non port: mail/postfix/distinfo |
Number of commits found: 178 (showing only 100 on this page) |
Thursday, 21 Mar 2024
|
21:46 Juraj Lutter (otis)
mail/postfix: Update to 3.9.0
- Update to 3.9.0
- Add MongoDB maps support
- regen patches.
Release notes:
https://postfix-mirror.horus-it.com/postfix-release/official/postfix-3.9.0.RELEASE_NOTES
05e8277 |
Monday, 22 Jan 2024
|
14:30 Juraj Lutter (otis)
mail/postfix: Update to 3.8.5
f1209b6 |
Saturday, 23 Dec 2023
|
13:48 Juraj Lutter (otis)
mail/postfix: Update to 3.8.4
This release adds support to defend against an email spoofing attack
(SMTP smuggling) on recipients at a Postfix server. For background, see
https://www.postfix.org/smtp-smuggling.html.
ec02c26 |
Friday, 17 Nov 2023
|
18:32 Juraj Lutter (otis)
mail/postfix: Update to 3.8.3
Release notes:
http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.8.3.RELEASE_NOTES
e493e76 |
Sunday, 10 Sep 2023
|
12:44 Juraj Lutter (otis)
mail/postfix: Update to 3.8.2
017bfb4 |
Thursday, 8 Jun 2023
|
14:29 Juraj Lutter (otis)
mail/postfix: Update to 3.8.1
Release notes: https://www.postfix.org/announcements/postfix-3.8.1.html
afff679 |
Thursday, 20 Apr 2023
|
14:04 Juraj Lutter (otis)
mail/postfix: Update to 3.8.0
The most notable change is that starting from 3.8.0, postfix
supports SRV DNS records lookups in SMTP and LMTP clients.
Release announcement:
https://www.postfix.org/announcements/postfix-3.8.0.html
a0b4781 |
Wednesday, 25 Jan 2023
|
15:46 Juraj Lutter (otis)
mail/postfix: Update to 3.7.4
ddc90cd5 |
Saturday, 8 Oct 2022
|
21:29 Juraj Lutter (otis)
mail/postfix: Update to 3.7.3
Reported by: portscout
4ee8f2b |
Friday, 29 Apr 2022
|
09:56 Juraj Lutter (otis)
mail/postfix: Update to 3.7.2
402308e |
Sunday, 24 Apr 2022
|
17:59 Juraj Lutter (otis)
mail/postfix: Update to 3.7.1
3994961 |
Tuesday, 15 Mar 2022
|
20:55 Juraj Lutter (otis)
mail/postfix: Update to 3.7.0
- Update to 3.7.0
- Correct installation instructions [1]
- Listen on both IPv4 and IPv6 [2]
- Use system-wide CA path [3]
- Correct typo in pkg-message [4]
- Switch to PCRE2 [5]
PR: 261821 [1]
PR: 252872 [2]
PR: 239473 [3]
PR: 261824 [4]
PR: 262100 [5]
5488056 |
Monday, 8 Nov 2021
|
22:51 Juraj Lutter (otis)
mail/postfix: Update to 3.6.3
- Update to 3.6.3
- Cleanup Makefile a bit
- Release notes: http://www.postfix.org/announcements/postfix-3.6.3.html
9e183af |
Monday, 26 Jul 2021
|
21:00 Juraj Lutter (otis)
mail/postfix: Update to 3.6.2
d8d1e12 |
Monday, 14 Jun 2021
|
17:22 Juraj Lutter (otis)
mail/postfix: Update to 3.6.1
Relnotes: http://www.postfix.org/announcements/postfix-3.6.1.html
Reported by: portscout
28a702c |
Thursday, 6 May 2021
|
17:37 Olli Hauer (ohauer)
mail/postfix: update to 3.6.0
Postfix 3.6 requires minimum OpenSSL 1.1.1, so
mark broken for FreeBSD 11 with 'OpenSSL base'
917dd37 |
Monday, 12 Apr 2021
|
20:38 Olli Hauer (ohauer)
mail/postfix
update to 3.5.10
a5c3560 |
Monday, 18 Jan 2021
|
17:05 ohauer
- update to 3.5.9
========
20210116
Feature: when a Postfix program makes a DNS query that
requests DNSSEC validation (usually for Postfix DANE support)
but the DNS response is not DNSSEC validated, Postfix will
send a DNS query configured with the "dnssec_probe" parameter
to determine if DNSSEC support is available, and logs a
warning if it is not. By default, the probe has type "ns"
and domain name ".". The probe is sent once per process
lifetime. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_sec.c,
test_dns_lookup.c, global/mail_params.[hc], mantools/postlink.
The makedefs script no longer disables DNSSEC when Postfix
is built with libc-musl. Instead Postfix will rely on the
new dnssec_probe feature, and will log a warning when Postfix
requests DNSSEC validation, but the infrastructure does not
validate DNSSEC signatures. File: makedefs.
