Commit graph

469 commits

Author SHA1 Message Date
adam
cc34ee3bc6 massive revision bump after textproc/icu update 2022-11-23 16:18:32 +00:00
triaxx
ebaceabfcd postfix: Update to 3.7.3
upstream changes:
Postfix 3.7.3
  o This fixes a bug where some messages were not delivered after "warning:
    Unexpected record type 'X'.
2022-10-15 20:34:57 +00:00
taca
3a0fd72262 mail/postfix: update to 3.7.2
3.7.0 (2022-02-07)

  * Support to inline the content of small cidr:, pcre:, and regexp:
    tables in Postfix parameter values. An example is the new
    smtpd_forbidden_commands default value, "CONNECT GET POST
    regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from
    clients that send garbage.

  * To make the maillog_file feature more useful, including stdout
    logging from a container, the postlog(1) command is now set-gid
    postdrop, so that unprivileged programs can use it to write
    logging through the postlogd(8) daemon. This required hardening
    the postlog(1) command against privilege escalation attacks.

  * Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.

  * Postfix programs now randomize the initial state of in-memory
    hash tables, to defend against hash collision attacks involving
    a large number of attacker-chosen lookup keys. Presently, the
    only known opportunity for such attacks involves remote SMTP
    client IPv6 addresses in the anvil(8) service, and requires
    making hundreds of short-lived connections per second while
    cycling through thousands of different client IP addresses.

  * Updated defense against remote clients or servers that 'trickle'
    SMTP or LMTP traffic. This replaces the old per-record deadlines
    with per-request deadlines and minimum data rates.

  * Many typofixes by raf and Wietse.


3.7.1 (2022-04-18)

  * (problem introduced: Postfix 2.7) The milter_header_checks maps
    are now opened before the cleanup(8) server enters the chroot
    jail. Problem reported by Jesper Dybdal.

  * In an internal client module, "host or service not found" was
    a fatal error, causing the milter_default_action setting to be
    ignored. It is now a non-fatal error, just like a failure to
    connect. Problem reported by Christian Degenkolb.

  * The proxy_read_maps default value was missing up to 27 parameter
    names. The corresponding lookup tables were not automatically
    authorized for use with the proxymap(8) service. The parameter
    names were ending in _checks, _reply_footer, _reply_filter,
    _command_filter, and _delivery_status_filter.

  * (problem introduced: Postfix 3.0) With dynamic map loading
    enabled, an attempt to create a map with "postmap regexp:path"
    would result in a bogus error message "Is the postfix-regexp
    package installed?" instead of "unsupported map type for this
    operation". This happened with all non-dynamic map types (static,
    cidr, etc.) that have no 'bulk create' support. Problem reported
    by Greg Klanderman.

  * In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem
    reported by Carlos Velasco.

  * Documented in the postlogd(8) daemon manpage that the Postfix
    >= 3.7 postlog(1) command can run with setgid permissions.

3.7.2 (2022-04-28)

This reverts an overly complex change in the postscreen SMTP engine
(made during Postfix 3.7 development), and replaces it with much
simpler code. The bad change was crashing postscreen on some systems
after receiving malformed input (for example, a TLS "hello" message).
2022-07-21 15:08:39 +00:00
wiz
8292204475 *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
bsiegert
9cafd665d8 postfix: FreeBSD 13 support
makedefs already contains the FreeBSD 12 stanza but not version 13.
From cubadevelop via Github Pull Request.

Fixes NetBSD/pkgsrc#97
2022-06-11 10:27:04 +00:00
adam
f5e35d538b revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
triaxx
2fa06adf25 postfix: Update to 3.6.4
upstream changes:
-----------------
 Fixed in Postfix 3.6.4, 3.5.14, 3.4.24, 3.3.21:
  o Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
    entries in postconf output. This was caused by an incomplete fix to send
    SMTP session transcripts to $bounce_notice_recipient. Reported by Vincent
    Lefevre.
  o Bug introduced in Postfix 3.0: the proxymap daemon did not automatically
    authorize proxied maps inside pipemap (example:
    pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem reported
    by Mirko Vogt.
  o Bug introduced in Postfix 2.5: off-by-one error while writing a string
    terminator. This code passed all memory corruption tests, presumably
    because it wrote over an alignment padding byte, or over an adjacent
    character byte that was never read. Reported by Robert Siemer.

