summaryrefslogtreecommitdiff
path: root/doc/CHANGELOG
diff options
context:
space:
mode:
authorJannis Hoffmann <jannis@fehcom.de>2024-07-03 15:48:04 +0200
committerJannis Hoffmann <jannis@fehcom.de>2024-07-03 15:48:04 +0200
commit89b7b67a13ebb7965cc7f13ad0595e2194a2d34c (patch)
tree25efd77a90ae87236e6730d8ea3846bbe0fd126f /doc/CHANGELOG
add sqmail-4.2.29asqmail-4.2
Diffstat (limited to 'doc/CHANGELOG')
-rw-r--r--doc/CHANGELOG196
1 files changed, 196 insertions, 0 deletions
diff --git a/doc/CHANGELOG b/doc/CHANGELOG
new file mode 100644
index 0000000..e48d1ed
--- /dev/null
+++ b/doc/CHANGELOG
@@ -0,0 +1,196 @@
+s/qmail 4.0 CHANGE log
+======================
+
+Older changes can be found in CHANGELOG_V3.
+
+Version Descripition
+--------------------
+
+4.0.00 Initial version, removed SRS, fixed SPF.
+4.0.01 Recovered SRS and added srsforward + srsreverse
+ as compile option; still depending on librsrs2.
+ Added man pages for srsforward + srsreverse.
+ Fixed columnt (buf incorrectly used).
+B(2) Changed 'puts' to 'out'; where applicable.
+ Fixed dnsq call in qmail-smtpd concerning
+ lookup type "M" -> 'M', "A" -> 'A' (char ).
+B(3) Fixed missing timestamp for mails in maildir.c
+ making qmail-pop3d behaving erratic.
+ Substituted put -> out almost everywhere.
+ Fixed wrong 'identity' in Received header ('unknown')
+ due to misplaced 'if' nesting.
+ Streamlined qmail-authuser to support APOP auth
+ even for Unix system accounts (tx Drew).
+ Fixed wrong CAPA announcement in qmail-popup
+ (APOP instead of UIDL).
+4.0.02 Removed dependency on libsrs2 providing srs2.[c|h]
+ natively together with sha1[_hmac].[c|h].
+ Complete refactoring of sha1 and sha1_hmac.
+ Included Drew W's enhancements for Dovecot auth
+ in qmail-authuser.
+ Fixed bug in IPv4/IPv6 matching for spf_mx.
+4.0.03 Enhanced qmail-authuser.
+ Redone srsforward and srsreverse + man pages.
+ Fixed qmail-smtpd to cope with new DNS resolver
+ behaviour (in particular for SPF segfaulting for bounces).
+ Finally streamlined man pages.
+4.0.04 SMTPUT8 is now triggered via environment variable UTF8 for
+ qmail-smtpd.
+ Fixed segfaulting qmail-smtpd in case of multiple recipients
+ in the RCPT TO dialog.
+ qmail-smtpd exits now if Auth and Auth not announced or PAM missing.
+4.0.05 Fixed bug in qmail-remote with wrong CNAME address mangling (tx. Leah).
+ Removed SMTPUTF8 compiler flags in qmail-remote and qmail-smtpam
+ which now auto-detect UTF8 encoded addresses.
+4.0.06 Fixed qmail-smtpd segfaulting while wrongly evalute 'fakehelo' for SPF.
+ Added compatibility for other tcpserver/sslserver programs
+ calling qmail-smtpd and different IPv6 environment variables (4Leah).
+4.0.07 Straightend some code in SPF evalution which might prevent it (tx Leah).
+ Fixed bug returning wrong SPF results in case a TXT but no SPF record is given.
+ Fixed qmail-remote potentially not binding to IPv4 addresses (tx. MB).
+ Fixed qmail-authuser insuffient handle of passwords using crypt (tx. MB).
+4.0.08 Fix for qmail-vmailuser not respecting vpopmail's home dir (tx. Ueli H.).
+ Changed qmail-remote to cope better with fehQlibs-15 and IPv4 qualification.
+ Fixed CVE-2011-0411: Pipelining command injection for qmail-smtpd.