The default "smtp_tls_dane_insecure_mx_policy = dane" was
causing unnecessary dnssec_probe activity. The default is now
"dane" when smtp_tls_security_level is "dane", otherwise it is
"may". File: global/mail_params.h.
|
Monday, 9 Nov 2020
|
06:26 ohauer
- update to 3.5.8
- shut up sed_checked.sh (it is not really helpful with RE replacements on 140+
files with 50% hit rate)
MFH: 2020Q4
|
Monday, 31 Aug 2020
|
09:25 ohauer
- update to 3.5.7
MFH: 2020Q3
|
Sunday, 26 Jul 2020
|
19:18 ohauer
- update to 3.5.6
20200726
Bugfix (introduced: Postfix 3.5.5): part of a memory leak
fix was backported to the wrong place. File: tls/tls_misc.c.
The Postfix 3.5.5 workaround did not explicitly override
the system-wide OpenSSL configuration of allowed TLS protocol
versions, for sessions where the remote SMTP client sends
SNI. It's better to be safe than sorry. File: tls/tls_server.c.
PR: 248271
Reported by: many
|
Saturday, 25 Jul 2020
|
07:51 ohauer
- update to 3.5.5
|
Sunday, 28 Jun 2020
|
09:31 ohauer
- update to 3.6-20200627
|
Tuesday, 16 Jun 2020
|
04:42 ohauer
- update to 3.5.3
Changelog:
20200530
Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert" did not
handle a missing optional argument.
20200610
Bugfix (introduced: Postfix 3.4): in the Postfix SMTP server, the SNI
callback reported an error when it was called a second time. This happened
after the server-side TLS engine sent a TLSv1.3 HelloRetryRequest (HRR) to
a remote SMTP client.
MFH: 2020Q2
|
Tuesday, 19 May 2020
|
04:18 ohauer
- update to 3.5.2
|
Sunday, 19 Apr 2020
|
15:38 ohauer
- update to 3.5.1
MFH: 2020Q2
|
Tuesday, 17 Mar 2020
|
17:00 ohauer
- update to 3.5.0
|
Friday, 13 Mar 2020
|
11:30 ohauer
- update to 3.4.10
- adjust PORTSCOUT to include 3.5.x
- remove deprecated ports from CONFLICTS_INSTALL
- add BLACKLISTD to OPTIONS_DEFAULT
- MYSQL_USES s/=/?=/ to allow testbuild without
defining XX MYSQL dedicated make.conf's in poudriere
|
Saturday, 22 Feb 2020
|
12:14 mandree
Update Postfix to 3.4.9 (bugfix-only release)
While here, also strip libexec/postfix/postlogd.
Announcement: http://www.postfix.org/announcements/postfix-3.4.9.html
Fixed in all supported stable releases:
Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while
adding support for negative DNS response caching in postscreen. Postfix was
inadvertently changed to call res_query() instead of res_search(). Reported by
Jaroslav Skarvada.
Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides
from a Milter application. Postfix now evaluates the Milter macros for an SMTP
CONNECT event after the Postfix-to-Milter connection is negotiated. Problem
reported by David Burgin.
Bug (introduced: Postfix 3.0): sanitize (remote) server responses before
storing them in the verify database, to avoid Postfix warnings about malformed
UTF8. Found during code maintenance.
PR: 243879
Submitted by: Juraj Lutter <juraj@lutter.sk>
Approved by: maintainer timeout 15d (ohauer@)
MFH: 2020Q1 (patchlevel upgrade with only bugfixes)
Differential Revision: https://reviews.freebsd.org/D23502
|
Tuesday, 26 Nov 2019
|
05:42 ohauer
- update to 3.4.8
|
Sunday, 29 Sep 2019
|
17:10 ohauer
- update to 3.4.7
|
Saturday, 6 Jul 2019
|
08:11 ohauer
- update to 3.4.6
|
Friday, 19 Apr 2019
|
18:53 ohauer
- update to 3.4.5
- adopt libressl patches from OpenBSD
|
Sunday, 31 Mar 2019
|
13:08 ohauer
- update to postfix-3.3.4
Changelog:
20190312
Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
did the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
20190328
Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
|
Thursday, 28 Feb 2019
|
05:47 ohauer
- update to 3.3.3
Changelog:
20181202
Bugfix (introduced: postfix-2.11): with posttls-finger,
connections to unix-domain servers always resulted in "Failed
to establish session" even after a connection was established.
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
20181227 (a forgotten bugfix from 20180707)
Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
table lookups could casefold the search string when searching
a lookup table that does not use fixed-string keys (regexp,
pcre, tcp, etc.). Historically, Postfix would not case-fold
the search string with such tables. File: util/dict_utf8.c.
20190217
Cleanup: when the master daemon runs with PID=1 (init mode),
reap orhpan processes from non-Postfix code running in the
same container, instead of terminating with a panic. File:
master/master_spawn.c.
MFH: 2019Q1
|
Sunday, 25 Nov 2018
|
13:01 ohauer
- update to 3.3.2
Changelog:
20180617
Bugfix (introduced: Postfix 2.11): minor memory leak when
minting issuer certs. This affects a tiny minority of use
cases. Viktor Dukhovni, based on a fix by Juan Altmayer
Pizzorno for the ssl_dane library.
