head 1.48; access; symbols pkgsrc-2026Q1:1.47.0.2 pkgsrc-2026Q1-base:1.47 pkgsrc-2025Q4:1.46.0.24 pkgsrc-2025Q4-base:1.46 pkgsrc-2025Q3:1.46.0.22 pkgsrc-2025Q3-base:1.46 pkgsrc-2025Q2:1.46.0.20 pkgsrc-2025Q2-base:1.46 pkgsrc-2025Q1:1.46.0.18 pkgsrc-2025Q1-base:1.46 pkgsrc-2024Q4:1.46.0.16 pkgsrc-2024Q4-base:1.46 pkgsrc-2024Q3:1.46.0.14 pkgsrc-2024Q3-base:1.46 pkgsrc-2024Q2:1.46.0.12 pkgsrc-2024Q2-base:1.46 pkgsrc-2024Q1:1.46.0.10 pkgsrc-2024Q1-base:1.46 pkgsrc-2023Q4:1.46.0.8 pkgsrc-2023Q4-base:1.46 pkgsrc-2023Q3:1.46.0.6 pkgsrc-2023Q3-base:1.46 pkgsrc-2023Q2:1.46.0.4 pkgsrc-2023Q2-base:1.46 pkgsrc-2023Q1:1.46.0.2 pkgsrc-2023Q1-base:1.46 pkgsrc-2022Q4:1.45.0.4 pkgsrc-2022Q4-base:1.45 pkgsrc-2022Q3:1.45.0.2 pkgsrc-2022Q3-base:1.45 pkgsrc-2022Q2:1.44.0.2 pkgsrc-2022Q2-base:1.44 pkgsrc-2022Q1:1.43.0.6 pkgsrc-2022Q1-base:1.43 pkgsrc-2021Q4:1.43.0.4 pkgsrc-2021Q4-base:1.43 pkgsrc-2021Q3:1.43.0.2 pkgsrc-2021Q3-base:1.43 pkgsrc-2021Q2:1.41.0.16 pkgsrc-2021Q2-base:1.41 pkgsrc-2021Q1:1.41.0.14 pkgsrc-2021Q1-base:1.41 pkgsrc-2020Q4:1.41.0.12 pkgsrc-2020Q4-base:1.41 pkgsrc-2020Q3:1.41.0.10 pkgsrc-2020Q3-base:1.41 pkgsrc-2020Q2:1.41.0.8 pkgsrc-2020Q2-base:1.41 pkgsrc-2020Q1:1.41.0.4 pkgsrc-2020Q1-base:1.41 pkgsrc-2019Q4:1.41.0.6 pkgsrc-2019Q4-base:1.41 pkgsrc-2019Q3:1.41.0.2 pkgsrc-2019Q3-base:1.41 pkgsrc-2019Q2:1.40.0.20 pkgsrc-2019Q2-base:1.40 pkgsrc-2019Q1:1.40.0.18 pkgsrc-2019Q1-base:1.40 pkgsrc-2018Q4:1.40.0.16 pkgsrc-2018Q4-base:1.40 pkgsrc-2018Q3:1.40.0.14 pkgsrc-2018Q3-base:1.40 pkgsrc-2018Q2:1.40.0.12 pkgsrc-2018Q2-base:1.40 pkgsrc-2018Q1:1.40.0.10 pkgsrc-2018Q1-base:1.40 pkgsrc-2017Q4:1.40.0.8 pkgsrc-2017Q4-base:1.40 pkgsrc-2017Q3:1.40.0.6 pkgsrc-2017Q3-base:1.40 pkgsrc-2017Q2:1.40.0.2 pkgsrc-2017Q2-base:1.40 pkgsrc-2017Q1:1.37.0.4 pkgsrc-2017Q1-base:1.37 pkgsrc-2016Q4:1.37.0.2 pkgsrc-2016Q4-base:1.37 pkgsrc-2016Q3:1.35.0.6 pkgsrc-2016Q3-base:1.35 pkgsrc-2016Q2:1.35.0.4 pkgsrc-2016Q2-base:1.35 pkgsrc-2016Q1:1.35.0.2 pkgsrc-2016Q1-base:1.35 pkgsrc-2015Q4:1.34.0.4 pkgsrc-2015Q4-base:1.34 pkgsrc-2015Q3:1.34.0.2 pkgsrc-2015Q3-base:1.34 pkgsrc-2015Q2:1.32.0.8 pkgsrc-2015Q2-base:1.32 pkgsrc-2015Q1:1.32.0.6 pkgsrc-2015Q1-base:1.32 pkgsrc-2014Q4:1.32.0.4 pkgsrc-2014Q4-base:1.32 pkgsrc-2014Q3:1.32.0.2 pkgsrc-2014Q3-base:1.32 pkgsrc-2014Q2:1.31.0.4 pkgsrc-2014Q2-base:1.31 pkgsrc-2014Q1:1.31.0.2 pkgsrc-2014Q1-base:1.31 pkgsrc-2013Q4:1.30.0.2 pkgsrc-2013Q4-base:1.30 pkgsrc-2013Q3:1.29.0.2 pkgsrc-2013Q3-base:1.29 pkgsrc-2013Q2:1.28.0.6 pkgsrc-2013Q2-base:1.28 pkgsrc-2013Q1:1.28.0.4 pkgsrc-2013Q1-base:1.28 pkgsrc-2012Q4:1.28.0.2 pkgsrc-2012Q4-base:1.28 pkgsrc-2012Q3:1.27.0.6 pkgsrc-2012Q3-base:1.27 pkgsrc-2012Q2:1.27.0.4 pkgsrc-2012Q2-base:1.27 pkgsrc-2012Q1:1.27.0.2 pkgsrc-2012Q1-base:1.27 pkgsrc-2011Q4:1.26.0.16 pkgsrc-2011Q4-base:1.26 pkgsrc-2011Q3:1.26.0.14 pkgsrc-2011Q3-base:1.26 pkgsrc-2011Q2:1.26.0.12 pkgsrc-2011Q2-base:1.26 pkgsrc-2011Q1:1.26.0.10 pkgsrc-2011Q1-base:1.26 pkgsrc-2010Q4:1.26.0.8 pkgsrc-2010Q4-base:1.26 pkgsrc-2010Q3:1.26.0.6 pkgsrc-2010Q3-base:1.26 pkgsrc-2010Q2:1.26.0.4 pkgsrc-2010Q2-base:1.26 pkgsrc-2010Q1:1.26.0.2 pkgsrc-2010Q1-base:1.26 pkgsrc-2009Q4:1.25.0.6 pkgsrc-2009Q4-base:1.25 pkgsrc-2009Q3:1.25.0.4 pkgsrc-2009Q3-base:1.25 pkgsrc-2009Q2:1.25.0.2 pkgsrc-2009Q2-base:1.25 pkgsrc-2009Q1:1.24.0.4 pkgsrc-2009Q1-base:1.24 pkgsrc-2008Q4:1.24.0.2 pkgsrc-2008Q4-base:1.24 pkgsrc-2008Q3:1.23.0.2 pkgsrc-2008Q3-base:1.23 cube-native-xorg:1.22.0.2 cube-native-xorg-base:1.22 pkgsrc-2008Q2:1.21.0.6 pkgsrc-2008Q2-base:1.21 cwrapper:1.21.0.4 pkgsrc-2008Q1:1.21.0.2 pkgsrc-2008Q1-base:1.21 pkgsrc-2007Q4:1.20.0.8 pkgsrc-2007Q4-base:1.20 pkgsrc-2007Q3:1.20.0.6 pkgsrc-2007Q3-base:1.20 pkgsrc-2007Q2:1.20.0.4 pkgsrc-2007Q2-base:1.20 pkgsrc-2007Q1:1.20.0.2 pkgsrc-2007Q1-base:1.20 pkgsrc-2006Q4:1.19.0.2 pkgsrc-2006Q4-base:1.19 pkgsrc-2006Q3:1.18.0.2 pkgsrc-2006Q3-base:1.18 pkgsrc-2006Q2:1.15.0.4 pkgsrc-2006Q2-base:1.15 pkgsrc-2006Q1:1.15.0.2 pkgsrc-2006Q1-base:1.15 pkgsrc-2005Q4:1.14.0.2 pkgsrc-2005Q4-base:1.14 pkgsrc-2005Q3:1.13.0.4 pkgsrc-2005Q3-base:1.13 pkgsrc-2005Q2:1.13.0.2 pkgsrc-2005Q2-base:1.13 pkgsrc-2005Q1:1.12.0.4 pkgsrc-2005Q1-base:1.12 pkgsrc-2004Q4:1.12.0.2 pkgsrc-2004Q4-base:1.12 pkgsrc-2004Q3:1.11.0.2 pkgsrc-2004Q3-base:1.11 pkgsrc-2004Q2:1.10.0.2 pkgsrc-2004Q2-base:1.10 pkgsrc-2004Q1:1.8.0.2 pkgsrc-2004Q1-base:1.8 pkgsrc-2003Q4:1.7.0.2 pkgsrc-2003Q4-base:1.7 buildlink2-base:1.7 netbsd-1-5-RELEASE:1.5 netbsd-1-4-PATCH003:1.5 netbsd-1-4-PATCH002:1.3 comdex-fall-1999:1.3 netbsd-1-4-PATCH001:1.2; locks; strict; comment @# @; 1.48 date 2026.05.04.23.58.58; author taca; state Exp; branches; next 1.47; commitid h4oTRLCg3U9pxyEG; 1.47 date 2026.03.08.14.13.42; author taca; state Exp; branches 1.47.2.1; next 1.46; commitid 482uJ04xyRSq8bxG; 1.46 date 2023.01.28.09.28.30; author taca; state Exp; branches; next 1.45; commitid ePAeTvwSLpsD2ibE; 1.45 date 2022.07.21.15.08.39; author taca; state Exp; branches; next 1.44; commitid 0wOD8w4PHTPW3MMD; 1.44 date 2022.06.11.10.27.04; author bsiegert; state Exp; branches; next 1.43; commitid WQSESU9dGxsLMBHD; 1.43 date 2021.08.14.08.58.20; author taca; state Exp; branches; next 1.42; commitid S822sirXFT9XXU4D; 1.42 date 2021.07.26.15.38.10; author taca; state Exp; branches; next 1.41; commitid OooYW6l5xpssNv2D; 1.41 date 2019.07.17.13.33.00; author triaxx; state Exp; branches; next 1.40; commitid czyC6gbhCz8mTovB; 1.40 date 2017.06.23.19.18.07; author maya; state Exp; branches; next 1.39; commitid Z3SN6UdA2iR82xWz; 1.39 date 2017.04.24.20.11.40; author fhajny; state Exp; branches; next 1.38; commitid UMhV42viWhP3gPOz; 1.38 date 2017.04.11.09.33.30; author adam; state Exp; branches; next 1.37; commitid fcXlP5ZDHFTH86Nz; 1.37 date 2016.11.04.17.10.10; author sevan; state Exp; branches 1.37.4.1; next 1.36; commitid 11NN4sU9XyDJKPsz; 1.36 date 2016.10.31.04.19.07; author maya; state Exp; branches; next 1.35; commitid bID4kvOA99n0Cfsz; 1.35 date 2016.03.23.12.55.18; author gdt; state Exp; branches; next 1.34; commitid VkGWqzEMR4MQBLZy; 1.34 date 2015.09.07.09.47.01; author fhajny; state Exp; branches; next 1.33; commitid 42C2mmB9De5xViAy; 1.33 date 2015.07.22.00.25.37; author taca; state Exp; branches; next 1.32; commitid RJUoS7Cga2kOkduy; 1.32 date 2014.08.25.16.00.54; author taca; state Exp; branches 1.32.8.1; next 1.31; commitid zD04RvVMmtMk9LNx; 1.31 date 2014.02.09.05.34.13; author taca; state Exp; branches; next 1.30; commitid Hb7Q42Kygw4Q0oox; 1.30 date 2013.09.30.15.21.15; author taca; state Exp; branches; next 1.29; commitid VMA4SFpJidGhvt7x; 1.29 date 2013.09.06.14.08.18; author taca; state Exp; branches; next 1.28; commitid Pycc5povP5Q5Sn4x; 1.28 date 2012.12.13.16.23.14; author taca; state Exp; branches; next 1.27; 1.27 date 2012.02.27.03.01.30; author taca; state Exp; branches; next 1.26; 1.26 date 2010.02.25.13.01.23; author martti; state Exp; branches 1.26.16.1; next 1.25; 1.25 date 2009.05.13.10.33.23; author martti; state Exp; branches; next 1.24; 1.24 date 2008.11.03.00.47.17; author taca; state Exp; branches; next 1.23; 1.23 date 2008.09.17.13.21.19; author joerg; state Exp; branches; next 1.22; 1.22 date 2008.09.04.08.25.20; author martti; state Exp; branches; next 1.21; 1.21 date 2008.02.18.17.45.34; author ghen; state Exp; branches 1.21.6.1; next 1.20; 1.20 date 2007.04.03.07.27.51; author martti; state Exp; branches; next 1.19; 1.19 date 2006.11.07.07.08.26; author martti; state Exp; branches; next 1.18; 1.18 date 2006.08.31.18.44.50; author martti; state Exp; branches; next 1.17; 1.17 date 2006.08.11.12.34.25; author taca; state Exp; branches; next 1.16; 1.16 date 2006.07.13.09.57.51; author martti; state Exp; branches; next 1.15; 1.15 date 2006.01.10.06.38.15; author martti; state Exp; branches; next 1.14; 1.14 date 2005.10.13.13.06.38; author joerg; state Exp; branches 1.14.2.1; next 1.13; 1.13 date 2005.03.22.18.09.33; author xtraeme; state Exp; branches 1.13.4.1; next 1.12; 1.12 date 2004.11.30.20.54.38; author jlam; state Exp; branches 1.12.4.1; next 1.11; 1.11 date 2004.06.21.16.13.24; author martti; state Exp; branches; next 1.10; 1.10 date 2004.04.14.12.55.20; author minskim; state Exp; branches 1.10.2.1; next 1.9; 1.9 date 2004.04.11.02.23.46; author kim; state Exp; branches; next 1.8; 1.8 date 2004.01.23.12.03.44; author martti; state Exp; branches; next 1.7; 1.7 date 2001.03.20.12.50.51; author hubertf; state dead; branches; next 1.6; 1.6 date 2000.12.10.09.00.47; author itojun; state Exp; branches; next 1.5; 1.5 date 2000.04.10.00.19.17; author bad; state Exp; branches; next 1.4; 1.4 date 2000.04.09.08.10.20; author simonb; state Exp; branches; next 1.3; 1.3 date 99.09.12.00.14.53; author simonb; state Exp; branches; next 1.2; 1.2 date 99.06.27.00.11.03; author christos; state Exp; branches; next 1.1; 1.1 date 99.05.30.18.18.32; author tron; state Exp; branches; next ; 1.47.2.1 date 2026.05.07.22.40.07; author maya; state Exp; branches; next ; commitid OFJ3wVBW6ELI0WEG; 1.37.4.1 date 2017.04.23.09.53.06; author bsiegert; state Exp; branches; next ; commitid hRzEyzyg2Lw9SDOz; 1.32.8.1 date 2015.07.22.20.16.13; author tron; state Exp; branches; next ; commitid g4K0eQyfGHKmVjuy; 1.26.16.1 date 2012.02.29.19.32.08; author spz; state Exp; branches; next ; 1.21.6.1 date 2008.09.05.11.55.45; author ghen; state Exp; branches; next ; 1.14.2.1 date 2006.01.10.15.55.51; author salo; state Exp; branches; next ; 1.13.4.1 date 2005.11.15.11.42.44; author salo; state Exp; branches; next ; 1.12.4.1 date 2005.04.04.08.14.31; author salo; state Exp; branches; next ; 1.10.2.1 date 2004.07.08.08.33.49; author agc; state Exp; branches; next ; desc @@ 1.48 log @mail/postfix: update to 3.11.2 Postfix 3.11.2 (2026-05-03) Fixed in Postfix 3.11: * Bugfix (defect introduced: Postfix 3.11): the proxymap(8) daemon dereferenced an uninitialized pointer after a request protocol error. This daemon is not exposed to local or remote users. Found by Claude Opus 4.6. * Bugfix (defect introduced: 20260309) a change, to set the service_name default value to "amnesiac", violated a test that parameter names in postconf output must match 1:1 with parameter names in the postlink script. Fixed in Postfix 3.8, 3.9, 3.10. 3.11: * Portability: support for recent FreeBSD, NetBSD, and OpenBSD versions. Brad Smith. * Bugfix (defect introduced: Postfix 2.2, date 20041207): When truncating a database file, the cdb: database client looked at the file size from before requesting an exclusive lock on a database file, instead of the file size after the exclusive lock was granted. Found by Claude Opus 4.6. * Bugfix (defect introduced: Postfix alpha, date 19980309): file descriptor leak after fork() failure. Found by Claude Opus 4.6. * Mistakes in debug logging. Found by Claude Opus 4.6. This affected two files in Postfix 3.8 and 3.9, three files in Postfix 3.10 and 3.11. * Unchecked null pointer results after an out-of-memory condition in a library dependency. Found by Claude Opus 4.6. The fix is to return an error status or to log a fatal error. This affected three source files. * Missing or incomplete guards for ssize_t or int overflow, found by Claude Opus 4.6. This affected three source files. These limits are unlikely to be exceeded because the size of in-memory objects is limited by design (the number of in-memory objects is also limited). @ text @$NetBSD: patch-ai,v 1.47 2026/03/08 14:13:42 taca Exp $ 1) Add shlib definitions for NetBSD 5; the build system must be hard-coded per OS per version. Not yet reported upstream. 2) Make this pkgsrc friendly. 3) Add support for FreeBSD 13. 4) Add blocklist(3) support. --- makedefs.orig 2026-05-01 18:55:47.000000000 +0000 +++ makedefs @@@@ -371,6 +371,15 @@@@ case "$SYSTEM.$RELEASE" in : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${PLUGIN_LD="${CC} -shared"} ;; + FreeBSD.13*) SYSTYPE=FREEBSD13 + : ${CC=cc} + : ${SHLIB_SUFFIX=.so} + : ${SHLIB_CFLAGS=-fPIC} + : ${SHLIB_LD="${CC} -shared"' -Wl,-soname,${LIB}'} + : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC} -shared"} + ;; DragonFly.*) SYSTYPE=DRAGONFLY ;; OpenBSD.2*) SYSTYPE=OPENBSD2 @@@@ -417,65 +426,7 @@@@ case "$SYSTEM.$RELEASE" in ;; ekkoBSD.1*) SYSTYPE=EKKOBSD1 ;; - NetBSD.1.*) SYSTYPE=NETBSD1 - ;; - NetBSD.2*) SYSTYPE=NETBSD2 - ;; - NetBSD.3*) SYSTYPE=NETBSD3 - ;; - NetBSD.4*) SYSTYPE=NETBSD4 - ;; - NetBSD.5*) SYSTYPE=NETBSD5 - ;; - NetBSD.6*) SYSTYPE=NETBSD6 - : ${SHLIB_SUFFIX=.so} - : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} - : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD="${CC-gcc} -shared"} - ;; - NetBSD.7*) SYSTYPE=NETBSD7 - : ${SHLIB_SUFFIX=.so} - : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} - : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD="${CC-gcc} -shared"} - ;; - NetBSD.8*) SYSTYPE=NETBSD8 - : ${SHLIB_SUFFIX=.so} - : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} - : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD="${CC-gcc} -shared"} - ;; - NetBSD.9*) SYSTYPE=NETBSD9 - : ${SHLIB_SUFFIX=.so} - : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} - : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD="${CC-gcc} -shared"} - ;; - NetBSD.10*) SYSTYPE=NETBSD10 - : ${SHLIB_SUFFIX=.so} - : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} - : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD="${CC-gcc} -shared"} - ;; - NetBSD.11*) SYSTYPE=NETBSD11 - : ${SHLIB_SUFFIX=.so} - : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} - : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD="${CC-gcc} -shared"} - ;; - NetBSD.12*) SYSTYPE=NETBSD12 + NetBSD*) SYSTYPE=NETBSD : ${SHLIB_SUFFIX=.so} : ${SHLIB_CFLAGS=-fPIC} : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} @@@@ -550,13 +501,6 @@@@ case "$SYSTEM.