repository, don't attempt to install it, and don't expect it to
be installed. If a better fix is to return 02-dump, then this
change can be reverted (by anyone, just go ahead and do it).
dhcpcd(8) should also have mention of 02-dump removed, if removing
it was intentional.
middle-end/94479 - fix gimplification of address
When gimplifying an address operand we may expose an indirect
ref via DECL_VALUE_EXPR for example. This is dealt with in the
code already but it fails to consider that INDIRECT_REFs get
gimplified to MEM_REFs.
Fixed which makes the ICE observed on x86_64-netbsd go away.
2020-04-07 Richard Biener <rguenther@suse.de>
PR middle-end/94479
* gimplify.c (gimplify_addr_expr): Also consider generated
MEM_REFs.
* gcc.dg/torture/pr94479.c: New testcase.
Fixes -fstack-check ICE when building devel/git-base.
0x60006003, which blocks SIGTERM by default, so running something simple
from a hook, like /etc/rc.d/racoon restart does not work. The script
is then stuck waiting for the daemon to die, which it won't since it will
never receive the signal, and the hook never terminates.
2020-01-18 Nick Clifton <nickc@redhat.com>
Binutils 2.34 branch created.
2020-01-18 Nick Clifton <nickc@redhat.com>
Synchronize top level configure files with master version:
2020-01-01 Ben Elliston <bje@gnu.org>
* config.guess: Update copyright years.
* config.sub: Likewise.
2019-12-21 Ben Elliston <bje@gnu.org>
* config.guess (set_cc_for_build): Prevent multiple calls by
checking if $tmp is already set. We can't check CC_FOR_BUILD as
the user may set it externally. Thanks to Torbjörn Granlund for
the bug report.
2019-12-21 Torbjörn Granlund <tg@gmplib.org>
* config.guess (alpha:Linux:*:*): Guard against missing
/proc/cpuinfo by redirecting standard error to /dev/null.
2019-09-12 Daniel Bittman <danielbittman1@gmail.com>
* config.guess (*:Twizzler:*:*): New.
* config.sub (-twizzler*): New.
2019-07-24 Ben Elliston <bje@gnu.org>
* config.guess (mips:OSF1:*.*): Whitespace cleanup.
2019-06-30 Ben Elliston <bje@gnu.org>
* config.sub (case $os): Match nsk* and powerunix. Don't later
match nsk* and set os=nsk which removes the OS version number.
2019-06-30 Ben Elliston <bje@gnu.org>
* config.sub: Recognise os108*.
2019-06-26 Ben Elliston <bje@gnu.org>
* config.sub (hp300): Set $os to hpux.
2019-06-26 Ben Elliston <bje@gnu.org>
* config.sub (vsta): Move into alphabetical order.
2019-06-10 Ben Elliston <bje@gnu.org>
* config.guess (*:OS108:*:*): Recognise new OS.
2019-05-28 Ben Elliston <bje@gnu.org>
* config.guess (*:Darwin:*:*): Run xcode-select to determine if a
system compiler is installed. If not, do not run set_cc_for_build,
as the default cc will open a dialog box asking to install
Xcode. If no C compiler is available, guess based on uname -p and
uname -m.
2019-05-28 Ben Elliston <bje@gnu.org>
* config.guess (*:Darwin:*:*): Simplify UNAME_PROCESSOR.
2020-01-17 Simon Marchi <simon.marchi@efficios.com>
* Makefile.def: Add dependencies of all-gdbsupport on all-bfd.
* Makefile.in: Re-generate.
2020-01-14 Tom Tromey <tom@tromey.com>
* src-release.sh (GDB_SUPPORT_DIRS): Add gdbsupport.
* MAINTAINERS: Add gdbsupport.
* configure: Rebuild.
* configure.ac (configdirs): Add gdbsupport.
* gdbsupport: New directory, move from gdb/gdbsupport.
* Makefile.def (host_modules, dependencies): Add gnulib.
* Makefile.in: Rebuild.
2020-01-09 Aaron Merey <amerey@redhat.com>
* config/debuginfod.m4: New file. Add macro AC_DEBUGINFOD. Adds
new configure option --with-debuginfod.
* configure: Regenerate.
* configure.ac: Call AC_DEBUGINFOD.
2019-12-26 Christian Biesinger <cbiesinger@google.com>
* .gitignore: Add perf.data and perf.data.old.
2019-10-17 Sergio Durigan Junior <sergiodj@redhat.com>
* src-release.sh (GDB_SUPPORT_DIRS): Add libctf.
2019-10-17 Alan Modra <amodra@gmail.com>
PR 29
* src-release.sh (getver): Replace "head -1" with "head -n 1".
2019-07-30 Nick Alcock <nick.alcock@oracle.com>
* Makefile.def (host_modules): libctf is no longer no_install.
* Makefile.in: Regenerated.
2019-07-13 Nick Alcock <nick.alcock@oracle.com>
* Makefile.def (dependencies): all-ld depends on all-libctf.
* Makefile.in: Regenerated.
