NetBSD/gnu/dist/postfix/IPv6-ChangeLog

484 lines
17 KiB
Plaintext

ChangeLog for Dean Strik's IPv6 patch for Postfix. The patch is based on
PLD's patch, which in turn seems to be based on KAME's. For more information:
http://www.ipnet6.org/postfix/
---------------------------------------------------------------------
Version 1.25 Postfix release 2.1.3
Postfix release 2.0.20
Postfix snapshot 2.2-20040616
Bugfix: Misplaced myfree() caused a small memory leak. Reported
by Christian von Roques.
File: util/match_ops.c
Removed the colon (:) from the characters XFORWARD replaces by
a question mark (IPv6 addresses looked like 2001?610?1108?5010??1
in logging). Reported by Philipp Morger.
File: smtpd/smtpd.c
Version 1.24 Postfix release 2.1.1
Postfix release 2.0.20
Postfix snapshot 2.0.19-20040312
Postfix snapshot 2.2-20040504
Bugfix: Prefixlen non-null host portion validation (in CIDR maps
for example) yielded incorrect results sometimes because signed
arithmetic was used instead of unsigned.
File: util/match_ops.c
Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed
the master.cf update (used for new installations). Added it
back.
Version 1.23 Postfix release 2.1.0
Postfix release 2.0.20
Postfix snapshot 2.0.19-20040312
Patch fixes: Several code fixes to make the patch compile
and work correctly when compiled without IPv6 support.
Bugfix (Solaris only?): address family length was not updated
which could cause client hostname validation errors.
File: smtpd/smtpd_peer.c
Portability: added support for Darwin 7.3+. This may need
some further testing.
Cleanup: Restructure and redocument interface address
retrieval functions. (This reduced the number of preprocessor
statements from 99 to 93 ;)
File: util/inet_addr_local.c
Cleanup: make several explicit casts to have compilers shut
their pie holes about uninteresting things.
Version 1.22 Postfix release 2.0.19
Postfix snapshot 2.0.19-20040312
Feature: Support "inet_interfaces = IPv4:all" and
"inet_interfaces = IPv6:all", to restrict postfix to use
either IPv4-only or IPv6-only. A more complete implementation
will be part of a future patch. (Slightly modified) patch by
Michal Ludvig, SuSE.
Files: util/interfaces_to_af.[ch], util/inet_addr_local.c,
global/own_inet_addr.c, global/wildcard_inet_addr.[ch],
master/master_ent.ch
Bugfix: In Postfix snapshots, a #define was misplaced with
the effect that IPv6 subnets were not included in auto-
generated $mynetworks (i.e., mynetworks not defined in main.cf,
when also mynetworks_style=subnet) on Linux 2.x systems.
File: utils/sys_defs.h
Version 1.21a Postfix snapshots 2.0.18-2004{0122,0205,0209}
2.0.19-20040312
TLS/snapshot version: Update TLS patch to 0.8.18-20040122.
Performed as a total repatch. 0.8.18 is cleaner with tls_*
variables if TLS is not actually compiled in.
Version 1.21 Postfix releases 2.0.18 - 2.0.19
Postfix snapshot 2.0.16-20031231
Bugfix: The SMTP client could fail to setup a connection,
erroring with a bogus "getaddrinfo(...): hostname nor servname
provided" warning, because the wrong address was selected.
File: smtp/smtp_connect.c
Safety: in dynamically growing data structures, update the
length info after (instead of before) updating the data size.
File: util/inet_addr_list.c
Version 1.20 Postfix release 2.0.16
Postfix snapshot 2.0.16-20031207
Bugfix: The SMTP client would abort when binding to specific
IPv6 addresses.
File: smtp/smtp_connect.c
Synchronisation/bugfix: LMTP source address binding is identical
to the SMTP source binding setup, avoiding the need for
lmtp_bind_address(6) if inet_interfaces is set to a single
host for an address family.
File: lmtp/lmtp_connect.c
Version 1.19 Postfix release 2.0.16
Postfix snapshot 2.0.16-20031207
Bugfix: Synchronisation of TLS patches in snapshots of 1.18[ab]
was not complete, causing a crash of smtpd if used with the new
proxy agent.
File: smtpd/smtpd.c
Bugfix: SMTP source address binding based on a single hostname
in inet_interfaces did not work since the code counted IPv4 and
IPv6 addresses instead of only the used address family. Fixed,
thereby no longer requiring exact specification of
smtp_bind_address(6) in this case.
File: smtp/smtp_connect.c
Bugfix: The QMQP sink server did not compile correctly. This
program, part of smtpstone tools, is not compiled or installed
by default.
