- Support multiple values in *_OLD_CMD, i.e. we can now fix both "/usr/bin/python" and "/usr/bin/env python" at the same time
- Default *_OLD_CMD values are now always appended, so you don't need to specify them in individual ports
- Add lua support (depends on USES=lua)
- Add more default values, such as "/usr/bin/env foo" for python, perl, bash, ruby and lua
- Shebangfix now matches whole words, e.g. we will no longer (erroneously) replace "/usr/bin/perl5.005" with "${perl_CMD}5.005" (but "/usr/bin/perl -tt" is still (correctly) replaced with "${perl_CMD} -tt")
Note that *_OLD_CMD items containing spaces must now be quoted (e.g. perl_OLD_CMD=/bin/perl /usr/bin/perl "/usr/bin/env perl")
Update shebangfix usage according to new rules in many ports:
- Remove *_OLD_CMD for patterns now replaced by default
- Quote custom *_OLD_CMD which contain spaces
Fix shebangfix usage in many ports (irrelevant to infrastructure change):
- Remove redundant SHEBANG_LANG (no need to duplicate default langs)
- Remove redundant *_CMD (such as python_CMD=${LOCALBASE}/bin/python${PYTHON_VER} when USES=python is present)
- Never use *_OLD_CMD in REINPLACE_CMD matchers, these should always look for exact string
Approved by: portmgr (bapt)
Differential Revision: D3756
- use target helpers
ChangeLog:
20150722
The COMPATIBILITY_README text and HTML files were not
installed. File: conf/postfix-files.
20150903
Workaround: disable DNSSEC support for AIX 7x and earlier.
The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
proto/INSTALL.html, dns/dns.h.
20150923
Bugfix (introduced: 20120531-617): the Postfix SMTP server
used a larger-than-1 VSTREAM buffer to read the HAProxy
connection hand-off information. This broke TLS wrappermode,
as the TLS helo packet would end up in the plaintext VSTREAM
buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c.
20150924
Bugfix (introduced: 20090216-24): incorrect postmulti error
message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
File: postmulti/postmulti.c.
Workaround: don't create a new instance when the template
main.cf and master.cf files are missing, as happens on
Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
20150925
Bugfix (introduced: 19970309, fixed 20150421 in development
release): reset errno before calling readdir(), in order
to distinguish between an end-of-directory and an error
condition. File: scandir.c.
20150930
Bugfix (introduced: 20040124): Milter client panic while
adding a header, because the PREPEND action used the same
output function for header_checks and body_checks. Viktor
Dukhovni and Wietse. File: cleanup/cleanup_message.c.
Bugfix (introduced: 20031128): xtext_unquote() did not
propagate error reports from xtext_unquote_append(), causing
the decoder to return partial ouput, instead of rejecting
malformed input. Fix by Krzysztof Wojta. File: global/xtext.c.
20151003
Bugfix (copied from xtext): uxtext_unquote() did not propagate
error reports from uxtext_unquote_append(), causing the
decoder to return partial output, instead of rejecting
malformed input. Found by searching the code for similar
error patterns as with xtext_unquote(). File: global/uxtext.c.
Bugfix (introduced: 20141130, fixed around 20150607 in
development release): the DNS multi-query clients forgot
to save and restore h_errno when evaluating the aggregate
result. File: dns/dns_lookup.c.
20150501
Support for Linux 4.*, and some simplification for future
makedefs files. Files: makedefs, util/sys_defs.h.
20150718
Security: opportunistic TLS by default uses "medium" or
stronger ciphers instead of "export" or stronger. See the
RELEASE_NOTES file for how to get the old settings back.
Files: global/mail_params.h, proto/TLS_README.html,
proto/postconf.proto, and files derived from those.
20150719
Security: Postfix TLS support by default no longer uses
SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
Incompatible change with Postfix 2.11.6 / 3.0.2
-------------------------------------------------
As of the middle of 2015, all supported Postfix releases no longer
enable "export" grade ciphers for opportunistic TLS, and no longer
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
opportunistic TLS.
These changes are very unlikely to cause problems with server-to-server
communication over the Internet, but they may result in interoperability
problems with ancient client or server implementations on internal
networks. To address this problem, you can revert the changes with:
Postfix SMTP client settings:
lmtp_tls_ciphers = export
smtp_tls_ciphers = export
lmtp_tls_protocols = !SSLv2
smtp_tls_protocols = !SSLv2
lmtp_tls_mandatory_protocols = !SSLv2
smtp_tls_mandatory_protocols = !SSLv2
Postfix SMTP server settings:
smtpd_tls_ciphers = export
smtpd_tls_protocols =
smtpd_tls_mandatory_protocols = !SSLv2
These settings, if put in main.cf, affect all Postfix SMTP client
or server communication, which may be undesirable. To be more
selective, use "-o name=value" parameter overrides on specific
services in master.cf. Execute the command "postfix reload" to make
the changes effective.
