1ChangeLog for Dean Strik's IPv6 patch for Postfix. The patch is based on 2PLD's patch, which in turn seems to be based on KAME's. For more information: 3 4 http://www.ipnet6.org/postfix/ 5 6--------------------------------------------------------------------- 7 8Version 1.25 Postfix release 2.1.3 9 Postfix release 2.0.20 10 Postfix snapshot 2.2-20040616 11 12 Bugfix: Misplaced myfree() caused a small memory leak. Reported 13 by Christian von Roques. 14 File: util/match_ops.c 15 16 Removed the colon (:) from the characters XFORWARD replaces by 17 a question mark (IPv6 addresses looked like 2001?610?1108?5010??1 18 in logging). Reported by Philipp Morger. 19 File: smtpd/smtpd.c 20 21Version 1.24 Postfix release 2.1.1 22 Postfix release 2.0.20 23 Postfix snapshot 2.0.19-20040312 24 Postfix snapshot 2.2-20040504 25 26 Bugfix: Prefixlen non-null host portion validation (in CIDR maps 27 for example) yielded incorrect results sometimes because signed 28 arithmetic was used instead of unsigned. 29 File: util/match_ops.c 30 31 Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed 32 the master.cf update (used for new installations). Added it 33 back. 34 35Version 1.23 Postfix release 2.1.0 36 Postfix release 2.0.20 37 Postfix snapshot 2.0.19-20040312 38 39 Patch fixes: Several code fixes to make the patch compile 40 and work correctly when compiled without IPv6 support. 41 42 Bugfix (Solaris only?): address family length was not updated 43 which could cause client hostname validation errors. 44 File: smtpd/smtpd_peer.c 45 46 Portability: added support for Darwin 7.3+. This may need 47 some further testing. 48 49 Cleanup: Restructure and redocument interface address 50 retrieval functions. (This reduced the number of preprocessor 51 statements from 99 to 93 ;) 52 File: util/inet_addr_local.c 53 54 Cleanup: make several explicit casts to have compilers shut 55 their pie holes about uninteresting things. 56 57Version 1.22 Postfix release 2.0.19 58 Postfix snapshot 2.0.19-20040312 59 60 Feature: Support "inet_interfaces = IPv4:all" and 61 "inet_interfaces = IPv6:all", to restrict postfix to use 62 either IPv4-only or IPv6-only. A more complete implementation 63 will be part of a future patch. (Slightly modified) patch by 64 Michal Ludvig, SuSE. 65 Files: util/interfaces_to_af.[ch], util/inet_addr_local.c, 66 global/own_inet_addr.c, global/wildcard_inet_addr.[ch], 67 master/master_ent.ch 68 69 Bugfix: In Postfix snapshots, a #define was misplaced with 70 the effect that IPv6 subnets were not included in auto- 71 generated $mynetworks (i.e., mynetworks not defined in main.cf, 72 when also mynetworks_style=subnet) on Linux 2.x systems. 73 File: utils/sys_defs.h 74 75Version 1.21a Postfix snapshots 2.0.18-2004{0122,0205,0209} 76 2.0.19-20040312 77 78 TLS/snapshot version: Update TLS patch to 0.8.18-20040122. 79 Performed as a total repatch. 0.8.18 is cleaner with tls_* 80 variables if TLS is not actually compiled in. 81 82Version 1.21 Postfix releases 2.0.18 - 2.0.19 83 Postfix snapshot 2.0.16-20031231 84 85 Bugfix: The SMTP client could fail to setup a connection, 86 erroring with a bogus "getaddrinfo(...): hostname nor servname 87 provided" warning, because the wrong address was selected. 88 File: smtp/smtp_connect.c 89 90 Safety: in dynamically growing data structures, update the 91 length info after (instead of before) updating the data size. 92 File: util/inet_addr_list.c 93 94Version 1.20 Postfix release 2.0.16 95 Postfix snapshot 2.0.16-20031207 96 97 Bugfix: The SMTP client would abort when binding to specific 98 IPv6 addresses. 99 File: smtp/smtp_connect.c 100 101 Synchronisation/bugfix: LMTP source address binding is identical 102 to the SMTP source binding setup, avoiding the need for 103 lmtp_bind_address(6) if inet_interfaces is set to a single 104 host for an address family. 