File: smtpstone/qmqp-sink.c
Bugfix: NI_WITHSCOPEID was not correctly defined everywhere,
which could result in EAI_BADFLAGS. Changed location of
definition to correct it.
Files: util/sys_defs.h, util/inet_addr_list.h
Version 1.18b Postfix snapshot 2.0.16-20030921
IPv6 support: Added IPv6-enabled code to the new snapshot
check_*_{ns,mx}_access restrictions.
File: smtpd/smtpd_check.c
Version 1.18a Postfix release 2.0.16
Update (TLS patches): Updated Lutz Jaenicke's TLS patch to
version 0.8.16. See pfixtls/ChangeLog for details.
Diff contributed by Tuomo Soini.
The TLS+IPv6 patch now contains the original TLS patch
documentation from Lutz Jaenicke.
Version 1.18 Postfix releases 2.0.14 - 2.0.15
Postfix snapshot 2.0.14-20030812
Bugfix: Perform actual hostname verification in the SMTP
and QMTP servers. This was never supported in the IPv6
patch. Reported by Wolfgang S. Rupprecht.
Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c
IPv6 address ranges using address/prefixlength (e.g. in
mynetworks and access maps) should be written as
[ipv6:addr:ess]/plen (e.g. [fec0:10:20::]/48). The old
supported syntax, [ipv6:addr:ess/plen] is deprecated and
support will be removed in a later version.
Thanks to Dr. Peter Bieringer and Pekka Savola for discussion.
Files: util/match_ops.c, global/mynetworks.c
Explicitly prefer IPv6 over IPv4 addresses when delivering
to a host when MX lookups are disabled when SMTP address
randomization is on (default).
File: smtp/smtp_addr.c
Compliance: write IPv6 address literals in mail headers
as [IPv6:addr] instead of [addr] as per RFC 2821:4.1.3
tagging requirement, for example [IPv6:fec0:10:20::1].
Pointed out by Dr. Peter Bieringer.
Files: smtpd/smtpd{,_peer,_state}.c, smtpd/smtpd.h
Version 1.17 Postfix release 2.0.13, 2.0.14
Postfix snapshot 2.0.13-20030706, 2.0.14-20030812
Bugfix: Two memory allocation/deallocation bugs were
introduced in patch 1.16. The impact of these bugs could
be 'arbitrary' memory corruption.
File: util/match_ops.c
Version 1.16 Postfix release 2.0.13
Postfix snapshot 2.0.13-20030706
Cleanup: rewrote match_ops.c. This rewrite is partly based on
patch by Takahiro Igarashi. The rewrite enables some better
handling of scoped addresses, and drops all GPL code from the
patch, easying license considerations. Also, allowed for
use of this code by the CIDR maps.
Files: util/match_ops.[ch]
Bugfix: correctly relay for scoped unicast addresses when
applicable. Until now, while Postfix was able to recognize
scoped addresses, it was not able to see e.g. fe80::10%fxp0
as local in mynetworks validation. KAME-only code.
(I've never heard of people using scoped addresses (think
link-local addresses) for mail relaying though...)
Files: util/inet_addr_list.[ch]
Feature (snapshot only): rewrote CIDR maps code to support
IPv6 addresses, using new match_ops code. Allow the use
of [::/0] since it allows one to easily disable further
checks for IPv6 addresses.
File: util/dict_cidr.c
Consistency: require IPv6 addresses in inet_interfaces to
be enclosed in square brackets.
File: util/inet_addr_host.c
Bugfix: (Linux2-only) A #define was misspelled. This could
lead to Postfix being unable to read the system's local IPv6
addresses (e.g. when using inet_interfaces).
Spotted by Jochen Friedrich.
File: util/sys_defs.h
Cleanup: require non-null host portion in CIDR /
prefixlength notations for IPv6 (was IPv4-only).
Version 1.15a Postfix release 2.0.13
Update (TLS patches): Updated Lutz Jaenicke's TLS patch
to version 0.8.15. This version introduces new options
for managing SASL mechanisms. More information at:
http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/
Diff contributed by Tuomo Soini.
Version 1.15 Postfix release 2.0.12, 2.0.13
Postfix snapshot 2.0.12-20030621
Bugfix (TLS-snapshots only): a change in Postfix snapshot
2.0.11-20030609 broke initialisation of TLS in smtpd,
causing TLS to both be unadvertised and unaccepted.
This was fixed again by reordering initialisation.
File: smtpd/smtpd.c
Update (TLS patches): Updated Lutz Jaenicke's TLS patch
to version 0.8.14. This version introduces a few fixes and
uses USE_SSL instead of HAS_SSL. More information at:
http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/
Diff contributed by Tuomo Soini.
Bugfix (Postfix releases only - this was already added to
the snapshots in patch 1.14). KAME derived systems only.