This stemmed from older VDA patches which provided a default patch which only
used 'long' for its data types and a '64bit' patch which used 'long long'.
On 32bit systems 'long' is limited to a 2GB quota while on 64bit systems it will
not be. They later renamed the '64bit' patch to be 'bigquota'. They no longer
provide a 'bigquota' patch due to less demand as most systems are 64bit
today and do not have the small 2GB quota limitation with the 'long' type.
The description of '32bit' was not accurate or useful anymore.
Upstream discussion: http://sourceforge.net/p/vda/mailman/message/24713171/
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
- rename OPTIONS to match default name of most ports
- SASL2 -> SASL
- OPENLDAP -> LDAP
- install main.cf and master.cf with the @sample macro
- rework pkg-install
- fix wrong permission for /var/db/postfix [1]
- sets WANT_OPENLDAP_SASL option for openldap port when
postfix LDAP_SASL option is set [2]
- make usage of new ${opt}_DEPENDS notation
Release 3.0.1 or 3.0.2 is now a strong candidate to become the new
default mail/postfix port (missing components are VDA and SPF).
Changelog:
20150211
Cleanup: strncasecmp_utf8() streamlining. Files: util/stringops.h,
util/allascii.c, util/strcasecmp_utf8.c.
20150214
Bugfix (introduced: Postfix 3.0): missing #ifdef USE_TLS
inside #ifdef USE_SASL_AUTH. Viktor Dukhovni. File:
smtpd/smtpd.c.
20150217
Cleanup: missing <string.h> include. File: util/allascii.c.
20150221
Bugfix (introduced: Postfix 3.0): don't append '.' to the
DNS resource record value, when converting TXT records to
the string form that is used used by xxx_dns_reply_filter.
File: dns/dns_strrecord.c.
20150313
Documentation: incorrect Postfix version number for
postscreen_dnsbl_timeout. Quanah Gibson-Mount. File:
postscreen/postscreen.c.
20150324
Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
ignored the relayhost setting in the case of a DUNNO lookup
result. It would use the recipient domain instead. Viktor
Dukhovni. Wietse took the pieces of code that enforce the
precedence of a sender-dependent relayhost, the global
relayhost, and the recipient domain, and put that code
together in once place so that it is easier to maintain.
File: trivial-rewrite/resolve.c.
20150328
Bugfix (introduced: Postfix 1.1.0): post-install expanded
macros in parameter values when trying to detect parameter
overrides, causing unnecessary main.cf updates during Postfix
start-up. Julian Reich, Viktor Dukhovni, and Wietse. File:
conf/post-install.
20150330
Bitrot: prepare for future changes in OpenSSL API. Viktor
Dukhovni. File: tls_dane.c.
PR: 198215 [1]
PR: 198857 [2]
- cleanup MASTER_SITES
- enable new pie parameter (build with -fPIC)
[1] keep the port as postfix-current until we are sure
the new distributed layout will not change
(location of libs, dynamicmaps.cf.d, postfix-files.d ...)
Release announcement:
http://www.postfix.org/announcements/postfix-3.0.0.html
Release Notes:
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.0.0.RELEASE_NOTES
Approved by: sahil (implicit)
- fix build on FreeBSD 11 [1]
- use OPENSSL=yes instead including Mk/bsd.openssl.mk
- enable TLS as default option.
Postfix uses a secure default configuration if TLS is not configured.
$ postconf -d | grep use_tls
lmtp_use_tls = no
postscreen_use_tls = $smtpd_use_tls
smtp_use_tls = no
smtpd_use_tls = no
tlsproxy_use_tls = $smtpd_use_tls
Changes:
Many fixes, improvements and cleanups. The list is really to long,
please read the original Changelog on your favor postfix mirror.
[1] Noted by sbruno@
- use new AUXLIBS_(CDB|LDAP|LMDB|MYSQL|PCRE|PGSQL) build instructions
- use OPTIONS_SUB
- install posttls-finger
- build dynamic AUXLIBS (shared=yes and dynamicmaps=yes)
- set META_DIRECTORY to DAEMONDIR (this may change in future to ETCDIR)
Parts from HISTORY (heavily shortened)
20141126
Cleanup: report nullmx DNS records as "domain does not
accept mail", instead of "invalid DNS response". The Postfix
SMTP client already bounced mail for such domains, and the
Postfix SMTP server already rejected such domains with
reject_unknown_sender/recipient_domain. This introduces a
new SMTP server configuration parameter nullmx_reject_code
(default: 556).