2019-09-09 Phil Blundell <pb@pbcl.net>
binutils 2.33 branch created
2019-08-19 Tom Tromey <tom@tromey.com>
* configure: Rebuild.
* configure.ac: Add --with-static-standard-libraries.
2019-08-09 Nick Clifton <nickc@redhat.com>
* libiberty: Sync with gcc. Bring in:
2019-08-08 Martin Liska <mliska@suse.cz>
PR bootstrap/91352
* lrealpath.c (is_valid_fd): New function.
2019-07-24 Martin Liska <mliska@suse.cz>
PR lto/91228
* simple-object-elf.c (simple_object_elf_copy_lto_debug_sections):
Find first '\0' starting from gnu_lto + 1.
2019-07-12 Ren Kimura <rkx1209dev@gmail.com>
* simple-object-elf.c (simple_object_elf_match): Check zero value shstrndx.
This fixes a Bug 90924.
2019-07-22 Martin Liska <mliska@suse.cz>
* simple-object-elf.c (simple_object_elf_copy_lto_debug_sections):
Do not search for gnu_lto_v1, but search for first '\0'.
2019-07-18 Eduard-Mihai Burtescu <eddyb@lyken.rs>
* cplus-dem.c: Include rust-demangle.h.
* rust-demangle.c: Include rust-demangle.h.
* rust-demangle.h: New file.
2019-05-31 Michael Forney <mforney@mforney.org>
* cp-demangle.c: Don't define CP_DYNAMIC_ARRAYS if __STDC_NO_VLA__
is non-zero.
2019-04-30 Ben L <bobsayshilol@live.co.uk>
* d-demangle.c (dlang_parse_assocarray): Correctly handle error result.
* testsuite/d-demangle-expected: Add testcase.
* d-demangle.c (dlang_parse_tuple): Correctly handle error result.
* testsuite/d-demangle-expected: Add testcase.
* d-demangle.c (dlang_parse_structlit): Correctly handle error result.
* testsuite/d-demangle-expected: Add testcase.
* d-demangle.c (dlang_parse_arrayliteral): Correctly handle error result.
* testsuite/d-demangle-expected: Add testcase.
* d-demangle.c (dlang_parse_integer): Fix stack underflow.
* testsuite/d-demangle-expected: Add testcase.
* cp-demangle (d_print_comp_inner): Guard against a NULL 'typed_name'.
* testsuite/demangle-expected: Add testcase.
* cp-demangle.c (d_encoding): Guard against NULL return values from
d_right (dc).
* testsuite/demangle-expected: Add testcase.
2019-04-29 Ben L <bobsayshilol@live.co.uk>
* cp-demangle.c (d_expression_1): Don't peek ahead unless the current
char is valid.
* testsuite/demangle-expected: Add testcase.
2019-04-10 Nick Clifton <nickc@redhat.com>
PR 89394
* cp-demangle.c (cplus_demangle_fill_name): Reject negative
lengths.
(d_count_templates_scopes): Replace num_templates and num_scopes
parameters with a struct d_print_info pointer parameter. Adjust
body of the function accordingly. Add recursion counter and check
that the recursion limit is not reached.
(d_print_init): Pass dpi parameter to d_count_templates_scopes.
Reset recursion counter afterwards, unless the recursion limit was
reached.
2019-07-13 Joel Brobecker <brobecker@adacore.com>
* src-release (getver): If $tool/gdbsupport/create-version.sh
exists, use that to determine the version number.
2019-06-21 Andreas Schwab <schwab@linux-m68k.org>
* src-release.sh (GDB_SUPPORT_DIRS): Add gnulib.
2019-06-14 Tom Tromey <tom@tromey.com>
* MAINTAINERS: Add gnulib.
* gnulib: New directory, move from gdb/gnulib.
* configure.ac (host_libs): Add gnulib.
* configure: Rebuild.
* Makefile.def (host_modules, dependencies): Add gnulib.
* Makefile.in: Rebuild.
2019-06-03 Nick Clifton <nickc@redhat.com>
Revert:
2019-05-29 Nick Clifton <nickc@redhat.com>
* configure.ac (noconfigdirs): Add libctf if the target does not use
the ELF file format.
* configure: Regenerate.
2019-05-29 Nick Clifton <nickc@redhat.com>
* src-release.sh (do_proto_toplev): Add libctf to list of
directories that can be disabled.
2019-05-29 Nick Clifton <nickc@redhat.com>
* configure.ac (noconfigdirs): Add libctf if the target does not use
the ELF file format.
* configure: Regenerate.
2019-05-28 Nick Alcock <nick.alcock@oracle.com>
* Makefile.def (dependencies): configure-libctf depends on all-bfd
and all its deps.
* Makefile.in: Regenerated.
2019-05-28 Nick Alcock <nick.alcock@oracle.com>
* MAINTAINERS: Add libctf.
2019-05-28 Nick Alcock <nick.alcock@oracle.com>
* Makefile.def (host_modules): Add libctf.
* Makefile.def (dependencies): Likewise.
libctf depends on zlib, libiberty, and bfd.
