diff options
| author | taca <taca@pkgsrc.org> | 2021-06-02 15:29:56 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2021-06-02 15:29:56 +0000 |
| commit | 032fbee1cab6dd8f7499dbb4e39dbb126464c7b4 (patch) | |
| tree | 7a8d3ed51bfa35d71b5e3ce7128321d4ad6b52a1 | |
| parent | 264f0b677795a3b98f785030da618168583c2b69 (diff) | |
| download | pkgsrc-032fbee1cab6dd8f7499dbb4e39dbb126464c7b4.tar.gz | |
mail/postfix: update to 3.6.0
Postfix stable release 3.6.0 is available. This ends the support
for legacy release Postfix 3.2.
The main changes are below. See the RELEASE_NOTES file for further
details.
Incompatible changes:
* This release requires "postfix stop" before updating, or before
backing out to an earlier release, because some internal protocols
have changed. Otherwise, long-running daemons (pickup, qmgr,
verify, tlsproxy, postscreen) may fail to communicate with the
rest of Postfix, causing mail delivery delays until Postfix is
restarted.
* Respectful logging. Postfix version 3.6 deprecates terminology
that implies white is better than black. Instead, Postfix prefers
'allowlist', 'denylist', and variations on those words. This
change affects Postfix documentation, and postscreen parameters
and logging.
To keep the old postscreen logging set "respectful_logging =
no" in main.cf before setting "compatibility_level = 3.6". In
any case, the old postscreen parameter names will keep working
as before.
Other changes:
* The minimum supported OpenSSL version is 1.1.1, which will reach
the end of life by 2023-09-11. Postfix 3.6 is expected to reach
the end of support in 2025. Until then, Postfix will be updated
as needed for compatibility with OpenSSL.
The default fingerprint digest has changed from md5 to sha256
(Postfix 3.6 with compatibility_level >= 3.6). With a lower
compatibility_level setting, Postfix defaults to using md5, and
logs a warning when a Postfix configuration specifies no explicit
digest type.
The export-grade Diffie-Hellman key exchange is no longer
supported, and the tlsproxy_tls_dh512_param_file parameter is
ignored,
* Better error messages when someone configures an incorrect
program in master.cf. To recognize such mistakes, every Postfix
internal service, including the postdrop command, announces the
name of its protocol before doing any other I/O, and every
Postfix client program, including the Postfix sendmail command,
will verify that the protocol name matches what it expects.
* Fine-grained control over the envelope sender address for
submission with the Postfix sendmail (or postdrop) commands.
Example:
/etc/postfix/main.cf:
# Allow root and postfix full control, anyone else can only
# send mail as themselves. Use "uid:" followed by the numerical
# UID when the UID has no entry in the UNIX password file.
local_login_sender_maps =
inline:{ { root = *}, { postfix = * } },
pcre:/etc/postfix/login_senders
/etc/postfix/login_senders:
# Allow both the bare username and the user@domain forms.
/(.+)/ $1 $1@example.com
* Threaded bounces. This allows mail readers to present a
non-delivery, delayed delivery, or successful delivery notification
in the same email thread as the original message.
Unfortunately, this also makes it easy for users to mistakenly
delete the whole email thread (all related messages), instead
of deleting only the delivery status notification.
To enable, specify "enable_threaded_bounces = yes".
* Postfix by default no longer uses the services(5) database to
look up the TCP ports for SMTP and LMTP services. Instead, this
information is configured with the new known_tcp_ports configuration
parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
submission=587). When a service is not specified in known_tcp_ports,
Postfix will still query the services(5) database.
* Starting with Postfix version 3.6, the compatibility level is
"3.6". In future Postfix releases, the compatibility level will
be the Postfix version that introduced the last incompatible
change. The level is formatted as 'major.minor.patch', where
'patch' is usually omitted and defaults to zero. Earlier
compatibility levels are 0, 1 and 2.
This also introduces main.cf and master.cf support for the
<=level, < level, and other operators to compare compatibility
levels. With the standard <=, <, etc. operators, compatibility
level 3.10 would be less than 3.9, which is undesirable.
