_NAME
! #define _ATTR_AVAIL_AND_KNOWN_(val) \
! (DEL_REQ_ATTR_AVAIL(val) && strcasecmp((val), "unknown"))
! #define CAN_FORWARD_CLIENT_NAME _ATTR_AVAIL_AND_KNOWN_
! #define CAN_FORWARD_CLIENT_ADDR _ATTR_AVAIL_AND_KNOWN_
! #define CAN_FORWARD_CLIENT_PORT _ATTR_AVAIL_AND_KNOWN_
! #define CAN_FORWARD_PROTO_NAME _ATTR_AVAIL_AND_KNOWN_
! #define CAN_FORWARD_HELO_NAME DEL_REQ_ATTR_AVAIL
! #define CAN_FORWARD_RWR_CONTEXT DEL_REQ_ATTR_AVAIL
! #endif
!
case SMTP_STATE_XFORWARD_NAME_ADDR:
vstring_strcpy(next_command, XFORWARD_CMD);
if ((session->features & SMTP_FEATURE_XFORWARD_NAME)
! && CAN_FORWARD_CLIENT_NAME(request->client_name)) {
vstring_strcat(next_command, " " XFORWARD_NAME "=");
xtext_quote_append(next_command, request->client_name, "");
}
if ((session->features & SMTP_FEATURE_XFORWARD_ADDR)
! && CAN_FORWARD_CLIENT_ADDR(request->client_addr)) {
vstring_strcat(next_command, " " XFORWARD_ADDR "=");
xtext_quote_append(next_command, request->client_addr, "");
}
if ((session->features & SMTP_FEATURE_XFORWARD_PORT)
! && CAN_FORWARD_CLIENT_PORT(request->client_port)) {
vstring_strcat(next_command, " " XFORWARD_PORT "=");
xtext_quote_append(next_command, request->client_port, "");
}
***************
*** 1231,1247 ****
case SMTP_STATE_XFORWARD_PROTO_HELO:
vstring_strcpy(next_command, XFORWARD_CMD);
if ((session->features & SMTP_FEATURE_XFORWARD_PROTO)
! && DEL_REQ_ATTR_AVAIL(request->client_proto)) {
vstring_strcat(next_command, " " XFORWARD_PROTO "=");
xtext_quote_append(next_command, request->client_proto, "");
}
if ((session->features & SMTP_FEATURE_XFORWARD_HELO)
! && DEL_REQ_ATTR_AVAIL(request->client_helo)) {
vstring_strcat(next_command, " " XFORWARD_HELO "=");
xtext_quote_append(next_command, request->client_helo, "");
}
if ((session->features & SMTP_FEATURE_XFORWARD_DOMAIN)
! && DEL_REQ_ATTR_AVAIL(request->rewrite_context)) {
vstring_strcat(next_command, " " XFORWARD_DOMAIN "=");
xtext_quote_append(next_command,
strcmp(request->rewrite_context, MAIL_ATTR_RWR_LOCAL) ?
--- 1249,1265 ----
case SMTP_STATE_XFORWARD_PROTO_HELO:
vstring_strcpy(next_command, XFORWARD_CMD);
if ((session->features & SMTP_FEATURE_XFORWARD_PROTO)
! && CAN_FORWARD_PROTO_NAME(request->client_proto)) {
vstring_strcat(next_command, " " XFORWARD_PROTO "=");
xtext_quote_append(next_command, request->client_proto, "");
}
if ((session->features & SMTP_FEATURE_XFORWARD_HELO)
! && CAN_FORWARD_HELO_NAME(request->client_helo)) {
vstring_strcat(next_command, " " XFORWARD_HELO "=");
xtext_quote_append(next_command, request->client_helo, "");
}
if ((session->features & SMTP_FEATURE_XFORWARD_DOMAIN)
! && CAN_FORWARD_RWR_CONTEXT(request->rewrite_context)) {
vstring_strcat(next_command, " " XFORWARD_DOMAIN "=");
xtext_quote_append(next_command,
strcmp(request->rewrite_context, MAIL_ATTR_RWR_LOCAL) ?