* Makefile.in: Regenerated.
* configure.ac (host_libs): Add libctf.
* configure: Regenerated.
2019-05-23 Jose E. Marchesi <jose.marchesi@oracle.com>
* config.guess: Synchronize with config project master sources.
* config.sub: Likewise.
* readline/support/config.guess: Likewise.
* readline/support/config.sub: Likewise.
2019-04-10 Nick Clifton <nickc@redhat.com>
* libiberty: Sync with gcc. Bring in:
2019-04-10 Nick Clifton <nickc@redhat.com>
PR 89394
* cp-demangle.c (cplus_demangle_fill_name): Reject negative
lengths.
(d_count_templates_scopes): Replace num_templates and num_scopes
parameters with a struct d_print_info pointer parameter. Adjust
body of the function accordingly. Add recursion counter and check
that the recursion limit is not reached.
(d_print_init): Pass dpi parameter to d_count_templates_scopes.
Reset recursion counter afterwards, unless the recursion limit was
reached.
2018-06-24 Nick Clifton <nickc@redhat.com>
2.32 branch created.
2019-01-14 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE>
Merge from GCC:
PR target/88535
* config.guess: Import upstream version 2019-01-03.
* config.sub: Import upstream version 2019-01-01.
2019-01-10 Nick Clifton <nickc@redhat.com>
* libiberty: Sync with gcc. Bring in:
2019-01-09 Sandra Loosemore <sandra@codesourcery.com>
PR other/16615
* cp-demangle.c: Mechanically replace "can not" with "cannot".
* floatformat.c: Likewise.
* strerror.c: Likewise.
2018-12-22 Jason Merrill <jason@redhat.com>
Remove support for demangling GCC 2.x era mangling schemes.
* cplus-dem.c: Remove cplus_mangle_opname, cplus_demangle_opname,
internal_cplus_demangle, and all subroutines.
(libiberty_demanglers): Remove entries for ancient GNU (pre-3.0),
Lucid, ARM, HP, and EDG demangling styles.
(cplus_demangle): Remove 'work' variable. Don't call
internal_cplus_demangle.
2019-01-03 Дилян Палаузов <dilyan.palauzov@aegee.org>
* configure.ac: Don't configure readline if --with-system-readline is
used.
* configure: Re-generate.
2018-10-31 Joseph Myers <joseph@codesourcery.com>
Merge from GCC:
PR bootstrap/82856
* multilib.am: New file. From automake.
2018-09-12 Sergio Durigan Junior <sergiodj@redhat.com>
* src-release.sh (GDB_SUPPORT_DIRS): Add "contrib".
2018-07-16 Nick Clifton <nickc@redhat.com>
@ -20,6 +338,18 @@
* config.guess: Sync with upstream version 2018-06-26.
* config.sub: Sync with upstream version 2018-07-02.
2018-06-29 Alexandre Oliva <oliva@adacore.com>
* configure.ac: Introduce support for @unless/@endunless.
* Makefile.tpl (dep-kind): Rewrite with cond; return
postbootstrap in some cases.
(make-postboot-dep, postboot-targets): New.
(dependencies): Do not output postbootstrap dependencies at
first. Output non-target ones changed for configure to depend
on stage_last @if gcc-bootstrap, and the original deps @unless
gcc-bootstrap.
* configure.in, Makefile.in: Rebuilt.
2018-06-24 Nick Clifton <nickc@redhat.com>
* configure: Regenerate.
* Decode interface complex interface names eth0.100:2 eth0i100:2.
This allows us to ignore some virtual interfaces by default
* ARP: Report L2 header address on conflict for more clarity
* DHCP: Support jumbo frames (untested)
* DHCP6: Clean up old lease on failure to confirm/rebind, etc
* RA: Prefer older routers
* INET6: Obscure prefixes are now calculated correctly
* Privilege Separation
* default hostname is now a blank string rather than localhost
* Leases are now dumped over the control socket - you get RA's now as well.
* Better support for many IPv6 routers
* RTM_MISS filtering
* RA: Deprecate stale addresses by setting pltime 0
* DHCP6: Deprecate stale addresses by setting pltime 0
The stable Postfix release is called postfix-3.5.x where 3=major
release number, 5=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.6-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.3 or earlier, read RELEASE_NOTES-3.4
before proceeding.
License change
---------------
This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Major changes - multiple relayhost in SMTP
------------------------------------------
[Feature 20200111] the Postfix SMTP and LMTP client support a list
of nexthop destinations separated by comma or whitespace. These
destinations will be tried in the specified order.
The list form can be specified in relayhost, transport_maps,
default_transport, and sender_dependent_default_transport_maps.
Examples:
/etc/postfix/main.cf:
relayhost = foo.example, bar.example
default_transport = smtp:foo.example, bar.example.
NOTE: this is an SMTP and LMTP client feature. It does not work for
other Postfix delivery agents.
Major changes - certificate access
----------------------------------
[Feature 20190517] Search order support for check_ccert_access.
Search order support for other tables is in design (canonical_maps,
virtual_alias_maps, transport_maps, etc.).
