pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/mail



Module Name:    pkgsrc
Committed By:   taca
Date:           Thu Jul 21 15:08:40 UTC 2022

Modified Files:
        pkgsrc/mail/postfix: Makefile Makefile.common PLIST distinfo
        pkgsrc/mail/postfix-sqlite: Makefile
        pkgsrc/mail/postfix/patches: patch-ag patch-ai

Log Message:
mail/postfix: update to 3.7.2

3.7.0 (2022-02-07)

  * Support to inline the content of small cidr:, pcre:, and regexp:
    tables in Postfix parameter values. An example is the new
    smtpd_forbidden_commands default value, "CONNECT GET POST
    regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from
    clients that send garbage.

  * To make the maillog_file feature more useful, including stdout
    logging from a container, the postlog(1) command is now set-gid
    postdrop, so that unprivileged programs can use it to write
    logging through the postlogd(8) daemon. This required hardening
    the postlog(1) command against privilege escalation attacks.

  * Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.

  * Postfix programs now randomize the initial state of in-memory
    hash tables, to defend against hash collision attacks involving
    a large number of attacker-chosen lookup keys. Presently, the
    only known opportunity for such attacks involves remote SMTP
    client IPv6 addresses in the anvil(8) service, and requires
    making hundreds of short-lived connections per second while
    cycling through thousands of different client IP addresses.

  * Updated defense against remote clients or servers that 'trickle'
    SMTP or LMTP traffic. This replaces the old per-record deadlines
    with per-request deadlines and minimum data rates.

  * Many typofixes by raf and Wietse.

3.7.1 (2022-04-18)

  * (problem introduced: Postfix 2.7) The milter_header_checks maps
    are now opened before the cleanup(8) server enters the chroot
    jail. Problem reported by Jesper Dybdal.

  * In an internal client module, "host or service not found" was
    a fatal error, causing the milter_default_action setting to be
    ignored. It is now a non-fatal error, just like a failure to
    connect. Problem reported by Christian Degenkolb.

  * The proxy_read_maps default value was missing up to 27 parameter
    names. The corresponding lookup tables were not automatically
    authorized for use with the proxymap(8) service. The parameter
    names were ending in _checks, _reply_footer, _reply_filter,
    _command_filter, and _delivery_status_filter.

  * (problem introduced: Postfix 3.0) With dynamic map loading
    enabled, an attempt to create a map with "postmap regexp:path"
    would result in a bogus error message "Is the postfix-regexp
    package installed?" instead of "unsupported map type for this
    operation". This happened with all non-dynamic map types (static,
    cidr, etc.) that have no 'bulk create' support. Problem reported
    by Greg Klanderman.

  * In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem
    reported by Carlos Velasco.

  * Documented in the postlogd(8) daemon manpage that the Postfix
    >= 3.7 postlog(1) command can run with setgid permissions.

3.7.2 (2022-04-28)

This reverts an overly complex change in the postscreen SMTP engine
(made during Postfix 3.7 development), and replaces it with much
simpler code. The bad change was crashing postscreen on some systems
after receiving malformed input (for example, a TLS "hello" message).


To generate a diff of this commit:
cvs rdiff -u -r1.336 -r1.337 pkgsrc/mail/postfix/Makefile
cvs rdiff -u -r1.40 -r1.41 pkgsrc/mail/postfix/Makefile.common
cvs rdiff -u -r1.32 -r1.33 pkgsrc/mail/postfix/PLIST
cvs rdiff -u -r1.201 -r1.202 pkgsrc/mail/postfix/distinfo
cvs rdiff -u -r1.30 -r1.31 pkgsrc/mail/postfix-sqlite/Makefile
cvs rdiff -u -r1.41 -r1.42 pkgsrc/mail/postfix/patches/patch-ag
cvs rdiff -u -r1.44 -r1.45 pkgsrc/mail/postfix/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/postfix/Makefile
diff -u pkgsrc/mail/postfix/Makefile:1.336 pkgsrc/mail/postfix/Makefile:1.337
--- pkgsrc/mail/postfix/Makefile:1.336  Tue Jun 28 11:34:33 2022
+++ pkgsrc/mail/postfix/Makefile        Thu Jul 21 15:08:39 2022
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.336 2022/06/28 11:34:33 wiz Exp $
+# $NetBSD: Makefile,v 1.337 2022/07/21 15:08:39 taca Exp $
 
