- Support multiple values in *_OLD_CMD, i.e. we can now fix both "/usr/bin/python" and "/usr/bin/env python" at the same time
- Default *_OLD_CMD values are now always appended, so you don't need to specify them in individual ports
- Add lua support (depends on USES=lua)
- Add more default values, such as "/usr/bin/env foo" for python, perl, bash, ruby and lua
- Shebangfix now matches whole words, e.g. we will no longer (erroneously) replace "/usr/bin/perl5.005" with "${perl_CMD}5.005" (but "/usr/bin/perl -tt" is still (correctly) replaced with "${perl_CMD} -tt")
Note that *_OLD_CMD items containing spaces must now be quoted (e.g. perl_OLD_CMD=/bin/perl /usr/bin/perl "/usr/bin/env perl")
Update shebangfix usage according to new rules in many ports:
- Remove *_OLD_CMD for patterns now replaced by default
- Quote custom *_OLD_CMD which contain spaces
Fix shebangfix usage in many ports (irrelevant to infrastructure change):
- Remove redundant SHEBANG_LANG (no need to duplicate default langs)
- Remove redundant *_CMD (such as python_CMD=${LOCALBASE}/bin/python${PYTHON_VER} when USES=python is present)
- Never use *_OLD_CMD in REINPLACE_CMD matchers, these should always look for exact string
Approved by: portmgr (bapt)
Differential Revision: D3756
- use target helpers
ChangeLog:
20150903
Workaround: disable DNSSEC support for AIX 7x and earlier.
The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
proto/INSTALL.html, dns/dns.h.
20150923
Bugfix (introduced: 20120531-617): the Postfix SMTP server
used a larger-than-1 VSTREAM buffer to read the HAProxy
connection hand-off information. This broke TLS wrappermode,
as the TLS helo packet would end up in the plaintext VSTREAM
buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c.
20150924
Bugfix (introduced: 20090216-24): incorrect postmulti error
message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
File: postmulti/postmulti.c.
Workaround: don't create a new instance when the template
main.cf and master.cf files are missing, as happens on
Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
20150925
Bugfix (introduced: 19970309, fixed 20150421 in development
release): reset errno before calling readdir(), in order
to distinguish between an end-of-directory and an error
condition. File: scandir.c.
20150930
Bugfix (introduced: 20040124): Milter client panic while
adding a header, because the PREPEND action used the same
output function for header_checks and body_checks. Viktor
Dukhovni and Wietse. File: cleanup/cleanup_message.c.
Bugfix (introduced: 20031128): xtext_unquote() did not
propagate error reports from xtext_unquote_append(), causing
the decoder to return partial ouput, instead of rejecting
malformed input. Fix by Krzysztof Wojta. File: global/xtext.c.
20150501
Support for Linux 4.*, and some simplification for future
makedefs files. Files: makedefs, util/sys_defs.h.
20150718
Security: opportunistic TLS by default uses "medium" or
stronger ciphers instead of "export" or stronger. See the
RELEASE_NOTES file for how to get the old settings back.
Files: global/mail_params.h, proto/TLS_README.html,
proto/postconf.proto, and files derived from those.
20150719
Security: Postfix TLS support by default no longer uses
SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
Incompatible change with Postfix 2.11.6 / 3.0.2
-------------------------------------------------
As of the middle of 2015, all supported Postfix releases no longer
enable "export" grade ciphers for opportunistic TLS, and no longer
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
opportunistic TLS.
These changes are very unlikely to cause problems with server-to-server
communication over the Internet, but they may result in interoperability
problems with ancient client or server implementations on internal
networks. To address this problem, you can revert the changes with:
Postfix SMTP client settings:
lmtp_tls_ciphers = export
smtp_tls_ciphers = export
lmtp_tls_protocols = !SSLv2
smtp_tls_protocols = !SSLv2
lmtp_tls_mandatory_protocols = !SSLv2
smtp_tls_mandatory_protocols = !SSLv2
Postfix SMTP server settings:
smtpd_tls_ciphers = export
smtpd_tls_protocols =
smtpd_tls_mandatory_protocols = !SSLv2
These settings, if put in main.cf, affect all Postfix SMTP client
or server communication, which may be undesirable. To be more
selective, use "-o name=value" parameter overrides on specific
services in master.cf. Execute the command "postfix reload" to make
the changes effective.
This stemmed from older VDA patches which provided a default patch which only
used 'long' for its data types and a '64bit' patch which used 'long long'.
On 32bit systems 'long' is limited to a 2GB quota while on 64bit systems it will
not be. They later renamed the '64bit' patch to be 'bigquota'. They no longer
provide a 'bigquota' patch due to less demand as most systems are 64bit
today and do not have the small 2GB quota limitation with the 'long' type.
The description of '32bit' was not accurate or useful anymore.
Upstream discussion: http://sourceforge.net/p/vda/mailman/message/24713171/
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
- rename OPTIONS to match default name of most ports
- SASL2 -> SASL
- OPENLDAP -> LDAP
- install main.cf and master.cf with the @sample macro
- rework pkg-install
- fix wrong permission for /var/db/postfix [1]
- sets WANT_OPENLDAP_SASL option for openldap port when
postfix LDAP_SASL option is set [2]
- make usage of new ${opt}_DEPENDS notation
Changelog:
20150324
Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
ignored the relayhost setting in the case of a DUNNO lookup
result. It would use the recipient domain instead. Viktor
Dukhovni. Wietse took the pieces of code that enforce the
precedence of a sender-dependent relayhost, the global
relayhost, and the recipient domain, and put that code
together in once place so that it is easier to maintain.
