pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mail/postfix
Module Name: pkgsrc
Committed By: taca
Date: Sun Mar 8 14:13:42 UTC 2026
Modified Files:
pkgsrc/mail/postfix: Makefile.common PLIST distinfo
pkgsrc/mail/postfix/patches: patch-ai
Log Message:
mail/postfix: update to 3.11.0
Postfix 3.11.0 (2026-03-05)
Berkeley DB migration:
* Some (Linux) distributions are removing support for BerkeleyDB
databases (In Postfix, this means we lose support for the hash:
and btree: lookup tables). See NON_BERKELEYDB_README for manual and
partially automatic migration from btree: to lmdb:, and from hash:
to lmdb: or cdb:.
* The loss of BerkeleyDB affects Mailman versions that want to execute
commands like "postmap hash:/path/to/file" when a mailing list is
added or removed. Postfix provides a way to redirect such commands
to a supported database type.
* You don't have to wait until BerkeleyDB support is removed. It can
make sense to migrate while BerkeleyDB support is still available
(mainly, less downtime).
Changes in TLS support:
* Default TLS security. The Postfix SMTP client smtp_tls_security_level
default value is "may" if Postfix was built with TLS support, and
the compatibility_level is 3.11 or higher.
* Support for the RFC 8689 "REQUIRETLS" verb in ESMTP. This requires
that every SMTP (and LMTP) server in the forward path is strongly
authenticated with DANE, STS, or equivalent, and that every server
announces REQUIRETLS support.
See REQUIRETLS_README for suggestions to carefully enforce REQUIRETLS
without causing massive mail delivery problems.
* Logging the TLS security level. This shows the desired and actual
TLS security level enforcement status and, if a message requests
REQUIRETLS, the REQUIRETLS policy enforcement status. For a list of
examples see smtp_log_tls_feature_status
* Workaround for an interface mismatch between the Postfix SMTP
client and MTA-STS policy plugins. This introduces a new parameter
smtp_tls_enforce_sts_mx_patterns (default: "yes"). The MTA-STS
plugin configuration needs to enable TLSRPT support, so that it
forwards STS policy attributes to Postfix. Both postfix-tlspol and
postfix-mta-sts-resolver have been updated accordingly.
With this, the Postfix SMTP client will connect to an MX host only
if its name matches any STS policy MX host pattern, and will match
a server certificate against the MX hostname. Otherwise, the old
behavior stays in effect: connect to any MX host listed in DNS,
and match a server certificate against any STS policy MX host pattern.
* Post-quantum cryptography support. With OpenSSL 3.5 and later, change
the tls_eecdh_auto_curves default value to avoid problems with network
infrastructure that mishandles TLS hello messages larger than one
(Ethernet) TCP segment. This problem is more generally known as
"protocol ossification".
Miscellaneous changes:
* Deprecation of obsolete parameters. Postfix programs log a warning
that these parameters will be removed. See DEPRECATION_README for
a list of deprecated parameters.
* JSON output support with "postconf -j|-jM|-jF|-jP", "postalias
-jq|-js", "postmap -jq|-js", and "postmulti -jl". No support is
planned for JSON input support.
* Milter support: improved Milter error handling for messages that
arrive over a long-lived SMTP connection, by changing the default
milter_default_action from "tempfail" to the new "shutdown" action
(i.e. disconnect the remote SMTP client). This was already back-ported
to earlier stable releases.