Fixed in Postfix 3.6.4, 3.5.14, 3.4.24:
  o The proxymap daemon did not automatically authorize map features added
    after Postfix 3.3, caused by missing *_maps parameter names in the
    proxy_read_maps default value. Found during code maintenance.
2022-01-26 17:41:31 +00:00
adam
b6fb8754c9 postfix: add -headerpad_max_install_names for Darwin builds 2021-12-18 10:50:33 +00:00
adam
017e463c6a postfix: fix install on macOS 2021-12-15 20:54:00 +00:00
adam
b6d9bd86bc revbump for icu and libffi 2021-12-08 16:01:42 +00:00
taca
414203826f mail/postfix: update to 3.6.3
Quote from release announce:

Fixed in Postfix 3.6.3, 3.5.13, 3.4.23, 3.3.20:

  * (problem introduced in Postfix 2.4, released in 2007): queue
    file corruption after a Milter (for example, MIMEDefang) made
    a request to replace the message body with a copy of that message
    body plus additional text (for example, a SpamAssassin report).

    The most likely impacts were a) the queue manager reporting a
    fatal error resulting in email delivery delays, or b) the queue
    manager reporting the corruption and moving the message to the
    corrupt queue for damaged messages.

    However, a determined adversary could craft an email message
    that would trigger the bug, and insert into its queue file a
    content filter destination or a redirect email address. Postfix
    would then deliver the message headers there, in most cases
    without delivering the message body. With enough experimentation,
    an attacker could make Postfix deliver both the message headers
    and body.

    Some details of a successful attack depend on the Milter
    implementation, and on the Postfix and Milter configuration
    details; these can be determined remotely through experimentation.
    Failed experiments may be detected when the queue manager
    terminates with a fatal error, or when the queue manager moves
    damaged files to the "corrupt" queue as evidence.

    Technical details: when Postfix executes a "replace body" Milter
    request it will reuse queue file storage that was used by the
    existing email message body. If the new body is larger, Postfix
    will append body content to the end of the queue file. The
    corruption happened when a Milter (for example, MIMEDefang)
    made a request to replace the body of a message with a new body
    that contained a copy of the original body plus some new text,
    and the original body contained a line longer than $line_length_limit
    bytes (for example, an image encoded in base64 without hard or
    soft line breaks). In queue files, Postfix stores a long text
    line as multiple records with up to $line_length_limit bytes
    each. Unfortunately, Postfix's "replace body" support did not
    account for the additional queue file space needed to store the
    second etc. record headers. And thus, the last record(s) of a
    long text line could overwrite one or more queue file records
    immediately after the space that was previously occupied by the
    original message body.

    Problem report by Benoit Panizzon.

  * (problem introduced in Postfix 2.10, released in 2012): The
    postconf "-x" option could produce incorrect output, because
    multiple functions were implicitly sharing a buffer for
    intermediate results. Problem report by raf, root cause analysis
    by Viktor Dukhovni.

  * (problem introduced in Postfix 2.11, released in 2013): The
    check_ccert_access feature worked as expected, but produced a
    spurious warning when Postfix was built without SASL support.
    Fix by Brad Barden.

  * Fix for a compiler warning due to a missing 'const' qualifier
    when compiling Postfix with OpenSSL 3. Depending on compiler
    settings this could cause the build to fail.

Fixed in Postfix 3.6:

  * The known_tcp_ports settings had no effect. It also wasn't fully
    implemented. Problem report by Peter.