105 File: lmtp/lmtp_connect.c 106 107Version 1.19 Postfix release 2.0.16 108 Postfix snapshot 2.0.16-20031207 109 110 Bugfix: Synchronisation of TLS patches in snapshots of 1.18[ab] 111 was not complete, causing a crash of smtpd if used with the new 112 proxy agent. 113 File: smtpd/smtpd.c 114 115 Bugfix: SMTP source address binding based on a single hostname 116 in inet_interfaces did not work since the code counted IPv4 and 117 IPv6 addresses instead of only the used address family. Fixed, 118 thereby no longer requiring exact specification of 119 smtp_bind_address(6) in this case. 120 File: smtp/smtp_connect.c 121 122 Bugfix: The QMQP sink server did not compile correctly. This 123 program, part of smtpstone tools, is not compiled or installed 124 by default. 125 File: smtpstone/qmqp-sink.c 126 127 Bugfix: NI_WITHSCOPEID was not correctly defined everywhere, 128 which could result in EAI_BADFLAGS. Changed location of 129 definition to correct it. 130 Files: util/sys_defs.h, util/inet_addr_list.h 131 132Version 1.18b Postfix snapshot 2.0.16-20030921 133 134 IPv6 support: Added IPv6-enabled code to the new snapshot 135 check_*_{ns,mx}_access restrictions. 136 File: smtpd/smtpd_check.c 137 138Version 1.18a Postfix release 2.0.16 139 140 Update (TLS patches): Updated Lutz Jaenicke's TLS patch to 141 version 0.8.16. See pfixtls/ChangeLog for details. 142 Diff contributed by Tuomo Soini. 143 144 The TLS+IPv6 patch now contains the original TLS patch 145 documentation from Lutz Jaenicke. 146 147Version 1.18 Postfix releases 2.0.14 - 2.0.15 148 Postfix snapshot 2.0.14-20030812 149 150 Bugfix: Perform actual hostname verification in the SMTP 151 and QMTP servers. This was never supported in the IPv6 152 patch. Reported by Wolfgang S. Rupprecht. 153 Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c 154 155 IPv6 address ranges using address/prefixlength (e.g. in 156 mynetworks and access maps) should be written as 157 [ipv6:addr:ess]/plen (e.g. [fec0:10:20::]/48). The old 158 supported syntax, [ipv6:addr:ess/plen] is deprecated and 159 support will be removed in a later version. 160 Thanks to Dr. Peter Bieringer and Pekka Savola for discussion. 161 Files: util/match_ops.c, global/mynetworks.c 162 163 Explicitly prefer IPv6 over IPv4 addresses when delivering 164 to a host when MX lookups are disabled when SMTP address 165 randomization is on (default). 166 File: smtp/smtp_addr.c 167 168 Compliance: write IPv6 address literals in mail headers 169 as [IPv6:addr] instead of [addr] as per RFC 2821:4.1.3 170 tagging requirement, for example [IPv6:fec0:10:20::1]. 171 Pointed out by Dr. Peter Bieringer. 172 Files: smtpd/smtpd{,_peer,_state}.c, smtpd/smtpd.h 173 174Version 1.17 Postfix release 2.0.13, 2.0.14 175 Postfix snapshot 2.0.13-20030706, 2.0.14-20030812 176 177 Bugfix: Two memory allocation/deallocation bugs were 178 introduced in patch 1.16. The impact of these bugs could 179 be 'arbitrary' memory corruption. 180 File: util/match_ops.c 181 182Version 1.16 Postfix release 2.0.13 183 Postfix snapshot 2.0.13-20030706 184 185 Cleanup: rewrote match_ops.c. This rewrite is partly based on 186 patch by Takahiro Igarashi. The rewrite enables some better 187 handling of scoped addresses, and drops all GPL code from the 188 patch, easying license considerations. Also, allowed for 189 use of this code by the CIDR maps. 190 Files: util/match_ops.[ch] 191 192 Bugfix: correctly relay for scoped unicast addresses when 193 applicable. Until now, while Postfix was able to recognize 194 scoped addresses, it was not able to see e.g. fe80::10%fxp0 195 as local in mynetworks validation. KAME-only code. 196 (I've never heard of people using scoped addresses (think 197 link-local addresses) for mail relaying though...) 198 Files: util/inet_addr_list.