+ Fixed the Guninski CVE-2005-1513 (in fehQlibs-15): Buffer overflow
+ if size of mail > 4 GByte.
+4.0.09 Reworked fix for CVE-2011-0411 to provide a general solution. (tx. Fabian)
+ Applied fix to qmail-popup as well.
+4.0.10 GCC 10 refactoring (together with fehQlibs-15b).
+ qmail-remote now recognizes a MX retrieved IP to be itself and skips it.
+EOL for 4.0
+
+4.1.00 Added TLSA DNS lookup for qmail-remote.
+4.1.01 Added qmail-ldapam; needs tweaking and verification still.
+4.1.02 Added qmail-postgrey client together with the qmail-smtpd IF (permisssion by jan.mojzis).
+4.1.03 Fixed TLSA off-by-one error for qmail-remote.
+ Removed idedit.c (could be used in later version).
+ Disabled compilation of qmail-ldapam. (cleanups, beta version).
+ Added postgrey run script together with adjustments for doc and man.
+4.1.04 Included Reiser FS patch; see unlinking problems also with vdeliver (qmail-queue, qmail-local).
+ Fixed 'incorrect' xtext generation in qmail-remote.
+ Added qmail-qmaint providing sanity checks on the queue and
+ allowing removal of messages (based on E. Huss code).
+ Integrated DANE lookup (exceptions) into tlsdestinations + doc.
+4.1.04+ Fixed bug not freeing X509 cert, thus TLSA fails. The X509_digest API is stupid.
+4.1.05 Added selector evalution in tlsa_check and re-formulated logic.
+ Moved header files to ./include directory (and changed conf-cc accordingly).
+4.1.06 Compliance with fehQlibs-17 (could solve [20201123#1/4.0.10]).
+ Fixed bug in smtproutes not authenticating [20210213#1/4.0.10].
+ Reformulated qmail-smtpd smtproutes to support setting localip [RfC:20201112#1/4.0.10].
+4.1.07 Fixed bug in qmail-smtpd confusing badmailfrom with badrcptto [20120312#1/4.0.10].
+ Adjusted header files to compile on ARM64 (Clang) and with GCC-10 (AMD64).
+4.1.08 Removed references to qmail-ldapam in package.
+ Changed SPF DEFEXP macro using expand for domaiGn rather than 'spf.pobox.com' [20210212#1/4.0.10].
+4.1.09 Fixes for qmail-remote and rewriting the SIZE extension interface (tx. Drew):
+ a) (Occasional) wrong parsing of multiple X.509 fingerprints in dnstlsa and tls_remote.c
+ which might qmail-remote advice to reject valid TLSA indicated connections.
+ b) Wrong SIZE indication (mailfrom, mailfrom_xtext) in SMTP dialogue [20210622#1/4.1.08] (tx. Drew).
+ c) Wrong SMTPUTF8 indication (mailfrom, mailfrom_xtext) [20210622#2/4.1.08].
+ Note: qmail-rspawn API left unchanged wrt vanilla qmail.
+4.1.10 Fixed flaw in qmail-remote not producing immediate bounce for server's 5xx reply code.
+ Fixed bug in qmail-remote introduded in sqmail-4.1.09 evaluating size information for qmtp delivery.
+4.1.11 Fixed bug in qmail-vmailuser not evaluating vpopmail's user directories correctly.
+ Fixed bug in qmail-smtpam segfaulting. Sitting there since 3.0; nobody is using it.
+ Added 'implicit TLS' support for qmail-remote in control/smtproutes, ./authusers, ./tlsdestinations.
+ Added 'implicit TLS' support for qmail-smtpam on the command line.
+4.1.12 Improved and streamlined qmail-remote TLS errors.
+ Multiple DNS queries vor TLSA check; first early; second after cert received.
+ TLSA check working again; stupid OpenSSL doc ;-)
+4.1.13 Better RFC 6698 (TLSA) conformance for PKIX-EE (with full X.509 chain given).
+4.1.14 TLSA record lookup follows now a CNAME query. Pretty unusual for MX environments.