Correctly decode scoped addresses, including network
interface specifiers.
File: util/inet_addr_local.c
Version 1.14 Postfix releases 2.0.9, 2.0.10, 2.0.11, 2.0.12
Postfix snapshots 2.0.9-20030424, 2.0.10-20030521,
2.0.11-20030609, 2.0.12-20030611
Patch change: made the patch available as an IPv6-only
patch (i.e., without the TLS code). This on popular
request by users and packagers.
A TLS+IPv6 version is still available of course.
Bugfix: correctly decode scoped addresses from now on
(KAME derived systems only). I think the original code
was written by Itojun, so I'm rather puzzled that it
didn't work...
File: util/inet_addr_local.c
Bugfix/portability: Recent KAME snapshots return both
TCP and SCTP address information on getaddrinfo() if
no protocol was specified. This causes the socket counts
to be wrong, confusing child processes.
Merged patch by JINMEI Tatuya of KAME to fix this.
Files: master/master.h, master/master_{ent,conf}.[ch],
util/inet_listen.c
Documentation: added an IPV6_README file to the patch.
This file contains the primary documentation. Also,
added a sample-ipv6.cf to describe the (currently few)
IPv6 related main.cf parameters.
Bugfix: the netmask structures for the *unsupported*
platforms (boldly assume /64) were added to the wrong
list (addresses instead of masks). This bug did not affect
any supported platform though.
File: util/inet_addr_local.c
Portability: added support for HP/Compaq Tru64Unix V5.1
and later. (compiled with CompaqCC only).
Thanks to Sten Spans for providing root access to an
IPv6-connected Tru64 testing machine.
Version 1.13 Postfix releases 2.0.4 - 2.0.9
Postfix snapshots 2.0.3-20030126 - 2.0.7-20030319
Bugfix: Due to a missing storage pointer, DNS lookup
results in the permit_mx_backups code were not processed,
and smtpd would likely crash.
Thanks to Wouter de Jong for reporting the crashes.
File: smtpd/smtpd_check.c
Incompatible change: The addresses given to the parameters
smtp_bind_address6 and lmtp_bind_address6 now need to be
enclosed in square brackets for consistency.
Files: [ls]mtp/[ls]mtp_connect.c
Version 1.12 Postfix releases 2.0.2, 2.0.3
Postfix snapshots 2.0.2-20030115, 2.0.3-20030126
Bugfix/workaround (Solaris): A simplified comparison
function for Solaris' qsort() function, would result
in corruption of network addresses in the SMTP client.
Fixed. Reported with possible fix by Edvard Tuinder.
File: smtp/smtp_addr.c
Version 1.11 Postfix releases 2.0.0.x, 2.0.1, 2.0.2
Postfix snapshots 2.0.0-20030105, 2.0.1-20030112
2.0.2-20030115
Bugfix (Solaris): Properly initialize lifconf structure
when requesting host interface addresses. If you get
warnings about SIOCGLIFCONF with earlier versions,
please upgrade.
File: util/inet_addr_local.c
Patch fix: fixed compilation errors in case the patch is
applied but built without IPv6 support (i.e., on unsupported
platforms).
Version 1.10 Postfix snapshots 1.1.12-200212{19,21}
Postfix releases 2.0.0, 2.0.0.{1,2}
Postfix snapshots 2.0.0-20021223 - 2.0.0-20030101
'Bugfix': don't show spurious warnings on Linux systems
about missing /proc/net/if_inet6 unless verbose mode
is enabled.
File: util/inet_addr_local.c
Bugfix: If unable to create a socket for a specific adress
in the SMTP client (e.g., when trying to create an IPv6
connection while the local host has no configured IPv6
addresses), then stop the attempt.
File: smtp/smtp_connect.c
Small bugfix: never query DNS for <localpart@[domain.tld]>.
This syntax now correctly generates an error immediately.
File: global/resolve_local.c
Updated TLS patch to 0.8.12-1.1.12-20021219-0.9.6h, fixing
a bug with "sendmail -bs".
Version 1.9 Postfix version 1.1.11-20021115
Postfix version 1.1.12-2002{1124,1209-1213}
Bugfix: with getifaddrs() code (*BSD, linux-USAGI), IPv4
netmasks were set to /32 effectively. Work around broken
netmask data structures (*BSD only perhaps).
Bugfix: same data corruption in another place created
entirely wrong IPv4 netmasks. Work around broken
SIOCGIFNETMASK structure.
New code was added for correct IPv6 netmasks. The original
code did not contain IPv6 netmask support at all!
For Solaris, use SIOCGLIF*; Linux: /proc/net/if_inet6.