  * Fix for missing space between a hostname and warning text.
2021-11-08 13:58:09 +00:00
nia
f413f7fded mail: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched
conditionally?):

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
2021-10-26 10:53:53 +00:00
nia
be020196fe mail: Remove SHA1 hashes for distfiles 2021-10-07 14:25:11 +00:00
khorben
48d13e835c postfix: let the RC script work unprivileged
This takes advantage of the introduction of the SYSCONFBASE variable.
Tested on NetBSD/amd64.

Bumps PKGREVISION.
2021-08-29 21:04:55 +00:00
taca
c7167c73a7 mail/postfix: add blocklist PKG_OPTIONS and fix build problem
* Add blocklist PKG_OPTIONS.
* Fix build problem on no blocklist/blacklist supported system.
  (Reported by Matthias Ferdinand on pkgsrc-users@.)

Bump PKGREVISION.
2021-08-14 08:58:20 +00:00
taca
50a7d03c92 mail/postfix: update to 3.6.2
* pkgsrc change: Add supportfor blocklistd(3) (and blacklistd(3)).

* From release annuonce:

Fixed in Postfix 3.6.2, 3.5.12, 3.4.22, 3.3.19:

  * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
    error in the compatibility_level parser, because there was no
    'errno = 0' statement before an strtol() call. In Postfix
    3.3-3.5, fixed two older latent bugs of this kind (introduced
    in 1999 and in Postfix 2.11). Problem reported by David Bohman.

  * (problem introduced in Postfix 3.3) "Null pointer read" error
    in the cleanup daemon when "header_from_format = standard" (the
    default as of Postfix 3.3), and email was submitted with
    /usr/sbin/sendmail without From: header, and an all-space full
    name was specified in 1) the password file, 2) with "sendmail
    -F", or 3) with the NAME environment variable. Found by Renaud
    Metrich.

  * (problem introduced in Postfix 2.4) False "too many reverse
    jump" warnings in the showq daemon, because loop detection code
    was comparing memory addresses instead of queue file names.
    Reported by Mehmet Avcioglu.

  * (problem introduced in 1999) The Postfix SMTP server was sending
    all session transcripts to the error_notice_recipient (default:
    postmaster), instead of sending transcripts of bounced mail to
    the bounce_notice_recipient (default: postmaster). Reported by
    Hans van Zijst.

Fixed in Postfix 3.6.2, 3.5.12, 3.4.22:

  * The texthash: map implementation broke tls_server_sni_maps,
    because it did not support multi-file inputs. Reported by
    Christopher Gurnee, who also found an instance of the missing
    code in the "postmap -F" source code. File: util/dict_thash.c.
2021-07-26 15:38:10 +00:00
taca
0acd48f0fd mail/postfix: update to 3.6.1
3.6.1 (2021-06-14)

Fixed in Postfix 3.6.1, 3.5.11, 3.4.21, 3.3.18:

  * Bugfix (introduced: Postfix 2.11): the command "postmap
    lmdb:/file/name" (create LMDB database from textfile) handled
    duplicate input keys ungracefully, discarding entries stored
    up to and including the duplicate key, and causing a double
    free() call with lmdb versions 0.9.17 and later. Reported by
    Adi Prasaja; double free() root cause analysis by Howard Chu.

Fixed in Postfix 3.6.1, 3.5.11, 3.4.21:

  * Typo (introduced: Postfix 3.4): silent_discard should be
    silent-discard in BDAT_README.
2021-06-14 14:29:47 +00:00
taca
fea58a0c3f mail/postfix: update to 3.6.0
Postfix stable release 3.6.0 is available. This ends the support
for legacy release Postfix 3.2.

The main changes are below. See the RELEASE_NOTES file for further
details.

Incompatible changes:

  * This release requires "postfix stop" before updating, or before
    backing out to an earlier release, because some internal protocols
    have changed. Otherwise, long-running daemons (pickup, qmgr,
    verify, tlsproxy, postscreen) may fail to communicate with the
    rest of Postfix, causing mail delivery delays until Postfix is
    restarted.