-PKGREVISION= 2
 .include "../../mail/postfix/Makefile.common"
 
 COMMENT=       Fast, easy to administer, and secure mail transfer agent

Index: pkgsrc/mail/postfix/Makefile.common
diff -u pkgsrc/mail/postfix/Makefile.common:1.40 pkgsrc/mail/postfix/Makefile.common:1.41
--- pkgsrc/mail/postfix/Makefile.common:1.40    Wed Jan 26 17:41:31 2022
+++ pkgsrc/mail/postfix/Makefile.common Thu Jul 21 15:08:39 2022
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.40 2022/01/26 17:41:31 triaxx Exp $
+# $NetBSD: Makefile.common,v 1.41 2022/07/21 15:08:39 taca Exp $
 # used by mail/postfix/Makefile
 # used by mail/postfix/Makefile.module
 
-DISTNAME=      postfix-3.6.4
+DISTNAME=      postfix-3.7.2
 CATEGORIES=    mail
 MASTER_SITES=  ftp://ftp.porcupine.org/mirrors/postfix-release/official/
 

Index: pkgsrc/mail/postfix/PLIST
diff -u pkgsrc/mail/postfix/PLIST:1.32 pkgsrc/mail/postfix/PLIST:1.33
--- pkgsrc/mail/postfix/PLIST:1.32      Tue Jan 28 08:16:51 2020
+++ pkgsrc/mail/postfix/PLIST   Thu Jul 21 15:08:39 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.32 2020/01/28 08:16:51 triaxx Exp $
+@comment $NetBSD: PLIST,v 1.33 2022/07/21 15:08:39 taca Exp $
 bin/mailq
 bin/newaliases
 lib/postfix/libpostfix-dns.so
@@ -137,6 +137,7 @@ share/doc/postfix/ADDRESS_REWRITING_READ
 share/doc/postfix/ADDRESS_VERIFICATION_README
 share/doc/postfix/BACKSCATTER_README
 share/doc/postfix/BASIC_CONFIGURATION_README
+share/doc/postfix/BDAT_README
 share/doc/postfix/BUILTIN_FILTER_README
 share/doc/postfix/CDB_README
 share/doc/postfix/COMPATIBILITY_README
@@ -156,6 +157,7 @@ share/doc/postfix/LINUX_README
 share/doc/postfix/LMDB_README
 share/doc/postfix/LOCAL_RECIPIENT_README
 share/doc/postfix/MAILDROP_README
+share/doc/postfix/MAILLOG_README
 share/doc/postfix/MEMCACHE_README
 share/doc/postfix/MILTER_README
 share/doc/postfix/MULTI_INSTANCE_README
@@ -165,6 +167,7 @@ share/doc/postfix/OVERVIEW
 share/doc/postfix/PACKAGE_README
 share/doc/postfix/PCRE_README
 share/doc/postfix/PGSQL_README
+share/doc/postfix/POSTSCREEN_3_5_README
 share/doc/postfix/POSTSCREEN_README
 share/doc/postfix/QSHAPE_README
 share/doc/postfix/RELEASE_NOTES
@@ -174,6 +177,7 @@ share/doc/postfix/SCHEDULER_README
 share/doc/postfix/SMTPD_ACCESS_README
 share/doc/postfix/SMTPD_POLICY_README
 share/doc/postfix/SMTPD_PROXY_README
+share/doc/postfix/SMTPUTF8_README
 share/doc/postfix/SOHO_README
 share/doc/postfix/SQLITE_README
 share/doc/postfix/STANDARD_CONFIGURATION_README
@@ -203,7 +207,5 @@ share/examples/postfix/relocated
 ${PLIST.csasl}share/examples/postfix/smtpd.conf
 share/examples/postfix/transport
 share/examples/postfix/virtual
-@pkgdir var/spool/postfix
-@pkgdir var/db/postfix
 @pkgdir libexec/postfix/postfix-files.d
 @pkgdir libexec/postfix/dynamicmaps.cf.d