File: trivial-rewrite/resolve.c.
20150330
Bitrot: prepare for future changes in OpenSSL API. Viktor
Dukhovni. File: tls_dane.c.
20150408
Portability: FreeBSD10 support. Files: makedefs, util/sys_defs.h.
Incompatibility: specifying "make makefiles" with "CC=command"
will no longer override the default WARN setting.
PR: 198215 [1]
198857 [2]
Changes:
20141025
Bugfix (introduced: Postfix 2.11): core dump when
smtp_policy_maps specifies an invalid TLS level. Viktor
Dukhovni. File: smtp/smtp_tls_policy.c.
20150106
Robustness: don't segfault due to excessive recursion after
a faulty configuration runs into the virtual_alias_recursion_limit.
File: global/tok822_tree.c.
20150115
Safety: stop aliasing loops that exponentially increase the
address length with each iteration. Back-ported from Postfix
3.0. File: cleanup/cleanup_map1n.c.
20150117
Cleanup: missing " in \%s\" in postconf(1) fatal error
messages. Iain Hibbert. File: postconf/postconf_master.c.
Approved by: sahil (implicit)
MFH: 2015Q1
(a good overview can be taken by viewving the
source of http://www.postfix.org/download.html)
- remove MASTER_SITE_SUBDIR, it should be used only for sites defined in bsd.site.mk
- use OPTIONS_SUB
- enable TLS as default [1]
- use USE_OPENSSL instead including Mk/openssl.mk
- use new install instruction
- use new notation for @mode in pkg-plist
- bump PORTREVISON
[1] Users using packages should have the ability to
use TLS from the default package, (this makes the
the postfix-tls port obsolete)
Approved by: sahil (implicit)
MFH: 2015Q1
- fix build and install for non root users,
(sgid and group for sbin/postdrop and sbin/postqueue was lost if build
as non root and installed with sudo)
- install /var/spool/postfix directories with correct owner/mode
- use $WRKDIR instead of /tmp
Approved by: sahil (implicit)
- add CPE support
- use PORTDOCS macro
- remove check for OSVERSION >= 800037
- fix OPENLDAP_VER usage
- set PORTSCOUD
- always call set-permissions in post-install to set correct spool/postfix/* permissions
this is required with pkg to support non interrupted upgrade
Changes:
========
20140619
Bugfix (introduced: 2001): qmqpd null pointer bug when it
logs a lost connection while not in a mail transaction.
Reported by Michal Adamek. File: qmqpd/qmqpd.c.
20140920
Bugfix (introduced: 20080212): incorrect client name in
reject messages from check_reverse_client_hostname_access
and check_reverse_client_hostname_{mx,ns}_access. They
replied with the verified client name, instead of the name
that was rejected. Problem reported by Reindl Harald. File:
smtpd/smtpd_check.c.
20141012
Bugfix (introduced: Postfix 2.3): the PREPEND access/policy
action added headers ABOVE Postfix's own Received: header,
exposing Postfix's own Received: header to Milters (protocol
violation) and hiding the PREPENDed header from Milters.
The latter caused problems for DMARC implementations with
SPF policy plus DKIM Milter. PREPENDed headers are now
added BELOW Postfix's own Received: header and remain visible
to Milters. File: smtpd/smtpd.c.
20141018
Bugfix (introduced: Postfix 2.3): when a Milter inserted a
header ABOVE Postfix's own Received: header, Postfix would
expose its own Received: header to Milters (violating
protocol) and hide the Milter-inserted header from Milters
(wtf). Files: cleanup/cleanup.h, cleanup/cleanup_message.c,
cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c.
Cleanup: revert the workaround that places headers inserted
with PREPEND actions or policy requests BELOW Postfix's own
Received: message header. File: smtpd/smtpd.c.
PR: 194396
Submitted by: Yasuhiro KIMURA
Approved by: sahil (explicit per PM)
- Mk/bsd.database.mk rewrite, new default to db5.
- db6 is eligible by default only if installed on the system.
- Bump PORTREVISION of all ports that directly depend on BerkeleyDB or
where USE_BDB is found in the port's directory
- Patch a few ports such that they will pick up or work with newer
versions.
- Add UPDATING entry
- Drive-by format fix for pks
- Drop BerkeleyDB option from mail/popular for now, requires more work.
- Exp-run logs linked from the PR below.
- Ports that do not build (IGNORE, BROKEN, etc.) have pro-forma changes
for new Berkeley DB, but are untested.
NOTE: please read UPDATING and the Wiki page before proceeding!
Announcement: http://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-August/000090.html
Wiki reference: https://wiki.freebsd.org/Ports/BerkeleyDBCleanup
PR: 192690
Approved by: portmgr (implicit, PORTREVISION bump on unstaged ports)
- Convert to USES=libtool and bump dependent ports
- Add INSTALL_TARGET=install-strip
(Also some white space fixes in dependent ports)
Approved by: portmgr (implicit, bump unstaged port)
both ports to the latest version and make a note in
UPDATING. Also:
- Adjust CONFLICTS
- Add LICENSE information
- Canonicalize 'Created by:' Makefile header
- Remove shlib version from LIB_DEPENDS assignment
- Correct LDAP_SASL logic
- Replace tab with a single space after 'WWW:' in pkg-descr
PR: ports/177127
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().
In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