  * Respectful logging. Postfix version 3.6 deprecates terminology
    that implies white is better than black. Instead, Postfix prefers
    'allowlist', 'denylist', and variations on those words. This
    change affects Postfix documentation, and postscreen parameters
    and logging.

    To keep the old postscreen logging set "respectful_logging =
    no" in main.cf before setting "compatibility_level = 3.6".  In
    any case, the old postscreen parameter names will keep working
    as before.

Other changes:

  * The minimum supported OpenSSL version is 1.1.1, which will reach
    the end of life by 2023-09-11. Postfix 3.6 is expected to reach
    the end of support in 2025. Until then, Postfix will be updated
    as needed for compatibility with OpenSSL.

    The default fingerprint digest has changed from md5 to sha256
    (Postfix 3.6 with compatibility_level >= 3.6). With a lower
    compatibility_level setting, Postfix defaults to using md5, and
    logs a warning when a Postfix configuration specifies no explicit
    digest type.

    The export-grade Diffie-Hellman key exchange is no longer
    supported, and the tlsproxy_tls_dh512_param_file parameter is
    ignored,

  * Better error messages when someone configures an incorrect
    program in master.cf. To recognize such mistakes, every Postfix
    internal service, including the postdrop command, announces the
    name of its protocol before doing any other I/O, and every
    Postfix client program, including the Postfix sendmail command,
    will verify that the protocol name matches what it expects.

  * Fine-grained control over the envelope sender address for
    submission with the Postfix sendmail (or postdrop) commands.

    Example:

    /etc/postfix/main.cf:
        # Allow root and postfix full control, anyone else can only
        # send mail as themselves. Use "uid:" followed by the numerical
        # UID when the UID has no entry in the UNIX password file.
        local_login_sender_maps =
            inline:{ { root = *}, { postfix = * } },
            pcre:/etc/postfix/login_senders

    /etc/postfix/login_senders:
       # Allow both the bare username and the user@domain forms.
        /(.+)/ $1 $1@example.com

  * Threaded bounces. This allows mail readers to present a
    non-delivery, delayed delivery, or successful delivery notification
    in the same email thread as the original message.

    Unfortunately, this also makes it easy for users to mistakenly
    delete the whole email thread (all related messages), instead
    of deleting only the delivery status notification.

    To enable, specify "enable_threaded_bounces = yes".

  * Postfix by default no longer uses the services(5) database to
    look up the TCP ports for SMTP and LMTP services. Instead, this
    information is configured with the new known_tcp_ports configuration
    parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
    submission=587). When a service is not specified in known_tcp_ports,
    Postfix will still query the services(5) database.

  * Starting with Postfix version 3.6, the compatibility level is
    "3.6". In future Postfix releases, the compatibility level will
    be the Postfix version that introduced the last incompatible
    change. The level is formatted as 'major.minor.patch', where
    'patch' is usually omitted and defaults to zero. Earlier
    compatibility levels are 0, 1 and 2.

    This also introduces main.cf and master.cf support for the
    <=level, < level, and other operators to compare compatibility
    levels. With the standard <=, <, etc. operators, compatibility
    level 3.10 would be less than 3.9, which is undesirable.
2021-06-02 15:29:56 +00:00
wiz
6eae1297d5 *: recursive bump for perl 5.34 2021-05-24 19:49:01 +00:00
wiz
98c32284f1 postfix: remove non-existent download site 2021-05-02 12:11:51 +00:00
triaxx
22f39bdbbb postfix: Update to 3.5.10
upstream changes:
-----------------
Fixed in 3.5.10:
  o Missing null pointer checks (introduced in Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni.
  o Null pointer bug (introduced in Postfix 3.0) and memory leak (introduced in Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni.
  o Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
  o Missing null pointer check (introduced: Postfix alpha) after null argv[0] value.
2021-04-26 15:26:08 +00:00
adam
9d0e79c401 revbump for textproc/icu 2021-04-21 11:40:12 +00:00
triaxx
a10bc1a847 postfix: Update to 3.5.9
upstream changes:
-----------------
This update improves the reporting of DNSSEC problems that may affect DANE
security. DNSSEC support may unavailable because of local configuration, libc
incompatibility, or other infrastructure issues. This was backported from
Postfix 3.6.

