pkgsrc changes:
---------------
* Remove -DHAS_EAI since it does not appear anywhere
* Add pkg-config to USE_TOOLS since patch-ai introduces it
* Bump revision since binaries are now linked to icui18n
Database and regexp map functionality is now split into separate packages:
- postfix-cdb
- postfix-ldap
- postfix-lmdb
- postfix-mysql
- postfix-pcre
- postfix-pgsql
- postfix-sqlite
Upstream changelog follows.
Postfix 3.0.2
-------------
No delta against 2.11.6.
Postfix 3.0.1
-------------
- Build error when compiling the Postfix SMTP server with SASL support
but no TLS support.
- The DNS "resource record to text" converter, used for xxx_dns_reply_filter
pattern matching, appended a '.' to TXT record resource values.
- The postscreen(8) manpage specified an incorrect Postfix version number
for the postscreen_dnsbl_timeout parameter.
- The postfix-install script expanded macros in parameter values when
trying to detect parameter overrides, causing unnecessary main.cf updates
during "postfix start" etc.
- Some low-level cleanup of UTF-8 string handling with no visible change
in behavior (besides better performance).
Postfix 3.0.0
-------------
- SMTPUTF8 support for internationalized domain names and address
localparts as defined in RFC 6530 and related documents.
- Support for Postfix dynamically-linked libraries and database plugins.
- An OPT-IN safety net for the selective adoption of new Postfix default
settings. If you do nothing, the old Postfix default settings *should*
remain in effect (complain to your downstream maintainer if that is not
the case).
- Support for operations on multiple lookup tables. The
pipemap:{map1,map2...} database type implements a pipeline of lookup
tables where the result from one lookup table becomes a query for
the next table; the unionmap:{map1,map2,...} database type sends the
* pkgsrc change: remoe mysql4 from PKG_OPTIONS.
Securiy release for Memory corruption in Postfix SMTP server Cyrus SASL
support: http://www.postfix.org/CVE-2011-1720.html
20110411
Cleanup: postscreen(8) and verify(8) daemons now lock their
respective cache file exclusively upon open, to avoid massive
cache corruption by unsupported sharing. Files: util/dict.h,
util/dict_open.c, verify/verify.c, postscreen/postscreen.c.
20110414
Bugfix (introduced with Postfix SASL patch 20000314): don't
reuse a server SASL handle after authentication failure.
Problem reported by Thomas Jarosch of Intra2net AG. File:
smtpd/smtpd_proto.c.
is read-only but is faster than Berkeley DB and uses less memory. Use the
TinyCDB implementation which is in the public domain and a bit faster than
DJB's original CDB.
- TLS (SSL) support was streamlined further, and provides a new security level
based on certificate fingerprints instead of CA signatures. See TLS_README
for details.
- Milter support was updated from the Sendmail 8.13 feature set and now
includes most of the features that were introduced with Sendmail 8.14. See
MILTER_README for details.
- Stress-adaptive configuration was introduced. This allows the Postfix SMTP
server to temporarily adjust its rules under conditions of overload, such as
a malware attack or backscatter flood. See STRESS_README for details.
[pkgsrc: this obsoletes the "postfix-stress" option which provided the same
functionality via a distribution patch]
- The queue manager scheduler was refined. It now provides per-transport
scheduling controls and allows for adjustment of the sensitivity to mail
delivery (non-)errors. See SCHEDULER_README.
- Security was improved by introducing a Postfix-owned data_directory for
storage of randomness, caches and other non-queue data. This change avoids
future security loopholes due to untrusted data sitting in root-owned files
or in root-owned directories. Writes to legacy files in root-owned
directories are automatically redirected to files in the new data_directory.
No functionality has been removed, but it is a good idea to review the
RELEASE_NOTES file for the usual minor incompatibilities or limitations.
default (this doesn't actually depend on Dovecot for building, the code is
shipped with Postfix).
Set the default value for smtpd_sasl_type to "dovecot" unless cyrus SASL is
enabled, too. This ensures backwards compatibility for most cases.
Ok with martti, joerg.
(disabled by default). This functionality will be included in Postfix 2.5 but
has been proven very succesful on the mailing lists so Wietse provided a patch
for Postfix 2.3 and 2.4.
See http://www.postfix.org/STRESS_README.html#adapt for configuration details.
tracked the Cyrus SASL 1.5.x releases, which are no longer maintained.
Adjust packages to use security/cyrus-sasl2 instead for SASL support.
This closes PR pkg/28218 and PR pkg/29736.
New features since 2.1.x:
- built-in IPv6 and TLS (we no longer use patches--beware config changes!)
- more sophisticated LDAP/MySQL/PostgreSQL support, with freeform queries
- SMTP client-side connection reuse
- by default, no longer rewrite message headers in mail from remote clients
- can use your ISP account name for mail destined outside your machine
- can selectively turn off ESMTP features in client or server
- remote SMTP client resource control (the anvil server)
- support for CDB, SDBM and NIS+ databases is now built into Postfix
- new SMTP access control features
- and more
Caution:
- You MUST stop 2.1.x and earlier versions before upgrading.
- Use the postfix upgrade program to upgrade your main.cf/master.cf.
type. All platforms now support the "hash" map type as a result.
Remove the explicit dependencies on db4 and db2 on non-Linux and Linux,
respectively. Bump the PKGREVISION.
so that we'd not force dependance on specific MySQL version, and instead pick
the currently installed mysql*-client (or install the default if there
is no mysql-client package installed yet)
this makes package buildable with arbitrary MySQL version, such as 3.23.x,
4.0.x or 4.1.x
- The code to eliminate the local MTA from an MX address list did
not handle the case that the local MTA could appear with different
MX preferences in both inet_interfaces and proxy_interfaces.
- The SMTP server's kiss-of-death message "421 Timeout exceeded"
wasn't guarded by setjmp().
- The SMTP server didn't update the per-session error counter when
a client was denied access with smtpd_delay_reject=no.
- The Postfix sendmail command leaked file descriptors when it was
unable to execute the postdrop mail submission command.
- The bounce daemon sent the wrong type of bounce message when a
- Plus some portability, safety and documentation fixes.
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
into the bsd.options.mk framework. Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.
This fixes PR pkg/26590.
framework and also by explicitly specifying more default values for
Postfix parameters. Also pass -I/usr/pkg/include/sasl to the compiler
when building using Cyrus SASLv2, which allows me to remove the patches
that added an unnecessary USE_SASL2_AUTH check.