+ Removed recognition of 451 SMTP return code as greylisting in qmail-remote logs.
+4.1.14a Fixed two integration bugs in 4.1.14 and straightend TLSA lookup and evalution.
+4.1.15 Off-by-one error in dnstlsa (cert finterprint too short) and
+ corrections (and simplifications) to evaluate the TLSA finterprints (tls_remote.c).
+4.1.16 Additional corrections for TLSA evaluation with several fingerprints.
+ TLSA lookup not bound to PTR lookup anymore but just hostname of MX.
+ qmail-local does not disclose virtual user name extension in 'Delivered-To' field.
+ Installation routine removes now potential remnants in ./src diretory.
+ Removed irritating 'greylisting' log info from qmail-remote for certain SMTP reply codes.
+ qmail-queue fast injection race condition fix from Manvendra included.
+ qmail-remote evaluates MX distance according to IPv4/IPv6 local bindings.
+4.1.17 Fixed OpenSSL's X509_pubkey_digest() function for TLSA.
+EOL for 4.1
+
+
+4.2.00 Taken over qmail-ldapam development from 4.1.
+4.2.03 Synced with current s/qmail (4.1.16); enhanced RECIPIENTS mechanmism to read
+ users/assign.cdb. Note: This breaks old qmail, since the name was just 'cdb' here.
+ Adjusted qmail-newu to confirm with this decision.
+4.2.04 First step integrating libdkim (from Kai Peter's implementation and adjustments
+ for current OpenSSL and LibreSSL).
+4.2.05 libdkim implemented (native C++) als qmail-dkim; added stub qmail-dksign.
+ Synced with sqmail-4.1.17. New requirement: fehQlibs-20 due to dns_txt.c changes.
+4.2.06 Integration tests and documentation for qmail-dksign.
+4.2.07 Integration tests successful; except for DKIM over QMTP. Needs changes for qmail-qmtpd.
+ Included man pages for qmail-dkim.8 and qmail-dksign.8.
+4.2.08 Replace 'execve' with 'pathexec' in qmail-rspawn and qmail-dksign.
+ Fixed permissions on DKIM 'default' files. Preliminary qmail-dkverify.c.
+ Removed creation of qmail-ldapam; still a useful solution is required (separate package?).
+ Changed defaults for qmail-dksign to the anticipated ones; verified CRLF prior of signing.
+ qmail-dkim options work now as expected. Fixed wrong hash functions in dkimsign (tx. Pascal).
+ DKIM signing working now.
+4.2.09 Removed 'Allman' code from DKIM. Adjusted qmail-dksign man page.
+ First attempt for qmail-dkverify.c. Removed the qmail-ldap dependencies.
+4.2.10 Included 'Ed25519' signatures in dkimsign.cpp. Works fine - but untested.
+ Removed chdir(auto_qmail) dependency from qmail-dkim; universal usage again.
+ Moved back to include tabs for the DKIM header; double WSP seems not to work well here.
+ Removed ADSP (Author Domain Signing Practice) from dkverify.cpp (RFC 6541; experimental).
+4.2.11 qmail-remote recognizes now Greylisting after HELO with SMTP Reply > 400 (and tries again).
+ Big reminder: Always use byte arrays in constmap hash tables => tls_destination()++.
+ Added 'l' (length) flag in dkimdomains for specific customization.
+ Changed dkimsign's BodyLength calculation; was strange before.
+4.2.12 Progress on dkimverify.cpp.
+4.2.13 dkimverify.cpp stripped down and working now with socket interface.
+4.2.14 Fixed bug in spf_exists return wrong results for DNS lookup (tx. Laurentiu).
+ First version with working qmail-dkverify. Tests pending.
+4.2.15 qmail-dkverify working now; except for Ed25519 signatures.
+ Replaced socket interface by file interface for reporting results to qmail-dkverify.
+ Stripped CR from outgoing mails. qmail-dksign ignores input domains for which no privkey exists.
+4.2.16 qmail-dkverify considers now d=domain in X-Authentication results.