$RELEASE" in esac ;; ULTRIX.4*) SYSTYPE=ULTRIX4 - if [ -f /usr/local/lib/libdb.a ]; then - SYSLIBS="$SYSLIBS -ldb" - CCARGS="$CCARGS -DHAS_DB" - if [ -d /usr/local/include/db ]; then - CCARGS="$CCARGS -I/usr/local/include/db" - fi - fi for l in syslog resolv; do if [ -f /usr/local/lib/lib$l.a ]; then SYSLIBS="$SYSLIBS -l$l" @@@@ -598,34 +542,8 @@@@ case "$SYSTEM.$RELEASE" in esac;; # Tested with RedHat 3.03 on 20020729. Linux.1*) SYSTYPE=LINUX1 - case "$CCARGS" in - *-DNO_DB*) ;; - *-DHAS_DB*) ;; - *) SYSLIBS="-ldb";; - esac ;; Linux.2*) SYSTYPE=LINUX2 - case "$CCARGS" in - *-DNO_DB*) ;; - *-DHAS_DB*) ;; - *) if [ -f /usr/include/db.h ] - then - : we are all set - elif [ -f /usr/include/db/db.h ] - then - CCARGS="$CCARGS -I/usr/include/db" - else - # No, we're not going to try db1 db2 db3 etc. - # On a properly installed system, Postfix builds - # by including and by linking with -ldb - echo "No include file found." 1>&2 - echo "Install the appropriate db*-devel package first." 1>&2 - echo "Alternatively, build with CCARGS=\"-NO_DB ...\"" 1>&2 - exit 1 - fi - SYSLIBS="-ldb" - ;; - esac for name in nsl resolv $GDBM_LIBS do for lib in /usr/lib64 /lib64 /usr/lib /lib @@@@ -728,25 +646,6 @@@@ EOF ;; GNU.0*|GNU/kFreeBSD.[567]*) SYSTYPE=GNU0 - case "$CCARGS" in - *-DNO_DB*) ;; - *) if [ -f /usr/include/db.h ] - then - : we are all set - elif [ -f /usr/include/db/db.h ] - then - CCARGS="$CCARGS -I/usr/include/db" - else - # On a properly installed system, Postfix builds - # by including and by linking with -ldb - echo "No include file found." 1>&2 - echo "Install the appropriate db*-devel package first." 1>&2 - echo "Alternatively, build with CCARGS=\"-NO_DB ...\"" 1>&2 - exit 1 - fi - SYSLIBS="-ldb" - ;; - esac for name in nsl resolv do for lib in /usr/lib64 /lib64 /usr/lib /lib @@@@ -777,26 +676,14 @@@@ EOF HP-UX.A.09.*) SYSTYPE=HPUX9 SYSLIBS=-ldbm CCARGS="$CCARGS -DMISSING_USLEEP -DNO_SNPRINTF" - if [ -f /usr/lib/libdb.a ]; then - CCARGS="$CCARGS -DHAS_DB" - SYSLIBS="$SYSLIBS -ldb" - fi ;; HP-UX.B.10.*) SYSTYPE=HPUX10 CCARGS="$CCARGS `nm /usr/lib/libc.a 2>/dev/null | (grep usleep >/dev/null || echo '-DMISSING_USLEEP')`" CCARGS="$CCARGS -DNO_SNPRINTF" - if [ -f /usr/lib/libdb.a ]; then - CCARGS="$CCARGS -DHAS_DB" - SYSLIBS=-ldb - fi ;; HP-UX.B.11.*) SYSTYPE=HPUX11 SYSLIBS=-lnsl - if [ -f /usr/lib/libdb.a ]; then - CCARGS="$CCARGS -DHAS_DB" - SYSLIBS="$SYSLIBS -ldb" - fi ;; ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543 RANLIB=echo @@@@ -844,12 +731,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 esac : ${SHLIB_CFLAGS=-fPIC} : ${SHLIB_SUFFIX=.dylib} - : ${SHLIB_LD="cc -shared -Wl,-flat_namespace ${NOFIXUP}-Wl,-undefined,dynamic_lookup "'-Wl,-install_name,@@rpath/${LIB}'} + : ${SHLIB_LD='${CC} '"-shared -Wl,-flat_namespace ${NOFIXUP}-Wl,-undefined,dynamic_lookup "'-Wl,-install_name,@@rpath/${LIB}'} : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} # In MacOS/X 10.11.x /bin/sh unsets DYLD_LIBRARY_PATH, so we # have export it into postfix-install indirectly! : ${SHLIB_ENV="DYLD_LIBRARY_PATH=`pwd`/lib SHLIB_ENV_VAR=DYLD_LIBRARY_PATH SHLIB_ENV_VAL=`pwd`/lib"} - : ${PLUGIN_LD="cc -shared -Wl,-flat_namespace ${NOFIXUP}-Wl,-undefined,dynamic_lookup"} + : ${PLUGIN_LD='${CC} '"-shared -Wl,-flat_namespace ${NOFIXUP}-Wl,-undefined,dynamic_lookup"} ;; dcosx.1*) SYSTYPE=DCOSX1 RANLIB=echo @@@@ -873,6 +760,36 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 esac # +# Support for blocklist(3) or blacklist(3). +# +case "$CCARGS" in + *-DUSE_BLOCKLIST*) + if test -f /usr/include/blocklist.h; then + CCARGS="$CCARGS -DHAVE_BLOCKLIST" + SYSLIBS="$SYSLIBS -lblocklist" + elif test -f /usr/include/blacklist.h; then + CCARGS="$CCARGS -DHAVE_BLACKLIST" + SYSLIBS="$SYSLIBS -lblacklist" + fi + ;; +esac + +# +# Support for blocklist(3) or blacklist(3). +# +case "$CCARGS" in + *-DUSE_BLOCKLIST*) + if test -f /usr/include/blocklist.h; then + CCARGS="$CCARGS -DHAVE_BLOCKLIST" + SYSLIBS="$SYSLIBS -lblocklist" + elif test -f /usr/include/blacklist.h; then + CCARGS="$CCARGS -DHAVE_BLACKLIST" + SYSLIBS="$SYSLIBS -lblacklist" + fi + ;; +esac + +# # sigsetjmp()/siglongjmp() can be "better" than setjmp()/longjmp() # if used wisely (that is: almost never, just like signals). # Unfortunately some implementations have been buggy in the past. @ 1.47 log @mail/postfix: update to 3.11.0 Postfix 3.11.0 (2026-03-05) Berkeley DB migration: * Some (Linux) distributions are removing support for BerkeleyDB databases (In Postfix, this means we lose support for the hash: and btree: lookup tables). See NON_BERKELEYDB_README for manual and partially automatic migration from btree: to lmdb:, and from hash: to lmdb: or cdb:. * The loss of BerkeleyDB affects Mailman versions that want to execute commands like "postmap hash:/path/to/file" when a mailing list is added or removed. Postfix provides a way to redirect such commands to a supported database type. * You don't have to wait until BerkeleyDB support is removed. It can make sense to migrate while BerkeleyDB support is still available (mainly, less downtime). Changes in TLS support: * Default TLS security. The Postfix SMTP client smtp_tls_security_level default value is "may" if Postfix was built with TLS support, and the compatibility_level is 3.11 or higher. * Support for the RFC 8689 "REQUIRETLS" verb in ESMTP. This requires that every SMTP (and LMTP) server in the forward path is strongly authenticated with DANE, STS, or equivalent, and that every server announces REQUIRETLS support. See REQUIRETLS_README for suggestions to carefully enforce REQUIRETLS without causing massive mail delivery problems. * Logging the TLS security level. This shows the desired and actual TLS security level enforcement status and, if a message requests REQUIRETLS, the REQUIRETLS policy enforcement status. For a list of examples see smtp_log_tls_feature_status * Workaround for an interface mismatch between the Postfix SMTP client and MTA-STS policy plugins. This introduces a new parameter smtp_tls_enforce_sts_mx_patterns (default: "yes"). The MTA-STS plugin configuration needs to enable TLSRPT support, so that it forwards STS policy attributes to Postfix. Both postfix-tlspol and postfix-mta-sts-resolver have been updated accordingly. With this, the Postfix SMTP client will connect to an MX host only if its name matches any STS policy MX host pattern, and will match a server certificate against the MX hostname. Otherwise, the old behavior stays in effect: connect to any MX host listed in DNS, and match a server certificate against any STS policy MX host pattern. * Post-quantum cryptography support. With OpenSSL 3.5 and later, change the tls_eecdh_auto_curves default value to avoid problems with network infrastructure that mishandles TLS hello messages larger than one (Ethernet) TCP segment. This problem is more generally known as "protocol ossification". Miscellaneous changes: * Deprecation of obsolete parameters. Postfix programs log a warning that these parameters will be removed. See DEPRECATION_README for a list of deprecated parameters. * JSON output support with "postconf -j|-jM|-jF|-jP", "postalias -jq|-js", "postmap -jq|-js", and "postmulti -jl". No support is planned for JSON input support. * Milter support: improved Milter error handling for messages that arrive over a long-lived SMTP connection, by changing the default milter_default_action from "tempfail" to the new "shutdown" action (i.e. disconnect the remote SMTP client). This was already back-ported to earlier stable releases. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.46 2023/01/28 09:28:30 taca Exp $ d12 1 a12 1 --- makedefs.orig 2026-03-05 15:59:44.000000000 +0000 d14 1 a14 1 @@@@ -353,6 +353,15 @@@@ case "$SYSTEM.$RELEASE" in d30 1 a30 1 @@@@ -390,49 +399,7 @@@@ case "$SYSTEM.$RELEASE" in d34 1 a34 1 - NetBSD.1*) SYSTYPE=NETBSD1 d77 16 d97 1 a97 1 @@@@ -507,13 +474,6 @@@@ case "$SYSTEM.$RELEASE" in d111 1 a111 1 @@@@ -555,34 +515,8 @@@@ case "$SYSTEM.$RELEASE" in d146 1 a146 1 @@@@ -685,25 +619,6 @@@@ EOF d172 1 a172 1 @@@@ -734,26 +649,14 @@@@ EOF d199 1 a199 1 @@@@ -801,12 +704,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d214 1 a214 1 @@@@ -830,6 +733,21 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d233 15 @ 1.47.2.1 log @Pullup ticket #7098 - requested by taca mail/postfix: Security fix Revisions pulled up: - mail/postfix/Makefile.common 1.64 - mail/postfix/distinfo 1.223 - mail/postfix/patches/patch-ag 1.43 - mail/postfix/patches/patch-ai 1.48 --- Module Name: pkgsrc Committed By: taca Date: Mon May 4 23:58:58 UTC 2026 Modified Files: pkgsrc/mail/postfix: Makefile.common distinfo pkgsrc/mail/postfix/patches: patch-ag patch-ai Log Message: mail/postfix: update to 3.11.2 Postfix 3.11.2 (2026-05-03) Fixed in Postfix 3.11: * Bugfix (defect introduced: Postfix 3.11): the proxymap(8) daemon dereferenced an uninitialized pointer after a request protocol error. This daemon is not exposed to local or remote users. Found by Claude Opus 4.6. * Bugfix (defect introduced: 20260309) a change, to set the service_name default value to "amnesiac", violated a test that parameter names in postconf output must match 1:1 with parameter names in the postlink script. Fixed in Postfix 3.8, 3.9, 3.10. 3.11: * Portability: support for recent FreeBSD, NetBSD, and OpenBSD versions. Brad Smith. * Bugfix (defect introduced: Postfix 2.2, date 20041207): When truncating a database file, the cdb: database client looked at the file size from before requesting an exclusive lock on a database file, instead of the file size after the exclusive lock was granted. Found by Claude Opus 4.6. * Bugfix (defect introduced: Postfix alpha, date 19980309): file descriptor leak after fork() failure. Found by Claude Opus 4.6. * Mistakes in debug logging. Found by Claude Opus 4.6. This affected two files in Postfix 3.8 and 3.9, three files in Postfix 3.10 and 3.11. * Unchecked null pointer results after an out-of-memory condition in a library dependency. Found by Claude Opus 4.6. The fix is to return an error status or to log a fatal error. This affected three source files. * Missing or incomplete guards for ssize_t or int overflow, found by Claude Opus 4.6. This affected three source files. These limits are unlikely to be exceeded because the size of in-memory objects is limited by design (the number of in-memory objects is also limited). @ text @d1 1 a1 1 $NetBSD$ d12 1 a12 1 --- makedefs.orig 2026-05-01 18:55:47.000000000 +0000 d14 1 a14 1 @@@@ -371,6 +371,15 @@@@ case "$SYSTEM.$RELEASE" in d30 1 a30 1 @@@@ -417,65 +426,7 @@@@ case "$SYSTEM.$RELEASE" in d34 1 a34 1 - NetBSD.1.*) SYSTYPE=NETBSD1 a76 16 - : ${SHLIB_SUFFIX=.so} - : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} - : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD="${CC-gcc} -shared"} - ;; - NetBSD.11*) SYSTYPE=NETBSD11 - : ${SHLIB_SUFFIX=.so} - : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} - : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD="${CC-gcc} -shared"} - ;; - NetBSD.12*) SYSTYPE=NETBSD12 d81 1 a81 1 @@@@ -550,13 +501,6 @@@@ case "$SYSTEM.$RELEASE" in d95 1 a95 1 @@@@ -598,34 +542,8 @@@@ case "$SYSTEM.$RELEASE" in d130 1 a130 1 @@@@ -728,25 +646,6 @@@@ EOF d156 1 a156 1 @@@@ -777,26 +676,14 @@@@ EOF d183 1 a183 1 @@@@ -844,12 +731,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d198 1 a198 1 @@@@ -873,6 +760,36 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 a216 15 +# Support for blocklist(3) or blacklist(3). +# +case "$CCARGS" in + *-DUSE_BLOCKLIST*) + if test -f /usr/include/blocklist.h; then + CCARGS="$CCARGS -DHAVE_BLOCKLIST" + SYSLIBS="$SYSLIBS -lblocklist" + elif test -f /usr/include/blacklist.h; then + CCARGS="$CCARGS -DHAVE_BLACKLIST" + SYSLIBS="$SYSLIBS -lblacklist" + fi + ;; +esac + +# @ 1.46 log @mail/postfix: update to 3.7.4 Postfix 3.7.4 (2023-01-22) * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. Fix by Viktor Dukhovni. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni. * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. Found during code review. * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead. Discovered by Benny Pedersen. * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. Viktor Dukhovni. * Portability: Linux 6 support. * Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.45 2022/07/21 15:08:39 taca Exp $ d12 1 a12 1 --- makedefs.orig 2023-01-15 23:29:39.000000000 +0000 d14 1 a14 1 @@@@ -339,6 +339,15 @@@@ case "$SYSTEM.