[ch] 199 200 Feature (snapshot only): rewrote CIDR maps code to support 201 IPv6 addresses, using new match_ops code. Allow the use 202 of [::/0] since it allows one to easily disable further 203 checks for IPv6 addresses. 204 File: util/dict_cidr.c 205 206 Consistency: require IPv6 addresses in inet_interfaces to 207 be enclosed in square brackets. 208 File: util/inet_addr_host.c 209 210 Bugfix: (Linux2-only) A #define was misspelled. This could 211 lead to Postfix being unable to read the system's local IPv6 212 addresses (e.g. when using inet_interfaces). 213 Spotted by Jochen Friedrich. 214 File: util/sys_defs.h 215 216 Cleanup: require non-null host portion in CIDR / 217 prefixlength notations for IPv6 (was IPv4-only). 218 219Version 1.15a Postfix release 2.0.13 220 221 Update (TLS patches): Updated Lutz Jaenicke's TLS patch 222 to version 0.8.15. This version introduces new options 223 for managing SASL mechanisms. More information at: 224 http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/ 225 Diff contributed by Tuomo Soini. 226 227Version 1.15 Postfix release 2.0.12, 2.0.13 228 Postfix snapshot 2.0.12-20030621 229 230 Bugfix (TLS-snapshots only): a change in Postfix snapshot 231 2.0.11-20030609 broke initialisation of TLS in smtpd, 232 causing TLS to both be unadvertised and unaccepted. 233 This was fixed again by reordering initialisation. 234 File: smtpd/smtpd.c 235 236 Update (TLS patches): Updated Lutz Jaenicke's TLS patch 237 to version 0.8.14. This version introduces a few fixes and 238 uses USE_SSL instead of HAS_SSL. More information at: 239 http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/ 240 Diff contributed by Tuomo Soini. 241 242 Bugfix (Postfix releases only - this was already added to 243 the snapshots in patch 1.14). KAME derived systems only. 244 Correctly decode scoped addresses, including network 245 interface specifiers. 246 File: util/inet_addr_local.c 247 248Version 1.14 Postfix releases 2.0.9, 2.0.10, 2.0.11, 2.0.12 249 Postfix snapshots 2.0.9-20030424, 2.0.10-20030521, 250 2.0.11-20030609, 2.0.12-20030611 251 252 Patch change: made the patch available as an IPv6-only 253 patch (i.e., without the TLS code). This on popular 254 request by users and packagers. 255 A TLS+IPv6 version is still available of course. 256 257 Bugfix: correctly decode scoped addresses from now on 258 (KAME derived systems only). I think the original code 259 was written by Itojun, so I'm rather puzzled that it 260 didn't work... 261 File: util/inet_addr_local.c 262 263 Bugfix/portability: Recent KAME snapshots return both 264 TCP and SCTP address information on getaddrinfo() if 265 no protocol was specified. This causes the socket counts 266 to be wrong, confusing child processes. 267 Merged patch by JINMEI Tatuya of KAME to fix this. 268 Files: master/master.h, master/master_{ent,conf}.[ch], 269 util/inet_listen.c 270 271 Documentation: added an IPV6_README file to the patch. 272 This file contains the primary documentation. Also, 273 added a sample-ipv6.cf to describe the (currently few) 274 IPv6 related main.cf parameters. 275 276 Bugfix: the netmask structures for the *unsupported* 277 platforms (boldly assume /64) were added to the wrong 278 list (addresses instead of masks). This bug did not affect 279 any supported platform though. 280 File: util/inet_addr_local.c 281 282 Portability: added support for HP/Compaq Tru64Unix V5.1 283 and later. (compiled with CompaqCC only). 284 Thanks to Sten Spans for providing root access to an 285 IPv6-connected Tru64 testing machine. 286 287Version 1.13 Postfix releases 2.0.4 - 2.0.9 288 Postfix snapshots 2.0.3-20030126 - 2.0.7-20030319 289 290 Bugfix: Due to a missing storage pointer, DNS lookup 291 results in the permit_mx_backups code were not processed, 292 and smtpd would likely crash. 