+ Removed obsolete 'selector' file in ssl/domainkeys/<domain> and rather
+ permit now tailored selector names in ssl/domainkeys/<domain>/<selector> to pick up private key.
+ Ed25519 signing and verification working now. Fixed wrong variable for 'sender' upon call.
+4.2.17 Fixed premature close of cdb in fastforward; removed slurpclose.c.
+ Final trimming and documentation.
+ qmail-remotes's cafile and cipher handling reworked.
+4.2.18 Removed 'selector' as file name for qmail-dksign and used 'default' instead, making it more robust.
+ Changed erroneous 'domain' to 'sdid' in qmail-dksign (tx. Pascal). Udated man page for qmail-dksign.
+4.2.19 Changed back to 4.2.16 behavior of reading the DKIM private key based on selector.
+ Added new default signing capability for qmail-dksign to consider only 'own' domains,
+ which are given in rcpthosts. The token '=:' can be used in control/dkimdomains.
+ Compatibility with LibreSSL 3.7.x and Ed25519 signature operations (tx. Nicolai).
+ Improved robustness and error message handling for qmail-dksign.
+4.2.20 Updated mkdkimkey.sh; no TLSA lookup for bounces.
+ dkimverify update for message with both RSA and Ed25519 signatures and selection.
+ Added more verbose logging to qmail-remote in case of unsuccessful delivery.
+ qmail-rspawn does not read control/dkimdomains but rather stats it -> less FDs.
+4.2.21 Fixed wrong DKIM ed25519 indication in DKIM header. DKIM ed25519 key stripped from ASN.1 header
+ in order to conform with RFC 8463 while prepending that for DKIM verification.
+ SPF evaluation considers now fehQlibs-22 new CIDR API.
+4.2.22 Internal version with first attempt for hybrid DKIM signatures.
+ Fixed qmail-remote abends in case of contacting RFC (2)821 none-compliant SMTP MTAs.
+4.2.23 Fix for qmail-remote handling of none StartTLS MTAs to fallback for unencrypted service.
+4.2.23 Hybrid DKIM signatures working now; required changes of qmail-dkim API and qmail-dksign.
+4.2.23a Some typos in documentation and spelling mistakes fixed.
+4.2.24 Fixed SPF PTR lookup (cleared up weired logic) [202310503#1/4.2.24] and straightened error output line.
+ Tweaks for DNS behavior in case of missing DNS records and bouncing for qmail-remote.
+ Added Return Code values in man pages for DNS client programs.
+4.2.25 Fixed bug in DKIM validation not considering Pubkey if k= is missing in DNS TXT record => DKIM fail.
+4.2.26 Backported fixes for [20230922#1/4.3.01], [20230920#1/4.3.01], and [20230823#1/4.3.00] included.
+4.2.27 Fixed qmail-smtpd Auth bug segfaulting if no/wrong arguments [20230931#1/4.2.27]
+4.2.27a Misspelled prototype in smtpd.log may lead to confusing auth eror messages [20231003#1/4.2.27a].
+4.2.27b control/domainips adds erroneously a \0 to helohost which violates RFC 2821 [20231004#1/4.2.27b].
+4.2.28 Backported TLSA handling for qmail-remote from s/qmail 4.3.
+4.2.29 DKIM sender evaluated in lowercase for signing [20231109#1/4.2.29];
+ DKIM header for verification does not depend on position of 'Content' header (missing verification).
+ Fixed irritating log output in case no DKIM key is found.
+ DKIM signing now robust against wrong keys and remnant files left in DKIM staging area.
+ Fixed crash in qmail-smtpd while logging SPF evaluation with un-terminated spfbounce [20231203#1/4.2.29].
+ Fixed 'missing' mails for bounces problem in case DKIM signing failed due to missing key [20231119#1/4.2.29].
+EOL for 4.2
+4.2.29a Fix for EHLO X-fields and StartTLS in qmail-remote.
+ Fix for recipients() and assign.cdb reading.
+ Fix for qmail-dkverify with incomplete information in email header.
+ Fix for qmail-dksign reading from inital stage file in case of signing errors.