$RELEASE" in d30 1 a30 1 @@@@ -376,49 +385,7 @@@@ case "$SYSTEM.$RELEASE" in d81 1 a81 1 @@@@ -493,13 +460,6 @@@@ case "$SYSTEM.$RELEASE" in d95 1 a95 1 @@@@ -541,33 +501,8 @@@@ case "$SYSTEM.$RELEASE" in d121 1 d130 1 a130 1 @@@@ -667,24 +602,6 @@@@ Linux.[3456].*) SYSTYPE=LINUX$RELEASE_MA d147 1 d156 1 a156 1 @@@@ -715,26 +632,14 @@@@ Linux.[3456].*) SYSTYPE=LINUX$RELEASE_MA d183 1 a183 1 @@@@ -782,12 +687,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d198 1 a198 1 @@@@ -811,6 +716,21 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 @ 1.45 log @mail/postfix: update to 3.7.2 3.7.0 (2022-02-07) * Support to inline the content of small cidr:, pcre:, and regexp: tables in Postfix parameter values. An example is the new smtpd_forbidden_commands default value, "CONNECT GET POST regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from clients that send garbage. * To make the maillog_file feature more useful, including stdout logging from a container, the postlog(1) command is now set-gid postdrop, so that unprivileged programs can use it to write logging through the postlogd(8) daemon. This required hardening the postlog(1) command against privilege escalation attacks. * Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18. * Postfix programs now randomize the initial state of in-memory hash tables, to defend against hash collision attacks involving a large number of attacker-chosen lookup keys. Presently, the only known opportunity for such attacks involves remote SMTP client IPv6 addresses in the anvil(8) service, and requires making hundreds of short-lived connections per second while cycling through thousands of different client IP addresses. * Updated defense against remote clients or servers that 'trickle' SMTP or LMTP traffic. This replaces the old per-record deadlines with per-request deadlines and minimum data rates. * Many typofixes by raf and Wietse. 3.7.1 (2022-04-18) * (problem introduced: Postfix 2.7) The milter_header_checks maps are now opened before the cleanup(8) server enters the chroot jail. Problem reported by Jesper Dybdal. * In an internal client module, "host or service not found" was a fatal error, causing the milter_default_action setting to be ignored. It is now a non-fatal error, just like a failure to connect. Problem reported by Christian Degenkolb. * The proxy_read_maps default value was missing up to 27 parameter names. The corresponding lookup tables were not automatically authorized for use with the proxymap(8) service. The parameter names were ending in _checks, _reply_footer, _reply_filter, _command_filter, and _delivery_status_filter. * (problem introduced: Postfix 3.0) With dynamic map loading enabled, an attempt to create a map with "postmap regexp:path" would result in a bogus error message "Is the postfix-regexp package installed?" instead of "unsupported map type for this operation". This happened with all non-dynamic map types (static, cidr, etc.) that have no 'bulk create' support. Problem reported by Greg Klanderman. * In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem reported by Carlos Velasco. * Documented in the postlogd(8) daemon manpage that the Postfix >= 3.7 postlog(1) command can run with setgid permissions. 3.7.2 (2022-04-28) This reverts an overly complex change in the postscreen SMTP engine (made during Postfix 3.7 development), and replaces it with much simpler code. The bad change was crashing postscreen on some systems after receiving malformed input (for example, a TLS "hello" message). @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.44 2022/06/11 10:27:04 bsiegert Exp $ d12 1 a12 1 --- makedefs.orig 2022-01-23 20:53:41.000000000 +0000 d129 1 a129 1 @@@@ -667,24 +602,6 @@@@ EOF d154 1 a154 1 @@@@ -715,26 +632,14 @@@@ EOF d181 1 a181 1 @@@@ -776,12 +681,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d185 2 a186 2 - : ${SHLIB_LD='cc -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup -Wl,-install_name,@@rpath/${LIB}'} + : ${SHLIB_LD='${CC} -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup -Wl,-install_name,@@rpath/${LIB}'} d191 2 a192 2 - : ${PLUGIN_LD='cc -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup'} + : ${PLUGIN_LD='${CC} -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup'} d196 1 a196 1 @@@@ -805,6 +710,21 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 @ 1.44 log @postfix: FreeBSD 13 support makedefs already contains the FreeBSD 12 stanza but not version 13. From cubadevelop via Github Pull Request. Fixes NetBSD/pkgsrc#97 @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.43 2021/08/14 08:58:20 taca Exp $ d12 1 a12 1 --- makedefs.orig 2021-04-24 20:49:37.000000000 +0000 d14 1 a14 1 @@@@ -309,6 +309,15 @@@@ case "$SYSTEM.$RELEASE" in d30 1 a30 1 @@@@ -337,25 +346,7 @@@@ case "$SYSTEM.$RELEASE" in d51 26 a76 2 - ;; - NetBSD.7*) SYSTYPE=NETBSD7 d81 1 a81 1 @@@@ -434,13 +425,6 @@@@ case "$SYSTEM.$RELEASE" in d95 1 a95 1 @@@@ -482,33 +466,8 @@@@ case "$SYSTEM.$RELEASE" in d129 1 a129 1 @@@@ -608,24 +567,6 @@@@ EOF d154 1 a154 1 @@@@ -656,26 +597,14 @@@@ EOF d181 1 a181 1 @@@@ -717,12 +646,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d196 1 a196 1 @@@@ -746,6 +675,21 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 @ 1.43 log @mail/postfix: add blocklist PKG_OPTIONS and fix build problem * Add blocklist PKG_OPTIONS. * Fix build problem on no blocklist/blacklist supported system. (Reported by Matthias Ferdinand on pkgsrc-users@@.) Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.42 2021/07/26 15:38:10 taca Exp $ d8 1 a8 1 3) Add support for FreeBSD 12. d18 1 a18 1 + FreeBSD.12*) SYSTYPE=FREEBSD12 @ 1.42 log @mail/postfix: update to 3.6.2 * pkgsrc change: Add supportfor blocklistd(3) (and blacklistd(3)). * From release annuonce: Fixed in Postfix 3.6.2, 3.5.12, 3.4.22, 3.3.19: * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal error in the compatibility_level parser, because there was no 'errno = 0' statement before an strtol() call. In Postfix 3.3-3.5, fixed two older latent bugs of this kind (introduced in 1999 and in Postfix 2.11). Problem reported by David Bohman. * (problem introduced in Postfix 3.3) "Null pointer read" error in the cleanup daemon when "header_from_format = standard" (the default as of Postfix 3.3), and email was submitted with /usr/sbin/sendmail without From: header, and an all-space full name was specified in 1) the password file, 2) with "sendmail -F", or 3) with the NAME environment variable. Found by Renaud Metrich. * (problem introduced in Postfix 2.4) False "too many reverse jump" warnings in the showq daemon, because loop detection code was comparing memory addresses instead of queue file names. Reported by Mehmet Avcioglu. * (problem introduced in 1999) The Postfix SMTP server was sending all session transcripts to the error_notice_recipient (default: postmaster), instead of sending transcripts of bounced mail to the bounce_notice_recipient (default: postmaster). Reported by Hans van Zijst. Fixed in Postfix 3.6.2, 3.5.12, 3.4.22: * The texthash: map implementation broke tls_server_sni_maps, because it did not support multi-file inputs. Reported by Christopher Gurnee, who also found an instance of the missing code in the "postmap -F" source code. File: util/dict_thash.c. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.41 2019/07/17 13:33:00 triaxx Exp $ d172 1 a172 1 @@@@ -746,6 +675,17 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d178 11 a188 7 +if test -f /usr/include/blocklist.h; then + CCARGS="$CCARGS -DHAVE_BLOCKLIST" + SYSLIBS="$SYSLIBS -lblocklist" +elif test -f /usr/include/blacklist.h; then + CCARGS="$CCARGS -DHAVE_BLACKLIST" + SYSLIBS="$SYSLIBS -lblacklist" +fi @ 1.41 log @postfix: update to 3.4.6 pkgsrc changes: --------------- * change COMMENT to make pkglint happy (inspired by http://www.postfix.org/) * update PLIST using make print-PLIST (missing @@pkgdir) upstream changes: ----------------- 20181125 Cleanup: dict_file_to_xxx() takes a list of file names separated by CHARS_COMMA_SP. Shoe-horned into the existing API, make it nicer when there is time. File: util/dict_file.c. 20181127 Cleanup: encapsulated clumsy 'read into VSTRING' code with easier-to-use vstream_fread_buf() and vstream_fread_app() primitives. Files: global/memcache_proto.c, global/record.c, global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c, global/xtext.c, milter/milter8.c, util/dict_file.c, util/hex_quote.c, util/netstring.c, util/vstream.c, util/vstream.h. Verified with "make tests". Cleanup: simplified the smtp_fread() API (introduced for BDAT support), and changed the name to smtp_fread_buf(). Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with ~megabyte BDAT commands. Cleanup: simplified a tlsproxy-internal API. File: tlsproxy/tlsproxy.c. 20181128 Initial support for key/certificate chain files that will replace the proliferation of separate parameters for RSA/DSA/ECC/etc. key and certificate files. Viktor Dukhovni. 20181201 Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET() calls with safe vstring_set_payload_size() calls, in code that directly writes into VSTRING. Files: tls/tls_session.c, tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h, xsasl/xsasl_cyrus_client.c. Cleanup: postscreen_command_time_limit did not need to be a 'raw' parameter. This makes "postconf -x" behavior more consistent. Files: global/mail_params.h, postscreen/postscreen.c. Documentation: added text that the following parameter values are not subject to Postfix parameter $name expansion: default_rbl_reply, command_execution_directory, luser_relay, smtpd_reject_footer. These have their own documented $name substitution mechanism. File: proto/postconf.proto. 20181202 Bugfix: posttls-finger reported an error for UNIX-domain connections, even if they did not fail. Found by Coverity. File: posttls-finger/posttls-finger.c. 20181208 Documentation: add even more redundancy to the rate-delay description. File: proto/postconf.proto. 20181210 Cleanup: code deduplication. File: util/dict_file.c. 20181226 Cleanup: code deduplication and better encapsulation with PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros. Files: postscreen/postscreen.h, postscreen/postscreen_state.c. Documentation: POSTSCREEN_README did not describe the postscreen_post_queue_limit, and attributed the wrong reject message to the postscreen_pre_queue_limit. Problem reported by Michael Orlitzky. File: proto/POSTSCREEN_README.html. (20181226-nonprod) Compatibility: removed support for OpenSSL 1.0.1 (not supported since December 31, 2016) and earlier releases. This eliminated a large number of #ifdefs with bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c, tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c, tls/tls_session.c. (20181226-nonprod) Use the OpenSSL 1.0.2 and later API for setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_dh.c. (20181226-nonprod) Documentation update for TLS support. Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html, proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c. 20181229 Explicit maps_file_find() and dict_file_lookup() methods that decode base64 content. Decoding content is not built into the dict->lookup() method, because that would complicate the implementation of map nesting (inline, thash), map composition (pipemap, unionmap), and map proxying. For consistency, decoding base64 file content is also not built into the maps_find() method. Files: util/dict.h. util/dict_file.c, global/maps.[hc], postmap/postmap.c. 20190106 Documentation: documented the SRC_RHS_IS_FILE flag in dict_open.c, and updated the -F description in the postmap manpage. Files: util/dict_open.c, postmap/postmap.c. (20190106-nonprod) Feature: support for files that combine multiple (key, certificate, trust chain) instances in one file, to avoid separate files for RSA, DSA, Elliptic Curve, and so on. Viktor Dukhovni. Files: .indent.pro, global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c, tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c. (20190106-nonprod) Create a second, no-key no-cert, SSL_CTX for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c. (20190106-nonprod) Server-side SNI support. Viktor Dukhovni. Files: src/global/mail_params.h, src/smtp/smtp.c, src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c, src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c, (20190106-nonprod) Configurable client-side SNI signal. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c, smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c. 20190121 Logging: support for internal logging file, without using syslog (it uses the new postlogd daemon instead). This solves a usability problem for MacOS, may help getting around systemd, and solves 99% of the problem for logging to stdout in a container (hopefully we have 100% soon). Enable by setting, for example, "maillog_file = /var/log/postfix.log"). This works fine for daemons, and with some limitations for non-daemon programs. See RELEASE_NOTES for more details. Files: conf/master.cf, conf/post-install, conf/postfix-files, conf/postfix-script, mantools/postlink, proto/master, proto/postconf.proto, global/mail_params.c, global/mail_params.h, global/mail_proto.h, global/maillog_client.c, global/maillog_client.h, master/dgram_server.c, master/event_server.c, master/mail_server.h, master/master.c, master/master.h, master/master_ent.c, master/master_listen.c, master/master_proto.h, master/master_wakeup.c, master/multi_server.c, master/single_server.c, master/trigger_server.c, postalias/postalias.c, postconf/postconf_master.c, postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c, postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c, postmulti/postmulti.c, postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h, util/listen.h, util/logwriter.c, util/logwriter.h, util/msg_logger.c, util/msg_logger.h, util/msg_output.c, util/msg_output.h, util/unix_dgram_connect.c, util/unix_dgram_listen.c. Cleanup: cert/key/chain loading, plus unit tests to exercise non-error and error cases. Viktor Dukhovni. Files: tls/*.pem, tls*.pem.ref, tls/tls_certkey.c. 20190126 Safety: Postfix programs will log to either syslog or postlog but not both; and postlogd forwards postlog logging to syslog, when a configuration change removes the maillog_file pathname, but some programs still use the old configuration. Files: util/msg_syslog.[hc], util/msg_logger.c, global/maillog_client.c, postlogd/postlogd.c, Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog pipe file descriptor leak. This pipe provides one source of liveness, data from this pipe is discarded, and therefore this does not enable privilege escalation or DOS. File: util/watchdog.c. Feature: stdout logging support; requires "postfix start-fg" and "maillog_file = /dev/stdout". Files: master/master.c, conf/postfix-script. 20190127 Safety: when maillog_file is specified, 'postfix check' now requires that the postlog service is enabled in master.cf. Otherwise 'postfix start' etc. will log a fatal error. File: conf/postfix-script. Documentation: added policy_context example. File: proto/SMTPD_POLICY_README.html. 20190128 Testing: run libtls tests under Valgrind. File tls/Makefile.in. 20190129 Safety: require that $maillog_file matches one of the pathname prefixes specified in $maillog_file_prefixes. The maillog file is created by root, and the prefixes limit the damage from a single configuration error. Files: global/mail_params.[hc], global/maillog_client.c. 20191201 Feature: "postfix logrotate" command with configurable compression program and datestamp filename suffix. File: conf/postfix-script. 20190202 Cleanup: log a warning when the client sends a malformed SNI; log an info message when the client sends a valid SNI that does not match the SNI lookup tables; update the FORWARD_SECRECY_README logging examples. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, tls/tls.h, tls/tls_client.c, tls/tls_misc.c. 20190208 Debugging: the master(8) daemon now logs a warning if a master.cf entry is defined multiple times. File: src/master/master_conf.c. 20190209 Debugging: tlsproxy(8) now logs more details about unexpected configuration differences between the Postfix SMTP client and the tlsproxy(8) daemon. 20190210 Documentation: Postfix 3.4.0 RELEASE NOTES. Documentation: added BDAT_README. Documentation: global TLS settings. Files: mantools/postlink, smtp/smtp.c, tlsproxy/tlsproxy.c. 20190211 Cleanup: removed obsolete parameters: tls_dane_digest_agility, tls_dane_trust_anchor_digest_enable; removed openssl_path parameter from configuration difference checks in tlsproxy. Files: global/mail_params.h, tls/tls_misc.c, tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h. 20190212 Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c, posttls-finger/posttls-finger.c. 20190217 Cleanup: when the master daemon runs with PID=1 (init mode), reap orhpan processes from non-Postfix code running in the same container, instead of terminating with a panic. File: master/master_spawn.c. 20190218 Bugfix: tlsproxy did not enable DANE-style PKI because libtls seems to have to accreted multiple init functions instead of reusing the tls_client_init() and tls_client_start() API. And some functions that do initialization don't even have init in their name! Problem report by Andreas Schulze. Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c. Workaround: Postfix libtls makes DANE-specific changes to the shared SSL_CTX. To avoid false sharing, tlsproxy needs to label the SSL_CTX cache with DANE bits until we can remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c. Cleanup: Postfix libtls changed the shared SSL_CTX to override ciphers. instead of changing the SSL handle. To avoid false sharing in tlsproxy, the changes are now made to the SSL handle. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c. 20190219 Bugfix: in the Postfix SMTP client, TLS wrappermode was not tested in tlsproxy mode. It needed some setup for buffering and timeouts. Problem report by Andreas Schulze. File: smtp/smtp_proto.c. 20190304 Bugfix: a reversed test broke TLS configurations that specify the same filename for a private key and certificate. Reported by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the test. Files: tls/tls_certkey.c, tls/Makefile.in. 20190310 Bitrot: LINUX5s support, after some sanity checks with a rawhide prerelease version. Files: makedefs, util/sys_defs.h. Bugfix (introduced: 20181226): broken DANE trust anchor file support, caused by left-over debris from the 20181226 TLS library overhaul. By intrigeri. File: tls/tls_dane.c. Bugfix (introduced: Postfix-1.0.1): null pointer read, while logging a warning after a corrupted bounce log file. File: global/bounce_log.c. Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c 20190312 Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, does the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. 20190319 With message_size_limit=0 (which is NOT DOCUMENTED), BDAT chunks were always rejected as too large. File: smtpd/smtpd.c 20190328 Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. 20190331 Documentation: tlsext_padding is not a tls_ssl_options feature. File: proto/postconf.proto. 20190401 Portability: added "#undef sun" to util/unix_dgram_connect.c. 20190403 Bugfix (introduced: Postfix 2.3): a censoring filter broke multiline Milter responses for header/body events. Problem report by Andreas Thienemann. Files: util/printable.c, util/stringops.h, smtpd/smtpd.c Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit = 0" no longer meant 'unlimited'. Problem report by Luc Pardon. File: smtp/smtp_addr.c. 20190615 Documentation: updated the BUGS section in the smtp(8) manpage about TLS connection reuse. File: smtp/smtp.c. Workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for the TLS peer to respond to a TLS 'close' request. This is recommended with TLSv1.0 and later. Files: global/mail_params.h, tls/tls_session.c, and documentation. 20190621 Bugfix (introduced: Postfix 3.0): the code to reset Postfix SMTP server command counts was not called after a HaProxy handshake failure, causing stale numbers to be reported. The command counts are now reset in the function that reports the counts. File: smtpd/smtpd.c. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.40 2017/06/23 19:18:07 maya Exp $ d10 3 a12 1 --- makedefs.orig 2019-03-10 23:42:59.000000000 +0000 d14 1 a14 1 @@@@ -298,6 +298,15 @@@@ case "$SYSTEM.$RELEASE" in d30 1 a30 1 @@@@ -326,25 +335,7 @@@@ case "$SYSTEM.$RELEASE" in d57 1 a57 1 @@@@ -423,13 +414,6 @@@@ case "$SYSTEM.$RELEASE" in d71 1 a71 1 @@@@ -471,33 +455,8 @@@@ case "$SYSTEM.$RELEASE" in d105 1 a105 1 @@@@ -597,24 +556,6 @@@@ EOF d130 1 a130 1 @@@@ -645,26 +586,14 @@@@ EOF d157 1 a157 1 @@@@ -706,12 +635,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d172 18 @ 1.40 log @Make NetBSD support version agnostic. Checks are against __NetBSD__Version__ anyway. Fixes NetBSD 8.99.1 build @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.39 2017/04/24 20:11:40 fhajny Exp $ d8 1 a8 1 3) Add support for FreeBSD 11 & 12. d10 1 a10 1 --- makedefs.orig 2017-02-12 15:32:10.000000000 +0000 d12 1 a12 1 @@@@ -284,6 +284,24 @@@@ case "$SYSTEM.$RELEASE" in a15 9 + FreeBSD.11*) SYSTYPE=FREEBSD11 + : ${CC=cc} + : ${SHLIB_SUFFIX=.so} + : ${SHLIB_CFLAGS=-fPIC} + : ${SHLIB_LD="${CC} -shared"' -Wl,-soname,${LIB}'} + : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC} -shared"} + ;; d28 1 a28 1 @@@@ -312,25 +330,7 @@@@ case "$SYSTEM.$RELEASE" in d55 1 a55 1 @@@@ -409,13 +409,6 @@@@ case "$SYSTEM.$RELEASE" in d69 1 a69 1 @@@@ -457,33 +450,8 @@@@ case "$SYSTEM.$RELEASE" in d103 1 a103 27 @@@@ -544,25 +512,6 @@@@ EOF : ${PLUGIN_LD="${CC-gcc} -shared"} ;; Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR - case "$CCARGS" in - *-DNO_DB*) ;; - *-DHAS_DB*) ;; - *) if [ -f /usr/include/db.h ] - then - : we are all set - elif [ -f /usr/include/db/db.h ] - then - CCARGS="$CCARGS -I/usr/include/db" - else - # On a properly installed system, Postfix builds - # by including and by linking with -ldb - echo "No include file found." 1>&2 - echo "Install the appropriate db*-devel package first." 1>&2 - exit 1 - fi - SYSLIBS="-ldb" - ;; - esac for name in nsl resolv do for lib in /usr/lib64 /lib64 /usr/lib /usr/lib/* /lib /lib/* @@@@ -583,24 +532,6 @@@@ EOF d128 1 a128 1 @@@@ -631,26 +562,14 @@@@ EOF d155 1 a155 1 @@@@ -692,12 +611,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 a169 11 @@@@ -778,8 +697,8 @@@@ esac # case "$CCARGS" in *-DNO_EAI*) CCARGS="$CCARGS "'-DDEF_SMTPUTF8_ENABLE=\"no\"';; - *) icu_cppflags=`(icu-config --cppflags) 2>/dev/null` && { - icu_ldflags=`(icu-config --ldflags) 2>/dev/null` && { + *) icu_cppflags=`(pkg-config --cflags icu-i18n) 2>/dev/null` && { + icu_ldflags=`(pkg-config --libs icu-i18n) 2>/dev/null` && { trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15 cat >makedefs.test.c <<'EOF' #include @ 1.39 log @Update mail/postfix to 3.2.0. - Elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter tls_eecdh_auto_curves with the names of curves that may be negotiated. - Stored-procedure support for MySQL databases. - Cidr: table support for if/endif and negation (by prepending ! to a pattern), just like regexp: and pcre: tables. See the cidr_table(5) manpage for details. - The postmap command and the inline: and texthash: maps now support spaces in left-hand field of lookup table source text. Use double quotes (") around a left-hand field that contains spaces, and use backslash (\) to protect quotes in a left-hand field. - Support for per-client Milter configuration (smtpd_milter_maps) that overrides the main.cf smtpd_milters setting, and that has the same syntax. A lookup result of "DISABLE" turns off Milter support for that client. - The local SMTP server IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). - For safety reasons, the Postfix sendmail -C option must specify an authorized directory: the default configuration directory, a directory that is listed in the default main.cf file with alternate_config_directories or multi_instance_directories, otherwise the command must be invoked with root privileges. This mitigates a recurring "jail break" problem with the PHP mail() function. - "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar to "IGNORE" but also logs the action, and "PASS" disables header, body, and Milter inspection for the remainder of the message content. - The collate.pl script by Viktor Dukhovni for grouping Postfix logfile records into "sessions" based on queue ID and process ID information, in the auxiliary/collate directory of the Postfix source tree. Disabled or removed behavior: - SMTPUTF8 support: Postfix 3.2 disables the 'transitional' compatibility between the IDNA2003 and IDNA2008 standards for internationalized domain names (domain names beyond the limits of US-ASCII). This makes Postfix behavior consistent with contemporary web browsers. - Postfix 3.2 removes tentative features that were implemented before the DANE spec was finalized: support for certificate usage PKIX-EE(1), the ability to disable digest agility, and the ability to disable support for "TLSA 2 [01] [12]" records that specify the digest of a trust anchor. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.38 2017/04/11 09:33:30 adam Exp $ d37 1 a37 2 @@@@ -321,6 +339,12 @@@@ case "$SYSTEM.$RELEASE" in NetBSD.4*) SYSTYPE=NETBSD4 d39 1 a39 7 NetBSD.5*) SYSTYPE=NETBSD5 + : ${SHLIB_SUFFIX=.so} + : ${SHLIB_CFLAGS=-fPIC} + : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} + : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC-gcc} -shared"} d41 20 a60 1 NetBSD.6*) SYSTYPE=NETBSD6 d62 3 a64 1 @@@@ -409,13 +433,6 @@@@ case "$SYSTEM.$RELEASE" in d78 1 a78 1 @@@@ -457,33 +474,8 @@@@ case "$SYSTEM.