20141127
Feature: DNS reply filter, configured with smtp_dns_reply_filter,
20141130
Cleanup: when searching multiple DNS record types for a
specific name, and not all queries return the same result
status, do not blindly return the last query's rcode and
diagnostic text. Instead, return rcode and text that is
consistent with the aggregate result status.
Documentation: added note on Milter-signing bounces.
20141202
Cleanup: to increase clarity. rename DNS result status from
DNS_UNAVAIL to DNS_NULLMX. If someone uses the same zero-length
name trick with some other resource type, then we will worry
about that later.
20141203
Feature: support to match UTF8 domain names against ASCII
names in TLS certificates.
20141212
Cleanup: nullmx SMTP reply codes 550 and 556, and enhanced
status codes X.1.10 and X.7.27. The nullmx SMTP reply codes
are no longer configurable.
20141224
Cleanup: the compile-time argument typechecks for attribute-value
APIs are now by default implemented with inline functions.
Compile with -DNO_INLINE to implement the argument typechecks
with ternary operators and unreachable assignments.
20141227
Feature: smtp_address_verify_target (default: rcpt) that
determines what protocol stage decides if a recipient is
valid. Specify "data" for servers that reject recipients
after the DATA command.
20141228
Cleanup: the IDNA conversion routines now accept both
ASCII and UTF8 inputs. The functions als verify that
either their result is a valid ASCII domain name or that
it converts into a valid ASCII domain name.
Approved by: sahil (implicit)
- add OPTION for Email Address Internationalization
(EAI, RFC 6531..6533) [1]
- sort OPTIONS_DEFINE
- fix build and install for non root users,
(sgid and group for sbin/postdrop and sbin/postqueue was lost if build
as non root and installed with sudo)
- install /var/spool/postfix directories with correct owner/mode
- use $WRKDIR instead of /tmp
Changes:
20141021
Per IETF TLS WG consensus, the tls_session_ticket_cipher
default setting was changed from aes-128-cbc to aes-256-cbc.
Take that, you quantum computer attackers! Viktor Dukhovni.
Files: proto/postconf.proto, global/mail_params.h.
20141024
Cleanup: added $smtpd_mumble_restrictions to the proxy_read_maps
default setting. File: global/mail_params.h.
Documentation: different header/body checks for MX service
and SMTP submissions. File: proto/BUILTIN_FILTER_README.html.
Cleanup: don't send "bare" original recipient in SMTP DSN
attributes. File: cleanup/cleanup_addr.c.
Feature: smtp-sink -N option to suppress DSN announcement.
File: smtpstone/smtp-sink.c.
20141025
Bugfix (introduced: Postfix 2,11): core dump when
smtp_policy_maps specifies an invalid TLS level. Viktor
Dukhovni. File: smtp/smtp_tls_policy.c.
20141103
Logging: when a connection is closed, log the request counts
for unimplemented STARTTLS or AUTH commands separately,
instead of logging such commands as "unknown". File:
smtpd/smtpd.c.
20141106
Cleanup: set errno to ETIMEDOUT after postscreen handshake
timeout event, so that warnings report the correct error.
File: tlsproxy/tlsproxy.c.
PR: 194786 [1]
Submitted by: Mark Martinec
Approved by: sahil (imlicit)
- use PORTDOCS macro
- remove check for OSVERSION >= 800037
- fix OPENLDAP_VER usage
- always call set-permissions in post-install to set correct spool/postfix/* permissions
this is required with pkg to support non interrupted upgrade
Approved by: sahil (explicit)
- Mk/bsd.database.mk rewrite, new default to db5.
- db6 is eligible by default only if installed on the system.
- Bump PORTREVISION of all ports that directly depend on BerkeleyDB or
where USE_BDB is found in the port's directory
- Patch a few ports such that they will pick up or work with newer
versions.
- Add UPDATING entry
- Drive-by format fix for pks
- Drop BerkeleyDB option from mail/popular for now, requires more work.
- Exp-run logs linked from the PR below.
- Ports that do not build (IGNORE, BROKEN, etc.) have pro-forma changes
for new Berkeley DB, but are untested.
NOTE: please read UPDATING and the Wiki page before proceeding!
Announcement: http://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-August/000090.html
Wiki reference: https://wiki.freebsd.org/Ports/BerkeleyDBCleanup
PR: 192690
Approved by: portmgr (implicit, PORTREVISION bump on unstaged ports)
- Add LICENSE information
- Canonicalize 'Created by:' Makefile header
- Remove shlib version from LIB_DEPENDS assignment
- Correct LDAP_SASL logic
- Replace tab with a single space after 'WWW:' in pkg-descr
PR: ports/177127 (inspired by)
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>