20180817
Workaround: postconf build did not abort if the m4 command
is not installed (on a system that does have the make
command, the awk command, the perl command, and the C
compiler?!).
20181104
Multiple 'bit rot' fixes for OpenSSL API changes, including
support to disable TLSv1.3, to avoid issuing multiple session
tickets, and to allow OpenSSL >= 1.1.0 run-time micro version
bumps without complaining about library version mismatches.
Viktor Dukhovni.
20181106
Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could
not disable "SMTPUTF8". because the lookup table was using
"EHLO_MASK_SMTPUTF8" instead.
20181110
Documentation: update documentation for Postfix versions
that support disabling TLS 1.3.
20181117
Improved logging of TLS 1.3 summary information, and improved
reporting of the same info in Received: message headers.
Viktor Dukhovni.
MFH: 2018Q4
|
Saturday, 2 Jun 2018
|
11:38 ohauer
- update to 3.3.1
- rework MySQL patch
|
Sunday, 25 Feb 2018
|
15:27 ohauer
- update to 3.3.0
- add patch for MySQL 8.x [1}
- add blacklistd support [2]
additional:
- regenerate patch for src/util/sys_defs.h
Release Notes:
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES
PR: 220224 [1], 225664 [2]
Submitted by: Klaus Mayr [1], Koichiro IWAO [2]
|
Monday, 12 Feb 2018
|
19:57 ohauer
- update to 3.3.0-RC1
|
Tuesday, 30 Jan 2018
|
20:13 ohauer
- update to 3.2.5
- license is now dual (see Changelog 20180127)
- make EAI optional but on by default [1]
Changelog:
20171116
Bugfix (introduced: Postfix 2.1): don't log warnings
that some restriction returns OK, when the access map
DISCARD feature is in effect. File: smtpd/smtpd_check.c.
20171215
Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
Berkeley DB configurations with a relative pathname. File:
util/dict_db.c.
20171218
Workaround: reportedly, some res_query(3) implementation
can return -1 with h_errno==0. Instead of terminating with
a panic, the Postfix DNS client now logs a warning and sets
h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
20171226
Documentation patches by Sven Neuhaus. Files:
proto/FORWARD_SECRECY_README.html, proto/MILTER_README.html,
proto/SMTPD_ACCESS_README.html.
20180106
Cleanup: missing mailbox seek-to-end error check in the
local(8) delivery agent. File: local/mailbox.c.
Cleanup: incorrect mailbox seek-to-end error message in the
virtual(8) delivery agent. File: virtual/mailbox.c.
20180127
Licence: in addition to the historical IBM Public License
1.0, this software is now also distributed with the more
recent Eclipse Public License 2.0. Recipients can choose
to take the software under the license of their choice.
Those who are more comfortable with the IPL can continue
with that license. File: LICENSE.
PR: ports/221619 [1]
Submitted by: Kubilay Kocak (koobs@)
MFH: 2018Q1
|
Saturday, 9 Dec 2017
|
16:22 zeising
Update to 3.2.4
Changelog:
* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or 1.0.1
failed to send email to some sites with "TLSA 2 X X" DNS records
associated with an intermediate CA certificate. Problem report and
initial fix by Erwan Legrand.
* Missing dynamicmaps support in the Postfix sendmail command. This
broke authorized_submit_users settings that use a dynamically-loaded
map type. Problem reported by Ulrich Zehl.
PR: 223804
Submitted by: zeising
Approved by: maintainer timeout
|
Tuesday, 26 Sep 2017
|
06:44 ohauer
- update to 3.2.3
Changelog:
20170620
Bugfix (introduced: Postfix 3.2) extension propagation was
broken with "recipient_delimiter = .". This change reverts
a change that was trying to be too clever. Files:
global/mail_adr_crunch.c, global/mail_addr_crunch.ref.
20170910
Safety: restore sanity checks for dynamically-specified
width and precision in format strings (%*, %.*, and %*.*).
These checks were lost with the Postfix 3.2.2 rewrite of
the vbuf_print formatter. File: vbuf_print.c.
20170923
Bugfix (introduced: Postfix 3.2): panic in the postqueue
command after output write error while listing the queue.
This change restores a write error check that was lost with
the Postfix 3.2.2 rewrite of the vbuf_print formatter.
Problem reported by Andreas Schulze. File: util/vbuf_print.c.
|
Wednesday, 21 Jun 2017
|
19:38 ohauer
- update to 3.2.2
- adjust PORTSCOUT
Changelog:
20170221
Compatibility fix (introduced: Postfix 3.1): some Milter
applications do not recognize macros sent as {name} when
macros have single-character names. Postfix now sends such
macros without {} as it has done historically. Viktor
Dukhovni. File: milter/milter.c.