The following check_ccert_access setting uses the built-in search
order: it first looks up the client certificate fingerprint, then
the client certificate public-key fingerprint, and it stops when a
decision is made.
/etc/postfix/main.cf:
smtpd_mumble_restrictions =
...
check_ccert_access hash:/etc/postfix/ccert-access
...
The following setting, with explicit search order, produces the
exact same result:
/etc/postfix/main.cf:
smtpd_mumble_restrictions =
...
check_ccert_access {
hash:/etc/postfix/ccert-access {
search_order = cert_fingerprint, pubkey_fingerprint } }
...
Support is planned for other certificate features.
Major changes - dovecot usability
---------------------------------
[Feature 20190615] The SMTP+LMTP delivery agent can now prepend
Delivered-To, X-Original-To and Return-Path headers, just like the
pipe(8) and local(8) delivery agents.
This uses the "flags=DORX" command-line flags in master.cf. See the
smtp(8) manpage for details.
This obsoletes the "lmtp_assume_final = yes" setting, and replaces
it with "flags=...X...", for consistency with the pipe(8) delivery
agent.
Major changes - forced expiration
---------------------------------
[Feature 20200202] Support to force-expire email messages. This
introduces new postsuper(1) command-line options to request expiration,
and additional information in mailq(1) or postqueue(1) output.
The forced-to-expire status is stored in a queue file attribute.
An expired message is returned to the sender when the queue manager
attempts to deliver that message (note that Postfix will never
deliver messages in the hold queue).
The postsuper(1) -e and -f options both set the forced-to-expire
queue file attribute. The difference is that -f will also release
a message if it is in the hold queue. With -e, such a message would
not be returned to the sender until it is released with -f or -H.
In the mailq(1) or postqueue(1) -p output, a forced-to-expire message
is indicated with # after the queue file name. In postqueue(1) JSON
output, there is a new per-message field "forced_expire" (with value
true or false) that shows the forced-to-expire status.
Major changes - haproxy2 protocol
---------------------------------
[Feature 20200112] Support for the haproxy v2 protocol. The Postfix
implementation supports TCP over IPv4 and IPv6, as well as non-proxied
connections; the latter are typically used for heartbeat tests.
The haproxy v2 protocol introduces no additional Postfix configuration.
The Postfix smtpd(8) and postscreen(8) daemons accept both v1 and
v2 protocol versions.
Major changes - logging
-----------------------
[Incompat 20191109] Postfix daemon processes now log the from= and
to= addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart contains
spaces or other special characters, the localpart will be quoted,
for example:
from=<"name with spaces"@example.com>
Older Postfix versions would log the internal (unquoted) form:
from=<name with spaces@example.com>
The external and internal forms are identical for the vast majority
of email addresses that contain no spaces or other special characters
in the localpart.
Specify "info_log_address_format = internal" for backwards
compatibility.
The logging in external form is consistent with the address form
that Postfix 3.2 and later prefer for table lookups. It is therefore
the more useful form for non-debug logging.
Major changes - IP address normalization
----------------------------------------
[Incompat 20190427] Postfix now normalizes IP addresses received
with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency
with direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match subnets
of an IPv6 address.
This is the Postfix 3.4 (stable) release.
The stable Postfix release is called postfix-3.4.x where 3=major
release number, 4=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.5-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3
before proceeding.
License change
---------------
This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Summary of changes
------------------
Incompatible changes, bdat support, containers, database support,
logging, safety, tls connection pooling, tls support, usability,
Incompatible changes
--------------------
[Incompat 20180826] The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
See BDAT_README for more.
[Incompat 20190126] This introduces a new master.cf service 'postlog'
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
Before backing out to an older Postfix version, edit the master.cf
file and remove the postlog entry.
[Incompat 20190106] Postfix 3.4 drops support for OpenSSL 1.0.1
(end-of-life was December 31, 2016) and all earlier releases.
[Incompat 20180701] To avoid performance loss under load, the
tlsproxy(8) daemon now requires a zero process limit in master.cf
(this setting is provided with the default master.cf file). By
default, a tlsproxy(8) process will retire after several hours.
To set the tlsproxy process limit to zero:
# postconf -F tlsproxy/unix/process_limit=0
# postfix reload
Major changes - bdat support
--------------------
[Feature 20180826] Postfix SMTP server support for RFC 3030 CHUNKING
(the BDAT command) without BINARYMIME, in both smtpd(8) and
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
and smtpd_proxy_filter. See BDAT_README for more.
Major changes - containers
--------------------------
[Feature 20190126] Support for logging to file or stdout, instead
of using syslog.
- Logging to file solves a usability problem for MacOS, and
eliminates multiple problems with systemd-based systems.
- Logging to stdout is useful when Postfix runs in a container, as
it eliminates a syslogd dependency.
See MAILLOG_README for configuration examples and logfile rotation.
[Feature 20180422] Better handling of undocumented(!) Linux behavior
whether or not signals are delivered to a PID=1 process.
