Update postfix package to 2.10.2. Here is brief changes.

2.10.2

* TLS Interoperability workaround: turn on SHA-2 digests by force. This
  improves interoperability with clients and servers that deploy SHA-2 digests
  without the required support for TLSv1.2-style digest negotiation.

* TLS Performance workaround: the Postfix SMTP server TLS session cache had
  become ineffective because recent OpenSSL versions enable session tickets by
  default, resulting in a different ticket encryption key for each smtpd(8)
  process. The workaround turns off session tickets. Postfix 2.11 will enable
  session tickets properly.

* TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail
  to communicate with Postfix and possibly other MTAs, with the following Exim
  SMTP client error message:

	TLS error on connection to server-name [server-address]
	(gnutls_handshake): The Diffie-Hellman prime sent by the server is not
	acceptable (not long enough)

  See the RELEASE_NOTES file for a Postfix SMTP server configuration
  workaround.

* Bugfix (defect introduced: 1997): memory leak while forwarding mail with the
  local(8) delivery agent, in code that handles a cleanup(8) server error.


2.10.1

* Workaround: down-stream maintainers fail to install the new
  smtpd_relay_restrictions safety net, causing breakage that could have been
  avoided. We now hard-code the safety net instead.


2.10.0

* Separation of relay policy (with smtpd_relay_restrictions) from spam policy
  (with smtpd_{client, helo, sender, recipient}_restrictions), which makes
  accidental open relay configuration less likely. The default is backwards
  compatible.

* HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
  proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.

* Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
  off if needed for inter-operability.

* Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
  sockets instead of FIFOs, and thus avoids MTIME file system updates on an
  idle mail system.

* Revised postconf(1) command. The "-x" option expands $name in a parameter
  value (both main.cf and master.cf); the "-o name=value" option overrides a
  main.cf parameter setting; and postconf(1) now warns about a $name that has
  no name=value setting.

* Sendmail-style "socketmap" lookup tables.
This commit is contained in:
taca 2013-09-30 15:21:15 +00:00
parent 5024e269f7
commit f19399ff06
3 changed files with 85 additions and 37 deletions

View file

@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.266 2013/09/06 14:08:18 taca Exp $
# $NetBSD: Makefile,v 1.267 2013/09/30 15:21:15 taca Exp $
DISTNAME= postfix-2.9.8
DISTNAME= postfix-2.10.2
CATEGORIES= mail
MASTER_SITES= ftp://ftp.porcupine.org/mirrors/postfix-release/official/
MASTER_SITES+= http://postfix.it-austria.net/releases/official/

View file

@ -1,9 +1,9 @@
$NetBSD: distinfo,v 1.150 2013/09/06 14:08:18 taca Exp $
$NetBSD: distinfo,v 1.151 2013/09/30 15:21:15 taca Exp $
SHA1 (postfix-2.9.8.tar.gz) = 392f09ecaf6ccb5e7e40d96d26f37f2602f6198f
RMD160 (postfix-2.9.8.tar.gz) = a907383209f00210217b13e9eefc841666371e68
Size (postfix-2.9.8.tar.gz) = 3769844 bytes
SHA1 (postfix-2.10.2.tar.gz) = 4721024784d071c3e663d610db17f8bd99821f3d
RMD160 (postfix-2.10.2.tar.gz) = c5c7ecdc1a4e27b8eba2125e22f39860488db0e0
Size (postfix-2.10.2.tar.gz) = 3828326 bytes
SHA1 (patch-aa) = 2115fd7af5776a14fdbfc88a5ad3bc668a6762db
SHA1 (patch-ag) = 60d752b6c8db971d92ca0017c63329ad446209c5
SHA1 (patch-ai) = 619bab1c9f5a30929086ff2414dca8cff6c4c37e
SHA1 (patch-ai) = 959013a2af5a2304fe6bae59a09cc13c92fc3d4c
SHA1 (patch-src_dns_dns__lookup.c) = 1e4e94f0929d351c5cdb606ac2f61c1e07224ca5