Index: pkgsrc/mail/postfix/distinfo
diff -u pkgsrc/mail/postfix/distinfo:1.201 pkgsrc/mail/postfix/distinfo:1.202
--- pkgsrc/mail/postfix/distinfo:1.201  Sat Jun 11 10:27:04 2022
+++ pkgsrc/mail/postfix/distinfo        Thu Jul 21 15:08:39 2022
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.201 2022/06/11 10:27:04 bsiegert Exp $
+$NetBSD: distinfo,v 1.202 2022/07/21 15:08:39 taca Exp $
 
-BLAKE2s (postfix-3.6.4.tar.gz) = 91a54f04959c49aa514db5d884576501df627f51df109829acbb40295d28311b
-SHA512 (postfix-3.6.4.tar.gz) = f5813801377a5887d27720cc7f85a6a68f8ca82fc7a9e852b27c8967996b3d64f651cc16e2b021d55316a074b4778e19155bb60c8f0885d4aaf72766cab7c4cd
-Size (postfix-3.6.4.tar.gz) = 4751433 bytes
+BLAKE2s (postfix-3.7.2.tar.gz) = 64623c1410113c29aebd4f7e25f631339f1ea12ea4c1a4e18526f9a09e460658
+SHA512 (postfix-3.7.2.tar.gz) = 23bb1af6bf3743c741f108da136f64613f9062d121dc459944ac192275335952cd309ffec6c380f5d36430605eec538c2549c3fdee9d4597f739d9d1b0a033fc
+Size (postfix-3.7.2.tar.gz) = 4824424 bytes
 SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c
-SHA1 (patch-ag) = feccf4aba580f581953b32e6c3a2c453fcb9131c
-SHA1 (patch-ai) = ae4084deb653b1155fbf70d8ef999f4f9654fa68
+SHA1 (patch-ag) = 8ab3cfafa63056f9a7f096da7e55bcccab965180
+SHA1 (patch-ai) = c042f6cf94cbb7301e9e04707dd6eda59ccbbcef
 SHA1 (patch-src_smtpd_Makefile.in) = 8133f9cceb0c1c0250d6543cb060c66288571722
 SHA1 (patch-src_smtpd_pfilter.c) = c747d2f3584f694eb7b73b19118b4d8b450cfe7f
 SHA1 (patch-src_smtpd_pfilter.h) = 153b516da89d709d293c6086c2f126791bd945d6

Index: pkgsrc/mail/postfix-sqlite/Makefile
diff -u pkgsrc/mail/postfix-sqlite/Makefile:1.30 pkgsrc/mail/postfix-sqlite/Makefile:1.31
--- pkgsrc/mail/postfix-sqlite/Makefile:1.30    Mon Apr 18 19:11:34 2022
+++ pkgsrc/mail/postfix-sqlite/Makefile Thu Jul 21 15:08:40 2022
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.30 2022/04/18 19:11:34 adam Exp $
+# $NetBSD: Makefile,v 1.31 2022/07/21 15:08:40 taca Exp $
 #
 
 COMMENT=               Postfix SMTP server SQLite backend module
-PKGREVISION=           2
 
 POSTFIX_LIB=           sqlite
 POSTFIX_LIBDIR=                src/global

Index: pkgsrc/mail/postfix/patches/patch-ag
diff -u pkgsrc/mail/postfix/patches/patch-ag:1.41 pkgsrc/mail/postfix/patches/patch-ag:1.42
--- pkgsrc/mail/postfix/patches/patch-ag:1.41   Wed Jun  2 15:29:57 2021
+++ pkgsrc/mail/postfix/patches/patch-ag        Thu Jul 21 15:08:39 2022
@@ -1,29 +1,24 @@
-$NetBSD: patch-ag,v 1.41 2021/06/02 15:29:57 taca Exp $
+$NetBSD: patch-ag,v 1.42 2022/07/21 15:08:39 taca Exp $
 
 * Add common support for NetBSD.
 * Only define HAS_DB if it hasn't been defined.
 * Add support for FreeBSD 11 and 12.
 