20170402
Bugfix (introduced: Postfix 3.2): restore the SMTP server
receive override options at the end of an SMTP session,
after the options may have been modified by an smtpd_milter_maps
setting of "DISABLE". Problem report by Christian R__ner,
root cause analysis by Viktor Dukhovni. File: smtpd/smtpd.c.
20170430
Safety net: append a null byte to vstring buffers, so that
C-style string operations won't scribble past the end. File:
vstring.c.
20170531
Bugfix (introduced: Postfix 3.2): after the table lookup
overhaul, the check_sender_access and check_recipient_access
features ignored the parent_domain_matches_subdomains
setting. Reported by Henrik Larsson. File: smtpd/smtpd_check.c.
20170610
Workaround (introduced: Postfix 3.0 20140718): prevent MIME
downgrade of Postfix-generated message/delivery status.
It's supposed to be 7bit, therefore quoted-printable encoding
is not expected. Problem reported by Griff. File:
bounce/bounce_notify_util.c.
20170611
Security: Berkeley DB 2 and later try to read settings from
a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting
in privilege escalation with Postfix set-gid programs
(postdrop, postqueue) before they chdir to the Postfix queue
directory, and with the postmap and postalias commands
depending on whether the user's current directory is writable
by other users. This fix does not change Postfix behavior
for Berkeley DB < 3, but reduces file create performance
for Berkeley DB 3 .. 4.6. File: util/dict_db.c.
PR: 219996
Reported by: Markus Kohlmeyer
MFH: 2017Q2
|
Wednesday, 10 May 2017
|
18:38 adamw
Update to 3.2.0.
This release ends support for legacy release Postfix 2.10.
The main changes in no particular order are:
* Elliptic curve negotiation with OpenSSL [?] 1.0.2. This changes the default
smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter
tls_eecdh_auto_curves with the names of curves that may be negotiated.
* Stored-procedure support for MySQL databases. Contributed by John Fawcett.
See the mysql_table(5) manpage for details.
* Cidr: table support for if/endif and negation (by prepending ! to a pattern),
just like regexp: and pcre: tables. See the cidr_table(5) manpage for details.
* The postmap command and the inline: and texthash: maps now support spaces in
left-hand field of lookup table source text. Use double quotes (") around a
left-hand field that contains spaces, and use backslash (\) to protect quotes
in a left-hand field.
* Support for per-client Milter configuration (smtpd_milter_maps) that
overrides the main.cf smtpd_milters setting, and that has the same syntax. A
lookup result of "DISABLE" turns off Milter support for that client. See
MILTER_README.html for details.
* The local SMTP server IP address and port are available in the policy
delegation protocol (attribute names: server_address, server_port), in the
Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the
XCLIENT
protocol (attribute names: DESTADDR, DESTPORT).
* For safety reasons, the Postfix sendmail -C option must specify an authorized
directory: the default configuration directory, a directory that is listed in
the default main.cf file with alternate_config_directories or
multi_instance_directories, otherwise the command must be invoked with root
privileges. This mitigates a recurring "jail break" problem with the PHP
mail()
function.
* "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar to
"IGNORE" but also logs the action, and "PASS" disables header, body, and
Milter
inspection for the remainder of the message content. Contributed by Hobbit.
* The collate.pl script by Viktor Dukhovni for grouping Postfix logfile records
into "sessions" based on queue ID and process ID information, in the
auxiliary/collate directory of the Postfix source tree.
Disabled or removed behavior:
* SMTPUTF8 support: Postfix 3.2 disables the 'transitional' compatibility
between the IDNA2003 and IDNA2008 standards for internationalized domain names
(domain names beyond the limits of US-ASCII). This makes Postfix behavior
consistent with contemporary web browsers. See RELEASE_NOTES for more.
* Postfix 3.2 removes tentative features that were implemented before the DANE
spec was finalized: support for certificate usage PKIX-EE(1), the ability to
disable digest agility, and the ability to disable support for "TLSA 2 [01]
[12]" records that specify the digest of a trust anchor. See RELEASE_NOTES for
more.
PR: 218697
Submitted by: pi
Reviewed by: flo
Approved by: maintainer timeout
|
Tuesday, 3 Jan 2017
|
17:14 ohauer
- update to 3.1.4
Changelog:
20161105
Bugfix (introduced: Postfix 1.1): the postsuper command did not count a
successful rename operation after error recovery.
20161204
Bugfix (introduced: Postfix 3.1): cut-and-paste error in the "postfix
tls deploy-server-cert" command, causing the wrong certfile and keyfile
to be used.
Robustness: create a new keyfile when "postfix tls new-server-cert" is
invoked and main.cf specifies a non-existent keyfile.
20161206
Bugfix (introduced: Postfix 3.0): when receiving a MAIL FROM...SMTPUTF8
command while smtpd_delay_reject=no, enable SMTPUTF8 support before
processing smtpd_sender_restrictions.
20161220
Bugfix (introduced: Postfix 2.1.0): the Postfix SMTP daemon did not query
sender_canonical_maps when rejecting unknown senders with
"smtpd_reject_unlisted_recipient = yes" or with reject_unlisted_sender.
