postfix-3.9-20230412

postfix/HISTORY

@@ -26754,7 +26754,7 @@ Apologies for any names omitted.
 	progress. Reported by Phil Biggs, fix by Viktor Dukhovni.
 	File: util/dict_cache.c.
 
-20220104
+20230104
 
 	Feature: configuration parameter tls_ffdhe_auto_groups for
 	FFDHE support in TLS 1.3 with OpenSSL 3.0. Viktor Dukhovni.
@@ -26773,7 +26773,7 @@ Apologies for any names omitted.
 	Bitrot: fixes for linker warnings from newer Darwin (MacOS)
 	versions. Viktor Dukhovni. File: makedefs.
 
-20220108
+20230108
 
 	Minor wordsmithing. Files: text in proto/postconf.proto,
 	warning message tls.tls_dh.c.

postfix/RELEASE_NOTES

@@ -1,57 +1,27 @@
-This is the Postfix 3.8 (experimental) release.
+This is the Postfix 3.9 experimental release.
 
-The stable Postfix release is called postfix-3.7.x where 3=major
+The stable Postfix release is called postfix-3.8.x where 3=major
-release number, 7=minor release number, x=patchlevel.  The stable
+release number, 8=minor release number, x=patchlevel. The stable
 release never changes except for patches that address bugs or
 emergencies. Patches change the patchlevel and the release date.
 
 New features are developed in snapshot releases. These are called
-postfix-3.8-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+postfix-3.9-yyyymmdd where yyyymmdd is the release date (yyyy=year,
-mm=month, dd=day).  Patches are never issued for snapshot releases;
+mm=month, dd=day). Patches are never issued for snapshot releases;
 instead, a new snapshot is released.
 
 The mail_release_date configuration parameter (format: yyyymmdd)
 specifies the release date of a stable release or snapshot release.
 
-If you upgrade from Postfix 3.6 or earlier, read RELEASE_NOTES-3.7
+If you upgrade from Postfix 3.7 or earlier, please read RELEASE_NOTES-3.8
 before proceeding.
 
-License change
+Dual license
----------------
+------------
 
-This software is distributed with a dual license: in addition to the
+As of Postfix 3.2.5 this software is distributed with a dual license:
-historical IBM Public License 1.0, it is now also distributed with the
+in addition to the historical IBM Public License (IPL) 1.0, it is
-more recent Eclipse Public License 2.0. Recipients can choose to take
+now also distributed with the more recent Eclipse Public License
-the software under the license of their choice. Those who are more
+(EPL) 2.0. Recipients can choose to take the software under the
-comfortable with the IPL can continue with that license.
+license of their choice. Those who are more comfortable with the
-
+IPL can continue with that license.
-Incompatible changes with snapshot 20230304
-===========================================
-
-This introduces the following changes in Postfix TLS support:
-
-- Postfix ignores "export" and "low" cipher list settings, and
-  treats the "export" and "low" cipher grade settings as "medium".
-  These grades are no longer supported in OpenSSL 1.1.1, the minimum
-  version that Postfix requires.
-
-- Postfix default settings now exclude the following deprecated or
-  unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5),
-  key exchange algorithms (DH, ECDH), and public key algorithm
-  (DSS).
-
-Incompatible changes with snapshot 20221228
-===========================================
-
-Postfix documentation and code have been converted to use "grep -E"
-and "grep -F" instead of the historical forms egrep and fgrep.  To
-build Postfix on a system that supports only the historical forms,
-run the script auxiliary/fix-grep/fix-grep.sh to revert this change.
-
-Incompatible changes with snapshot 20220507
-===========================================
-
-Most global/mkmap*.[hc] files have moved to the util directory;
-only global/mkmap_proxy.* remains. The old file organization was
-designed before support for dynamically-loadable databases was
-added, and the code suffered from complexity.