---- src/util/sys_defs.h.orig   2020-05-21 13:34:23.000000000 +0000
+--- src/util/sys_defs.h.orig   2021-12-05 18:59:27.000000000 +0000
 +++ src/util/sys_defs.h
-@@ -30,14 +30,11 @@
- #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
-     || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
-     || defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \
--    || defined(FREEBSD11) || defined(FREEBSD12) \
-+    || defined(FREEBSD11) || defined(FREEBSD12) || defined(FREEBSD13) \
+@@ -35,10 +35,7 @@
      || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
      || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
-     || defined(OPENBSD5) || defined(OPENBSD6) \
+     || defined(OPENBSD5) || defined(OPENBSD6) || defined(OPENBSD7) \
 -    || defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \
 -    || defined(NETBSD4) || defined(NETBSD5) || defined(NETBSD6) \
--    || defined(NETBSD7) \
--    || defined(EKKOBSD1) || defined(DRAGONFLY)
-+    || defined(NETBSD) || defined(EKKOBSD1) || defined(DRAGONFLY)
+-    || defined(NETBSD7) | defined(NETBSD8) || defined(NETBSD9) \
+-    || defined(NETBSD10) \
++    || defined(NETBSD) \
+     || defined(EKKOBSD1) || defined(DRAGONFLY)
  #define SUPPORTED
  #include <sys/param.h>
- #define UINT32_TYPE   unsigned int
-@@ -49,7 +46,9 @@
+@@ -51,7 +48,9 @@
  #define DEF_MAILBOX_LOCK "flock, dotlock"
  #define HAS_SUN_LEN
  #define HAS_FSYNC
@@ -33,7 +28,7 @@ $NetBSD: patch-ag,v 1.41 2021/06/02 15:2
  #define HAS_SA_LEN
  #define NATIVE_DB_TYPE        "hash"
  #if (defined(__NetBSD_Version__) && __NetBSD_Version__ >= 104250000)
-@@ -1252,6 +1251,8 @@ extern int h_errno;
+@@ -1257,6 +1256,8 @@ extern int h_errno;
  #define DEF_SMTP_CACHE_DEMAND 0
  #endif
  

Index: pkgsrc/mail/postfix/patches/patch-ai
diff -u pkgsrc/mail/postfix/patches/patch-ai:1.44 pkgsrc/mail/postfix/patches/patch-ai:1.45
--- pkgsrc/mail/postfix/patches/patch-ai:1.44   Sat Jun 11 10:27:04 2022
+++ pkgsrc/mail/postfix/patches/patch-ai        Thu Jul 21 15:08:39 2022
@@ -1,4 +1,4 @@
-$NetBSD: patch-ai,v 1.44 2022/06/11 10:27:04 bsiegert Exp $
+$NetBSD: patch-ai,v 1.45 2022/07/21 15:08:39 taca Exp $
 
 1) Add shlib definitions for NetBSD 5; the build system must be
 hard-coded per OS per version.  Not yet reported upstream.
@@ -9,9 +9,9 @@ hard-coded per OS per version.  Not yet 
 
 4) Add blocklist(3) support.
 