***************
*** 1979,1997 ****
send_name_addr =
var_smtp_send_xforward
&& (((session->features & SMTP_FEATURE_XFORWARD_NAME)
! && DEL_REQ_ATTR_AVAIL(request->client_name))
|| ((session->features & SMTP_FEATURE_XFORWARD_ADDR)
! && DEL_REQ_ATTR_AVAIL(request->client_addr))
|| ((session->features & SMTP_FEATURE_XFORWARD_PORT)
! && DEL_REQ_ATTR_AVAIL(request->client_port)));
session->send_proto_helo =
var_smtp_send_xforward
&& (((session->features & SMTP_FEATURE_XFORWARD_PROTO)
! && DEL_REQ_ATTR_AVAIL(request->client_proto))
|| ((session->features & SMTP_FEATURE_XFORWARD_HELO)
! && DEL_REQ_ATTR_AVAIL(request->client_helo))
|| ((session->features & SMTP_FEATURE_XFORWARD_DOMAIN)
! && DEL_REQ_ATTR_AVAIL(request->rewrite_context)));
if (send_name_addr)
recv_state = send_state = SMTP_STATE_XFORWARD_NAME_ADDR;
else if (session->send_proto_helo)
--- 1997,2015 ----
send_name_addr =
var_smtp_send_xforward
&& (((session->features & SMTP_FEATURE_XFORWARD_NAME)
! && CAN_FORWARD_CLIENT_NAME(request->client_name))
|| ((session->features & SMTP_FEATURE_XFORWARD_ADDR)
! && CAN_FORWARD_CLIENT_ADDR(request->client_addr))
|| ((session->features & SMTP_FEATURE_XFORWARD_PORT)
! && CAN_FORWARD_CLIENT_PORT(request->client_port)));
session->send_proto_helo =
var_smtp_send_xforward
&& (((session->features & SMTP_FEATURE_XFORWARD_PROTO)
! && CAN_FORWARD_PROTO_NAME(request->client_proto))
|| ((session->features & SMTP_FEATURE_XFORWARD_HELO)
! && CAN_FORWARD_HELO_NAME(request->client_helo))
|| ((session->features & SMTP_FEATURE_XFORWARD_DOMAIN)
! && CAN_FORWARD_RWR_CONTEXT(request->rewrite_context)));
if (send_name_addr)
recv_state = send_state = SMTP_STATE_XFORWARD_NAME_ADDR;
else if (session->send_proto_helo)
diff -cr --new-file /var/tmp/postfix-2.7.0/src/tls/tls_certkey.c ./src/tls/tls_certkey.c
*** /var/tmp/postfix-2.7.0/src/tls/tls_certkey.c Sat Nov 8 18:53:49 2008
--- ./src/tls/tls_certkey.c Tue Jun 1 19:52:06 2010
***************
*** 158,164 ****
return (-1); /* logged */
if (*dcert_file && !set_cert_stuff(ctx, "DSA", dcert_file, dkey_file))
return (-1); /* logged */
! #if OPENSSL_VERSION_NUMBER >= 0x00909000 && !defined(OPENSSL_NO_ECDH)
if (*eccert_file && !set_cert_stuff(ctx, "ECDSA", eccert_file, eckey_file))
return (-1); /* logged */
#else
--- 158,164 ----
return (-1); /* logged */
if (*dcert_file && !set_cert_stuff(ctx, "DSA", dcert_file, dkey_file))
return (-1); /* logged */
! #if OPENSSL_VERSION_NUMBER >= 0x1000000fL && !defined(OPENSSL_NO_ECDH)
if (*eccert_file && !set_cert_stuff(ctx, "ECDSA", eccert_file, eckey_file))
return (-1); /* logged */
#else
diff -cr --new-file /var/tmp/postfix-2.7.0/src/tls/tls_client.c ./src/tls/tls_client.c
*** /var/tmp/postfix-2.7.0/src/tls/tls_client.c Sat Nov 8 18:51:41 2008
--- ./src/tls/tls_client.c Tue Jun 1 19:52:06 2010
***************
*** 725,731 ****
int protomask;
const char *cipher_list;
SSL_SESSION *session;
! SSL_CIPHER *cipher;
X509 *peercert;
TLS_SESS_STATE *TLScontext;
TLS_APPL_STATE *app_ctx = props->ctx;
--- 725,731 ----
int protomask;
const char *cipher_list;
SSL_SESSION *session;
! const SSL_CIPHER *cipher;
X509 *peercert;