postfix/RELEASE_NOTES-3.8

@@ -0,0 +1,128 @@
+This is the Postfix 3.8 stable release.
+
+The stable Postfix release is called postfix-3.8.x where 3=major
+release number, 8=minor release number, x=patchlevel. The stable
+release never changes except for patches that address bugs or
+emergencies. Patches change the patchlevel and the release date.
+
+New features are developed in snapshot releases. These are called
+postfix-3.9-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+mm=month, dd=day). Patches are never issued for snapshot releases;
+instead, a new snapshot is released.
+
+The mail_release_date configuration parameter (format: yyyymmdd)
+specifies the release date of a stable release or snapshot release.
+
+If you upgrade from Postfix 3.6 or earlier, please read RELEASE_NOTES-3.7
+before proceeding.
+
+Dual license
+------------
+
+As of Postfix 3.2.5 this software is distributed with a dual license:
+in addition to the historical IBM Public License (IPL) 1.0, it is
+now also distributed with the more recent Eclipse Public License
+(EPL) 2.0. Recipients can choose to take the software under the
+license of their choice. Those who are more comfortable with the
+IPL can continue with that license.
+
+Major changes - documentation and code cleanup
+----------------------------------------------
+
+There are numerous small fixes to Postfix documentation, and small
+code-health changes that should not affect documented behavior but
+may improve Postfix behavior for malformed input, or that make
+Postfix easier to maintain. See the HISTORY file for details.
+
+Major changes - SRV support
+---------------------------
+
+[Feature 20230214] Support to look up DNS SRV records in the Postfix
+SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat).
+
+For example, with "use_srv_lookup = submission" and "relayhost =
+example.com:submission", the Postfix SMTP client will look up DNS
+SRV records for _submission._tcp.example.com, and will relay email
+through the hosts and ports that are specified with those records.
+
+See https://www.postfix.org/postconf.5.html#use_srv_lookup for more
+details, including how to selectively use SRV in a configuration
+that connects to multiple ISP accounts.
+
+SRV support may also be useful inside a cloud-based infrastructure
+when Postfix needs to deliver mail to services that run on a
+dynamically-allocated port.
+
+Major changes - TLS support
+---------------------------
+
+[Incompat 20230304] This introduces the following changes:
+
+- Postfix treats the "export" and "low" cipher grade settings as
+  "medium". The  "export" and "low" grades are no longer supported
+  in OpenSSL 1.1.1, the minimum version that Postfix requires.
+
+- Postfix default settings now exclude the following deprecated or
+  unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5),
+  key exchange algorithms (DH, ECDH), and public key algorithm
+  (DSS).
+
+[Feature 20230108] New configuration parameter tls_ffdhe_auto_groups
+for finite-field Diffie-Hellman ephemeral (FFDHE) support in TLS
+1.3 with OpenSSL 3.0.
+
+Major changes - attack resistance
+---------------------------------
+
+[Feature 20240312] the Postfix SMTP server can now aggregate
+smtpd_client_*_rate and smtpd_client_*_count statistics by network
+block, as specified with smtpd_client_ipv4_prefix_length (default
+32, no aggregation) and smtpd_client_ipv6_prefix_length (default
+84, aggregation by /84 network blocks). The latter raises the bar
+for a memory exhaustion attack.
+
+[Feature 20221023] Unconditionally disable a CPU resource attack
+requesting TLS renegotiation. There's no good reason to support
+this in the middle of an SMTP connection.
+
+Major changes - bit rot
+-----------------------
+
+[Incompat 20221228] Postfix documentation and code have been converted
+to use "grep -E" and "grep -F" instead of the historical forms
+"egrep" and "fgrep". To build Postfix on a system that supports
+only the historical forms, run the script auxiliary/fix-grep/fix-grep.sh
+to revert this change.
+
+Major changes - configuration checks
+------------------------------------
+
+[Feature 20240406] The postconf command now warns for #comment in
+or after a Postfix parameter value. Postfix programs do not support
+#comment after other text, and treat that as input.
+
+Major changes - database support
+--------------------------------
+
+[Incompat 20220509] The PostgreSQL client encoding is now configurable
+with the "encoding" Postfix configuration file attribute. The default
+is "UTF8". Previously the encoding was hard-coded as "LATIN1".
+
+Major changes - logging
+-----------------------
+
+[Incompat 20230308] The postfix(1) and postlog(1) commands now
+produce stderr logging even when stderr is not connected to a
+terminal. This eliminates an inconsistency, and makes these programs
+easier to use in some automated procedures. The canonical example
+is to capture output from "postmulti -p status" to figure out which
+instances are or are not running.
+
+Major changes - source code organization
+----------------------------------------
+
+[Incompat 20220507] Most global/mkmap*.[hc] files are moved to the
+util directory; only global/mkmap_proxy.* remains. The old file
+organization was designed before support for dynamically-loadable
+databases was added, and that code suffered from complexity.
+

postfix/conf/main.cf

@@ -31,7 +31,7 @@
 #
 # The level below is what should be used with new (not upgrade) installs.
 #
-compatibility_level = 3.8
+compatibility_level = 3.9
 
 # SOFT BOUNCE
 #

postfix/proto/stop

@@ -1571,3 +1571,9 @@ https
 egrep
 fgrep
 SRV
+EPL
+FFDHE
+Korbar
+ffdhe
+srv
+stderr

postfix/src/global/mail_version.h

@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20230409"
+#define MAIL_RELEASE_DATE	"20230412"
-#define MAIL_VERSION_NUMBER	"3.8"
+#define MAIL_VERSION_NUMBER	"3.9"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE

postfix/src/postconf/Makefile.in

@@ -1225,6 +1225,7 @@ postconf_misc.o: ../../include/myflock.h
 postconf_misc.o: ../../include/mymalloc.h
 postconf_misc.o: ../../include/name_code.h
 postconf_misc.o: ../../include/safe.h
+postconf_misc.o: ../../include/stringops.h
 postconf_misc.o: ../../include/sys_defs.h
 postconf_misc.o: ../../include/vbuf.h
 postconf_misc.o: ../../include/vstream.h

postfix/src/util/inet_prefix_top.c

@@ -105,6 +105,7 @@ char   *inet_prefix_top(int af, const void *src, int prefix_len)
 