---- makedefs.orig      2021-04-24 20:49:37.000000000 +0000
+--- makedefs.orig      2022-01-23 20:53:41.000000000 +0000
 +++ makedefs
-@@ -309,6 +309,15 @@ case "$SYSTEM.$RELEASE" in
+@@ -339,6 +339,15 @@ case "$SYSTEM.$RELEASE" in
                : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
                : ${PLUGIN_LD="${CC} -shared"}
                ;;
@@ -27,7 +27,7 @@ hard-coded per OS per version.  Not yet 
   DragonFly.*) SYSTYPE=DRAGONFLY
                ;;
    OpenBSD.2*) SYSTYPE=OPENBSD2
-@@ -337,25 +346,7 @@ case "$SYSTEM.$RELEASE" in
+@@ -376,49 +385,7 @@ case "$SYSTEM.$RELEASE" in
                ;;
    ekkoBSD.1*) SYSTYPE=EKKOBSD1
                ;;
@@ -48,13 +48,37 @@ hard-coded per OS per version.  Not yet 
 -              : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
 -              : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
 -              : ${PLUGIN_LD="${CC-gcc} -shared"}
--               ;;
--   NetBSD.7*)  SYSTYPE=NETBSD7
+-              ;;
+-   NetBSD.7*) SYSTYPE=NETBSD7
+-              : ${SHLIB_SUFFIX=.so}
+-              : ${SHLIB_CFLAGS=-fPIC}
+-              : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'}
+-              : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
+-              : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+-              : ${PLUGIN_LD="${CC-gcc} -shared"}
+-              ;;
+-   NetBSD.8*) SYSTYPE=NETBSD8
+-              : ${SHLIB_SUFFIX=.so}
+-              : ${SHLIB_CFLAGS=-fPIC}
+-              : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'}
+-              : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
+-              : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+-              : ${PLUGIN_LD="${CC-gcc} -shared"}
+-              ;;
+-   NetBSD.9*) SYSTYPE=NETBSD9
+-              : ${SHLIB_SUFFIX=.so}
+-              : ${SHLIB_CFLAGS=-fPIC}
+-              : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'}
+-              : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
+-              : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+-              : ${PLUGIN_LD="${CC-gcc} -shared"}
+-              ;;
+-   NetBSD.10*)        SYSTYPE=NETBSD10
 +   NetBSD*)   SYSTYPE=NETBSD
                : ${SHLIB_SUFFIX=.so}
                : ${SHLIB_CFLAGS=-fPIC}
                : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'}
-@@ -434,13 +425,6 @@ case "$SYSTEM.$RELEASE" in
+@@ -493,13 +460,6 @@ case "$SYSTEM.$RELEASE" in
                esac
                ;;
     ULTRIX.4*) SYSTYPE=ULTRIX4
@@ -68,7 +92,7 @@ hard-coded per OS per version.  Not yet 
                for l in syslog resolv; do
                    if [ -f /usr/local/lib/lib$l.a ]; then
                        SYSLIBS="$SYSLIBS -l$l"
-@@ -482,33 +466,8 @@ case "$SYSTEM.$RELEASE" in
+@@ -541,33 +501,8 @@ case "$SYSTEM.$RELEASE" in
                esac;;
                # Tested with RedHat 3.03 on 20020729.
      Linux.1*) SYSTYPE=LINUX1
@@ -102,7 +126,7 @@ hard-coded per OS per version.  Not yet 
                for name in nsl resolv $GDBM_LIBS
                do
                    for lib in /usr/lib64 /lib64 /usr/lib /lib
-@@ -608,24 +567,6 @@ EOF
+@@ -667,24 +602,6 @@ EOF
                ;;
       GNU.0*|GNU/kFreeBSD.[567]*)
                SYSTYPE=GNU0
@@ -127,7 +151,7 @@ hard-coded per OS per version.  Not yet 
                for name in nsl resolv
                do
                    for lib in /usr/lib64 /lib64 /usr/lib /lib
-@@ -656,26 +597,14 @@ EOF
+@@ -715,26 +632,14 @@ EOF
  HP-UX.A.09.*) SYSTYPE=HPUX9
                SYSLIBS=-ldbm
                CCARGS="$CCARGS -DMISSING_USLEEP -DNO_SNPRINTF"
@@ -154,7 +178,7 @@ hard-coded per OS per version.  Not yet 
                ;;
  ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
                RANLIB=echo
-@@ -717,12 +646,12 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5
+@@ -776,12 +681,12 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5
                esac
                : ${SHLIB_CFLAGS=-fPIC}
                : ${SHLIB_SUFFIX=.dylib}
@@ -169,7 +193,7 @@ hard-coded per OS per version.  Not yet 
                ;;
      dcosx.1*) SYSTYPE=DCOSX1
                RANLIB=echo
-@@ -746,6 +675,21 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5
+@@ -805,6 +710,21 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5
  esac
  
  #



Home | Main Index | Thread Index | Old Index