Major changes - database support
--------------------------------
[Feature 20181105] Support for (key, list of filenames) in map
source text.
- Currently, this feature is used only by tls_server_sni_maps.
- When a map is created from source with "postmap -F maptype:mapname",
the command processes each key as usual and processes each value
as a list of filenames, concatenates the content of those files
(with one newline character in-between files), and stores an entry
with (key, base64-encoded result).
- When a map is queried with "postmap -F -q ...", the command
base64-decodes each value. It reports an error when a value is
not in base64 form.
This "postmap -F -q ..." behavior also works when querying the
memory-resident map types cidr:, inline:, pcre:, randmap:, regexp:,
and static:. Postfix reads the files specified as table values,
stores base64-encoded content, and base64-decodes content upon
table lookup.
Internally, Postfix will turn on this behavior for lookups (not
updates) when a map is opened with the DICT_FLAG_RHS_IS_FILE flag.
Major changes - logging
-----------------------
[Feature 20190126] Support for logging to file or stdout, instead
of using syslog.
- Logging to file solves a usability problem for MacOS, and
eliminates multiple problems with systemd-based systems.
- Logging to stdout is useful when Postfix runs in a container, as
it eliminates a syslogd dependency.
See MAILLOG_README for configuration examples and logfile rotation.
Major changes - safety
----------------------
[Feature 20180623] Automatic retirement: dnsblog(8) and tlsproxy(8) process
will now voluntarily retire after after max_idle*max_use, or some
sane limit if either limit is disabled. Without this, a process
could stay busy for days or more.
Major changes - tls connection pooling
--------------------------------------
[Feature 20180617] Postfix SMTP client support for multiple deliveries
per TLS-encrypted connection. This is primarily to improve mail
delivery performance for destinations that throttle clients when
they don't combine deliveries.
This feature is enabled with "smtp_tls_connection_reuse=yes" in
main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
It supports all Postfix TLS security levels including dane and
dane-only.
The implementation of TLS connection reuse relies on the same
scache(8) service as used for delivering plaintext SMTP mail, the
same tlsproxy(8) daemon as used by the postscreen(8) service for
inbound connections, and relies on the same hints from the qmgr(8)
daemon. It reuses the configuration parameters described in
CONNECTION_CACHE_README.
The Postfix SMTP client now logs whether an SMTP-over-TLS connection
is newly established ("TLS connection established") or whether the
connection is reused ("TLS connection reused").
The following illustrates how TLS connections are reused:
Initial plaintext SMTP handshake:
smtp(8) -> remote SMTP server
Reused SMTP/TLS connection, or new SMTP/TLS connection:
smtp(8) -> tlsproxy(8) -> remote SMTP server
Cached SMTP/TLS connection:
scache(8) -> tlsproxy(8) -> remote SMTP server
Major changes - tls support
---------------------------
[Feature 20190106] SNI support in the Postfix SMTP server, the
Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
client roles). See the postconf(5) documentation for the new
tls_server_sni_maps and smtp_tls_servername parameters.
[Feature 20190106] Support for files that contain multiple (key,
certificate, trust chain) instances. This was required to implement
server-side SNI table lookups, but it also eliminates the need for
separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
The file format is documented in the TLS_README sections "Server-side
certificate and private key configuration" and "Client-side certificate
and private key configuration", and in the postconf(5) documentation
for the parameters smtp_tls_chain_files, smtpd_tls_chain_files,
tlsproxy_client_chain_files, and tlsproxy_tls_chain_files.
Note: the command "postfix tls" does not yet support the new
consolidated certificate chain format. If you switch to the new
format, you'll need to manage your keys and certificates directly,
rather than via postfix-tls(1).
Major changes - usability
-------------------------
[Feature 20180812] Support for smtpd_reject_footer_maps (as well
as the postscreen variant postscreen_reject_footer_maps) for more
informative reject messages. This is indexed with the Postfix SMTP
server response text, and overrides the footer specified with
smtpd_reject_footer. One will want to use a pcre: or regexp: map
with this.
This is the Postfix 3.3 (stable) release.
The stable Postfix release is called postfix-3.3.x where 3=major
release number, 3=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.1 or earlier, read RELEASE_NOTES-3.2
before proceeding.
License change
---------------
This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Major changes - compatibility safety net
----------------------------------------
[20180106] With compatibility_level < 1, the Postfix SMTP server
now warns for mail that would be blocked by the Postfix 2.10
smtpd_relay_restrictions feature, without blocking that mail. This
extends the compatibility safety net for sites that upgrade from
earlier Postfix versions (questions on the postfix-users list show
there is a steady trickle). See COMPATIBILITY_README for details.
Major changes - configuration
-----------------------------
[20170617] The postconf command now warns about unknown parameter
names in a Postfix database configuration file. As with other unknown
parameter names, these warnings can help to find typos early.
[20180113] New read-only service_name parameter that contains the
master.cf service name of a Postfix daemon process (it that is empty
in a non-daemon process). This can make Postfix SMTP server logging
logging distinct by setting the syslog_name in master.cf with "-o
syslog_name=postfix/$service_name" for the "submission" and "smtps"
services, and can make Postfix SMTP client distinct by setting "-o
syslog_name=postfix/$service_name" for the "relay" service.