 #include <stdlib.h>
 #include <msg_vstream.h>
+#include <name_code.h>
 
  /*
   * TODO: add test cases for fatal and panic errors, intercept msg_fatal()
@@ -112,20 +113,25 @@ char   *inet_prefix_top(int af, const void *src, int prefix_len)
   */
 typedef struct TEST_CASE {
     int     in_af;
-    const char *in_address;
     int     in_prefix_len;
     const char *exp_prefix;
 } TEST_CASE;
 
 static TEST_CASE test_cases[] = {
-    AF_INET, "255.255.255.255", 32, "255.255.255.255",
+    AF_INET, 32, "255.255.255.255",
-    AF_INET, "255.255.255.255", 28, "255.255.255.240/28",
+    AF_INET, 28, "255.255.255.240/28",
-    AF_INET, "255.255.255.255", 4, "240.0.0.0/4",
+    AF_INET, 4, "240.0.0.0/4",
-    AF_INET, "255.255.255.255", 0, "0.0.0.0/0",
+    AF_INET, 0, "0.0.0.0/0",
-    AF_INET6, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 128, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+    AF_INET6, 128, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
-    AF_INET6, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 124, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:fff0/124",
+    AF_INET6, 124, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:fff0/124",
-    AF_INET6, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 4, "f000::/4",
+    AF_INET6, 4, "f000::/4",
-    AF_INET6, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 0, "::/0",
+    AF_INET6, 0, "::/0",
+};
+
+const NAME_CODE af_map[] = {
+    "AF_INET", AF_INET,
+    "AF_INET6", AF_INET6,
+    0,
 };
 
 #define TEST_CASE_COUNT (sizeof(test_cases) / sizeof(test_cases[0]))
@@ -142,38 +148,21 @@ int     main(int argc, char **argv)
     int     fail = 0;
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
+    memset(&u, ~0, sizeof(u));
 
     for (tp = test_cases; tp < test_cases + TEST_CASE_COUNT; tp++) {
-	msg_info("RUN  %s/%d -> %s", tp->in_address, tp->in_prefix_len,
+	msg_info("RUN  %s/%d", str_name_code(af_map, tp->in_af),
-		 tp->exp_prefix);
+		 tp->in_prefix_len);
-	switch (inet_pton(tp->in_af, tp->in_address, &u)) {
+	act_prefix = inet_prefix_top(tp->in_af, &u, tp->in_prefix_len);
-	case -1:
+	if (strcmp(act_prefix, tp->exp_prefix) != 0) {
-	    msg_warn("inet_pton(af = %d, src = \"%s\", &u) failed: %m",
+	    msg_warn("got \"%s\", want \"%s\"", act_prefix, tp->exp_prefix);
-		     tp->in_af, tp->in_address);
 	    fail += 1;
-	    msg_info("FAIL %s/%d -> %s", tp->in_address, tp->in_prefix_len,
+	    msg_info("FAIL %s/%d", str_name_code(af_map, tp->in_af),
-		     tp->exp_prefix);
+		     tp->in_prefix_len);
-	    break;
+	} else {
-	default:
+	    pass += 1;
-	    msg_warn("inet_pton(af = %d, src = \"%s\", &u) failed",
+	    msg_info("PASS %s/%d", str_name_code(af_map, tp->in_af),
-		     tp->in_af, tp->in_address);
+		     tp->in_prefix_len);
-	    fail += 1;
-	    msg_info("FAIL %s/%d -> %s", tp->in_address, tp->in_prefix_len,
-		     tp->exp_prefix);
-	    break;
-	case 1:
-	    act_prefix = inet_prefix_top(tp->in_af, &u, tp->in_prefix_len);
-	    if (strcmp(act_prefix, tp->exp_prefix) != 0) {
-		msg_warn("got \"%s\", want \"%s\"", act_prefix, tp->exp_prefix);
-		fail += 1;
-		msg_info("FAIL %s/%d -> %s", tp->in_address, tp->in_prefix_len,
-			 tp->exp_prefix);
-	    } else {
-		pass += 1;
-		msg_info("PASS %s/%d -> %s", tp->in_address, tp->in_prefix_len,
-			 tp->exp_prefix);
-	    }
-	    break;
 	}
     }
     msg_info("PASS=%d FAIL=%d", pass, fail);