ChangeLog for Dean Strik's IPv6 patch for Postfix. The patch is based on PLD's patch, which in turn seems to be based on KAME's. For more information: http://www.ipnet6.org/postfix/ --------------------------------------------------------------------- Version 1.25 Postfix release 2.1.3 Postfix release 2.0.20 Postfix snapshot 2.2-20040616 Bugfix: Misplaced myfree() caused a small memory leak. Reported by Christian von Roques. File: util/match_ops.c Removed the colon (:) from the characters XFORWARD replaces by a question mark (IPv6 addresses looked like 2001?610?1108?5010??1 in logging). Reported by Philipp Morger. File: smtpd/smtpd.c Version 1.24 Postfix release 2.1.1 Postfix release 2.0.20 Postfix snapshot 2.0.19-20040312 Postfix snapshot 2.2-20040504 Bugfix: Prefixlen non-null host portion validation (in CIDR maps for example) yielded incorrect results sometimes because signed arithmetic was used instead of unsigned. File: util/match_ops.c Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf update (used for new installations). Added it back. Version 1.23 Postfix release 2.1.0 Postfix release 2.0.20 Postfix snapshot 2.0.19-20040312 Patch fixes: Several code fixes to make the patch compile and work correctly when compiled without IPv6 support. Bugfix (Solaris only?): address family length was not updated which could cause client hostname validation errors. File: smtpd/smtpd_peer.c Portability: added support for Darwin 7.3+. This may need some further testing. Cleanup: Restructure and redocument interface address retrieval functions. (This reduced the number of preprocessor statements from 99 to 93 ;) File: util/inet_addr_local.c Cleanup: make several explicit casts to have compilers shut their pie holes about uninteresting things. Version 1.22 Postfix release 2.0.19 Postfix snapshot 2.0.19-20040312 Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces = IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more complete implementation will be part of a future patch. (Slightly modified) patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch], util/inet_addr_local.c, global/own_inet_addr.c, global/wildcard_inet_addr.[ch], master/master_ent.ch Bugfix: In Postfix snapshots, a #define was misplaced with the effect that IPv6 subnets were not included in auto- generated $mynetworks (i.e., mynetworks not defined in main.cf, when also mynetworks_style=subnet) on Linux 2.x systems. File: utils/sys_defs.h Version 1.21a Postfix snapshots 2.0.18-2004{0122,0205,0209} 2.0.19-20040312 TLS/snapshot version: Update TLS patch to 0.8.18-20040122. Performed as a total repatch. 0.8.18 is cleaner with tls_* variables if TLS is not actually compiled in. Version 1.21 Postfix releases 2.0.18 - 2.0.19 Postfix snapshot 2.0.16-20031231 Bugfix: The SMTP client could fail to setup a connection, erroring with a bogus "getaddrinfo(...): hostname nor servname provided" warning, because the wrong address was selected. File: smtp/smtp_connect.c Safety: in dynamically growing data structures, update the length info after (instead of before) updating the data size. File: util/inet_addr_list.c Version 1.20 Postfix release 2.0.16 Postfix snapshot 2.0.16-20031207 Bugfix: The SMTP client would abort when binding to specific IPv6 addresses. File: smtp/smtp_connect.c Synchronisation/bugfix: LMTP source address binding is identical to the SMTP source binding setup, avoiding the need for lmtp_bind_address(6) if inet_interfaces is set to a single host for an address family. File: lmtp/lmtp_connect.c Version 1.19 Postfix release 2.0.16 Postfix snapshot 2.0.16-20031207 Bugfix: Synchronisation of TLS patches in snapshots of 1.18[ab] was not complete, causing a crash of smtpd if used with the new proxy agent. File: smtpd/smtpd.c Bugfix: SMTP source address binding based on a single hostname in inet_interfaces did not work since the code counted IPv4 and IPv6 addresses instead of only the used address family. Fixed, thereby no longer requiring exact specification of smtp_bind_address(6) in this case. File: smtp/smtp_connect.c Bugfix: The QMQP sink server did not compile correctly. This program, part of smtpstone tools, is not compiled or installed by default. File: smtpstone/qmqp-sink.c Bugfix: NI_WITHSCOPEID was not correctly defined everywhere, which could result in