TLS_SESS_STATE *TLScontext;
TLS_APPL_STATE *app_ctx = props->ctx;
diff -cr --new-file /var/tmp/postfix-2.7.0/src/tls/tls_dh.c ./src/tls/tls_dh.c
*** /var/tmp/postfix-2.7.0/src/tls/tls_dh.c Sun Nov 9 15:11:14 2008
--- ./src/tls/tls_dh.c Tue Jun 1 19:52:06 2010
***************
*** 205,211 ****
int tls_set_eecdh_curve(SSL_CTX *server_ctx, const char *grade)
{
! #if OPENSSL_VERSION_NUMBER >= 0x00909000 && !defined(OPENSSL_NO_ECDH)
int nid;
EC_KEY *ecdh;
const char *curve;
--- 205,211 ----
int tls_set_eecdh_curve(SSL_CTX *server_ctx, const char *grade)
{
! #if OPENSSL_VERSION_NUMBER >= 0x1000000fL && !defined(OPENSSL_NO_ECDH)
int nid;
EC_KEY *ecdh;
const char *curve;
diff -cr --new-file /var/tmp/postfix-2.7.0/src/tls/tls_server.c ./src/tls/tls_server.c
*** /var/tmp/postfix-2.7.0/src/tls/tls_server.c Sat Nov 8 18:51:48 2008
--- ./src/tls/tls_server.c Tue Jun 1 19:52:06 2010
***************
*** 554,560 ****
{
int sts;
TLS_SESS_STATE *TLScontext;
! SSL_CIPHER *cipher;
X509 *peer;
char buf[CCERT_BUFSIZ];
const char *cipher_list;
--- 554,560 ----
{
int sts;
TLS_SESS_STATE *TLScontext;
! const SSL_CIPHER *cipher;
X509 *peer;
char buf[CCERT_BUFSIZ];
const char *cipher_list;
diff -cr --new-file /var/tmp/postfix-2.7.0/src/util/dict_db.c ./src/util/dict_db.c
*** /var/tmp/postfix-2.7.0/src/util/dict_db.c Sat Jan 2 16:28:08 2010
--- ./src/util/dict_db.c Tue Jun 1 17:07:49 2010
***************
*** 675,681 ****
msg_fatal("set DB cache size %d: %m", dict_db_cache_size);
if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
! #if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0)
msg_fatal("open database %s: %m", db_path);
#elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4)
--- 675,681 ----
msg_fatal("set DB cache size %d: %m", dict_db_cache_size);
if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
! #if DB_VERSION_MAJOR == 5 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0)
msg_fatal("open database %s: %m", db_path);
#elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4)
diff -cr --new-file /var/tmp/postfix-2.7.0/src/util/match_list.c ./src/util/match_list.c
*** /var/tmp/postfix-2.7.0/src/util/match_list.c Thu Jan 18 19:21:13 2007
--- ./src/util/match_list.c Tue Jun 1 14:10:20 2010
***************
*** 116,121 ****
--- 116,126 ----
* prepend the negation operator to each item from the file.
*/
while ((start = mystrtok(&bp, delim)) != 0) {
+ if (*start == '#') {
+ msg_warn("%s: comment at end of line is not supported: %s %s",
+ myname, start, bp);
+ break;
+ }
for (match = init_match, item = start; *item == '!'; item++)
match = !match;
if (*item == 0)
diff -cr --new-file /var/tmp/postfix-2.7.0/src/util/sys_defs.h ./src/util/sys_defs.h
*** /var/tmp/postfix-2.7.0/src/util/sys_defs.h Sat Nov 14 18:32:37 2009
--- ./src/util/sys_defs.h Tue Jun 1 19:56:57 2010
***************
*** 208,214 ****
#define DEF_DB_TYPE "hash"
#define ALIAS_DB_MAP "hash:/etc/aliases"
#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
- #define RESOLVE_H_NEEDS_NAMESER8_COMPAT_H
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin"
#define USE_STATFS
#define STATFS_IN_SYS_MOUNT_H
--- 208,213 ----