Major changes - container support
---------------------------------
[20171218] Preliminary support to run Postfix in the foreground,
with "postfix start-fg". This requires that Postfix multi-instance
support is disabled. To receive Postfix syslog information on the
container's host, mount the host's /dev/log socket inside the
container (example: "docker run -v /dev/log:/dev/log ..."), and
specify a distinct Postfix "syslog_name" prefix that identifies the
logging from the Postfix instance. Postfix does not log systemd
events.
Major changes - database support
---------------------------------
[20170617] The postconf command warns about unknown parameter names
in a Postfix database configuration file.
[20171227] The pgsql_table(5) hosts parameter now supports the
postgresql:// URI syntax. Contributed by Magosányi Árpád.
Major changes - header format
-----------------------------
[20180010] This release changes the format of 'full name' information
in Postfix-generated From: headers, when a local program such as
/bin/mail submits a message without From: header.
Postfix-generated From: headers with 'full name' information are
now formatted as "From: name <address>" by default. Specify
"header_from_format = obsolete" to get the earlier form "From:
address (name)". See the postconf(5) manpage for more details.
Major changes - invisible changes
---------------------------------
[20170617] Additional paranoia in the VSTRING implementation: a
null byte after the end of vstring buffers (this is a safety net
so that C-style string operations won't scribble past the end);
earlier detection of bad length and precision format string specifiers
(these are the result of programming error, as Postfix format strings
cannot be specified externally).
Major changes - milter support
------------------------------
[20171223] Milter applications can now send RET and ENVID parameters
in SMFIR_CHGFROM (change envelope sender) requests.
Major changes - mixed IPv6/IPv4 support
---------------------------------------
[20170505] Workaround for mail delivery problems when 1) both Postfix
IPv6 and IPv4 support are enabled, 2) some destination announces
more primary IPv6 MX addresses than primary IPv4 MX addresses, 3)
the destination is unreachable over IPv6, and 4) Postfix runs into
the smtp_mx_address_limit before it can try to deliver over IPv4.
When both Postfix IPv6 and IPv4 support are enabled, the Postfix
SMTP client will now relax MX preferences so that it can schedule
similar numbers of IPv4 and IPv6 destination addresses. This ensures
that an IPv6 connectivity problem will not prevent mail from being
delivered over IPv4 (and vice versa). Specify "smtp_balance_inet_protocols
= no" to disable this workaround.
Major changes - xclient
-----------------------
[20171218] The Postfix SMTP server now allows the XCLIENT command
before STARTTLS when TLS is required. This is useful for servers
that run behind a reverse proxy server such as nginx.
This is the Postfix 3.2 (stable) release.
The stable Postfix release is called postfix-3.2.x where 3=major
release number, 2=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.3-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.0 or earlier, read RELEASE_NOTES-3.1
before proceeding.
Invisible changes
-----------------
In addition to the visible changes described below, there is an
ongoing overhaul of low-level code. With each change come updated
tests to ensure that future changes will not 'break' compatibility
with past behavior.
Major changes - address mapping
-------------------------------
[Feature 20170128] Postfix 3.2 fixes the handling of address
extensions with email addresses that contain spaces. For example,
the virtual_alias_maps, canonical_maps, and smtp_generic_maps
features now correctly propagate an address extension from "aa
bb+ext"@example.com to "cc dd+ext"@other.example, instead of
producing broken output.
Major changes - header/body_checks
----------------------------------
[Feature 20161008] "PASS" and "STRIP" actions in header/body_checks.
"STRIP" is similar to "IGNORE" but also logs the action, and "PASS"
disables header, body, and Milter inspection for the remainder of
the message content. Contributed by Hobbit.
Major changes - log analysis
----------------------------
[Feature 20160330] The collate.pl script by Viktor Dukhovni for
grouping Postfix logfile records into "sessions" based on queue ID
and process ID information. It's in the auxiliary/collate directory
of the Postfix source tree.
Major changes - maps support
----------------------------
[Feature 20160527] Postfix 3.2 cidr tables support if/endif and
negation (by prepending ! to a pattern), just like regexp and pcre
tables. The primarily purpose is to improve readability of complex
tables. See the cidr_table(5) manpage for syntax details.
[Incompat 20160925] In the Postfix MySQL database client, the default
option_group value has changed to "client", to enable reading of
"client" option group settings in the MySQL options file. This fixes
a "not found" problem with Postfix queries that contain UTF8-encoded
non-ASCII text. Specify an empty option_group value (option_group
=) to get backwards-compatible behavior.
[Feature 20161217] Stored-procedure support for MySQL databases.
Contributed by John Fawcett. See mysql_table(5) for instructions.
[Feature 20170128] The postmap command, and the inline: and texthash:
maps now support spaces in left-hand field of the lookup table
"source text". Use double quotes (") around a left-hand field that
contains spaces, and use backslash (\) to protect embedded quotes
in a left-hand field. There is no change in the processing of the
right-hand field.