MFH: 2017Q1
|
Sunday, 2 Oct 2016
|
09:17 ohauer
- update to 3.1.3
Changelog:
20160911
Bugfix (introduced: Postfix 3.0): the SMTP daemon did not
reset a previous session's command counts before rejecting
a client that exceeds request or concurrency rates. File:
smtpd/smtpd.c.
20160917
Bugfix (introduced: Postfix 3.0): the unionmap did not
propagate table lookup errors. Based on patch by Roel van
Meer. Files: util/dict_union.c, util/dict_union_test.*.
20160925
Workaround (problem introduced: Postfix 2.11): to avoid
false "not found" errors with MySQL map queries that contain
UTF8-encoded text, specify "option_group = client" in Postfix
MySQL configuration files. This will be the default setting
with Postfix 3.2 and later.
|
Sunday, 28 Aug 2016
|
09:18 ohauer
- update to 3.1.2
20160819
Bugfix (introduced: Postfix 3.0): the makedefs script ignored
readme_directory=pathname overrides. Fix by Todd C. Olson.
File: makedefs.
20160821
Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
documentation says aes-256-cbc, but the implementation was
using aes-128-cbc (note that Postfix SMTP server and client
processes have a limited life time).
20160828
Bitrot: fixes for incompatible OpenSSL 1.1.0 API changes.
Viktor Dukhovni. Files: posttls-finger/posttls-finger.c,
tls/tls.h, tls/tls_dane.c, tls/tls_verify.c, tls/tls_server.c,
tls/tls_client.c.
|
Sunday, 15 May 2016
|
21:16 ohauer
- update to 3.1.1
Changelog:
20160228
Documentation: typos in postfix-tls-script(1) manpage.
20160327
Documentation: line wrapping in postconf(1) manpage.
20160310
Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM
(replace sender) request lost the sender_bcc_maps address.
Fixed by moving some record keeping to the sender output
function. Files: cleanup/cleanup_envelope.c,
cleanup/cleanup_addr.c, cleanup/cleanup_milter.c,
cleanup/cleanup.h, regression tests.
20160410
Bugfix (introduced: Postfix 2.6): the "bad filetype"
header_checks pattern falsely rejected Content-Mumble headers
with ``name="example"; x-apple-part-url="example.com"''.
Fixed by respecting the ";" separator between content
attribute values. Reported by Cedric Knight. File:
proto/header_checks.
20160515
Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h.
MFH: 2016Q2
|
Sunday, 28 Feb 2016
|
08:46 ohauer
- update to postfix 3.1
Users updating from postfix 2.11 should read:
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.0.0.RELEASE_NOTES
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.1.0.RELEASE_NOTES
|
Sunday, 11 Oct 2015
|
15:03 ohauer
- update to 2.11.7
- use target helpers
ChangeLog:
20150903
Workaround: disable DNSSEC support for AIX 7x and earlier.
The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
proto/INSTALL.html, dns/dns.h.
20150923
Bugfix (introduced: 20120531-617): the Postfix SMTP server
used a larger-than-1 VSTREAM buffer to read the HAProxy
connection hand-off information. This broke TLS wrappermode,
as the TLS helo packet would end up in the plaintext VSTREAM
buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c.
20150924
Bugfix (introduced: 20090216-24): incorrect postmulti error
message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
File: postmulti/postmulti.c.
Workaround: don't create a new instance when the template
main.cf and master.cf files are missing, as happens on
Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
20150925
Bugfix (introduced: 19970309, fixed 20150421 in development
release): reset errno before calling readdir(), in order
to distinguish between an end-of-directory and an error
condition. File: scandir.c.
20150930
Bugfix (introduced: 20040124): Milter client panic while
adding a header, because the PREPEND action used the same
output function for header_checks and body_checks. Viktor
Dukhovni and Wietse. File: cleanup/cleanup_message.c.
Bugfix (introduced: 20031128): xtext_unquote() did not
propagate error reports from xtext_unquote_append(), causing
the decoder to return partial ouput, instead of rejecting
malformed input. Fix by Krzysztof Wojta. File: global/xtext.c.
|
Sunday, 2 Aug 2015
|
20:16 ohauer
- update to 2.11.6
20150501
Support for Linux 4.*, and some simplification for future
makedefs files. Files: makedefs, util/sys_defs.h.
20150718
Security: opportunistic TLS by default uses "medium" or
stronger ciphers instead of "export" or stronger. See the
RELEASE_NOTES file for how to get the old settings back.
Files: global/mail_params.h, proto/TLS_README.html,
proto/postconf.proto, and files derived from those.
20150719
Security: Postfix TLS support by default no longer uses
SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
Incompatible change with Postfix 2.11.6 / 3.0.2
-------------------------------------------------
As of the middle of 2015, all supported Postfix releases no longer
enable "export" grade ciphers for opportunistic TLS, and no longer
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
opportunistic TLS.
