head 1.9; access; symbols pkgsrc-2023Q4:1.9.0.2 pkgsrc-2023Q4-base:1.9 pkgsrc-2023Q3:1.7.0.28 pkgsrc-2023Q3-base:1.7 pkgsrc-2023Q2:1.7.0.26 pkgsrc-2023Q2-base:1.7 pkgsrc-2023Q1:1.7.0.24 pkgsrc-2023Q1-base:1.7 pkgsrc-2022Q4:1.7.0.22 pkgsrc-2022Q4-base:1.7 pkgsrc-2022Q3:1.7.0.20 pkgsrc-2022Q3-base:1.7 pkgsrc-2022Q2:1.7.0.18 pkgsrc-2022Q2-base:1.7 pkgsrc-2022Q1:1.7.0.16 pkgsrc-2022Q1-base:1.7 pkgsrc-2021Q4:1.7.0.14 pkgsrc-2021Q4-base:1.7 pkgsrc-2021Q3:1.7.0.12 pkgsrc-2021Q3-base:1.7 pkgsrc-2021Q2:1.7.0.10 pkgsrc-2021Q2-base:1.7 pkgsrc-2021Q1:1.7.0.8 pkgsrc-2021Q1-base:1.7 pkgsrc-2020Q4:1.7.0.6 pkgsrc-2020Q4-base:1.7 pkgsrc-2020Q3:1.7.0.4 pkgsrc-2020Q3-base:1.7 pkgsrc-2020Q2:1.7.0.2 pkgsrc-2020Q2-base:1.7 pkgsrc-2020Q1:1.6.0.2 pkgsrc-2020Q1-base:1.6 pkgsrc-2019Q4:1.5.0.28 pkgsrc-2019Q4-base:1.5 pkgsrc-2019Q3:1.5.0.24 pkgsrc-2019Q3-base:1.5 pkgsrc-2019Q2:1.5.0.22 pkgsrc-2019Q2-base:1.5 pkgsrc-2019Q1:1.5.0.20 pkgsrc-2019Q1-base:1.5 pkgsrc-2018Q4:1.5.0.18 pkgsrc-2018Q4-base:1.5 pkgsrc-2018Q3:1.5.0.16 pkgsrc-2018Q3-base:1.5 pkgsrc-2018Q2:1.5.0.14 pkgsrc-2018Q2-base:1.5 pkgsrc-2018Q1:1.5.0.12 pkgsrc-2018Q1-base:1.5 pkgsrc-2017Q4:1.5.0.10 pkgsrc-2017Q4-base:1.5 pkgsrc-2017Q3:1.5.0.8 pkgsrc-2017Q3-base:1.5 pkgsrc-2017Q2:1.5.0.4 pkgsrc-2017Q2-base:1.5 pkgsrc-2017Q1:1.5.0.2 pkgsrc-2017Q1-base:1.5 pkgsrc-2016Q4:1.3.0.4 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.2 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.2.0.4 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.2.0.2 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.1.0.4 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.2 pkgsrc-2015Q3-base:1.1; locks; strict; comment @# @; 1.9 date 2023.12.22.17.29.17; author wiz; state Exp; branches; next 1.8; commitid 6b3zS8Qu49zQ9uRE; 1.8 date 2023.10.24.22.09.49; author wiz; state Exp; branches; next 1.7; commitid MTsrqKm6aGrQAVJE; 1.7 date 2020.04.26.09.33.26; author taca; state Exp; branches; next 1.6; commitid 54tum7ED52S4rS5C; 1.6 date 2020.01.18.21.49.53; author jperkin; state Exp; branches; next 1.5; commitid JW4hJgY8ZdoTFdTB; 1.5 date 2017.03.04.06.26.42; author taca; state Exp; branches; next 1.4; commitid phcHD2nHiXfXkcIz; 1.4 date 2017.01.21.23.49.01; author rillig; state Exp; branches; next 1.3; commitid QgHg8cTuP5r3sTCz; 1.3 date 2016.09.18.17.10.28; author taca; state Exp; branches; next 1.2; commitid BEk4oXUsnpjtgNmz; 1.2 date 2016.03.05.11.28.50; author jperkin; state Exp; branches; next 1.1; commitid 1LoxeQftu903HrXy; 1.1 date 2015.09.07.09.47.02; author fhajny; state Exp; branches; next ; commitid 42C2mmB9De5xViAy; desc @@ 1.9 log @postfix*: update to 3.8.4 20230815 Bugfix (bug introduced: 20140218): when opportunistic TLS fails during or after the handshake, don't require that a probe message spent a minimum time-in-queue before falling back to plaintext. Problem reported by Serg. File: smtp/smtp.h. 20230819 Bugfix (defect introduced: 19980207): the valid_hostname() check in the Postfix DNS client library was blocking unusual but legitimate wildcard names (*.name) in some DNS lookup results and lookup requests. Examples: name class/type value *.one.example IN CNAME *.other.example *.other.example IN A 10.0.0.1 *.other.example IN TLSA ..certificate info... Such syntax is blesed in RFC 1034 section 4.3.3. This problem was reported first in the context of TLSA record lookups. Files: util/valid_hostname.