Background: DNSSEC validation is needed for Postfix DANE support; this ensures
that Postfix receives TLSA records with secure TLS server certificate info.
When DNSSEC validation is unavailable, mail deliveries using opportunistic DANE
(security level 'dane') will not be protected by server certificate info in
TLSA records, and mail deliveries using mandatory DANE (security level
'dane-only') will not be made at all.

This update introduces the following behavior: when a process requests DNSSEC
support (typically, for Postfix DANE support), the process may now do a runtime
test to determine if DNSSEC validation is available.

The new dnssec_probe parameter specifies a DNS query type (default: "ns") and
DNS query name (default: ".") that Postfix may use to determine whether DNSSEC
validation is available. Specify an empty value to disable this feature.

When dnssec_probe is enabled, a Postfix process will send a DNSSEC probe after
1) the process made a DNS query that requested DNSSEC validation, 2) the
process did not receive a DNSSEC validated response to this query or to an
earlier query, and 3) the process did not already send a DNSSEC probe.

When the DNSSEC probe has no response, or when the response is not DNSSEC
validated, Postfix logs a warning that DNSSEC validation may be unavailable.
Examples:

warning: DNSSEC validation may be unavailable
warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated
warning: reason: dnssec_probe 'ns:.' received no response: Server failure

With this update, the Postfix build system will no longer automatically disable
DNSSEC support when it determines that Postfix will use libc-musl. This removes
the earlier libc-musl workaround introduced with Postfix 3.2.15, 3.3.10,
3.4.12, and 3.5.2.
2021-01-21 16:37:59 +00:00
adam
676097529a postfix: updated to 3.5.8
Fixed in Postfix version 3.5.8:

[Postfix 3.5 and later] The Postfix SMTP client inserted <CR><LF> into message headers with lines longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. Reported by Andreas Weigel.

Fixed in Postfix versions 3.5.8, 3.4.18, 3.3.15, 3.2.20:

[Postfix 2.8 and later] The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: lookup table is used, but it could result in stale data with other lookup tables.

[Postfix 2.3 and later] After deleting a recipient with a Milter, the Postfix recipient duplicate filter was not updated; the filter suppressed requests to add the recipient back. Reported by Mehmet Avcioglu.

[Postfix 2.3 and later] Memory leak: the static: maps did not free their casefolding buffer.

[Postfix 2.2 and later] With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a TLS handshake, after processing an XCLIENT command. Reported by Aki Tuomi.

[Postfix 2.0 and later] The smtp_sasl_mechanism_filter implementation ignored table lookup errors, treating them as 'not found'.

[Postfix alpha and later] The code that looks for Delivered-To: headers ignored headers longer than $line_length_limit (default: 2048).
2020-11-22 11:14:44 +00:00
ryoon
2831546220 *: Recursive revbump from textproc/icu-68.1 2020-11-05 09:07:25 +00:00
nia
ae90e11b10 postfix: Needs m4 tool 2020-10-26 17:04:57 +00:00
wiz
00da7815c0 *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
otis
5ff70a33d9 mail/postfix: Update to 3.5.7
Changelog:
With "smtp_tls_connection_reuse = yes", tlsproxy(8) was using the wrong global
TLS context for connections that use DANE trust anchors or that use non-DANE
trust anchors. This resulted in a global certificate verify function pointer
race, between TLS handshakes that use trust achors and concurrent TLS
handshakes that use PKI. No memory was corrupted in the course of all this.