| -rw-r--r-- | mail/postfix-sqlite/Makefile | 3 | ||||
| -rw-r--r-- | mail/postfix/Makefile | 3 | ||||
| -rw-r--r-- | mail/postfix/Makefile.common | 4 | ||||
| -rw-r--r-- | mail/postfix/distinfo | 13 | ||||
| -rw-r--r-- | mail/postfix/patches/patch-ag | 10 | ||||
| -rw-r--r-- | mail/postfix/patches/patch-src_dns_dns__lookup.c | 106 |
6 files changed, 15 insertions, 124 deletions
diff --git a/mail/postfix-sqlite/Makefile b/mail/postfix-sqlite/Makefile index 72621111aaf..19741408847 100644 --- a/mail/postfix-sqlite/Makefile +++ b/mail/postfix-sqlite/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.27 2021/04/21 11:42:09 adam Exp $ +# $NetBSD: Makefile,v 1.28 2021/06/02 15:29:57 taca Exp $ # COMMENT= Postfix SMTP server SQLite backend module -PKGREVISION= 2 POSTFIX_LIB= sqlite POSTFIX_LIBDIR= src/global diff --git a/mail/postfix/Makefile b/mail/postfix/Makefile index f5471561ea5..7ea7a45ec2a 100644 --- a/mail/postfix/Makefile +++ b/mail/postfix/Makefile @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.327 2021/05/24 19:52:52 wiz Exp $ +# $NetBSD: Makefile,v 1.328 2021/06/02 15:29:56 taca Exp $ -PKGREVISION= 2 .include "../../mail/postfix/Makefile.common" COMMENT= Fast, easy to administer, and secure mail transfer agent diff --git a/mail/postfix/Makefile.common b/mail/postfix/Makefile.common index 029638c8ce2..baa5d00f45c 100644 --- a/mail/postfix/Makefile.common +++ b/mail/postfix/Makefile.common @@ -1,8 +1,8 @@ -# $NetBSD: Makefile.common,v 1.34 2021/05/02 12:11:51 wiz Exp $ +# $NetBSD: Makefile.common,v 1.35 2021/06/02 15:29:56 taca Exp $ # used by mail/postfix/Makefile # used by mail/postfix/Makefile.module -DISTNAME= postfix-3.5.10 +DISTNAME= postfix-3.6.0 CATEGORIES= mail MASTER_SITES= ftp://ftp.porcupine.org/mirrors/postfix-release/official/ diff --git a/mail/postfix/distinfo b/mail/postfix/distinfo index aab010de47e..2c9a8ac4042 100644 --- a/mail/postfix/distinfo +++ b/mail/postfix/distinfo @@ -1,10 +1,9 @@ -$NetBSD: distinfo,v 1.192 2021/04/26 15:26:08 triaxx Exp $ +$NetBSD: distinfo,v 1.193 2021/06/02 15:29:56 taca Exp $ -SHA1 (postfix-3.5.10.tar.gz) = e6fb1a42f14b9c96859fbd04705dc58a0261502c -RMD160 (postfix-3.5.10.tar.gz) = 73ef7370ab1bb69b2f87b4dc797034f84480589b -SHA512 (postfix-3.5.10.tar.gz) = 5845701d3dcdaaea376a44810a84dbe908e96e5ff54921cd40fd2d5c5643ed8e4add5936e149237fea4cb69c1ffb4ceb4171d1e779be096aa21a6e5021b604da -Size (postfix-3.5.10.tar.gz) = 4621130 bytes +SHA1 (postfix-3.6.0.tar.gz) = a2cc20a085a6a954059a955455eb8d89894d6bd9 +RMD160 (postfix-3.6.0.tar.gz) = 59dbfb03b8d4efd53e4bfa1ff591ffbf67a4c67e +SHA512 (postfix-3.6.0.tar.gz) = af326472333935de111d7f7025af53a1dfd84382c2d2891e91624ce665c258831f28d92fd73d1ab68f82192d9848025bd30d16eb48b3912b46e3fb50dbf194bf +Size (postfix-3.6.0.tar.gz) = 4748506 bytes SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c -SHA1 (patch-ag) = c126c572e36bf2bcbd3f6e5d8332a3d26e704109 +SHA1 (patch-ag) = feccf4aba580f581953b32e6c3a2c453fcb9131c SHA1 (patch-ai) = 51748ccf92da543f7ff640f36906a29b5db3f6e3 -SHA1 (patch-src_dns_dns__lookup.c) = 1e3fbd8e8b900e3fbd7160344c150bf147e4490a diff --git a/mail/postfix/patches/patch-ag b/mail/postfix/patches/patch-ag index ae80c7f8258..2fbc253f2cf 100644 --- a/mail/postfix/patches/patch-ag +++ b/mail/postfix/patches/patch-ag @@ -1,17 +1,17 @@ -$NetBSD: patch-ag,v 1.40 2019/07/17 13:33:00 triaxx Exp $ +$NetBSD: patch-ag,v 1.41 2021/06/02 15:29:57 taca Exp $ -* Add support for NetBSD 8. +* Add common support for NetBSD. * Only define HAS_DB if it hasn't been defined. * Add support for FreeBSD 11 and 12. ---- src/util/sys_defs.h.orig 2019-03-10 16:58:04.000000000 +0000 +--- src/util/sys_defs.h.orig 2020-05-21 13:34:23.000000000 +0000 +++ src/util/sys_defs.h @@ -30,14 +30,11 @@ #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \ || defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \ -- || defined(FREEBSD11) \ -+ || defined(FREEBSD11) || defined(FREEBSD12) \ +- || defined(FREEBSD11) || defined(FREEBSD12) \ ++ || defined(FREEBSD11) || defined(FREEBSD12) || defined(FREEBSD13) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ || defined(OPENBSD5) || defined(OPENBSD6) \ diff --git a/mail/postfix/patches/patch-src_dns_dns__lookup.c b/mail/postfix/patches/patch-src_dns_dns__lookup.c deleted file mode 100644 index a0b4a53d143..00000000000 --- a/mail/postfix/patches/patch-src_dns_dns__lookup.c +++ /dev/null @@ -1,106 +0,0 @@ -$NetBSD: patch-src_dns_dns__lookup.c,v 1.8 2021/01/21 16:37:59 triaxx Exp $ - -Fix runtime problem when mysql PKG_OPTIONS is enabled. - ---- src/dns/dns_lookup.c.orig 2021-01-16 16:24:08.000000000 +0000 -+++ src/dns/dns_lookup.c -@@ -256,6 +256,8 @@ - - /* Local stuff. */ - -+struct __res_state rstate; -+ - /* - * Structure to keep track of things while decoding a name server reply. - */ -@@ -320,7 +322,7 @@ typedef struct DNS_REPLY { - - /* dns_res_query - a res_query() clone that can return negative replies */ - --static int dns_res_query(const char *name, int class, int type, -+static int dns_res_query(res_state statp, const char *name, int class, int type, - unsigned char *answer, int anslen) - { - unsigned char msg_buf[MAX_DNS_QUERY_SIZE]; -@@ -349,14 +351,14 @@ static int dns_res_query(const char *nam - #define NO_MKQUERY_DATA_LEN ((int) 0) - #define NO_MKQUERY_NEWRR ((unsigned char *) 0) - -- if ((len = res_mkquery(QUERY, name, class, type, NO_MKQUERY_DATA_BUF, -+ if ((len = res_nmkquery(statp, QUERY, name, class, type, NO_MKQUERY_DATA_BUF, - NO_MKQUERY_DATA_LEN, NO_MKQUERY_NEWRR, - msg_buf, sizeof(msg_buf))) < 0) { - SET_H_ERRNO(NO_RECOVERY); - if (msg_verbose) - msg_info("res_mkquery() failed"); - return (len); -- } else if ((len = res_send(msg_buf, len, answer, anslen)) < 0) { -+ } else if ((len = res_nsend(statp, msg_buf, len, answer, anslen)) < 0) { - SET_H_ERRNO(TRY_AGAIN); - if (msg_verbose) - msg_info("res_send() failed"); -@@ -387,7 +389,7 @@ static int dns_res_query(const char *nam - - /* dns_res_search - res_search() that can return negative replies */ - --static int dns_res_search(const char *name, int class, int type, -+static int dns_res_search(res_state statp, const char *name, int class, int type, - unsigned char *answer, int anslen, int keep_notfound) - { - int len; -@@ -410,7 +412,7 @@ static int dns_res_search(const char *na - if (keep_notfound) - /* Prepare for returning a null-padded server reply. */ - memset(answer, 0, anslen); -- len = res_search(name, class, type, answer, anslen); -+ len = res_nsearch(statp, name, class, type, answer, anslen); - /* Begin API creep workaround. */ - if (len < 0 && h_errno == 0) { - SET_H_ERRNO(TRY_AGAIN); -@@ -449,7 +451,7 @@ static int dns_query(const char *name, i - /* - * Initialize the name service. - */ -- if ((_res.options & RES_INIT) == 0 && res_init() < 0) { -+ if ((rstate.options & RES_INIT) == 0 && res_ninit(&rstate) < 0) { - if (why) - vstring_strcpy(why, "Name service initialization failure"); - return (DNS_FAIL); -@@ -488,18 +490,18 @@ static int dns_query(const char *name, i - */ - #define SAVE_FLAGS (USER_FLAGS | XTRA_FLAGS) - -- saved_options = (_res.options & SAVE_FLAGS); -+ saved_options = (rstate.options & SAVE_FLAGS); - - /* - * Perform the lookup. Claim that the information cannot be found if and - * only if the name server told us so. - */ - for (;;) { -- _res.options &= ~saved_options; -- _res.options |= flags; -+ rstate.options &= ~saved_options; -+ rstate.options |= flags; - if (keep_notfound && var_dns_ncache_ttl_fix) { - #ifdef HAVE_RES_SEND -- len = dns_res_query((char *) name, C_IN, type, reply->buf, -+ len = dns_res_query(&rstate, (char *) name, C_IN, type, reply->buf, - reply->buf_len); - #else - var_dns_ncache_ttl_fix = 0; -@@ -509,11 +511,11 @@ static int dns_query(const char *name, i - reply->buf_len, keep_notfound); - #endif - } else { -- len = dns_res_search((char *) name, C_IN, type, reply->buf, -+ len = dns_res_search(&rstate, (char *) name, C_IN, type, reply->buf, - reply->buf_len, keep_notfound); - } -- _res.options &= ~flags; -- _res.options |= saved_options; -+ rstate.options &= ~flags; -+ rstate.options |= saved_options; - reply_header = (HEADER *) reply->buf; - reply->rcode = reply_header->rcode; - if ((reply->dnssec_ad = !!reply_header->ad) != 0) |