Overview

File _patchinfo of Package patchinfo.3527

<patchinfo incident="3527">
  <issue id="908003" tracker="bnc">wrong access rights on /usr/sbin/postdrop causes permission denied when trying to send a mail as non root user</issue>
  <issue id="912594" tracker="bnc">config.postfix creates config based on old options</issue>
  <issue id="911806" tracker="bnc">config.postfix does not set up correct saslauthd socket directory for chroot</issue>
  <issue id="914086" tracker="bnc">syntax error in config.postfix</issue>
  <issue id="910265" tracker="bnc">config.postfix does not upgrade the chroot</issue>
  <issue id="729154" tracker="bnc">wrong permissions for some postfix components</issue>
  <category>recommended</category>
  <rating>moderate</rating>
  <packager>varkoly</packager>
  <description>
Postfix was updated to version 2.11.3 to bring features and bugfixes.

Changes done:
- postfix 2.11.3:
  * Fix for configurations that prepend message headers with Postfix
    access maps, policy servers or Milter applications. Postfix now
    hides its own Received: header from Milters and exposes prepended
    headers to Milters, regardless of the mechanism used to prepend
    a header. This fix reverts a partial solution that was released
    on October 13, 2014, and replaces it with a complete solution.
  * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.

- postfix 2.11.2:
  * Fix for DMARC implementations based on SPF policy plus DKIM
    Milter. The PREPEND access/policy action added headers ABOVE
    Postfix's own Received: header, exposing Postfix's own Received:
    header to Milters (protocol violation) and hiding the PREPENDed
    header from Milters. PREPENDed headers are now added BELOW
    Postfix's own Received: header and remain visible to Milters.
  * The Postfix SMTP server logged an incorrect client name in
    reject messages for check_reverse_client_hostname_access and
    check_reverse_client_hostname_{mx,ns}_access. They replied with
    the verified client name, instead of the name that was rejected.
  * The qmqpd daemon crashed with null pointer bug when logging a
    lost connection while not in a mail transaction.

- postfix 2.11.1:
  * With connection caching enabled (the default), recipients could
    be given to the wrong mail server.
  * Enforce TLS when TLSA records exist, but all are unusable.
  * Don't leak memory when TLSA records exist, but all are unusable.
  * Prepend "-I. -I../../include" to the compiler command-line
    options, to avoid name clashes with non-Postfix header files. 
  * documentation fixes
  * logging fixes

Other bugfixes done:
- bnc#914086 syntax error in config.postfix
- Adapt config.postfix to be able to run on SLE11 too. 

- Don't install sysvinit script when systemd is used
- Make explicit PreReq dependencies conditional only for older 
  systems
- Don't try to set explicit attributes to symlinks
- Cleanup spec file vith spec-cleaner

- bnc#912594 config.postfix creates config based on old options 

- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot
- bnc#910265 config.postfix does not upgrade the chroot
- bnc#908003 wrong access rights on /usr/sbin/postdrop causes
   permission denied when trying to send a mail as non root user
- bnc#729154 wrong permissions for some postfix components

- restore previously lost fix:
  Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de
  - Ignore errors in %pre/%post.
</description>
  <summary>Recommended update for postfix</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places