293 Thanks to Wouter de Jong for reporting the crashes. 294 File: smtpd/smtpd_check.c 295 296 Incompatible change: The addresses given to the parameters 297 smtp_bind_address6 and lmtp_bind_address6 now need to be 298 enclosed in square brackets for consistency. 299 Files: [ls]mtp/[ls]mtp_connect.c 300 301Version 1.12 Postfix releases 2.0.2, 2.0.3 302 Postfix snapshots 2.0.2-20030115, 2.0.3-20030126 303 304 Bugfix/workaround (Solaris): A simplified comparison 305 function for Solaris' qsort() function, would result 306 in corruption of network addresses in the SMTP client. 307 Fixed. Reported with possible fix by Edvard Tuinder. 308 File: smtp/smtp_addr.c 309 310Version 1.11 Postfix releases 2.0.0.x, 2.0.1, 2.0.2 311 Postfix snapshots 2.0.0-20030105, 2.0.1-20030112 312 2.0.2-20030115 313 314 Bugfix (Solaris): Properly initialize lifconf structure 315 when requesting host interface addresses. If you get 316 warnings about SIOCGLIFCONF with earlier versions, 317 please upgrade. 318 File: util/inet_addr_local.c 319 320 Patch fix: fixed compilation errors in case the patch is 321 applied but built without IPv6 support (i.e., on unsupported 322 platforms). 323 324Version 1.10 Postfix snapshots 1.1.12-200212{19,21} 325 Postfix releases 2.0.0, 2.0.0.{1,2} 326 Postfix snapshots 2.0.0-20021223 - 2.0.0-20030101 327 328 'Bugfix': don't show spurious warnings on Linux systems 329 about missing /proc/net/if_inet6 unless verbose mode 330 is enabled. 331 File: util/inet_addr_local.c 332 333 Bugfix: If unable to create a socket for a specific adress 334 in the SMTP client (e.g., when trying to create an IPv6 335 connection while the local host has no configured IPv6 336 addresses), then stop the attempt. 337 File: smtp/smtp_connect.c 338 339 Small bugfix: never query DNS for <localpart@[domain.tld]>. 340 This syntax now correctly generates an error immediately. 341 File: global/resolve_local.c 342 343 Updated TLS patch to 0.8.12-1.1.12-20021219-0.9.6h, fixing 344 a bug with "sendmail -bs". 345 346Version 1.9 Postfix version 1.1.11-20021115 347 Postfix version 1.1.12-2002{1124,1209-1213} 348 349 Bugfix: with getifaddrs() code (*BSD, linux-USAGI), IPv4 350 netmasks were set to /32 effectively. Work around broken 351 netmask data structures (*BSD only perhaps). 352 353 Bugfix: same data corruption in another place created 354 entirely wrong IPv4 netmasks. Work around broken 355 SIOCGIFNETMASK structure. 356 357 New code was added for correct IPv6 netmasks. The original 358 code did not contain IPv6 netmask support at all! 359 For Solaris, use SIOCGLIF*; Linux: /proc/net/if_inet6. 360 Getifaddrs() support is used otherwise. This should cover 361 all supported systems. Other systems also work, prefix 362 length is always set to /64 then. 363 364 Since there are no classes (context: Class A, class B etc 365 networks) with IPv6, default to IPv6 subnet style if the 366 mynetworks style is 'class'. I recommend against this style 367 anyway. 368 369 Added support to display IPv6 nets mynetworks output. 370 371Version 1.8 Postfix version 1.1.11-200211{01,15} 372 373 An earlier author of the patch made a typo in the GAI_STRERROR() 374 macro, resulting in bogus error messages when checking for 375 PTR records. Fixed. 376 377 IPv4-mapped addresses in the smtpd are converted to true IPv4 378 addresses just after the connection has been made. This means 379 that all IPv4-mapped addresses are now logged as true IPv4 380 addresses. Hence beside RBL checks, also access maps now treat 381 IPv4-mapped addresses as native IPv4. Note that ::ffff:... 382 entries in your access tables will no longer work. 383 384 You can now specify IPv6 'parent' networks in your access maps, 385 e.g. to reject all mail from 3ffe:200:... nodes, add the line 386 3ffe:200 REJECT 387 Use of trailing colons is discouraged because postmap will 388 warn about it possibly being an alias... 