These changes are very unlikely to cause problems with server-to-server
communication over the Internet, but they may result in interoperability
problems with ancient client or server implementations on internal
networks. To address this problem, you can revert the changes with:
Postfix SMTP client settings:
lmtp_tls_ciphers = export
smtp_tls_ciphers = export
lmtp_tls_protocols = !SSLv2
smtp_tls_protocols = !SSLv2
lmtp_tls_mandatory_protocols = !SSLv2
smtp_tls_mandatory_protocols = !SSLv2
Postfix SMTP server settings:
smtpd_tls_ciphers = export
smtpd_tls_protocols =
smtpd_tls_mandatory_protocols = !SSLv2
These settings, if put in main.cf, affect all Postfix SMTP client
or server communication, which may be undesirable. To be more
selective, use "-o name=value" parameter overrides on specific
services in master.cf. Execute the command "postfix reload" to make
the changes effective.
|
Sunday, 10 May 2015
|
15:25 ohauer
- update to version 2.11.5
- rename OPTIONS to match default name of most ports
- SASL2 -> SASL
- OPENLDAP -> LDAP
- install main.cf and master.cf with the @sample macro
- rework pkg-install
- fix wrong permission for /var/db/postfix [1]
- sets WANT_OPENLDAP_SASL option for openldap port when
postfix LDAP_SASL option is set [2]
- make usage of new ${opt}_DEPENDS notation
Changelog:
20150324
Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
ignored the relayhost setting in the case of a DUNNO lookup
result. It would use the recipient domain instead. Viktor
Dukhovni. Wietse took the pieces of code that enforce the
precedence of a sender-dependent relayhost, the global
relayhost, and the recipient domain, and put that code
together in once place so that it is easier to maintain.
File: trivial-rewrite/resolve.c.
20150330
Bitrot: prepare for future changes in OpenSSL API. Viktor
Dukhovni. File: tls_dane.c.
20150408
Portability: FreeBSD10 support. Files: makedefs, util/sys_defs.h.
Incompatibility: specifying "make makefiles" with "CC=command"
will no longer override the default WARN setting.
PR: 198215 [1]
198857 [2]
|
Saturday, 14 Feb 2015
|
17:57 ohauer
- update to 2.11.4
Changes:
20141025
Bugfix (introduced: Postfix 2.11): core dump when
smtp_policy_maps specifies an invalid TLS level. Viktor
Dukhovni. File: smtp/smtp_tls_policy.c.
20150106
Robustness: don't segfault due to excessive recursion after
a faulty configuration runs into the virtual_alias_recursion_limit.
File: global/tok822_tree.c.
20150115
Safety: stop aliasing loops that exponentially increase the
address length with each iteration. Back-ported from Postfix
3.0. File: cleanup/cleanup_map1n.c.
20150117
Cleanup: missing " in \%s\" in postconf(1) fatal error
messages. Iain Hibbert. File: postconf/postconf_master.c.
Approved by: sahil (implicit)
MFH: 2015Q1
|
Sunday, 2 Nov 2014
|
20:45 ohauer
- update to 2.11.3
- add CPE support
- use PORTDOCS macro
- remove check for OSVERSION >= 800037
- fix OPENLDAP_VER usage
- set PORTSCOUD
- always call set-permissions in post-install to set correct spool/postfix/*
permissions
this is required with pkg to support non interrupted upgrade
Changes:
========
20140619
Bugfix (introduced: 2001): qmqpd null pointer bug when it
logs a lost connection while not in a mail transaction.
Reported by Michal Adamek. File: qmqpd/qmqpd.c.
20140920
Bugfix (introduced: 20080212): incorrect client name in
reject messages from check_reverse_client_hostname_access
and check_reverse_client_hostname_{mx,ns}_access. They
replied with the verified client name, instead of the name
that was rejected. Problem reported by Reindl Harald. File:
smtpd/smtpd_check.c.
20141012
Bugfix (introduced: Postfix 2.3): the PREPEND access/policy
action added headers ABOVE Postfix's own Received: header,
exposing Postfix's own Received: header to Milters (protocol
violation) and hiding the PREPENDed header from Milters.
The latter caused problems for DMARC implementations with
SPF policy plus DKIM Milter. PREPENDed headers are now
added BELOW Postfix's own Received: header and remain visible
to Milters. File: smtpd/smtpd.c.
20141018
Bugfix (introduced: Postfix 2.3): when a Milter inserted a
header ABOVE Postfix's own Received: header, Postfix would
expose its own Received: header to Milters (violating
protocol) and hide the Milter-inserted header from Milters
(wtf). Files: cleanup/cleanup.h, cleanup/cleanup_message.c,
cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c.
Cleanup: revert the workaround that places headers inserted
with PREPEND actions or policy requests BELOW Postfix's own
Received: message header. File: smtpd/smtpd.c.