View file

@ -1,9 +1,9 @@
$NetBSD: patch-ai,v 1.29 2013/09/06 14:08:18 taca Exp $
$NetBSD: patch-ai,v 1.30 2013/09/30 15:21:15 taca Exp $
Make this pkgsrc friendly.
Add support for NetBSD 5.x, NetBSD 6.x and DragonFly BSD.
--- makedefs.orig 2012-11-29 23:53:34.000000000 +0000
--- makedefs.orig 2013-02-04 01:33:13.000000000 +0000
+++ makedefs
@@ -155,6 +155,8 @@ case "$SYSTEM.$RELEASE" in
;;
@ -25,7 +25,7 @@ Add support for NetBSD 5.x, NetBSD 6.x and DragonFly BSD.
BSD/OS.2*) SYSTYPE=BSDI2
;;
BSD/OS.3*) SYSTYPE=BSDI3
@@ -225,13 +231,6 @@ case "$SYSTEM.$RELEASE" in
@@ -226,13 +232,6 @@ case "$SYSTEM.$RELEASE" in
esac
;;
ULTRIX.4*) SYSTYPE=ULTRIX4
@ -39,41 +39,89 @@ Add support for NetBSD 5.x, NetBSD 6.x and DragonFly BSD.
for l in syslog resolv; do
if [ -f /usr/local/lib/lib$l.a ]; then
SYSLIBS="$SYSLIBS -l$l"
@@ -269,25 +268,8 @@ case "$SYSTEM.$RELEASE" in
@@ -270,31 +269,8 @@ case "$SYSTEM.$RELEASE" in
esac;;
# Tested with RedHat 3.03 on 20020729.
Linux.1*) SYSTYPE=LINUX1
- SYSLIBS="-ldb"
- case "$CCARGS" in
- *-DNO_DB*) ;;
- *) SYSLIBS="-ldb";;
- esac
;;
Linux.2*) SYSTYPE=LINUX2
- # Postfix no longer needs DB 1.85 compatibility
- if [ -f /usr/include/db.h ]
- then
- : we are all set
- elif [ -f /usr/include/db/db.h ]
- then
- CCARGS="$CCARGS -I/usr/include/db"
- else
- # No, we're not going to try db1 db2 db3 etc.
- # On a properly installed system, Postfix builds
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
- echo "See the RELEASE_NOTES file for more information." 1>&2
- exit 1
- fi
# GDBM locks the DBM .pag file after open. This breaks postmap.
# if [ -f /usr/include/gdbm-ndbm.h ]
# then
@@ -298,7 +280,6 @@ case "$SYSTEM.$RELEASE" in
# CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H='<gdbm/ndbm.h>'"
# GDBM_LIBS=gdbm
# fi
- SYSLIBS="-ldb"
- case "$CCARGS" in
- *-DNO_DB*) ;;
- *) if [ -f /usr/include/db.h ]
- then
- : we are all set
- elif [ -f /usr/include/db/db.h ]
- then
- CCARGS="$CCARGS -I/usr/include/db"
- else
- # No, we're not going to try db1 db2 db3 etc.
- # On a properly installed system, Postfix builds
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
- exit 1
- fi
- SYSLIBS="-ldb"
- ;;
- esac
for name in nsl resolv $GDBM_LIBS
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
@@ -427,25 +408,13 @@ EOF
@@ -348,24 +324,6 @@ EOF
esac
;;
Linux.3*) SYSTYPE=LINUX3
- case "$CCARGS" in
- *-DNO_DB*) ;;
- *) if [ -f /usr/include/db.h ]
- then
- : we are all set
- elif [ -f /usr/include/db/db.h ]
- then
- CCARGS="$CCARGS -I/usr/include/db"
- else
- # On a properly installed system, Postfix builds
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
- exit 1
- fi
- SYSLIBS="-ldb"
- ;;
- esac
for name in nsl resolv
do
for lib in /usr/lib64 /lib64 /usr/lib /usr/lib/* /lib /lib/*
@@ -379,24 +337,6 @@ EOF
;;
GNU.0*|GNU/kFreeBSD.[567]*)
SYSTYPE=GNU0
- case "$CCARGS" in
- *-DNO_DB*) ;;
- *) if [ -f /usr/include/db.h ]
- then
- : we are all set
- elif [ -f /usr/include/db/db.h ]
- then
- CCARGS="$CCARGS -I/usr/include/db"
- else
- # On a properly installed system, Postfix builds
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
- exit 1
- fi
- SYSLIBS="-ldb"
- ;;
- esac
for name in nsl resolv
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
@@ -427,25 +367,13 @@ EOF
HP-UX.A.09.*) SYSTYPE=HPUX9
SYSLIBS=-ldbm
CCARGS="$CCARGS -DMISSING_USLEEP"