Major changes - milter support
------------------------------
[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).
[Feature 20161024] smtpd_milter_maps support for per-client Milter
configuration that overrides smtpd_milters, and that has the same
syntax. A lookup result of "DISABLE" turns off Milter support. See
MILTER_README.html for details.
Major changes - policy delegation
---------------------------------
[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).
Major changes - postqueue
-------------------------
[Incompat 20170129] The postqueue command no longer forces all
message arrival times to be reported in UTC. To get the old behavior,
set TZ=UTC in main.cf:import_environment (this override is not
recommended, as it affects all Postfix utities and daemons).
Major changes - safety
----------------------
[Incompat 20161227] For safety reasons, the sendmail -C option must
specify an authorized directory: the default configuration directory,
a directory that is listed in the default main.cf file with
alternate_config_directories or multi_instance_directories, or the
command must be invoked with root privileges (UID 0 and EUID 0).
This mitigates a recurring problem with the PHP mail() function.
Major changes - sasl
--------------------
[Feature 20160625] The Postfix SMTP server now passes remote client
and local server network address and port information to the Cyrus
SASL library. Build with ``make makefiles "CCARGS=$CCARGS
-DNO_IP_CYRUS_SASL_AUTH"'' for backwards compatibility.
Major changes - smtputf8
------------------------
[Feature 20161103] Postfix 3.2 disables the 'transitional' compatibility
between the IDNA2003 and IDNA2008 standards for internationalized
domain names (domain names beyond the limits of US-ASCII).
This change makes Postfix behavior consistent with contemporary web
browsers. It affects the handling of some corner cases such as
German sz and Greek zeta. See http://unicode.org/cldr/utility/idna.jsp
for more examples.
Specify "enable_idna2003_compatibility = yes" to restore historical
behavior (but keep in mind that the rest of the world may not make
that same choice).
Major changes - tls
-------------------
[Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API features,
so that Postfix will build without depending on backwards-compatibility
support.
[Incompat 20161204] Postfix 3.2 removes tentative features that
were implemented before the DANE spec was finalized:
- Support for certificate usage PKIX-EE(1),
- The ability to disable digest agility (Postfix now behaves as if
"tls_dane_digest_agility = on"), and
- The ability to disable support for "TLSA 2 [01] [12]" records
that specify the digest of a trust anchor (Postfix now behaves
as if "tls_dane_trust_anchor_digest_enable = yes).
[Feature 20161217] Postfix 3.2 enables elliptic curve negotiation
with OpenSSL >= 1.0.2. This changes the default smtpd_tls_eecdh_grade
setting to "auto", and introduces a new parameter tls_eecdh_auto_curves
with the names of curves that may be negotiated.
The default tls_eecdh_auto_curves setting is determined at compile
time, and depends on the Postfix and OpenSSL versions. At runtime,
Postfix will skip curve names that aren't supported by the OpenSSL
library.
Major changes - xclient
-----------------------
[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).
It looks like this is a false positive, since the section of code triggering the error
external/cddl/osnet/dist/lib/libdtrace/common/dt_proc.c:400:42:
is only accessed after "err" is initialized.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
The noted argument is wrong - if it's already been deleted then the id we
have for it is invalid.
Because we don't track deletions to the ruleset, working it out is
problematic at best.
Instead, if we have already added the rule treat it as a non-op.
This is a valid use case because we might receive a burst of messages
in the downstream application for the same address and process them
one by one. It's not the job of the downstream application to track
blacklistd state.
fd -1 is invalid, so don't query it for protocol, port or address.
fd is supposed to represent how the client is connected, but if we are
parsing route(4) messages or log files then there is no client connection
to interogate.
1. Issue zil_commit only if we're actually updating something --
there's no need to commit if we're unlinking the file or if
there's no atime update being applied.
2. Issue zil_commit only if the zfs has sync=always set -- for
sync=standard there's no need for us to commit anything here since
no application asked for an explicit sync.
Speeds up untarring base.tgz on top of itself by a factor of about
2x, and speeds up rm by a factor of about 10x, on my system with an
SSD SLOG over SATA. Histogram of unlink, rmdir, and rename timing
shows dramatic reduction in latency for most samples.
(To be fair, this was not an improvement over zfs; issuing the
unnecessary zil_commit was a self-inflicted performance wound.)
struct disk_sectoralign {
/* First aligned sector number. */
uint32_t dsa_firstaligned;
/* Number of sectors per aligned unit. */
uint32_t dsa_alignment;
};
- Teach wd(4) to get it from ATA.
- Teach cgd(4) to pass it through from the underlying disk.
- Teach dk(4) to pass it through with adjustments.
- Teach zpool (zfs) to take advantage of it.
=> XXX zpool doesn't seem to understand when the vdev's starting
sector is misaligned.
Missing:
- ccd(4) and raidframe(4) support -- these should support _using_
DIOCGSECTORALIGN to decide where to start putting ccd or raid
stripes on disk, and these should perhaps _implement_
DIOCGSECTORALIGN by reporting the stripe/interleave factor.