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/mail/postfix/Makefile.common
cvs rdiff -u -r1.36 -r1.37 pkgsrc/mail/postfix/PLIST
cvs rdiff -u -r1.220 -r1.221 pkgsrc/mail/postfix/distinfo
cvs rdiff -u -r1.46 -r1.47 pkgsrc/mail/postfix/patches/patch-ai
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/postfix/Makefile.common
diff -u pkgsrc/mail/postfix/Makefile.common:1.61 pkgsrc/mail/postfix/Makefile.common:1.62
--- pkgsrc/mail/postfix/Makefile.common:1.61 Sun Mar 1 08:01:11 2026
+++ pkgsrc/mail/postfix/Makefile.common Sun Mar 8 14:13:42 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.61 2026/03/01 08:01:11 taca Exp $
+# $NetBSD: Makefile.common,v 1.62 2026/03/08 14:13:42 taca Exp $
# used by mail/postfix/Makefile
# used by mail/postfix/Makefile.module
-DISTNAME= postfix-3.10.8
+DISTNAME= postfix-3.11.0
CATEGORIES= mail
MASTER_SITES= https://ftp.fu-berlin.de/unix/mail/postfix/official/
MASTER_SITES+= https://ghostarchive.org/postfix/postfix-release/official/
Index: pkgsrc/mail/postfix/PLIST
diff -u pkgsrc/mail/postfix/PLIST:1.36 pkgsrc/mail/postfix/PLIST:1.37
--- pkgsrc/mail/postfix/PLIST:1.36 Tue Mar 11 18:11:58 2025
+++ pkgsrc/mail/postfix/PLIST Sun Mar 8 14:13:42 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.36 2025/03/11 18:11:58 nia Exp $
+@comment $NetBSD: PLIST,v 1.37 2026/03/08 14:13:42 taca Exp $
bin/mailq
bin/newaliases
lib/postfix/libpostfix-dns.${SO_EXT}
@@ -20,12 +20,14 @@ libexec/postfix/main.cf.proto
libexec/postfix/makedefs.out
libexec/postfix/master
libexec/postfix/master.cf.proto
+libexec/postfix/nbdb_reindexd
libexec/postfix/nqmgr
libexec/postfix/oqmgr
libexec/postfix/pickup
libexec/postfix/pipe
libexec/postfix/post-install
libexec/postfix/postfix-files
+libexec/postfix/postfix-non-bdb-script
libexec/postfix/postfix-script
libexec/postfix/postfix-tls-script
libexec/postfix/postfix-wrapper
@@ -51,6 +53,7 @@ man/man1/postalias.1
man/man1/postcat.1
man/man1/postconf.1
man/man1/postdrop.1
+man/man1/postfix-non-bdb.1
man/man1/postfix-tls.1
man/man1/postfix.1
man/man1/postkick.1
@@ -99,6 +102,7 @@ man/man8/flush.8
man/man8/lmtp.8
man/man8/local.8
man/man8/master.8
+man/man8/nbdb_reindexd.8
man/man8/oqmgr.8
man/man8/pickup.8
man/man8/pipe.8
@@ -166,6 +170,7 @@ share/doc/postfix/MONGODB_README
share/doc/postfix/MULTI_INSTANCE_README
share/doc/postfix/MYSQL_README
share/doc/postfix/NFS_README
+share/doc/postfix/NON_BERKELEYDB_README
share/doc/postfix/OVERVIEW
share/doc/postfix/PACKAGE_README
share/doc/postfix/PCRE_README
@@ -174,6 +179,7 @@ share/doc/postfix/POSTSCREEN_3_5_README
share/doc/postfix/POSTSCREEN_README
share/doc/postfix/QSHAPE_README
share/doc/postfix/RELEASE_NOTES
+share/doc/postfix/REQUIRETLS_README
share/doc/postfix/RESTRICTION_CLASS_README
share/doc/postfix/SASL_README
share/doc/postfix/SCHEDULER_README
Index: pkgsrc/mail/postfix/distinfo
diff -u pkgsrc/mail/postfix/distinfo:1.220 pkgsrc/mail/postfix/distinfo:1.221
--- pkgsrc/mail/postfix/distinfo:1.220 Sun Mar 1 08:01:11 2026
+++ pkgsrc/mail/postfix/distinfo Sun Mar 8 14:13:42 2026
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.220 2026/03/01 08:01:11 taca Exp $
+$NetBSD: distinfo,v 1.221 2026/03/08 14:13:42 taca Exp $
-BLAKE2s (postfix-3.10.8.tar.gz) = ee536ed9397d1dd2531fb1606e0fbe0b2eb86c5f901deebf20e5e06a90b21d5a
-SHA512 (postfix-3.10.8.tar.gz) = a34e9f84ec96c47765a417801a303bea32ca42bb16c6ae665c771f1a37c8369f6d140999f1015c8c28aa18dad86e918e0a072ea67dea644d271b1ed3beaf61ea
-Size (postfix-3.10.8.tar.gz) = 5040857 bytes
+BLAKE2s (postfix-3.11.0.tar.gz) = f9c4123dbedc44944d7b47f1e0a173569d709cfba9c909d1642cc194e8bfaed3
+SHA512 (postfix-3.11.0.tar.gz) = aa377e3cb889aec166c73e90b3c7d3fbc1db48a558b13948d76b2a7aaccaee202dad7252e973d503800d97a4e6da9091ca792d037528f90521d04729594b23cc
+Size (postfix-3.11.0.tar.gz) = 5279929 bytes
SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c
SHA1 (patch-ag) = 8ab3cfafa63056f9a7f096da7e55bcccab965180
-SHA1 (patch-ai) = 3d143532e1e9a149c6c06e2efadcd34f6f72e82d
+SHA1 (patch-ai) = 1ffcc1a06ffcd382d2f34821e0d3ef1d22886e08
SHA1 (patch-src_smtpd_Makefile.in) = 8133f9cceb0c1c0250d6543cb060c66288571722
SHA1 (patch-src_smtpd_pfilter.c) = c747d2f3584f694eb7b73b19118b4d8b450cfe7f
SHA1 (patch-src_smtpd_pfilter.h) = 153b516da89d709d293c6086c2f126791bd945d6
Index: pkgsrc/mail/postfix/patches/patch-ai
diff -u pkgsrc/mail/postfix/patches/patch-ai:1.46 pkgsrc/mail/postfix/patches/patch-ai:1.47
--- pkgsrc/mail/postfix/patches/patch-ai:1.46 Sat Jan 28 09:28:30 2023
+++ pkgsrc/mail/postfix/patches/patch-ai Sun Mar 8 14:13:42 2026
@@ -1,4 +1,4 @@
-$NetBSD: patch-ai,v 1.46 2023/01/28 09:28:30 taca Exp $
+$NetBSD: patch-ai,v 1.47 2026/03/08 14:13:42 taca Exp $
1) Add shlib definitions for NetBSD 5; the build system must be
hard-coded per OS per version. Not yet reported upstream.
