The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").
Approved by: portmgr (blanket)
* Add entries for slave ports to MOVED
* Pet portlint and portclippy
* Reformat Makefile with portfmt
PR: 255641
Approved by: maintainer timeout (> 2 months)
Differential Revision: https://reviews.freebsd.org/D32361
========
20210116
Feature: when a Postfix program makes a DNS query that
requests DNSSEC validation (usually for Postfix DANE support)
but the DNS response is not DNSSEC validated, Postfix will
send a DNS query configured with the "dnssec_probe" parameter
to determine if DNSSEC support is available, and logs a
warning if it is not. By default, the probe has type "ns"
and domain name ".". The probe is sent once per process
lifetime. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_sec.c,
test_dns_lookup.c, global/mail_params.[hc], mantools/postlink.
The makedefs script no longer disables DNSSEC when Postfix
is built with libc-musl. Instead Postfix will rely on the
new dnssec_probe feature, and will log a warning when Postfix
requests DNSSEC validation, but the infrastructure does not
validate DNSSEC signatures. File: makedefs.
The default "smtp_tls_dane_insecure_mx_policy = dane" was
causing unnecessary dnssec_probe activity. The default is now
"dane" when smtp_tls_security_level is "dane", otherwise it is
"may". File: global/mail_params.h.
20200726
Bugfix (introduced: Postfix 3.5.5): part of a memory leak
fix was backported to the wrong place. File: tls/tls_misc.c.
The Postfix 3.5.5 workaround did not explicitly override
the system-wide OpenSSL configuration of allowed TLS protocol
versions, for sessions where the remote SMTP client sends
SNI. It's better to be safe than sorry. File: tls/tls_server.c.
PR: 248271
Reported by: many
Changelog:
20200530
Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert" did not
handle a missing optional argument.
20200610
Bugfix (introduced: Postfix 3.4): in the Postfix SMTP server, the SNI
callback reported an error when it was called a second time. This happened
after the server-side TLS engine sent a TLSv1.3 HelloRetryRequest (HRR) to
a remote SMTP client.
MFH: 2020Q2
- adjust PORTSCOUT to include 3.5.x
- remove deprecated ports from CONFLICTS_INSTALL
- add BLACKLISTD to OPTIONS_DEFAULT
- MYSQL_USES s/=/?=/ to allow testbuild without
defining XX MYSQL dedicated make.conf's in poudriere
While here, also strip libexec/postfix/postlogd.
Announcement: http://www.postfix.org/announcements/postfix-3.4.9.html
Fixed in all supported stable releases:
Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). Reported by Jaroslav Skarvada.
Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. Problem reported by David Bürgin.
Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance.
PR: 243879
Submitted by: Juraj Lutter <juraj@lutter.sk>
Approved by: maintainer timeout 15d (ohauer@)
MFH: 2020Q1 (patchlevel upgrade with only bugfixes)
Differential Revision: https://reviews.freebsd.org/D23502
Changelog:
20190312
Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
did the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
20190328
Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
Changelog:
20181202
Bugfix (introduced: postfix-2.11): with posttls-finger,
connections to unix-domain servers always resulted in "Failed
to establish session" even after a connection was established.
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
20181227 (a forgotten bugfix from 20180707)
Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
table lookups could casefold the search string when searching
a lookup table that does not use fixed-string keys (regexp,
pcre, tcp, etc.). Historically, Postfix would not case-fold
the search string with such tables. File: util/dict_utf8.c.
20190217
Cleanup: when the master daemon runs with PID=1 (init mode),
reap orhpan processes from non-Postfix code running in the
same container, instead of terminating with a panic. File:
master/master_spawn.c.
MFH: 2019Q1
Changelog:
20180617
Bugfix (introduced: Postfix 2.11): minor memory leak when
minting issuer certs. This affects a tiny minority of use
cases. Viktor Dukhovni, based on a fix by Juan Altmayer
Pizzorno for the ssl_dane library.
20180817
Workaround: postconf build did not abort if the m4 command
is not installed (on a system that does have the make
command, the awk command, the perl command, and the C
compiler?!).
20181104
Multiple 'bit rot' fixes for OpenSSL API changes, including
support to disable TLSv1.3, to avoid issuing multiple session
tickets, and to allow OpenSSL >= 1.1.0 run-time micro version
bumps without complaining about library version mismatches.
Viktor Dukhovni.
20181106
Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could
not disable "SMTPUTF8". because the lookup table was using
"EHLO_MASK_SMTPUTF8" instead.
20181110
Documentation: update documentation for Postfix versions
that support disabling TLS 1.3.
20181117
Improved logging of TLS 1.3 summary information, and improved
reporting of the same info in Received: message headers.
Viktor Dukhovni.
MFH: 2018Q4
Simplify some ports where DragonFlyBSD no longer needs to be special-cased.
Submitted by: rene
Reviewed by: bapt, jbeich
Differential Revision: https://reviews.freebsd.org/D17724