EAI_BADFLAGS. Changed location of definition to correct it. Files: util/sys_defs.h, util/inet_addr_list.h Version 1.18b Postfix snapshot 2.0.16-20030921 IPv6 support: Added IPv6-enabled code to the new snapshot check_*_{ns,mx}_access restrictions. File: smtpd/smtpd_check.c Version 1.18a Postfix release 2.0.16 Update (TLS patches): Updated Lutz Jaenicke's TLS patch to version 0.8.16. See pfixtls/ChangeLog for details. Diff contributed by Tuomo Soini. The TLS+IPv6 patch now contains the original TLS patch documentation from Lutz Jaenicke. Version 1.18 Postfix releases 2.0.14 - 2.0.15 Postfix snapshot 2.0.14-20030812 Bugfix: Perform actual hostname verification in the SMTP and QMTP servers. This was never supported in the IPv6 patch. Reported by Wolfgang S. Rupprecht. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c IPv6 address ranges using address/prefixlength (e.g. in mynetworks and access maps) should be written as [ipv6:addr:ess]/plen (e.g. [fec0:10:20::]/48). The old supported syntax, [ipv6:addr:ess/plen] is deprecated and support will be removed in a later version. Thanks to Dr. Peter Bieringer and Pekka Savola for discussion. Files: util/match_ops.c, global/mynetworks.c Explicitly prefer IPv6 over IPv4 addresses when delivering to a host when MX lookups are disabled when SMTP address randomization is on (default). File: smtp/smtp_addr.c Compliance: write IPv6 address literals in mail headers as [IPv6:addr] instead of [addr] as per RFC 2821:4.1.3 tagging requirement, for example [IPv6:fec0:10:20::1]. Pointed out by Dr. Peter Bieringer. Files: smtpd/smtpd{,_peer,_state}.c, smtpd/smtpd.h Version 1.17 Postfix release 2.0.13, 2.0.14 Postfix snapshot 2.0.13-20030706, 2.0.14-20030812 Bugfix: Two memory allocation/deallocation bugs were introduced in patch 1.16. The impact of these bugs could be 'arbitrary' memory corruption. File: util/match_ops.c Version 1.16 Postfix release 2.0.13 Postfix snapshot 2.0.13-20030706 Cleanup: rewrote match_ops.c. This rewrite is partly based on patch by Takahiro Igarashi. The rewrite enables some better handling of scoped addresses, and drops all GPL code from the patch, easying license considerations. Also, allowed for use of this code by the CIDR maps. Files: util/match_ops.[ch] Bugfix: correctly relay for scoped unicast addresses when applicable. Until now, while Postfix was able to recognize scoped addresses, it was not able to see e.g. fe80::10%fxp0 as local in mynetworks validation. KAME-only code. (I've never heard of people using scoped addresses (think link-local addresses) for mail relaying though...) Files: util/inet_addr_list.[ch] Feature (snapshot only): rewrote CIDR maps code to support IPv6 addresses, using new match_ops code. Allow the use of [::/0] since it allows one to easily disable further checks for IPv6 addresses. File: util/dict_cidr.c Consistency: require IPv6 addresses in inet_interfaces to be enclosed in square brackets. File: util/inet_addr_host.c Bugfix: (Linux2-only) A #define was misspelled. This could lead to Postfix being unable to read the system's local IPv6 addresses (e.g. when using inet_interfaces). Spotted by Jochen Friedrich. File: util/sys_defs.h Cleanup: require non-null host portion in CIDR / prefixlength notations for IPv6 (was IPv4-only). Version 1.15a Postfix release 2.0.13 Update (TLS patches): Updated Lutz Jaenicke's TLS patch to version 0.8.15. This version introduces new options for managing SASL mechanisms. More information at: http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/ Diff contributed by Tuomo Soini. Version 1.15 Postfix release 2.0.12, 2.0.13 Postfix snapshot 2.0.12-20030621 Bugfix (TLS-snapshots only): a change in Postfix snapshot 2.0.11-20030609 broke initialisation of TLS in smtpd, causing TLS to both be unadvertised and unaccepted. This was fixed again by reordering initialisation. File: smtpd/smtpd.c Update (TLS patches): Updated Lutz Jaenicke's TLS patch to version 0.8.14. This version introduces a few fixes and uses USE_SSL instead of HAS_SSL. More information at: http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/ Diff contributed by Tuomo Soini. Bugfix (Postfix releases only - this was already added to the snapshots in patch 1.14). KAME derived systems only. Correctly decode scoped addresses, including network interface