$RELEASE" in d112 1 a112 1 @@@@ -544,25 +536,6 @@@@ EOF d138 1 a138 1 @@@@ -583,24 +556,6 @@@@ EOF d163 1 a163 1 @@@@ -631,26 +586,14 @@@@ EOF d190 1 a190 1 @@@@ -692,12 +635,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d205 1 a205 1 @@@@ -778,8 +721,8 @@@@ esac @ 1.38 log @Fix installation on Darwin: LD_LIBRARY_PATH is not propagated when set with env, e.g.: env LD_LIBRARY_PATH=path/to/lib ./script.sh will not work (other variable names work correctly). @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.37 2016/11/04 17:10:10 sevan Exp $ d10 1 a10 1 --- makedefs.orig 2016-08-20 00:08:42.000000000 +0000 d12 1 a12 1 @@@@ -272,6 +272,24 @@@@ case "$SYSTEM.$RELEASE" in d37 1 a37 1 @@@@ -309,6 +327,12 @@@@ case "$SYSTEM.$RELEASE" in d50 1 a50 1 @@@@ -389,13 +413,6 @@@@ case "$SYSTEM.$RELEASE" in d64 1 a64 1 @@@@ -437,33 +454,8 @@@@ case "$SYSTEM.$RELEASE" in d98 1 a98 1 @@@@ -524,25 +516,6 @@@@ EOF d124 1 a124 1 @@@@ -563,24 +536,6 @@@@ EOF d149 1 a149 1 @@@@ -611,25 +566,13 @@@@ EOF d152 1 a152 1 CCARGS="$CCARGS -DMISSING_USLEEP" d161 1 d176 1 a176 1 @@@@ -671,12 +614,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 d191 1 a191 1 @@@@ -757,8 +700,8 @@@@ esac d194 1 a194 1 *-DNO_EAI*) ;; @ 1.37 log @Add support for FreeBSD 11 & 12 via FreeBSD ports. @ text @d1 1 a1 1 $NetBSD$ d175 15 @ 1.37.4.1 log @Pullup ticket #5267 - requested by sevan mail/postfix: build fix Revisions pulled up: - mail/postfix/Makefile 1.294 - mail/postfix/distinfo 1.169 - mail/postfix/patches/patch-aa 1.25 - mail/postfix/patches/patch-ai 1.38 --- Module Name: pkgsrc Committed By: adam Date: Tue Apr 11 09:33:30 UTC 2017 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix/patches: patch-aa patch-ai Log Message: Fix installation on Darwin: LD_LIBRARY_PATH is not propagated when set with env, e.g.: env LD_LIBRARY_PATH=path/to/lib ./script.sh will not work (other variable names work correctly). @ text @a174 15 @@@@ -671,12 +614,12 @@@@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5 esac : ${SHLIB_CFLAGS=-fPIC} : ${SHLIB_SUFFIX=.dylib} - : ${SHLIB_LD='cc -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup -Wl,-install_name,@@rpath/${LIB}'} + : ${SHLIB_LD='${CC} -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup -Wl,-install_name,@@rpath/${LIB}'} : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} # In MacOS/X 10.11.x /bin/sh unsets DYLD_LIBRARY_PATH, so we # have export it into postfix-install indirectly! : ${SHLIB_ENV="DYLD_LIBRARY_PATH=`pwd`/lib SHLIB_ENV_VAR=DYLD_LIBRARY_PATH SHLIB_ENV_VAL=`pwd`/lib"} - : ${PLUGIN_LD='cc -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup'} + : ${PLUGIN_LD='${CC} -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup'} ;; dcosx.1*) SYSTYPE=DCOSX1 RANLIB=echo @ 1.36 log @postfix: use pkgconfig instead of icu-config to find icu cflags and ldflags. should help PR pkg/51354: mail/postfix eai option does not work because of test in makedef. bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.35 2016/03/23 12:55:18 gdt Exp $ d8 2 d12 26 a37 1 @@@@ -309,6 +309,12 @@@@ case "$SYSTEM.$RELEASE" in d50 1 a50 1 @@@@ -389,13 +395,6 @@@@ case "$SYSTEM.$RELEASE" in d64 1 a64 1 @@@@ -437,33 +436,8 @@@@ case "$SYSTEM.$RELEASE" in d98 1 a98 1 @@@@ -524,25 +498,6 @@@@ EOF d124 1 a124 1 @@@@ -563,24 +518,6 @@@@ EOF d149 1 a149 1 @@@@ -611,25 +548,13 @@@@ EOF d175 1 a175 1 @@@@ -757,8 +682,8 @@@@ esac @ 1.35 log @Fix netbsd-5 build by defining shlib methods Very surprisingly, postfix's build hard-codes shared library behavior in a giant case statement not only per OS but per version, essentially open-coding libtool while not being complete. This commit copies the netbsd-6 flags to netbsd-5, as a minimal change during the freeze to let this build on netbsd-5 (where it then works fine). @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.34 2015/09/07 09:47:01 fhajny Exp $ d8 1 a8 1 --- makedefs.orig 2015-07-19 14:24:25.000000000 +0000 d10 1 a10 1 @@@@ -292,6 +292,12 @@@@ case "$SYSTEM.$RELEASE" in d23 1 a23 1 @@@@ -372,13 +378,6 @@@@ case "$SYSTEM.$RELEASE" in d37 1 a37 1 @@@@ -416,33 +415,8 @@@@ case "$SYSTEM.$RELEASE" in d71 1 a71 1 @@@@ -503,25 +477,6 @@@@ EOF d97 1 a97 1 @@@@ -542,24 +497,6 @@@@ EOF d122 1 a122 1 @@@@ -590,25 +527,13 @@@@ EOF d148 11 @ 1.34 log @Update mail/postfix to 3.0.2. Database and regexp map functionality is now split into separate packages: - postfix-cdb - postfix-ldap - postfix-lmdb - postfix-mysql - postfix-pcre - postfix-pgsql - postfix-sqlite Upstream changelog follows. Postfix 3.0.2 ------------- No delta against 2.11.6. Postfix 3.0.1 ------------- - Build error when compiling the Postfix SMTP server with SASL support but no TLS support. - The DNS "resource record to text" converter, used for xxx_dns_reply_filter pattern matching, appended a '.' to TXT record resource values. - The postscreen(8) manpage specified an incorrect Postfix version number for the postscreen_dnsbl_timeout parameter. - The postfix-install script expanded macros in parameter values when trying to detect parameter overrides, causing unnecessary main.cf updates during "postfix start" etc. - Some low-level cleanup of UTF-8 string handling with no visible change in behavior (besides better performance). Postfix 3.0.0 ------------- - SMTPUTF8 support for internationalized domain names and address localparts as defined in RFC 6530 and related documents. - Support for Postfix dynamically-linked libraries and database plugins. - An OPT-IN safety net for the selective adoption of new Postfix default settings. If you do nothing, the old Postfix default settings *should* remain in effect (complain to your downstream maintainer if that is not the case). - Support for operations on multiple lookup tables. The pipemap:{map1,map2...} database type implements a pipeline of lookup tables where the result from one lookup table becomes a query for the next table; the unionmap:{map1,map2,...} database type sends the @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.33 2015/07/22 00:25:37 taca Exp $ d3 4 a6 1 Make this pkgsrc friendly. d10 14 a23 1 @@@@ -372,13 +372,6 @@@@ case "$SYSTEM.$RELEASE" in d37 1 a37 1 @@@@ -416,33 +409,8 @@@@ case "$SYSTEM.$RELEASE" in d71 1 a71 1 @@@@ -503,25 +471,6 @@@@ EOF d97 1 a97 1 @@@@ -542,24 +491,6 @@@@ EOF d122 1 a122 1 @@@@ -590,25 +521,13 @@@@ EOF @ 1.33 log @Update postfix to 2.11.6, security release. With all supported Postfix releases, the default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any legitimate use today, and have instead become a vehicle for downgrade attacks. There are no other code changes. Postfix documentation has been updated to reflect the new default settings and their rationale; the RELEASE_NOTES give suggestions for how to enable the old ciphers and protocols if your infrastructure requires them. Finally, abandoning deprecated ciphers and protocols does not really improve TLS security without measures to better authenticate remote servers. Secure DNS and TLSA are steps in that direction. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.32 2014/08/25 16:00:54 taca Exp $ d5 1 a5 1 --- makedefs.orig 2015-07-19 14:24:10.000000000 +0000 d7 1 a7 10 @@@@ -187,6 +187,8 @@@@ case "$SYSTEM.$RELEASE" in ;; NetBSD.6*) SYSTYPE=NETBSD6 ;; + NetBSD.7*) SYSTYPE=NETBSD7 + ;; BSD/OS.2*) SYSTYPE=BSDI2 ;; BSD/OS.3*) SYSTYPE=BSDI3 @@@@ -244,13 +246,6 @@@@ case "$SYSTEM.$RELEASE" in d21 1 a21 1 @@@@ -288,33 +283,8 @@@@ case "$SYSTEM.$RELEASE" in d55 2 a56 2 @@@@ -368,25 +338,6 @@@@ EOF esac d81 1 a81 1 @@@@ -400,24 +351,6 @@@@ EOF d106 1 a106 1 @@@@ -448,25 +381,13 @@@@ EOF @ 1.32 log @Fix build on NetBSD 7.*. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.31 2014/02/09 05:34:13 taca Exp $ d5 1 a5 1 --- makedefs.orig 2014-01-16 19:49:11.000000000 +0000 d7 1 a7 1 @@@@ -182,6 +182,8 @@@@ case "$SYSTEM.$RELEASE" in d16 1 a16 1 @@@@ -239,13 +241,6 @@@@ case "$SYSTEM.$RELEASE" in d30 1 a30 1 @@@@ -283,33 +278,8 @@@@ case "$SYSTEM.$RELEASE" in d64 1 a64 1 @@@@ -363,25 +333,6 @@@@ EOF d67 1 a67 1 Linux.3*) SYSTYPE=LINUX3 d90 1 a90 1 @@@@ -395,24 +346,6 @@@@ EOF d115 1 a115 1 @@@@ -443,25 +376,13 @@@@ EOF @ 1.32.8.1 log @Pullup ticket #4780 - requested by taca mail/postfix: security update Revisions pulled up: - mail/postfix/Makefile 1.284 - mail/postfix/distinfo 1.160 - mail/postfix/patches/patch-ai 1.33 --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 22 00:25:37 UTC 2015 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix/patches: patch-ai Log Message: Update postfix to 2.11.6, security release. With all supported Postfix releases, the default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any legitimate use today, and have instead become a vehicle for downgrade attacks. There are no other code changes. Postfix documentation has been updated to reflect the new default settings and their rationale; the RELEASE_NOTES give suggestions for how to enable the old ciphers and protocols if your infrastructure requires them. Finally, abandoning deprecated ciphers and protocols does not really improve TLS security without measures to better authenticate remote servers. Secure DNS and TLSA are steps in that direction. @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- makedefs.orig 2015-07-19 14:24:10.000000000 +0000 d7 1 a7 1 @@@@ -187,6 +187,8 @@@@ case "$SYSTEM.$RELEASE" in d16 1 a16 1 @@@@ -244,13 +246,6 @@@@ case "$SYSTEM.$RELEASE" in d30 1 a30 1 @@@@ -288,33 +283,8 @@@@ case "$SYSTEM.$RELEASE" in d64 1 a64 1 @@@@ -368,25 +338,6 @@@@ EOF d67 1 a67 1 Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR d90 1 a90 1 @@@@ -400,24 +351,6 @@@@ EOF d115 1 a115 1 @@@@ -448,25 +381,13 @@@@ EOF @ 1.31 log @Update postfix to 2.11.0. Quote from release announce: The main changes in no particular order are: * Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. * Support for LMDB databases. Originally developed as part of OpenLDAP, LMDB is the first persistent Postfix database that can be shared among multiple writers such as postscreen daemons (Postfix already supported shared non-persistent memcached caches). Postfix currently requires LMDB version 0.9.11 or later. See LMDB_README for details and limitations. * A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. * The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. * Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '*/*/chroot = n'", and to change/add a "-o name=value" setting use "postconf -P smtp/inet/name = value". This was developed primarily to allow automated tools to manage Postfix systems without having to parse Postfix configuration files. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.30 2013/09/30 15:21:15 taca Exp $ d5 1 a5 1 --- makedefs.orig 2014-01-05 17:18:56.000000000 +0000 d7 10 a16 1 @@@@ -239,13 +239,6 @@@@ case "$SYSTEM.$RELEASE" in d30 1 a30 1 @@@@ -283,33 +276,8 @@@@ case "$SYSTEM.$RELEASE" in d64 1 a64 1 @@@@ -363,25 +331,6 @@@@ EOF d90 1 a90 1 @@@@ -395,24 +344,6 @@@@ EOF d115 1 a115 1 @@@@ -443,25 +374,13 @@@@ EOF @ 1.30 log @Update postfix package to 2.10.2. Here is brief changes. 2.10.2 * TLS Interoperability workaround: turn on SHA-2 digests by force. This improves interoperability with clients and servers that deploy SHA-2 digests without the required support for TLSv1.2-style digest negotiation. * TLS Performance workaround: the Postfix SMTP server TLS session cache had become ineffective because recent OpenSSL versions enable session tickets by default, resulting in a different ticket encryption key for each smtpd(8) process. The workaround turns off session tickets. Postfix 2.11 will enable session tickets properly. * TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail to communicate with Postfix and possibly other MTAs, with the following Exim SMTP client error message: TLS error on connection to server-name [server-address] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough) See the RELEASE_NOTES file for a Postfix SMTP server configuration workaround. * Bugfix (defect introduced: 1997): memory leak while forwarding mail with the local(8) delivery agent, in code that handles a cleanup(8) server error. 2.10.1 * Workaround: down-stream maintainers fail to install the new smtpd_relay_restrictions safety net, causing breakage that could have been avoided. We now hard-code the safety net instead. 2.10.0 * Separation of relay policy (with smtpd_relay_restrictions) from spam policy (with smtpd_{client, helo, sender, recipient}_restrictions), which makes accidental open relay configuration less likely. The default is backwards compatible. * HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands. * Support for the TLSv1 and TLSv2 protocols, as well as support to turn them off if needed for inter-operability. * Laptop-friendly configuration. By default, Postfix now uses UNIX-domain sockets instead of FIFOs, and thus avoids MTIME file system updates on an idle mail system. * Revised postconf(1) command. The "-x" option expands $name in a parameter value (both main.cf and master.cf); the "-o name=value" option overrides a main.cf parameter setting; and postconf(1) now warns about a $name that has no name=value setting. * Sendmail-style "socketmap" lookup tables. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.29 2013/09/06 14:08:18 taca Exp $ a3 1 Add support for NetBSD 5.x, NetBSD 6.x and DragonFly BSD. d5 1 a5 1 --- makedefs.orig 2013-02-04 01:33:13.000000000 +0000 d7 1 a7 21 @@@@ -155,6 +155,8 @@@@ case "$SYSTEM.