[hc], dns/dns_lookup.c. 20230929 Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix SMTP server was waiting for a client command instead of replying immediately, after a client certificate verification error in TLS wrappermode. Reported by Andreas Kinzler. File: smtpd/smtpd.c. 20231006 Usability: the Postfix SMTP server now attempts to log the SASL username after authentication failure. In Postfix logging, this appends ", sasl_username=xxx" after the reason for SASL authentication failure. The logging replaces an unavailable reason with "(reason unavailable)", and replaces an unavailable sasl_username with "(unavailable)". Based on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c, xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c. 20231026 Bugfix (defect introduced: Postfix 2.11): in forward_path, the expression ${recipient_delimiter} would expand to an empty string when a recipient address had no recipient delimiter. Fixed by restoring Postfix 2.10 behavior to use a configured recipient delimiter value. Reported by Tod A. Sandman. Files: proto/postconf.proto, local/local_expand.c. 20231221 Security: with "smtpd_forbid_bare_newline = yes" (default "no" for Postfix < 3.9), reply with "Error: bare received" and disconnect when an SMTP client sends a line ending in , violating the RFC 5321 requirement that lines must end in . This prevents SMTP smuggling attacks that target a recipient at a Postfix server. For backwards compatibility, local clients are excluded by default with "smtpd_forbid_bare_newline_exclusions = $mynetworks". Files: mantools/postlink, proto/postconf.proto, global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h, smtpd/smtpd.c. @ text @# $NetBSD: Makefile,v 1.8 2023/10/24 22:09:49 wiz Exp $ COMMENT= Postfix SMTP server LDAP backend module POSTFIX_LIB= ldap POSTFIX_LIBDIR= src/global POSTFIX_LIB_DICT= yes POSTFIX_LIB_MKMAP= no .include "../../mail/postfix/Makefile.module" CCARGS+= -I${BUILDLINK_PREFIX.openldap-client}/include AUXLIBS_MODULE= -L${BUILDLINK_PREFIX.openldap-client}/lib -lldap -llber \ ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.openldap-client}/lib .include "../../databases/openldap-client/buildlink3.mk" .include "../../mk/bsd.pkg.mk" @ 1.8 log @*: bump for openssl 3 @ text @d1 1 a1 2 # $NetBSD: Makefile,v 1.7 2020/04/26 09:33:26 taca Exp $ # a3 1 PKGREVISION= 1 @ 1.7 log @mail/postfix: update to 3.5.1 Update postfix to 3.5.1. 3.5.0 (2020-03-16) Postfix stable release 3.5.0 is available. Support has ended for legacy release Postfix 3.1. The main changes are below. See the RELEASE_NOTES file for further details. * Support for the haproxy v2 protocol. The Postfix implementation supports TCP over IPv4 and IPv6, as well as non-proxied connections; the latter are typically used for heartbeat tests. * Support to force-expire email messages. This introduces new postsuper(1) command-line options to request expiration, and additional information in mailq(1) or postqueue(1) output. * The Postfix SMTP and LMTP client support a list of nexthop destinations separated by comma or whitespace. These destinations will be tried in the specified order. Examples: /etc/postfix/main.cf: relayhost = foo.example, bar.example default_transport = smtp:foo.example, bar.example Incompatible changes: * Logging: Postfix daemon processes now log the from= and to= addresses in external (quoted) form in non-debug logging (info, warning, etc.). This means that when an address localpart contains spaces or other special characters, the localpart will be quoted, for example: from=<"name with spaces"@@example.com> Specify "info_log_address_format = internal" for backwards compatibility. * Postfix now normalizes IP addresses received with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency with direct connections to Postfix. This may change the appearance of logging, and the way that check_client_access will match subnets of an IPv6 address. 3.5.1 (2020-04-20) Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14: * Bitrot workaround for broken builds after an incompatible change in GCC 10. * Bitrot workaround for broken DANE/DNSSEC support after an incompatible change in GLIBC 2.31. This change avoids the need for new options in /etc/resolv.conf. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2020/01/18 21:49:53 jperkin Exp $ d5 1 @ 1.6 log @*: Recursive revision bump for openssl 1.1.1. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2017/03/04 06:26:42 taca Exp $ a4 1 PKGREVISION= 1 @ 1.5 log @Reset PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2017/01/21 23:49:01 rillig Exp $ d5 1 @ 1.4 log @Fixed PKGREVISION to be only defined directly in the package Makefile. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2016/09/18 17:10:28 taca Exp $ a3 1 PKGREVISION= 1 @ 1.3 log @Update postfix to 3.1.2. 3.1.0 The main changes in no particular order are: * "postfix tls" command to simplify setup of opportunistic TLS, and to simplify SMTP server key/certificate management. * Positive and negative DNS reply TTL support in postscreen(8). * SASL AUTH rate limit in the Postfix SMTP server. * A safety limit on the number of address verify requests. * JSON-format Postfix queue listing. * Destination-independent delivery rate delay For details, see the RELEASE_NOTES file. 3.1.1 Fixed in all supported releases: * The Milter "replace sender" (SMFIR_CHGFROM) request lost an address that was added with sender_bcc_maps, resulting in a "rcpt count mismatch" warning. Reported by Joerg Backschues. This defect was introduced with Postfix 2.6. * The "bad filetype" example in the header_checks(5) manpage falsely rejected Content- headers with ``name="example"; x-apple-part-url="example.com"''. Reported by Cedric Knight. This defect was introduced with Postfix 2.6. 3.1.2 Fixed with Postfix 3.1.2: * Changes to make Postfix build with OpenSSL 1.1.0. Fixed with Postfix 3.1.2 and 3.0.6: * The makedefs script ignored readme_directory=pathname overrides. Fix by Todd C. Olson. * The tls_session_ticket_cipher documentation says that the default cipher for TLS session tickets is aes-256-cbc, but the implemented default was aes-128-cbc. Note that TLS session ticket keys are rotated after 1/2 hour, to limit the impact of attacks on session ticket keys. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2016/03/05 11:28:50 jperkin Exp $ d4 1 @ 1.2 log @Bump PKGREVISION for security/openssl ABI bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2015/09/07 09:47:02 fhajny Exp $ a4 1 PKGREVISION= 1 @ 1.1 log @Update mail/postfix to 3.0.2. Database and regexp map functionality is now split into separate packages: - postfix-cdb - postfix-ldap - postfix-lmdb - postfix-mysql - postfix-pcre - postfix-pgsql - postfix-sqlite Upstream changelog follows. Postfix 3.0.2 ------------- No delta against 2.11.6. Postfix 3.0.1 ------------- - Build error when compiling the Postfix SMTP server with SASL support but no TLS support. - The DNS "resource record to text" converter, used for xxx_dns_reply_filter pattern matching, appended a '.' to TXT record resource values. - The postscreen(8) manpage specified an incorrect Postfix version number for the postscreen_dnsbl_timeout parameter. - The postfix-install script expanded macros in parameter values when trying to detect parameter overrides, causing unnecessary main.cf updates during "postfix start" etc. - Some low-level cleanup of UTF-8 string handling with no visible change in behavior (besides better performance). Postfix 3.0.0 ------------- - SMTPUTF8 support for internationalized domain names and address localparts as defined in RFC 6530 and related documents. - Support for Postfix dynamically-linked libraries and database plugins. - An OPT-IN safety net for the selective adoption of new Postfix default settings. If you do nothing, the old Postfix default settings *should* remain in effect (complain to your downstream maintainer if that is not the case). - Support for operations on multiple lookup tables. The pipemap:{map1,map2...} database type implements a pipeline of lookup tables where the result from one lookup table becomes a query for the next table; the unionmap:{map1,map2,...} database type sends the @ text @d1 1 a1 1 # $NetBSD$ d5 1 @