389 NOTE: I'll soon obsolete this again in favor of the more 390 common address/len notation. This was just so trivial to add 391 that it didn't hurt and I needed it :) 392 393 For easy reference, the version of the TLS/IPv6 patch can be 394 dynamically queried using the tls_ipv6_version variable. 395 This gives the short version (like, "1.8"). 396 397 The service bind address for 'inet' sockets in master.cf (e.g., 398 smtpd), must be enclosed in square brackets '[..]' for IPv6 399 addresses. The old style (without brackets) still works but is 400 unsupported and may be removed in the future. Example 401 [::1]:smtp inet n - n - - smtpd 402 403Version 1.7 Postfix version 1.1.11-20021029 - 1.1.11-20021101 404 405 Postfix' SMTP client performs randomization of MX addresses 406 when sending mail. This however could result in A records 407 being used before AAAA records. This has been corrected. 408 409 Note that from Postfix version 1.1.11-20021029 on, there is 410 a proxy_interfaces parameter. This has of course not been 411 ported to IPv6 addresses... 412 413Version 1.6 Postfix version 1.1.11-20020928 414 415 Added IPv6 support for backup_mx_networks feature; also the 416 behaviour when DNS lookups fail when checking whether the 417 local host is an MX for a domain conforms to the IPv4 case: 418 defer rather than allow. 419 420Version 1.5 Postfix version 1.1.11-20020917 421 422 I introduced two bugs when I rewrote my older LMTP IPv6 patch. 423 These bugs effectively rendered LMTP useless. Now fixed. 424 Bugs spotted by Kaj Niemi. 425 426 Now supports Solaris 8 and 9. Due to lack of testing equipment, 427 this has been only tested in production on Solaris 9, both 428 with gcc and the Sun Workshop Compiler. 429 430Version 1.4 Postfix version 1.1.11-20020822 - 1.1.11-20020917 431 432 OpenBSD (>=200003) and FreeBSD release 4 and up now use 433 getifaddrs(). This makes for cleaner code. The old code 434 seems to be bug-ridden anyway. 435 436 Got rid of some compiler warnings. Should be cleaner on 437 Alpha as well now. Thanks to Sten Spans for providing me 438 access to an Alpha running FreeBSD4. 439 440 Fixed an old bug in smtpd memory alloation if you compiled 441 without IPv6 support (the wrong buffer size was used. This 442 was harmless for IPv6-enabled compiles since the sizes were 443 equal then). 444 445 Added ChangeLog to the patch (as IPv6-ChangeLog) (this 446 was absent in 1.3 contrary to docs). 447 448Version 1.3 Postfix version 1.1.11-20020613 - 1.1.11-20020718 449 450 FYI: In postfix version 1.1.11-20020718, DNS lookups for 451 AAAA can be done natively. The code matches the code in 452 the patch (though the #ifdef changed from INET6 to T_AAAA). 453 This change causes the patch for 1.1.11-20020718 to be a 454 bit smaller. 455 456Version 1.2 Postfix version 1.1.11-20020613 457 458 Added IPv6 support for the LMTP client. 459 460 Added lmtp_bind_address and lmtp_bind_address6 parameters, 461 similar to those for smtp. 462 463 Added IPv6 support for the QMQP server. 464 465Version 1.1 Postfix version 1.1.11-20020602 - 1.1.11-20020613 466 467 Added parameter smtp_bind_address6. By using this parameter, 468 it is possible to bind to an IPv6 address, independently of 469 IPv4 address binding. 470 471 Lutz fixed a bug in his TLS patch regarding SASL. Incorporated. 472 473Version 1.0.x Postfix version 1.1.8-20020505 - 1.1.11-20020602 474 475 Patch derived from PLD's IPv6 patch for Postfix, revision 1.10 476 which applied to early Postfix snapshots 1.1.x. Updated this 477 patch to apply to 1.1.8-20020505. 478 479 Added compile-time checks for SS_LEN. Some Linux installations, 480 and maybe other systems, do define SA_LEN, but not SS_LEN. 481 482 Several updates of postfix snapshots. 483 484