PR: 194396
Submitted by: Yasuhiro KIMURA
Approved by: sahil (explicit per PM)
|
Thursday, 8 May 2014
|
01:40 sahil
- Update to 2.11.1
- Refactor to support staging [1]
- Support "developer mode" [2]
Submitted by: [1]: ohauer
[2]: mandree
|
Tuesday, 21 Jan 2014
|
01:17 sahil
Repo-copy mail/postfix -> mail/postfix210, and update
both ports to the latest version. Also:
- Set INVALID_BDB_VER [1]
- Adopt new LIB_DEPENDS syntax [2]
- Add option to support LMDB databases [2]
- Modify shell command to quiet warnings on 10+ [3]
- Respect upstream Makefile's warning suppression [4]
PR: [1]: ports/185446
[2]: ports/185860
[3]: ports/185857
Submitted by: [1]: Eero Hanninen <fax@nohik.ee>
[2]: Yasuhiro KIMURA <yasu@utahime.org>
[3]: adamw
[4]: koobs (via email)
|
Sunday, 27 Oct 2013
|
03:29 sahil
- Update to 2.10.2
|
Sunday, 1 Sep 2013
|
20:12 sahil
- Update to 2.10.1 and bump VDAVERSION
|
Tuesday, 23 Apr 2013
|
01:49 sahil
Repo-copy mail/postfix -> mail/postfix29, and update
both ports to the latest version and make a note in
UPDATING. Also:
- Adjust CONFLICTS
- Add LICENSE information
- Canonicalize 'Created by:' Makefile header
- Remove shlib version from LIB_DEPENDS assignment
- Correct LDAP_SASL logic
- Replace tab with a single space after 'WWW:' in pkg-descr
PR: ports/177127
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>
|
Monday, 28 Jan 2013
|
02:44 sahil
Update to 2.9.5 and revise the PKGINSTALL script to
distinguish between upgrades and fresh installs. Also,
mark BROKEN when users try to build WITH_LDAP_SASL but
WITHOUT_SASL2.
|
Sunday, 5 Aug 2012
|
18:37 sahil
Update to 2.9.4
|
Wednesday, 23 May 2012
|
02:29 sahil
- Update to 2.9.3
|
Wednesday, 25 Apr 2012
|
02:44 sahil
- Update to 2.9.2
|
Monday, 23 Apr 2012
|
03:14 sahil
Update VDA patch and tweak the conditional that
sets IS_INTERACTIVE.
|
Monday, 20 Feb 2012
|
06:15 sahil
- Update to 2.9.1
- Remove library number from pcre LIB_DEPENDS, as this
port can compile without incident against older pcre
libraries.
|
Saturday, 11 Feb 2012
|
05:14 sahil
Update to 2.9.0 and revise IS_INTERACTIVE logic to
account for additional situations.
|
Saturday, 19 Nov 2011
|
22:20 sahil
- Update to 2.8.7
Feature safe: yes
|
Saturday, 5 Nov 2011
|
17:00 miwi
- Restore all patches
|
16:53 miwi
- Fix build on FreeBSD 10
|
Wednesday, 7 Sep 2011
|
22:42 sahil
- Update to 2.8.5 and point to newer VDA patch
|
Tuesday, 26 Jul 2011
|
01:49 sahil
Update to 2.8.4 and use the ports framework to
create USERS and GROUPS. Also remove replace()
function from pkg-install script.
PR: ports/158765
Submitted by: ohauer
|
Monday, 9 May 2011
|
13:11 sahil
Update to 2.8.3 and point to newer VDA patch. Also address
the problem described in ports/155885 by passing additional
parameters to the upstream install script.
Security: CVE-2011-1720
|
Tuesday, 22 Mar 2011
|
00:58 sahil
- Update to 2.8.2
|
Thursday, 24 Feb 2011
|
02:10 sahil
- Update to 2.8.1
|
Sunday, 20 Feb 2011
|
04:45 sahil
Reactive VDA support with a new upstream patch released
specifically for Postfix version 2.8.0.
|
Sunday, 6 Feb 2011
|
04:11 sahil
- Unbreak SPF option with new patch for 2.8.0
PR: ports/154465
Submitted by: mm
Feature safe: yes
|
Monday, 24 Jan 2011
|
23:38 sahil
Update to 2.8.0, tweak CONFLICTS, mark MAKE_JOBS_SAFE
and note that the SPF and VDA options are unavailable
with this release.
Feature safe: yes
|
Saturday, 27 Nov 2010
|
06:48 sahil
Update to 2.7.2 and modify pkg-install script to check
whether Postfix is already enabled in mailer.conf[1].