@@ -9,9 +9,9 @@ hard-coded per OS per version. Not yet
4) Add blocklist(3) support.
---- makedefs.orig 2023-01-15 23:29:39.000000000 +0000
+--- makedefs.orig 2026-03-05 15:59:44.000000000 +0000
+++ makedefs
-@@ -339,6 +339,15 @@ case "$SYSTEM.$RELEASE" in
+@@ -353,6 +353,15 @@ case "$SYSTEM.$RELEASE" in
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC} -shared"}
;;
@@ -27,7 +27,7 @@ hard-coded per OS per version. Not yet
DragonFly.*) SYSTYPE=DRAGONFLY
;;
OpenBSD.2*) SYSTYPE=OPENBSD2
-@@ -376,49 +385,7 @@ case "$SYSTEM.$RELEASE" in
+@@ -390,49 +399,7 @@ case "$SYSTEM.$RELEASE" in
;;
ekkoBSD.1*) SYSTYPE=EKKOBSD1
;;
@@ -78,7 +78,7 @@ hard-coded per OS per version. Not yet
: ${SHLIB_SUFFIX=.so}
: ${SHLIB_CFLAGS=-fPIC}
: ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'}
-@@ -493,13 +460,6 @@ case "$SYSTEM.$RELEASE" in
+@@ -507,13 +474,6 @@ case "$SYSTEM.$RELEASE" in
esac
;;
ULTRIX.4*) SYSTYPE=ULTRIX4
@@ -92,7 +92,7 @@ hard-coded per OS per version. Not yet
for l in syslog resolv; do
if [ -f /usr/local/lib/lib$l.a ]; then
SYSLIBS="$SYSLIBS -l$l"
-@@ -541,33 +501,8 @@ case "$SYSTEM.$RELEASE" in
+@@ -555,34 +515,8 @@ case "$SYSTEM.$RELEASE" in
esac;;
# Tested with RedHat 3.03 on 20020729.
Linux.1*) SYSTYPE=LINUX1
@@ -118,6 +118,7 @@ hard-coded per OS per version. Not yet
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
+- echo "Alternatively, build with CCARGS=\"-NO_DB ...\"" 1>&2
- exit 1
- fi
- SYSLIBS="-ldb"
@@ -126,7 +127,7 @@ hard-coded per OS per version. Not yet
for name in nsl resolv $GDBM_LIBS
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
-@@ -667,24 +602,6 @@ Linux.[3456].*) SYSTYPE=LINUX$RELEASE_MA
+@@ -685,25 +619,6 @@ EOF
;;
GNU.0*|GNU/kFreeBSD.[567]*)
SYSTYPE=GNU0
@@ -143,6 +144,7 @@ hard-coded per OS per version. Not yet
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
+- echo "Alternatively, build with CCARGS=\"-NO_DB ...\"" 1>&2
- exit 1
- fi
- SYSLIBS="-ldb"
@@ -151,7 +153,7 @@ hard-coded per OS per version. Not yet
for name in nsl resolv
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
-@@ -715,26 +632,14 @@ Linux.[3456].*) SYSTYPE=LINUX$RELEASE_MA
+@@ -734,26 +649,14 @@ EOF
HP-UX.A.09.*) SYSTYPE=HPUX9
SYSLIBS=-ldbm
CCARGS="$CCARGS -DMISSING_USLEEP -DNO_SNPRINTF"
@@ -178,7 +180,7 @@ hard-coded per OS per version. Not yet
;;
ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
RANLIB=echo
-@@ -782,12 +687,12 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5
+@@ -801,12 +704,12 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5
esac
: ${SHLIB_CFLAGS=-fPIC}
: ${SHLIB_SUFFIX=.dylib}
@@ -193,7 +195,7 @@ hard-coded per OS per version. Not yet
;;
dcosx.1*) SYSTYPE=DCOSX1
RANLIB=echo
-@@ -811,6 +716,21 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5
+@@ -830,6 +733,21 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix5
esac
#
Home |
Main Index |
Thread Index |
Old Index