specifiers. File: util/inet_addr_local.c Version 1.14 Postfix releases 2.0.9, 2.0.10, 2.0.11, 2.0.12 Postfix snapshots 2.0.9-20030424, 2.0.10-20030521, 2.0.11-20030609, 2.0.12-20030611 Patch change: made the patch available as an IPv6-only patch (i.e., without the TLS code). This on popular request by users and packagers. A TLS+IPv6 version is still available of course. Bugfix: correctly decode scoped addresses from now on (KAME derived systems only). I think the original code was written by Itojun, so I'm rather puzzled that it didn't work... File: util/inet_addr_local.c Bugfix/portability: Recent KAME snapshots return both TCP and SCTP address information on getaddrinfo() if no protocol was specified. This causes the socket counts to be wrong, confusing child processes. Merged patch by JINMEI Tatuya of KAME to fix this. Files: master/master.h, master/master_{ent,conf}.[ch], util/inet_listen.c Documentation: added an IPV6_README file to the patch. This file contains the primary documentation. Also, added a sample-ipv6.cf to describe the (currently few) IPv6 related main.cf parameters. Bugfix: the netmask structures for the *unsupported* platforms (boldly assume /64) were added to the wrong list (addresses instead of masks). This bug did not affect any supported platform though. File: util/inet_addr_local.c Portability: added support for HP/Compaq Tru64Unix V5.1 and later. (compiled with CompaqCC only). Thanks to Sten Spans for providing root access to an IPv6-connected Tru64 testing machine. Version 1.13 Postfix releases 2.0.4 - 2.0.9 Postfix snapshots 2.0.3-20030126 - 2.0.7-20030319 Bugfix: Due to a missing storage pointer, DNS lookup results in the permit_mx_backups code were not processed, and smtpd would likely crash. Thanks to Wouter de Jong for reporting the crashes. File: smtpd/smtpd_check.c Incompatible change: The addresses given to the parameters smtp_bind_address6 and lmtp_bind_address6 now need to be enclosed in square brackets for consistency. Files: [ls]mtp/[ls]mtp_connect.c Version 1.12 Postfix releases 2.0.2, 2.0.3 Postfix snapshots 2.0.2-20030115, 2.0.3-20030126 Bugfix/workaround (Solaris): A simplified comparison function for Solaris' qsort() function, would result in corruption of network addresses in the SMTP client. Fixed. Reported with possible fix by Edvard Tuinder. File: smtp/smtp_addr.c Version 1.11 Postfix releases 2.0.0.x, 2.0.1, 2.0.2 Postfix snapshots 2.0.0-20030105, 2.0.1-20030112 2.0.2-20030115 Bugfix (Solaris): Properly initialize lifconf structure when requesting host interface addresses. If you get warnings about SIOCGLIFCONF with earlier versions, please upgrade. File: util/inet_addr_local.c Patch fix: fixed compilation errors in case the patch is applied but built without IPv6 support (i.e., on unsupported platforms). Version 1.10 Postfix snapshots 1.1.12-200212{19,21} Postfix releases 2.0.0, 2.0.0.{1,2} Postfix snapshots 2.0.0-20021223 - 2.0.0-20030101 'Bugfix': don't show spurious warnings on Linux systems about missing /proc/net/if_inet6 unless verbose mode is enabled. File: util/inet_addr_local.c Bugfix: If unable to create a socket for a specific adress in the SMTP client (e.g., when trying to create an IPv6 connection while the local host has no configured IPv6 addresses), then stop the attempt. File: smtp/smtp_connect.c Small bugfix: never query DNS for . This syntax now correctly generates an error immediately. File: global/resolve_local.c Updated TLS patch to 0.8.12-1.1.12-20021219-0.9.6h, fixing a bug with "sendmail -bs". Version 1.9 Postfix version 1.1.11-20021115 Postfix version 1.1.12-2002{1124,1209-1213} Bugfix: with getifaddrs() code (*BSD, linux-USAGI), IPv4 netmasks were set to /32 effectively. Work around broken netmask data structures (*BSD only perhaps). Bugfix: same data corruption in another place created entirely wrong IPv4 netmasks. Work around broken SIOCGIFNETMASK structure. New code was added for correct IPv6 netmasks. The original code did not contain IPv6 netmask support at all! For Solaris, use SIOCGLIF*; Linux: /proc/net/if_inet6. Getifaddrs() support is used otherwise. This should cover all supported systems. Other systems also work, prefix length is always set to /64 then. Since there are no classes (context: Class A, class B etc networks) with IPv6, default to IPv6 