Getifaddrs() support is used otherwise. This should cover
all supported systems. Other systems also work, prefix
length is always set to /64 then.
Since there are no classes (context: Class A, class B etc
networks) with IPv6, default to IPv6 subnet style if the
mynetworks style is 'class'. I recommend against this style
anyway.
Added support to display IPv6 nets mynetworks output.
Version 1.8 Postfix version 1.1.11-200211{01,15}
An earlier author of the patch made a typo in the GAI_STRERROR()
macro, resulting in bogus error messages when checking for
PTR records. Fixed.
IPv4-mapped addresses in the smtpd are converted to true IPv4
addresses just after the connection has been made. This means
that all IPv4-mapped addresses are now logged as true IPv4
addresses. Hence beside RBL checks, also access maps now treat
IPv4-mapped addresses as native IPv4. Note that ::ffff:...
entries in your access tables will no longer work.
You can now specify IPv6 'parent' networks in your access maps,
e.g. to reject all mail from 3ffe:200:... nodes, add the line
3ffe:200 REJECT
Use of trailing colons is discouraged because postmap will
warn about it possibly being an alias...
NOTE: I'll soon obsolete this again in favor of the more
common address/len notation. This was just so trivial to add
that it didn't hurt and I needed it :)
For easy reference, the version of the TLS/IPv6 patch can be
dynamically queried using the tls_ipv6_version variable.
This gives the short version (like, "1.8").
The service bind address for 'inet' sockets in master.cf (e.g.,
smtpd), must be enclosed in square brackets '[..]' for IPv6
addresses. The old style (without brackets) still works but is
unsupported and may be removed in the future. Example
[::1]:smtp inet n - n - - smtpd
Version 1.7 Postfix version 1.1.11-20021029 - 1.1.11-20021101
Postfix' SMTP client performs randomization of MX addresses
when sending mail. This however could result in A records
being used before AAAA records. This has been corrected.
Note that from Postfix version 1.1.11-20021029 on, there is
a proxy_interfaces parameter. This has of course not been
ported to IPv6 addresses...
Version 1.6 Postfix version 1.1.11-20020928
Added IPv6 support for backup_mx_networks feature; also the
behaviour when DNS lookups fail when checking whether the
local host is an MX for a domain conforms to the IPv4 case:
defer rather than allow.
Version 1.5 Postfix version 1.1.11-20020917
I introduced two bugs when I rewrote my older LMTP IPv6 patch.
These bugs effectively rendered LMTP useless. Now fixed.
Bugs spotted by Kaj Niemi.
Now supports Solaris 8 and 9. Due to lack of testing equipment,
this has been only tested in production on Solaris 9, both
with gcc and the Sun Workshop Compiler.
Version 1.4 Postfix version 1.1.11-20020822 - 1.1.11-20020917
OpenBSD (>=200003) and FreeBSD release 4 and up now use
getifaddrs(). This makes for cleaner code. The old code
seems to be bug-ridden anyway.
Got rid of some compiler warnings. Should be cleaner on
Alpha as well now. Thanks to Sten Spans for providing me
access to an Alpha running FreeBSD4.
Fixed an old bug in smtpd memory alloation if you compiled
without IPv6 support (the wrong buffer size was used. This
was harmless for IPv6-enabled compiles since the sizes were
equal then).
Added ChangeLog to the patch (as IPv6-ChangeLog) (this
was absent in 1.3 contrary to docs).
Version 1.3 Postfix version 1.1.11-20020613 - 1.1.11-20020718
FYI: In postfix version 1.1.11-20020718, DNS lookups for
AAAA can be done natively. The code matches the code in
the patch (though the #ifdef changed from INET6 to T_AAAA).
This change causes the patch for 1.1.11-20020718 to be a
bit smaller.
Version 1.2 Postfix version 1.1.11-20020613
Added IPv6 support for the LMTP client.
Added lmtp_bind_address and lmtp_bind_address6 parameters,
similar to those for smtp.
Added IPv6 support for the QMQP server.
Version 1.1 Postfix version 1.1.11-20020602 - 1.1.11-20020613
Added parameter smtp_bind_address6. By using this parameter,
it is possible to bind to an IPv6 address, independently of
IPv4 address binding.
Lutz fixed a bug in his TLS patch regarding SASL. Incorporated.
Version 1.0.x Postfix version 1.1.8-20020505 - 1.1.11-20020602
Patch derived from PLD's IPv6 patch for Postfix, revision 1.10
which applied to early Postfix snapshots 1.1.x. Updated this
patch to apply to 1.1.8-20020505.
Added compile-time checks for SS_LEN. Some Linux installations,
and maybe other systems, do define SA_LEN, but not SS_LEN.
Several updates of postfix snapshots.