- sd(4) support -- I don't know any obvious way to get it from SCSI,
but if any SCSI wizards know better than I, please feel free to
teach sd(4) about it!
- any ld(4) attachments -- might be worth teaching the ld drivers for
nvme and various raid controllers to get the aligned sector size
There's some duplicate logic here for now. I'm doing it this way,
rather than gathering the logic into a new disklabel_sectoralign
function or something, so that this change is limited to adding a new
ioctl, without any new kernel symbols, in order to make it easy to
pull up to netbsd-9 without worrying about the module ABI.
Detected by UBSan and already fixed upstream.
Cherry-pick:
From aa0218d6a12814fac50b287214f9f3b0b99e11b1 Mon Sep 17 00:00:00 2001
From: Brian Behlendorf <behlendorf1@llnl.gov>
Date: Tue, 7 Jan 2014 23:24:37 +0100
Subject: [PATCH] Fix nvlist 'Bus Error' for Sparc
The mis-aligned memory accesses in nvpair_native_embedded() and
nvpair_native_embedded_array() will cause a 'Bus Error' for
architectures such as Sparc which not fully byte addressible.
To avoid this issue care is taken to avoid dereferencing the
potentially mis-aligned packed nvlist_t.
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: marku89 <mar42@kola.li>
Issue #1700
This is needed, among other things, to swap on zvols.
Attempting to swap on zvols currently deadlocks but that's a separate
issue that needs to be fixed too!
Cherry-pick upstream patch:
From 2cfda000bc5159d46fd8ead7d1bd3ea1f66f7948 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.org>
Date: Thu, 27 Feb 2020 01:54:19 +0100
Subject: [PATCH] XAR reader: initialize file_queue with 0 and memcpy() if
allocated only
Fixes#1338
- Change the lock on uvm_object, vm_amap and vm_anon to be a RW lock.
- Break v_interlock and vmobjlock apart. v_interlock remains a mutex.
- Do partial PV list locking in the x86 pmap. Others to follow later.
with upstream to merge all our changes and this includes many other
fixes including new operator support etc. The change to pass an
extra "isnew" argument to open was not preserved as none of the
tests supplied with the PR fail.
This also adds the testsuite and all the bugs fixed since then.
Cherry-pick upstream patch:
Fix Undefined Behavior in hash.h
hash.h:200:27, left shift of 250 by 24 places cannot be represented in type 'int'
7fd22f7b2e
`Toxic' means dtrace forbids D scripts from even attempting to read
or write at them.
Previously we considered [0, VM_MIN_KERNEL_ADDRESS) toxic, but
VM_MIN_KERNEL_ADDRESS is only the minimum address of the kernel map;
the direct-mapped region lies below it, and with PMAP_MAP_POOLPAGE we
allocate virtual pages for pool backing directly from physical pages
through the direct-mapped region. Also, this did not consider I/O
mappings to be toxic, which they probably should be.
Instead, treat:
[0, AARCH64_KSEG_START)
and
[VM_KERNEL_IO_ADDRESS, 0xfff...ff)
as toxic. (The upper bound for 0xfff...ff ought to be inclusive, not
exclusive, but I think we'll need another mechanism for expressing
that to dtrace!)
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
From:
8d7970b8f3
aarch64 fbt_invop doesn't actually use the argument, but it would
make more sense for it to be the return value and/or first argument
register. Certainly it's not `eax'!
Add -Wno-error=format-overflow for c-cppbuiltin.c and c-typeck.c to prevent
build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Add -Wno-error=format-overflow mdb6.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Add GCC_NO_STRINGOP_TRUNCATION dwarf.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Add -Wno-error=maybe-uninitialized in ipsopt.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Add -Wno-error=format-overflow in ipmon.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Add GCC_NO_STRINGOP_TRUNCATION to refclock_jjy.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
Type cast uint16_t to size_t to prevent implicit type conversion.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
gcc version 8.3.0
Reviewed by: roy@, kamil@
Now that both hostapd and wpa_supplicant react to interface flag
changes, there is no need to set or remove IFF_UP.
It should be an administrative flag only.
* INET6: Support a /128 prefix advertised via RA
* BSD: More address validation from route(4) messages
* DHCP: Fix a potential segfault on DaD failure
* IPv4LL: Fix a potential segfault when dropping IPv4LL addresses
sysv4.h already overrides PREFERRED_STACK_BOUNDARY b/c SYSV ABI
requires 16 bytes alignment for %sp anyway and so we already get that
for free.
More importantly this also fixes alloca() in GCC 8, that was somehow
confused by that STACK_BOUNDARY value we had and created a buffer that
overlapped top local variable slots.
The prototypes in libexecinfo's unwind.h do not match those commonly
used (e.g. by gcc, clang, GNU libunwind, LLVM libunwind...), causing
C++ programs to fail to build on type mismatches (e.g. compiler-rt,
libc++abi). Rather than providing our own header, reuse the one
included in gcc.