subnet style if the mynetworks style is 'class'. I recommend against this style anyway. Added support to display IPv6 nets mynetworks output. Version 1.8 Postfix version 1.1.11-200211{01,15} An earlier author of the patch made a typo in the GAI_STRERROR() macro, resulting in bogus error messages when checking for PTR records. Fixed. IPv4-mapped addresses in the smtpd are converted to true IPv4 addresses just after the connection has been made. This means that all IPv4-mapped addresses are now logged as true IPv4 addresses. Hence beside RBL checks, also access maps now treat IPv4-mapped addresses as native IPv4. Note that ::ffff:... entries in your access tables will no longer work. You can now specify IPv6 'parent' networks in your access maps, e.g. to reject all mail from 3ffe:200:... nodes, add the line 3ffe:200 REJECT Use of trailing colons is discouraged because postmap will warn about it possibly being an alias... NOTE: I'll soon obsolete this again in favor of the more common address/len notation. This was just so trivial to add that it didn't hurt and I needed it :) For easy reference, the version of the TLS/IPv6 patch can be dynamically queried using the tls_ipv6_version variable. This gives the short version (like, "1.8"). The service bind address for 'inet' sockets in master.cf (e.g., smtpd), must be enclosed in square brackets '[..]' for IPv6 addresses. The old style (without brackets) still works but is unsupported and may be removed in the future. Example [::1]:smtp inet n - n - - smtpd Version 1.7 Postfix version 1.1.11-20021029 - 1.1.11-20021101 Postfix' SMTP client performs randomization of MX addresses when sending mail. This however could result in A records being used before AAAA records. This has been corrected. Note that from Postfix version 1.1.11-20021029 on, there is a proxy_interfaces parameter. This has of course not been ported to IPv6 addresses... Version 1.6 Postfix version 1.1.11-20020928 Added IPv6 support for backup_mx_networks feature; also the behaviour when DNS lookups fail when checking whether the local host is an MX for a domain conforms to the IPv4 case: defer rather than allow. Version 1.5 Postfix version 1.1.11-20020917 I introduced two bugs when I rewrote my older LMTP IPv6 patch. These bugs effectively rendered LMTP useless. Now fixed. Bugs spotted by Kaj Niemi. Now supports Solaris 8 and 9. Due to lack of testing equipment, this has been only tested in production on Solaris 9, both with gcc and the Sun Workshop Compiler. Version 1.4 Postfix version 1.1.11-20020822 - 1.1.11-20020917 OpenBSD (>=200003) and FreeBSD release 4 and up now use getifaddrs(). This makes for cleaner code. The old code seems to be bug-ridden anyway. Got rid of some compiler warnings. Should be cleaner on Alpha as well now. Thanks to Sten Spans for providing me access to an Alpha running FreeBSD4. Fixed an old bug in smtpd memory alloation if you compiled without IPv6 support (the wrong buffer size was used. This was harmless for IPv6-enabled compiles since the sizes were equal then). Added ChangeLog to the patch (as IPv6-ChangeLog) (this was absent in 1.3 contrary to docs). Version 1.3 Postfix version 1.1.11-20020613 - 1.1.11-20020718 FYI: In postfix version 1.1.11-20020718, DNS lookups for AAAA can be done natively. The code matches the code in the patch (though the #ifdef changed from INET6 to T_AAAA). This change causes the patch for 1.1.11-20020718 to be a bit smaller. Version 1.2 Postfix version 1.1.11-20020613 Added IPv6 support for the LMTP client. Added lmtp_bind_address and lmtp_bind_address6 parameters, similar to those for smtp. Added IPv6 support for the QMQP server. Version 1.1 Postfix version 1.1.11-20020602 - 1.1.11-20020613 Added parameter smtp_bind_address6. By using this parameter, it is possible to bind to an IPv6 address, independently of IPv4 address binding. Lutz fixed a bug in his TLS patch regarding SASL. Incorporated. Version 1.0.x Postfix version 1.1.8-20020505 - 1.1.11-20020602 Patch derived from PLD's IPv6 patch for Postfix, revision 1.10 which applied to early Postfix snapshots 1.1.x. Updated this patch to apply to 1.1.8-20020505. Added compile-time checks for SS_LEN. Some Linux installations, and maybe other systems, do define SA_LEN, but not SS_LEN. Several updates of postfix snapshots.