Submitted by: ohauer (via email) [1]
|
Wednesday, 6 Oct 2010
|
03:29 sahil
- Update optional SPF patch to version 1.1.0 [1]
- Fix CONFLICTS [2]
PR: ports/151134 [1]
Submitted by: mm@ [1]
Noticed by: pav@ [2]
|
Wednesday, 22 Sep 2010
|
04:23 sahil
- Fix IPv6 support in SPF patch
PR: ports/150749
Submitted by: mm@
|
Monday, 13 Sep 2010
|
02:09 sahil
- Update VDA patch to version 2.7.0 [1]
- Remove "empty variable" assignment from rc script [1]
- Re-introduce optional SPF support [2]
- Remove default DISTNAME assignment from Makefile
- The affected OPTIONS are off by default, so do not
bump PORTREVISION
PR: [1]: ports/147731
[2]: ports/150428
Submitted by: [1]: ohauer@
[2]: mm@
|
Thursday, 10 Jun 2010
|
02:25 sahil
- Update to 2.7.1
- Unset INVALID_BDB_VER; Berkeley DB 5.x is now supported
Approved by: wxs@/itectu@ (mentors, implicit)
|
Thursday, 4 Mar 2010
|
17:00 itetcu
- Update to 2.7.0
- users wanting to continue on 2.6 series should use mail/postfix26
PR: 144189
Submitted by: Sahil Tandon (maintainer)
Feature safe: yes
|
Friday, 18 Sep 2009
|
13:05 wxs
- Update VDA patch to 2.6.5
PR: ports/138777
Submitted by: Sahil Tandon <sahil@tandon.net> (maintainer)
Feature safe: yes
|
Monday, 7 Sep 2009
|
09:19 bland
Update tp 2.6.5
PR: 138301
|
Friday, 14 Aug 2009
|
21:33 wxs
- Update to 2.6.3
- Keep the VDA patch at 2.6.2
- Use bsd.port.options.mk
PR: ports/137460
Submitted by: olli hauer <ohauer@gmx.de>
Approved by: Sahil Tandon <sahil@tandon.net> (maintainer)
|
Friday, 10 Jul 2009
|
13:45 garga
- un-IGNORE VDA patch for version 2.6.2
- no PORTVERSION bump necessary since this option is off by default
PR: ports/135902
Submitted by: Sahil Tandon <sahil@tandon.net>
|
Friday, 5 Jun 2009
|
07:02 itetcu
Update to Postfix stable release 2.6.2 which fixes one defect in SASL support:
With plaintext SMTP sessions AND smtpd_tls_auth_only=yes AND
smtp_sasl_auth_enable=yes, the SMTP server logged warnings for
reject_*_sender_login_mismatch, instead of enforcing them.
Revert the default alias_database and alias_maps paths to /etc/aliases (instead
of /etc/mail/aliases) -- the change to the latter was introduced in the
"refactoring" patch (ports/ports/134728) and is incompatible with older
versions of mail/postfix on FreeBSD and inconsistent with how the software is
designed to work upstream.
Finally, we IGNORE= when WITH_VDA is set until the VDA folks release a patch
that definitely works with 2.6.2. Although I suspect the 2.6.1 patch would
work, I think it's better form to let the VDA folks update their patch.
PR: 135273
Submitted by: maintainer
|
Tuesday, 26 May 2009
|
13:36 netchild
- refactor the port to ease maintenance [1]
- update to 2.6.1 [1]
- remove IGNORE in the VDA case, the patch is available now [2]
[2] is from me (compile tested), maintainer informed.
PR: 134728 [1]
Submitted by: Yarema <yds@CoolRat.org> [1]
Approved by: maintainer [1]
|
Monday, 18 May 2009
|
14:36 pav
- Update to 2.6.0
- Transfer maintainership to the submitter
PR: ports/134497
Submitted by: Sahil Tandon <sahil@tandon.net>
Approved by: Vick Khera <vivek@khera.org> (old maintainer)
|
Monday, 26 Jan 2009
|
19:52 mnag
- Update to 2.5.6
- Update VDA patch to 2.5.6
|
Sunday, 28 Sep 2008
|
01:58 mnag
- Update to 2.5.5
|
Saturday, 30 Aug 2008
|
14:56 mnag
- Update VDA patch to 2.5.4
PR: 126897
Notified by: Brian Haun <brian___haun.net>
|
Sunday, 17 Aug 2008
|
23:14 mnag
- Update to 2.5.4
- Update VDA patch to 2.5.3
|
Monday, 24 Mar 2008
|
20:15 mnag
- Fix milter macros (patch from Wietse Venema) [1]
- Update VDA patch to 2.5.1 [2]
PR: 121652 [1], 122029 [2]
Submitted by: dmx___dmx.org.ru [1], ShuenBin Hsu <sbhsu___mail.a6.idv.tw> [2]
|
Thursday, 28 Feb 2008
|
20:06 mnag
- Update to 2.5.1
- Mark as IGNORE VDA patch until patch does not apply clean
Requested by: many
|
Monday, 22 Oct 2007
|
18:39 mnag
- Update to 2.4.6
- Update VDA patch to 2.4.5
- Teach postfix to 8.0 [1]
PR: 117304 [1]
Submitted by: Oliver Peter <hoschi___mouhaha.de> [1]
Approved by: maintainer
|
Wednesday, 1 Aug 2007
|
13:06 mnag
- Update to 2.4.5
- Update VDA to 2.4.4
|
Friday, 15 Jun 2007
|
14:28 mnag
- Update VDA patch to 2.4.3-vda-ng
|
Friday, 1 Jun 2007
|
14:43 mnag
- Update to 2.4.3
|
Number of commits found: 178 (showing only 100 on this page) |