$RELEASE" in ;; FreeBSD.9*) SYSTYPE=FREEBSD9 ;; + DragonFly.*) SYSTYPE=DRAGONFLY + ;; OpenBSD.2*) SYSTYPE=OPENBSD2 ;; OpenBSD.3*) SYSTYPE=OPENBSD3 @@@@ -173,6 +175,10 @@@@ case "$SYSTEM.$RELEASE" in ;; NetBSD.4*) SYSTYPE=NETBSD4 ;; + NetBSD.5*) SYSTYPE=NETBSD5 + ;; + NetBSD.6*) SYSTYPE=NETBSD6 + ;; BSD/OS.2*) SYSTYPE=BSDI2 ;; BSD/OS.3*) SYSTYPE=BSDI3 @@@@ -226,13 +232,6 @@@@ case "$SYSTEM.$RELEASE" in d21 1 a21 1 @@@@ -270,31 +269,8 @@@@ case "$SYSTEM.$RELEASE" in d27 1 d34 1 d55 1 a55 1 @@@@ -348,24 +324,6 @@@@ EOF d61 1 d81 1 a81 1 @@@@ -379,24 +337,6 @@@@ EOF d84 1 a84 1 SYSTYPE=GNU0 d106 1 a106 1 @@@@ -427,25 +367,13 @@@@ EOF @ 1.29 log @Update postfix to 2.9.8. Changes: 2.9.8 * TLS Interoperability workaround: turn on SHA-2 digests by force. This improves interoperability with clients and servers that deploy SHA-2 digests without the required support for TLSv1.2-style digest negotiation. * TLS Performance workaround: the Postfix SMTP server TLS session cache had become ineffective because recent OpenSSL versions enable session tickets by default, resulting in a different ticket encryption key for each smtpd(8) process. The workaround turns off session tickets. Postfix 2.11 will enable session tickets properly. * TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail to communicate with Postfix and possibly other MTAs, with the following Exim SMTP client error message: TLS error on connection to server-name [server-address] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough) See the RELEASE_NOTES file for a Postfix SMTP server configuration workaround. * Bugfix (defect introduced: 1997): memory leak while forwarding mail with the local(8) delivery agent, in code that handles a cleanup(8) server error. 2.9.7 * Bugfix (introduced: Postfix 2.0): when myhostname is not listed in mydestination, the trivial-rewrite resolver may log "do not list in both mydestination and ". The fix is to re-resolve a domain-less address after adding $myhostname as the surrogate domain, so that it pops out with the right address-class label. Reported by Quanah Gibson-Mount. * Bugfix (introduced: Postfix 2.3): don't reuse TCP connections when smtp_tls_policy_maps is specified. TLS policies may depend on the remote destination, but the Postfix <2.11 SMTP connection cache client does not distinguish between different destinations that resolve to the same IP address. Victor Duchovni. Found during Postfix 2.11 code maintenance. * Bugfix (introduced: Postfix 2.2): don't reuse TCP connections when SASL authentication is enabled. SASL passwords may depend on the remote SMTP server hostname, but the Postfix <2.11 SMTP connection cache client does not distinguish between different hostnames that resolve to the same IP address. Found during Postfix 2.11 code maintenance. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.28 2012/12/13 16:23:14 taca Exp $ d6 1 a6 1 --- makedefs.orig 2012-11-29 23:53:34.000000000 +0000 d28 1 a28 1 @@@@ -225,13 +231,6 @@@@ case "$SYSTEM.$RELEASE" in d42 1 a42 1 @@@@ -269,25 +268,8 @@@@ case "$SYSTEM.$RELEASE" in d46 4 a49 1 - SYSLIBS="-ldb" d52 19 a70 24 - # Postfix no longer needs DB 1.85 compatibility - if [ -f /usr/include/db.h ] - then - : we are all set - elif [ -f /usr/include/db/db.h ] - then - CCARGS="$CCARGS -I/usr/include/db" - else - # No, we're not going to try db1 db2 db3 etc. - # On a properly installed system, Postfix builds - # by including and by linking with -ldb - echo "No include file found." 1>&2 - echo "Install the appropriate db*-devel package first." 1>&2 - echo "See the RELEASE_NOTES file for more information." 1>&2 - exit 1 - fi # GDBM locks the DBM .pag file after open. This breaks postmap. # if [ -f /usr/include/gdbm-ndbm.h ] # then @@@@ -298,7 +280,6 @@@@ case "$SYSTEM.$RELEASE" in # CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H=''" # GDBM_LIBS=gdbm # fi - SYSLIBS="-ldb" d74 51 a124 1 @@@@ -427,25 +408,13 @@@@ EOF @ 1.28 log @Update postfix to 2.8.13. Postfix 2.8 and later: * The postscreen_access_list feature failed to ignore case in the first character of a command (e.g., permit, reject, etc.). Reported by Francis Picabia. (This fix is incorrectly listed in the HISTORY files of earlier releases, and will be removed with a future patch.) All supported releases: * Strip the datalink suffix (e.g., %eth0) from IPv6 addresses returned by the system getaddrinfo() routine. Such suffixes break the default mynetworks value, the Postfix SMTP server's reverse/forward DNS name/address mapping check, and possibly more. * To eliminate the possibility of collisions with connection cache lookup keys, the Postfix LDAP client now computes those lookup keys by joining the number-valued connection properties with ASCII null, just like it already did with the string-valued connection properties. * There was a memory leak during one-time TLS library initialization (introduced with Postfix 2.5). Reported by Coverity. * There was a memory leak in the unused oqmgr(8) program (introduced with Postfix 2.3). Reported by Coverity. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.27 2012/02/27 03:01:30 taca Exp $ d6 1 a6 1 --- makedefs.orig 2012-12-12 22:49:32.000000000 +0000 d8 1 a8 1 @@@@ -148,6 +148,8 @@@@ case "$SYSTEM.$RELEASE" in d17 1 a17 1 @@@@ -166,6 +168,10 @@@@ case "$SYSTEM.$RELEASE" in d28 1 a28 1 @@@@ -218,13 +224,6 @@@@ case "$SYSTEM.$RELEASE" in d42 1 a42 1 @@@@ -262,25 +261,8 @@@@ case "$SYSTEM.$RELEASE" in d68 1 a68 1 @@@@ -291,7 +273,6 @@@@ case "$SYSTEM.$RELEASE" in d76 1 a76 1 @@@@ -420,25 +401,13 @@@@ EOF @ 1.27 log @Build fix for NetBSD 6.0_BETA. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.26 2010/02/25 13:01:23 martti Exp $ d6 1 a6 1 --- makedefs.orig 2011-11-02 23:46:22.000000000 +0000 d8 1 a8 1 @@@@ -146,6 +146,8 @@@@ case "$SYSTEM.$RELEASE" in d10 1 a10 1 FreeBSD.8*) SYSTYPE=FREEBSD8 d12 1 a12 1 + DragonFly.*) SYSTYPE=DRAGONFLY d17 1 a17 1 @@@@ -164,6 +166,10 @@@@ case "$SYSTEM.$RELEASE" in d28 1 a28 1 @@@@ -216,13 +222,6 @@@@ case "$SYSTEM.$RELEASE" in d42 1 a42 1 @@@@ -260,25 +259,8 @@@@ case "$SYSTEM.$RELEASE" in d68 1 a68 1 @@@@ -289,7 +271,6 @@@@ case "$SYSTEM.$RELEASE" in d76 1 a76 1 @@@@ -418,25 +399,13 @@@@ EOF @ 1.26 log @Updated mail/postfix to 2.7.0 Postfix stable release 2.7.0 is available. For the past several releases, the focus has moved towards improving the code and documentation, and updating the system for changing environments. - Improved before-queue content filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. Typically, this allows Postfix to handle the same mail load with fewer content filter processes. - Improved address verification performance. The verify database is now persistent by default, and it is automatically cleaned periodically, Under overload conditions, the Postfix SMTP server no longer waits up to 6 seconds for an address probe to complete. - Support for reputation management based on the local SMTP client IP address. This is typically implemented with "FILTER transportname:" actions in access maps or header/body checks, and mail delivery transports in master.cf with unique smtp_bind_address values. - The postscreen daemon (a zombie-blocker in front of Postfix) is still too rough for a stable release, and will be made "mature" in the Postfix 2.8 development cycle (however you can use Postfix 2.7 with the Postfix 2.8 postscreen and dnsblog executables and master.cf configuration; this code has already proven itself). No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations. You can find Postfix version 2.7.0 at the mirrors listed at http://www.postfix.org/ The same code is also available as Postfix snapshot 2.8-20100213. Updated versions of Postfix version 2.6, 2.5 and perhaps earlier will be released with the same fixes that were already included with Postfix versions 2.7 and 2.8. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.25 2009/05/13 10:33:23 martti Exp $ d4 1 a4 1 Add support for NetBSD 5.x and DragonFly BSD. d6 3 a8 3 --- makedefs.orig 2010-02-03 22:58:58.000000000 +0200 +++ makedefs 2010-02-25 14:48:50.000000000 +0200 @@@@ -146,6 +146,8 @@@@ d17 1 a17 1 @@@@ -162,6 +164,8 @@@@ d23 2 d28 1 a28 1 @@@@ -214,13 +218,6 @@@@ d42 1 a42 1 @@@@ -252,25 +249,8 @@@@ d68 1 a68 1 @@@@ -281,7 +261,6 @@@@ d76 1 a76 1 @@@@ -383,25 +362,13 @@@@ @ 1.26.16.1 log @Pullup ticket #3691 - requested by tron mail/postfix: build fix Revisions pulled up: - mail/postfix/distinfo 1.141 - mail/postfix/patches/patch-ag 1.33 - mail/postfix/patches/patch-ai 1.27 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Feb 27 03:01:30 UTC 2012 Modified Files: pkgsrc/mail/postfix: distinfo pkgsrc/mail/postfix/patches: patch-ag patch-ai Log Message: Build fix for NetBSD 6.0_BETA. To generate a diff of this commit: cvs rdiff -u -r1.140 -r1.141 pkgsrc/mail/postfix/distinfo cvs rdiff -u -r1.32 -r1.33 pkgsrc/mail/postfix/patches/patch-ag cvs rdiff -u -r1.26 -r1.27 pkgsrc/mail/postfix/patches/patch-ai @ text @d1 1 a1 1 $NetBSD$ d4 1 a4 1 Add support for NetBSD 5.x, NetBSD 6.x and DragonFly BSD. d6 3 a8 3 --- makedefs.orig 2011-11-02 23:46:22.000000000 +0000 +++ makedefs @@@@ -146,6 +146,8 @@@@ case "$SYSTEM.$RELEASE" in d17 1 a17 1 @@@@ -164,6 +166,10 @@@@ case "$SYSTEM.$RELEASE" in a22 2 + NetBSD.6*) SYSTYPE=NETBSD6 + ;; d26 1 a26 1 @@@@ -216,13 +222,6 @@@@ case "$SYSTEM.$RELEASE" in d40 1 a40 1 @@@@ -260,25 +259,8 @@@@ case "$SYSTEM.$RELEASE" in d66 1 a66 1 @@@@ -289,7 +271,6 @@@@ case "$SYSTEM.$RELEASE" in d74 1 a74 1 @@@@ -418,25 +399,13 @@@@ EOF @ 1.25 log @Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.24 2008/11/03 00:47:17 taca Exp $ d6 3 a8 3 --- makedefs.orig 2009-05-12 00:26:46.000000000 +0300 +++ makedefs 2009-05-13 12:26:34.000000000 +0300 @@@@ -144,6 +144,8 @@@@ d10 1 a10 1 FreeBSD.7*) SYSTYPE=FREEBSD7 d17 1 a17 1 @@@@ -160,6 +162,8 @@@@ d26 1 a26 1 @@@@ -212,13 +216,6 @@@@ d40 1 a40 1 @@@@ -250,25 +247,8 @@@@ d66 1 a66 1 @@@@ -279,7 +259,6 @@@@ d74 1 a74 1 @@@@ -372,25 +351,13 @@@@ @ 1.24 log @Make it build on NetBSD current (and NetBSD 5.x). @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.23 2008/09/17 13:21:19 joerg Exp $ d6 3 a8 3 --- makedefs.orig 2008-01-16 05:20:24.000000000 +0900 +++ makedefs @@@@ -132,6 +132,8 @@@@ case "$SYSTEM.$RELEASE" in d17 1 a17 1 @@@@ -148,6 +150,8 @@@@ case "$SYSTEM.$RELEASE" in d26 1 a26 1 @@@@ -198,13 +202,6 @@@@ case "$SYSTEM.$RELEASE" in d40 1 a40 1 @@@@ -236,25 +233,8 @@@@ case "$SYSTEM.$RELEASE" in d66 1 a66 1 @@@@ -265,7 +245,6 @@@@ case "$SYSTEM.$RELEASE" in d74 1 a74 1 @@@@ -360,25 +339,13 @@@@ EOF @ 1.23 log @Support newer DragonFly versions. From PR 39148. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.22 2008/09/04 08:25:20 martti Exp $ d4 1 d6 3 a8 3 --- makedefs.orig 2007-08-19 14:28:11.000000000 +0000 +++ makedefs 2007-10-22 05:50:31.000000000 +0000 @@@@ -132,6 +132,8 @@@@ d17 10 a26 1 @@@@ -198,13 +200,6 @@@@ d40 1 a40 1 @@@@ -236,25 +231,8 @@@@ d66 1 a66 1 @@@@ -265,7 +243,6 @@@@ d74 1 a74 1 @@@@ -360,25 +337,13 @@@@ @ 1.22 log @Updated mail/postfix to 2.5.5 Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a denial of service attack by a local user. There is no breach of data confidentiality or data integrity. This problem was found by the Postfix author during routine source code maintenance. An on-line version of this announcement is available at http://www.postfix.org/announcements/20080902.html @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.21 2008/02/18 17:45:34 ghen Exp $ d11 1 a11 1 + DragonFly.1*) SYSTYPE=FREEBSD4 @ 1.21 log @Update Postfix to version 2.5.1 (ok martti). Major changes over 2.4.x are: - TLS (SSL) support was streamlined further, and provides a new security level based on certificate fingerprints instead of CA signatures. See TLS_README for details. - Milter support was updated from the Sendmail 8.13 feature set and now includes most of the features that were introduced with Sendmail 8.14. See MILTER_README for details. - Stress-adaptive configuration was introduced. This allows the Postfix SMTP server to temporarily adjust its rules under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. [pkgsrc: this obsoletes the "postfix-stress" option which provided the same functionality via a distribution patch] - The queue manager scheduler was refined. It now provides per-transport scheduling controls and allows for adjustment of the sensitivity to mail delivery (non-)errors. See SCHEDULER_README. - Security was improved by introducing a Postfix-owned data_directory for storage of randomness, caches and other non-queue data. This change avoids future security loopholes due to untrusted data sitting in root-owned files or in root-owned directories. Writes to legacy files in root-owned directories are automatically redirected to files in the new data_directory. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations. @ text @d1 3 a3 1 $NetBSD: patch-ai,v 1.19 2007/10/22 06:15:56 martti Exp $ @ 1.21.6.1 log @Pullup ticket 2518 - requested by martti security update for postfix - pkgsrc/mail/postfix/Makefile 1.219, 1.220 - pkgsrc/mail/postfix/distinfo 1.119 - pkgsrc/mail/postfix/patches/patch-aa 1.21 - pkgsrc/mail/postfix/patches/patch-ag 1.25 - pkgsrc/mail/postfix/patches/patch-ai 1.22 - pkgsrc/mail/postfix-current/Makefile 1.100, 1.101 - pkgsrc/mail/postfix-current/distinfo 1.46 - pkgsrc/mail/postfix-current/patches/patch-aa 1.19 - pkgsrc/mail/postfix-current/patches/patch-ag 1.17 - pkgsrc/mail/postfix-current/patches/patch-ai 1.20 Module Name: pkgsrc Committed By: ghen Date: Fri Aug 22 20:29:55 UTC 2008 Modified Files: pkgsrc/mail/postfix: Makefile pkgsrc/mail/postfix-current: Makefile Log Message: Add some (http) mirrors. --- Module Name: pkgsrc Committed By: martti Date: Thu Sep 4 08:25:20 UTC 2008 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix/patches: patch-aa patch-ag patch-ai Log Message: Updated mail/postfix to 2.5.5 Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a denial of service attack by a local user. There is no breach of data confidentiality or data integrity. This problem was found by the Postfix author during routine source code maintenance. An on-line version of this announcement is available at http://www.postfix.org/announcements/20080902.html --- Module Name: pkgsrc Committed By: martti Date: Thu Sep 4 08:25:31 UTC 2008 Modified Files: pkgsrc/mail/postfix-current: Makefile distinfo pkgsrc/mail/postfix-current/patches: patch-aa patch-ag patch-ai Log Message: Updated mail/postfix-current to 2.6.20080903 Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a denial of service attack by a local user. There is no breach of data confidentiality or data integrity. This problem was found by the Postfix author during routine source code maintenance. An on-line version of this announcement is available at http://www.postfix.org/announcements/20080902.html @ text @d1 1 a1 3 $NetBSD: patch-ai,v 1.21 2008/02/18 17:45:34 ghen Exp $ Make this pkgsrc friendly. @ 1.20 log @Updated mail/postfix to 2.4.0 The footprint of new features with Postfix 2.4.0 is significantly smaller than with earlier releases. And that is the whole point of approaching completeness: fewer visible changes. Below is a brief summary of what has changed. See the RELEASE_NOTES file for more, including compatibility issues that may affect your site. The HISTORY file gives a blow-by-blow account of what happened over the past year. Wietse - Postfix can now manage thousands of connections without needing special main.cf, master.cf, or compile-time tweaks, on systems with BSD kqueue, Solaris /dev/poll, or Linux epoll support. - Milter support for message body replacement. The resulting queue files are backwards compatible with Postfix 2.3. The existing Milter support for message header manipulations was revised and is now implemented by much simpler code. - Minor improvements in TLS session cache management and in the implementation of certificate fingerprint based authentication. A more extensive revision of TLS internals will appear first in Postfix 2.5 snapshots. - Improvements in queue manager performance when deferring large amounts of mail, or when delivering mail with lots of recipients. - Workarounds for SMTP servers that reply and hang up prematurely, for file system clocks that are out of sync, and for broken kernel lock management in POP servers. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.19 2006/11/07 07:08:26 martti Exp $ d3 3 a5 3 --- makedefs.orig 2007-03-24 15:30:18.000000000 +0200 +++ makedefs 2007-04-03 08:51:47.000000000 +0300 @@@@ -130,6 +130,8 @@@@ d7 1 a7 1 FreeBSD.6*) SYSTYPE=FREEBSD6 d14 1 a14 1 @@@@ -196,13 +198,6 @@@@ d28 1 a28 1 @@@@ -234,25 +229,8 @@@@ d54 1 a54 1 @@@@ -263,7 +241,6 @@@@ d62 1 a62 1 @@@@ -332,25 +309,13 @@@@ @ 1.19 log @Updated mail/postfix to 2.3.4 Postfix 2.3 Patch 04 fixes minor problems as detailed in the change history below. The patch as well as complete source code tarballs were uploaded last week to the mirrors listed at http://www.postfix.org/ 20060831 Bugfix (introduced with initial implementation): missing "dict_errno = 0" caused mis-leading error messages after non-error lookup failure. Victor Duchovni. File: util/dict_cidr.c. Robustness: the default TLS cipher lists were changed from !foo:ALL into ALL:!foo. Victor Duchovni. Files: global/mail_params.h and documentation. 20060902 Bugfix (introduced Postfix 2.3): the LMTP client stripped "inet": from the next-hop destination, but still used the complete next-hop from the delivery request. File: smtp/smtp_connect.c. 20060903 Cleanup: record loop detection. File: global/record.c. 20060929 Workaround: AIX 5.[1-3] getaddrinfo() creates socket address structures with a non-zero port value. This breaks the smtp_bind_address etc. features, and breaks inet_interfaces settings with only one IP address. Problem reported by Hamish Marson. Files: util/sock_addr.[hc], util/myaddrinfo.c. Bugfix (introduced with the Postfix TLS patch): memory leak in verify_extract_peer(). The OpenSSL documentation provides no information on how subjectAltNames are managed. Sam Rushing, ironport. File: tls/tls_client.c. Bugfix (introduced with Postfix 2.2): smtp_generic_maps turned on MIME conversion. File: smtp/smtp_proto.c. Workaround: don't send SIZE information in the MAIL FROM command when message content will be subject to 8bit -> quoted-printable conversion. File: smtp/smtp_proto.c. 20061002 Compatibility: Sendmail now invokes the Milter connect action with the verified hostname instead of the name obtained with PTR lookup. File: smtpd/smtpd.c. 20061004 Cleanup: force space between mailq queueid+status and file size items. File: showq/showq.c. 20061015 Cleanup: convert the Milter {mail_addr} and {rcpt_addr} macro values to external form. File: smtpd/smtpd_milter.c. Cleanup: the Milter {mail_addr} and {rcpt_addr} macros are now available with non-SMTP mail. File: cleanup/cleanup_milter.c. Cleanup: convert addresses in Milter recipient add/delete requests to internal form. File: cleanup/cleanup_milter.c. Cleanup: with non-SMTP mail, convert addresses in simulated MAIL FROM and RCPT TO events to external form. File: cleanup/cleanup_milter.c. 20061017 Cleanup: removed spurious warning when the cleanup server attempts to bounce mail with soft_bounce=yes. Problem reported by Ralf Hildebrandt. File: cleanup/cleanup_bounce.c. Bugfix: null pointer bug when receiving a non-protocol response on a cached SMTP/LMTP connection. Report by Brian Kantor. Fix by Victor Duchovni. File: smtp/smtp_reuse.c. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.18 2006/08/31 18:44:50 martti Exp $ d3 3 a5 3 --- makedefs.orig 2006-08-26 15:54:59.000000000 +0000 +++ makedefs 2006-11-07 08:49:41.000000000 +0000 @@@@ -118,6 +118,8 @@@@ d14 1 a14 1 @@@@ -184,13 +186,6 @@@@ d28 1 a28 1 @@@@ -222,25 +217,8 @@@@ d54 1 a54 1 @@@@ -251,7 +229,6 @@@@ d62 1 a62 1 @@@@ -279,25 +256,13 @@@@ @ 1.18 log @Updated mail/postfix-2.3.3 - File corruption while executing a Milter "header insert" action with headers-only mail (found with dk-filter). Delivery agents would go into an infinite loop because some queue file update had been done in the wrong order. As a precaution, delivery agents now detect such loops, and the queue manager now saves such mail to the "corrupt" directory. - Segmentation fault in the SMTP client while saving a cached connection with unsent data. Postfix indexed some table with -1, because some I/O cleanup had been done in the wrong order. The same problem should exist in Postfix 2.2. - Postfix no longer announces its name in delivery status notifications. All other details of the default bounce text remain unchanged. The reason for this change is that too many people believe that Wietse provides a free helpdesk service that solves all their email problems. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.17 2006/08/11 12:34:25 taca Exp $ d3 2 a4 2 --- makedefs.orig 2006-07-31 13:03:31.000000000 +0000 +++ makedefs 2006-08-31 19:37:55.000000000 +0000 d14 1 a14 10 @@@@ -132,6 +134,8 @@@@ ;; NetBSD.3*) SYSTYPE=NETBSD3 ;; + NetBSD.4*) SYSTYPE=NETBSD4 + ;; BSD/OS.2*) SYSTYPE=BSDI2 ;; BSD/OS.3*) SYSTYPE=BSDI3 @@@@ -182,13 +186,6 @@@@ d28 1 a28 1 @@@@ -220,25 +217,8 @@@@ d54 1 a54 1 @@@@ -249,7 +229,6 @@@@ d62 1 a62 1 @@@@ -277,25 +256,13 @@@@ @ 1.17 log @Accept NetBSD 4.* as NETBSD4 to compile on NetBSD current. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.16 2006/07/13 09:57:51 martti Exp $ d3 3 a5 3 --- makedefs.orig 2006-07-04 05:30:00.000000000 +0900 +++ makedefs @@@@ -118,6 +118,8 @@@@ case "$SYSTEM.$RELEASE" in d14 1 a14 1 @@@@ -130,6 +132,8 @@@@ case "$SYSTEM.$RELEASE" in d23 1 a23 1 @@@@ -180,13 +184,6 @@@@ case "$SYSTEM.$RELEASE" in d37 1 a37 1 @@@@ -218,25 +215,8 @@@@ case "$SYSTEM.$RELEASE" in d63 1 a63 1 @@@@ -247,7 +227,6 @@@@ case "$SYSTEM.$RELEASE" in d71 1 a71 1 @@@@ -275,25 +254,13 @@@@ case "$SYSTEM.$RELEASE" in @ 1.16 log @Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.15 2006/01/10 06:38:15 martti Exp $ d3 3 a5 3 --- makedefs.orig 2006-07-03 20:30:00.000000000 +0000 +++ makedefs 2006-07-13 12:40:49.000000000 +0000 @@@@ -118,6 +118,8 @@@@ d14 10 a23 1 @@@@ -180,13 +182,6 @@@@ d37 1 a37 1 @@@@ -218,25 +213,8 @@@@ d63 1 a63 1 @@@@ -247,7 +225,6 @@@@ d71 1 a71 1 @@@@ -275,25 +252,13 @@@@ @ 1.15 log @Updated postfix to 2.2.8 Postfix 2.2.8 backs out a workaround for broken servers/firewalls that created more problems than it solved. - The Postfix 2.2.6 paranoia about malformed remote server replies caused "multiple delivery" problems or "no delivery" problems with broken servers/firewalls. Postfix still logs a warning but no longer defers delivery. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.14 2005/10/13 13:06:38 joerg Exp $ d3 2 a4 2 --- makedefs.orig 2006-01-03 23:50:25.000000000 +0200 +++ makedefs 2006-01-09 08:11:32.000000000 +0200 d9 1 a9 1 + DragonFly.1*) SYSTYPE=FREEBSD4 d14 1 a14 10 @@@@ -126,7 +128,7 @@@@ ;; NetBSD.1*) SYSTYPE=NETBSD1 ;; - NetBSD.2*) SYSTYPE=NETBSD2 + NetBSD.[23]*)SYSTYPE=NETBSD2 ;; BSD/OS.2*) SYSTYPE=BSDI2 ;; @@@@ -177,13 +179,6 @@@@ d28 1 a28 1 @@@@ -215,25 +210,8 @@@@ d54 1 a54 1 @@@@ -244,7 +222,6 @@@@ d62 1 a62 1 @@@@ -272,25 +249,13 @@@@ @ 1.14 log @Treat DragonFly as FreeBSD 4 to let Postfix build. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- makedefs.orig 2005-02-22 13:35:52.000000000 +0100 +++ makedefs @@@@ -116,6 +116,8 @@@@ case "$SYSTEM.$RELEASE" in d7 1 a7 1 FreeBSD.5*) SYSTYPE=FREEBSD5 d14 1 a14 1 @@@@ -124,7 +126,7 @@@@ case "$SYSTEM.$RELEASE" in d23 1 a23 1 @@@@ -175,13 +177,6 @@@@ case "$SYSTEM.$RELEASE" in d37 1 a37 1 @@@@ -213,25 +208,8 @@@@ case "$SYSTEM.$RELEASE" in d63 1 a63 1 @@@@ -242,7 +220,6 @@@@ case "$SYSTEM.$RELEASE" in d71 1 a71 1 @@@@ -270,25 +247,13 @@@@ case "$SYSTEM.$RELEASE" in @ 1.14.2.1 log @Pullup ticket 1012 - requested by Martti Kuparinen postfix packages bugfix update Revisions pulled up: - pkgsrc/mail/postfix/Makefile 1.175 - pkgsrc/mail/postfix/distinfo 1.95 - pkgsrc/mail/postfix/patches/patch-ai 1.15 - pkgsrc/mail/postfix-current/Makefile 1.55 - pkgsrc/mail/postfix-current/distinfo 1.20 - pkgsrc/mail/postfix-current/options.mk 1.12 Module Name: pkgsrc Committed By: martti Date: Tue Jan 10 06:38:15 UTC 2006 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix/patches: patch-ai Log Message: Updated postfix to 2.2.8 Postfix 2.2.8 backs out a workaround for broken servers/firewalls that created more problems than it solved. - The Postfix 2.2.6 paranoia about malformed remote server replies caused "multiple delivery" problems or "no delivery" problems with broken servers/firewalls. Postfix still logs a warning but no longer defers delivery. --- Module Name: pkgsrc Committed By: martti Date: Tue Jan 10 06:39:00 UTC 2006 Modified Files: pkgsrc/mail/postfix-current: Makefile distinfo options.mk Log Message: Updated postfix-current to 2.3-20060103 @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.15 2006/01/10 06:38:15 martti Exp $ d3 3 a5 3 --- makedefs.orig 2006-01-03 23:50:25.000000000 +0200 +++ makedefs 2006-01-09 08:11:32.000000000 +0200 @@@@ -118,6 +118,8 @@@@ d7 1 a7 1 FreeBSD.6*) SYSTYPE=FREEBSD6 d14 1 a14 1 @@@@ -126,7 +128,7 @@@@ d23 1 a23 1 @@@@ -177,13 +179,6 @@@@ d37 1 a37 1 @@@@ -215,25 +210,8 @@@@ d63 1 a63 1 @@@@ -244,7 +222,6 @@@@ d71 1 a71 1 @@@@ -272,25 +249,13 @@@@ @ 1.13 log @NetBSD-3.x support. @ text @d4 11 a14 2 +++ makedefs 2005-03-21 22:45:02.000000000 +0100 @@@@ -124,7 +124,7 @@@@ d23 1 a23 1 @@@@ -175,13 +175,6 @@@@ d37 1 a37 1 @@@@ -213,25 +206,8 @@@@ d63 1 a63 1 @@@@ -242,7 +218,6 @@@@ d71 1 a71 1 @@@@ -270,25 +245,13 @@@@ @ 1.13.4.1 log @Pullup ticket 905 - requested by Martti Kuparinen portability fixes for postfix Revisions pulled up: - pkgsrc/mail/postfix/distinfo 1.90, 1.91, 1.92 - pkgsrc/mail/postfix/patches/patch-ag 1.17, 1.18 - pkgsrc/mail/postfix/patches/patch-ai 1.14 - pkgsrc/mail/postfix-current/distinfo 1.15, 1.16, 1.17 - pkgsrc/mail/postfix-current/patches/patch-ag 1.10, 1.11 - pkgsrc/mail/postfix-current/patches/patch-ai 1.11 Module Name: pkgsrc Committed By: joerg Date: Thu Oct 13 13:06:38 UTC 2005 Modified Files: pkgsrc/mail/postfix: distinfo pkgsrc/mail/postfix/patches: patch-ai Log Message: Treat DragonFly as FreeBSD 4 to let Postfix build. --- Module Name: pkgsrc Committed By: martti Date: Sat Nov 12 05:19:25 UTC 2005 Modified Files: pkgsrc/mail/postfix: distinfo pkgsrc/mail/postfix/patches: patch-ag Log Message: Make this compile on NetBSD 2.1. Does not affect other versions so no version bump. Fixes pkg/31952. --- Module Name: pkgsrc Committed By: martti Date: Sat Nov 12 05:23:18 UTC 2005 Modified Files: pkgsrc/mail/postfix-current: distinfo pkgsrc/mail/postfix-current/patches: patch-ag Log Message: Make this compile on NetBSD 2.1. Does not affect other versions so no version bump. Fixes same problem as pkg/31952. --- Module Name: pkgsrc Committed By: martti Date: Sun Nov 13 10:37:10 UTC 2005 Modified Files: pkgsrc/mail/postfix: distinfo pkgsrc/mail/postfix-current: distinfo pkgsrc/mail/postfix-current/patches: patch-ag pkgsrc/mail/postfix/patches: patch-ag Log Message: Regenerate the patches not to add NetBSD stuff inside Mac OS X section. --- Module Name: pkgsrc Committed By: martti Date: Tue Nov 15 10:43:20 UTC 2005 Modified Files: pkgsrc/mail/postfix-current: distinfo pkgsrc/mail/postfix-current/patches: patch-ai Log Message: Treat DragonFly as FreeBSD 4 to let Postfix build. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.14 2005/10/13 13:06:38 joerg Exp $ d4 2 a5 11 +++ makedefs @@@@ -116,6 +116,8 @@@@ case "$SYSTEM.$RELEASE" in ;; FreeBSD.5*) SYSTYPE=FREEBSD5 ;; + DragonFly.1*) SYSTYPE=FREEBSD4 + ;; OpenBSD.2*) SYSTYPE=OPENBSD2 ;; OpenBSD.3*) SYSTYPE=OPENBSD3 @@@@ -124,7 +126,7 @@@@ case "$SYSTEM.$RELEASE" in d14 1 a14 1 @@@@ -175,13 +177,6 @@@@ case "$SYSTEM.$RELEASE" in d28 1 a28 1 @@@@ -213,25 +208,8 @@@@ case "$SYSTEM.$RELEASE" in d54 1 a54 1 @@@@ -242,7 +220,6 @@@@ case "$SYSTEM.$RELEASE" in d62 1 a62 1 @@@@ -270,25 +247,13 @@@@ case "$SYSTEM.$RELEASE" in @ 1.12 log @Use bdb.buildlink3.mk to get the DB library to use for the "hash" map type. All platforms now support the "hash" map type as a result. Remove the explicit dependencies on db4 and db2 on non-Linux and Linux, respectively. Bump the PKGREVISION. @ text @d3 12 a14 3 --- makedefs.orig 2004-11-30 13:50:37.000000000 -0500 +++ makedefs @@@@ -141,13 +141,6 @@@@ case "$SYSTEM.$RELEASE" in d28 1 a28 1 @@@@ -179,25 +172,8 @@@@ case "$SYSTEM.$RELEASE" in d54 1 a54 1 @@@@ -208,7 +184,6 @@@@ case "$SYSTEM.$RELEASE" in d62 1 a62 1 @@@@ -233,25 +208,13 @@@@ case "$SYSTEM.$RELEASE" in @ 1.12.4.1 log @Pullup ticket 420 - requested by Takahiro Kambe build fix for postfix Revisions pulled up: - pkgsrc/mail/postfix/distinfo 1.84 - pkgsrc/mail/postfix/patches/patch-ai 1.13 Module Name: pkgsrc Committed By: xtraeme Date: Tue Mar 22 18:09:33 UTC 2005 Modified Files: pkgsrc/mail/postfix: distinfo pkgsrc/mail/postfix/patches: patch-ai Log Message: NetBSD-3.x support. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.13 2005/03/22 18:09:33 xtraeme Exp $ d3 3 a5 12 --- makedefs.orig 2005-02-22 13:35:52.000000000 +0100 +++ makedefs 2005-03-21 22:45:02.000000000 +0100 @@@@ -124,7 +124,7 @@@@ ;; NetBSD.1*) SYSTYPE=NETBSD1 ;; - NetBSD.2*) SYSTYPE=NETBSD2 + NetBSD.[23]*)SYSTYPE=NETBSD2 ;; BSD/OS.2*) SYSTYPE=BSDI2 ;; @@@@ -175,13 +175,6 @@@@ d19 1 a19 1 @@@@ -213,25 +206,8 @@@@ d45 1 a45 1 @@@@ -242,7 +218,6 @@@@ d53 1 a53 1 @@@@ -270,25 +245,13 @@@@ @ 1.11 log @Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20. @ text @d3 21 a23 4 --- makedefs.orig 2004-04-14 14:59:43.000000000 -0400 +++ makedefs 2004-05-23 22:53:06.000000000 -0400 @@@@ -182,22 +182,6 @@@@ SYSLIBS="-ldb" d45 1 a45 1 @@@@ -208,7 +192,6 @@@@ d53 26 @ 1.10 log @Remove hardcoded "-ldb" from makedefs, because pkgsrc provides a correct option. This fixes PR pkg/25176. @ text @d3 3 a5 12 --- makedefs.orig 2003-11-05 13:50:15.000000000 -0600 +++ makedefs @@@@ -94,7 +94,7 @@@@ case "$SYSTEM.$RELEASE" in ;; OpenBSD.3*) SYSTYPE=OPENBSD3 ;; - NetBSD.1*) SYSTYPE=NETBSD1 + NetBSD.*) SYSTYPE=NETBSD1 ;; BSD/OS.2*) SYSTYPE=BSDI2 ;; @@@@ -175,22 +175,6 @@@@ case "$SYSTEM.$RELEASE" in d28 1 a28 1 @@@@ -201,7 +185,6 @@@@ case "$SYSTEM.$RELEASE" in @ 1.10.2.1 log @Pullup ticket 47 to the pkgsrc-2004Q2 branch, requested by Martti Kuparinen. Update postfix to 2.1.3. Module Name: pkgsrc Committed By: martti Date: Mon Jun 21 16:13:24 UTC 2004 Modified Files: pkgsrc/mail/postfix: Makefile PLIST PLIST.tls distinfo pkgsrc/mail/postfix/patches: patch-aa patch-ae patch-af patch-ag patch-ai Removed Files: pkgsrc/mail/postfix/patches: patch-ad patch-ba patch-bb patch-bc patch-bd Log Message: Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.10 2004/04/14 12:55:20 minskim Exp $ d3 12 a14 3 --- makedefs.orig 2004-04-14 14:59:43.000000000 -0400 +++ makedefs 2004-05-23 22:53:06.000000000 -0400 @@@@ -182,22 +182,6 @@@@ d37 1 a37 1 @@@@ -208,7 +192,6 @@@@ @ 1.9 log @Make this compile on 2.x as well (as NETBSD1). @ text @d3 3 a5 3 --- makedefs.orig 2003-11-05 14:50:15.000000000 -0500 +++ makedefs 2004-04-10 22:21:52.000000000 -0400 @@@@ -94,7 +94,7 @@@@ d14 1 a14 1 @@@@ -175,22 +175,6 @@@@ d37 8 @ 1.8 log @Make this work on Linux. @ text @d3 11 a13 2 --- makedefs.orig 2003-11-05 21:50:15.000000000 +0200 +++ makedefs 2004-01-23 13:56:57.000000000 +0200 @ 1.7 log @Move files from postfix-current to postfix, as that's actually the latest release (it's also in the base src). Adresses PR 12426 by Martti Kuparinen @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.6 2000/12/10 09:00:47 itojun Exp $ d3 25 a27 38 --- global/Makefile.orig Sun May 30 18:49:13 1999 +++ global/Makefile Sun May 30 18:49:13 1999 @@@@ -0,0 +1,35 @@@@ +# $NetBSD: patch-ai,v 1.6 2000/12/10 09:00:47 itojun Exp $ + +LIB = global + +SRCS = been_here.c bounce.c canon_addr.c cleanup_strerror.c clnt_stream.c \ + debug_peer.c debug_process.c defer.c deliver_completed.c \ + deliver_flock.c deliver_pass.c deliver_request.c domain_list.c \ + dot_lockfile.c dot_lockfile_as.c ext_prop.c file_id.c \ + header_opts.c is_header.c mail_addr.c \ + mail_addr_crunch.c mail_addr_find.c mail_addr_map.c \ + mail_command_read.c mail_command_write.c mail_conf.c \ + mail_conf_bool.c mail_conf_int.c mail_conf_raw.c mail_conf_str.c \ + mail_connect.c mail_copy.c mail_date.c mail_error.c mail_flush.c \ + mail_open_ok.c mail_params.c mail_pathname.c mail_print.c \ + mail_queue.c mail_run.c mail_scan.c mail_scan_dir.c mail_stream.c \ + mail_task.c mail_trigger.c maps.c mark_corrupt.c mkmap_db.c \ + mkmap_dbm.c mkmap_open.c mynetworks.c mypwd.c namadr_list.c \ + off_cvt.c opened.c own_inet_addr.c peer_name.c pipe_command.c \ + post_mail.c quote_822_local.c rec_streamlf.c rec_type.c \ + recipient_list.c record.c remove.c resolve_clnt.c resolve_local.c \ + rewrite_clnt.c sent.c smtp_stream.c split_addr.c string_list.c \ + sys_exits.c timed_ipc.c tok822_find.c tok822_node.c tok822_parse.c \ + tok822_resolve.c tok822_rewrite.c tok822_tree.c abounce.c + +MKLINT= no +MKPIC= no +MKPROFILE= no +NOLINT= yes +NOPIC= yes +NOPROFILE= yes + +# only needed during build +libinstall:: + +.include @ 1.6 log @upgrade to patchlevel 12. patchlevel 11 -> 12 While processing massive amounts of one-recipient mail, the Postfix queue manager could deadlock for 10 seconds while sending a bounce message. In order to remedy this, all queue manager bounce send requests are now executed asynchronously. This problem was reported by El Bunzo (webpower.nl) and by Tiger Technologies (tigertech.com). @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.5 2000/04/10 00:19:17 bad Exp $ d6 1 a6 1 +# $NetBSD: patch-ai,v 1.5 2000/04/10 00:19:17 bad Exp $ @ 1.5 log @Some more changes besides the update to which Simon beat me: Create the /var/spool/postfix on install so that "postfix check" can create the directories below it. Create /etc/postfix/postfix-scrip on "make install". Make the library Makefiles DTRT on systems that don't understand MKXXX=no. Remover owner write permission from "maildrop" binary. Adjust offsets in a couple of patches. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.4 2000/04/09 08:10:20 simonb Exp $ d6 1 a6 1 +# $NetBSD: patch-ai,v 1.4 2000/04/09 08:10:20 simonb Exp $ d28 1 a28 1 + tok822_resolve.c tok822_rewrite.c tok822_tree.c @ 1.4 log @Update Postfix to 19991231-pl06. Addresses PR pkg/9844 from Oleg Polyanski. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.3 1999/09/12 00:14:53 simonb Exp $ d5 2 a6 2 @@@@ -0,0 +1,32 @@@@ +# $NetBSD: patch-ai,v 1.3 1999/09/12 00:14:53 simonb Exp $ d33 3 @ 1.3 log @Update to postfix 19990906-pl02. From the release notes: Incompatible changes with postfix-19990906 ========================================== - On systems that use user.lock files to protect system mailboxes against simultaneous updates, Postfix now uses /file/name.lock files while delivering to files specified in aliases/forward/include files. This is a no-op when the recipient lacks directory write permission. - The LDAP client code no longer looks up a name containing "*" because it could be abused. See the LDAP_README file for how to restore previous behavior. - The Postfix to PCRE interface now expects PCRE version 2.08. Postfix is no longer compatible with PCRE versions prior to 2.06. Major changes with postfix-19990906 =================================== Several bugfixes, none related to security. See the HISTORY file for a complete list of changes. - Postfix is now distributed under IBM Public License Version 1.0 which does not carry the controversial termination clause. The new license does have a requirement that contributors make source code available. - INSTALL.sh install/upgrade procedure that replaces existing programs and shell scripts instead of overwriting them, and that leaves existing queue files and configuration files alone. - The ugly Delivered-To: header can now be turned off selectively. The default setting is: "prepend_delivered_header = command, file, forward". Turning off the Delivered-To: header when forwarding mail is not recommended. - mysql client support by Scott Cotton and Joshua Marcus, Internet Consultants Group, Inc. See the file MYSQL_README for instructions. - reject_unauth_destination SMTP recipient restriction that rejects destinations not in $relay_domains. Unlike the check_relay_domains restriction, reject_unauth_destination ignores the client hostname. By Lamont Jones of Hewlett-Packard. - reject_unauth_pipelining SMTP *anything* restriction to stop mail from spammers that improperly use SMTP command pipelining to speed up their deliveries. - Postfix "sendmail" now issues a warning and drops privileges if installed set-uid root. - No more duplicate delivery when "postfix reload" is immediately followed by "sendmail -q". - No more "invalid argument" errors when a Postfix daemon opens a DB/DBM file while some other process is changing the file. - Portability to the Mac OS X Server, Reliant Unix, AIX 3.2.5 and Ultrix 4.3. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.2 1999/06/27 00:11:03 christos Exp $ d6 1 a6 1 +# $NetBSD: patch-ai,v 1.2 1999/06/27 00:11:03 christos Exp $ d13 2 a14 1 + dot_lockfile.c file_id.c header_opts.c is_header.c mail_addr.c \ d28 1 a28 2 + tok822_resolve.c tok822_rewrite.c tok822_tree.c ext_prop.c \ + dot_lockfile_as.c @ 1.2 log @Update to 19990601 @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.1 1999/05/30 18:18:32 tron Exp $ d5 2 a6 2 @@@@ -0,0 +1,33 @@@@ +# $NetBSD: patch-ai,v 1.1 1999/05/30 18:18:32 tron Exp $ d10 6 a15 18 +SRCS = been_here.c bounce.c canon_addr.c cleanup_strerror.c \ + debug_peer.c \ + debug_process.c defer.c deliver_completed.c deliver_flock.c \ + deliver_request.c domain_list.c dot_lockfile.c file_id.c \ + header_opts.c is_header.c mail_addr.c mail_addr_crunch.c \ + mail_addr_find.c mail_addr_map.c mail_command_read.c \ + mail_command_write.c mail_connect.c mail_copy.c mail_date.c \ + mail_error.c mail_flush.c mail_open_ok.c mail_params.c \ + mail_pathname.c mail_print.c mail_queue.c mail_run.c mail_scan.c \ + mail_scan_dir.c mail_stream.c mail_task.c mail_trigger.c maps.c \ + mark_corrupt.c mkmap_db.c mkmap_dbm.c mkmap_open.c mynetworks.c \ + mypwd.c namadr_list.c off_cvt.c opened.c own_inet_addr.c \ + peer_name.c pipe_command.c post_mail.c quote_822_local.c \ + rec_streamlf.c rec_type.c recipient_list.c record.c remove.c \ + resolve_clnt.c resolve_local.c rewrite_clnt.c sent.c smtp_stream.c \ + split_addr.c string_list.c sys_exits.c timed_ipc.c tok822_find.c \ + tok822_node.c tok822_parse.c tok822_resolve.c tok822_rewrite.c \ + tok822_tree.c clnt_stream.c deliver_pass.c ext_prop.c mail_conf.c \ d17 12 a28 1 + mail_version.c rec2stream.c recdump.c stream2rec.c @ 1.1 log @Patch one file per patch file. @ text @d1 1 a1 1 $NetBSD$ d5 2 a6 2 @@@@ -0,0 +1,31 @@@@ +# $NetBSD: patch-aa,v 1.1 1999/05/29 20:57:19 christos Exp $ d10 2 a11 2 +SRCS = been_here.c bounce.c canon_addr.c clean_env.c cleanup_strerror.c \ + config.c config_bool.c config_int.c config_str.c debug_peer.c \ d27 3 a29 1 + tok822_tree.c clnt_stream.c deliver_pass.c @