Reference: http://www.postfix.org/announcements/postfix-3.5.7.html
2020-08-31 13:07:46 +00:00
triaxx
cb7c060070 postfix: Update to 3.5.6
upstream changes:
-----------------
Fixed in Postfix versions 3.5.6, 3.4.16, 3.3.14, 3.2.19:

  * One fix for memory leaks in the Postfix TLS library was back-ported to the wrong place, resulting in undefined program behavior.

Fixed in Postfix versions 3.5.6, 3.4.16:

  * The workaround for allowed TLS protocol versions did not explictly override the system-wide OpenSSL configuration, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry.

 Fixed in Postfix versions 3.5.5, 3.4.15, 3.3.13, 3.2.18:

  * Workaround for unexpected TLS interoperability problems when Postfix runs on OS distributions with system-wide OpenSSL configurations.

  * Memory leaks in the Postfix TLS library, the largest one involving multiple kBytes per peer certificate.
2020-08-27 13:57:14 +00:00
taca
652c5e8d1c mail/postfix: update to 3.5.4
Update postfix to 3.5.4.


Fixed in Postfix 3.5.4, 3.4.14:

  * The connection_reuse attribute in smtp_tls_policy_maps always
    resulted in an "invalid attribute name" error. Fix by Thorsten
    Habich.

  * SMTP over TLS connection reuse always failed for Postfix SMTP
    client configurations that specify explicit trust anchors (remote
    SMTP server certificates or public keys). Reported by Thorsten
    Habich.

Fixed in Postfix versions 3.5.4, 3.4.14, 3.3.12, 3.2.17:

  * The Postfix SMTP client's DANE implementation would always send
    an SNI option with the name in a destination's MX record, even
    if the MX record pointed to a CNAME record. MX records that
    point to CNAME records are not conformant with RFC5321, and so
    are rare.

    Based on the DANE survey of ~2 million hosts it was found that
    with the corrected SMTP client behavior, sending SNI with the
    CNAME-expanded name, the SMTP server would not send a different
    certificate. This fix should therefore be safe.
2020-06-30 15:00:45 +00:00
taca
758932859e mail/postfix: update to 3.5.3
Update postfix and related pacakges to 3.5.3.


Quote freom release announce.

Postfix 3.5.3, 3.4.13:

  * TLS handshake failure in the Postfix SMTP server during SNI
    processing, after the server-side TLS engine sent a TLSv1.3
    HelloRetryRequest (HRR) to a remote SMTP client. Reported by
    J??n M??t??, fixed by Viktor Dukhovni.

Postfix versions 3.5.3, 3.4.13, 3.3.11, 3.2.16:

  * The command "postfix tls deploy-server-cert" did not handle a
    missing optional argument. This bug was introduced in Postfix
    3.1.
2020-06-15 15:43:32 +00:00
adam
6bd0c30da6 Revbump for icu 2020-06-02 08:22:31 +00:00
triaxx
4b60e2905a postfix: update to 3.5.2
upstream changes:
-----------------
 Postfix versions 3.5.2, 3.4.12, 3.2.10, 3.2.15:
  * A TLS error for a database client caused a false 'lost connection' error for an SMTP over TLS session in the same Postfix process. Reported by Alexander Vasarab, diagnosed by Viktor Dukhovni. This bug was introduced with Postfix 2.2.
  * The same bug existed in the tlsproxy(8) daemon, where a TLS error for one TLS session could cause a false 'lost connection' error for a concurrent TLS session in the same process. This bug was introduced with Postfix 2.8.
  * The Postfix build now disables DANE support on Linux systems with libc-musl, because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation.
  * Due to implementation changes in the ICU library, some Postfix daemons reported file access errrors (U_FILE_ACCESS_ERROR) after chroot(). This was fixed by initializing the ICU library before making the chroot() call.
  * Minor code changes to silence a compiler that special-cases string literals.

Postfix 3.5.2, 3.4.12:
  * Segfault in the tlsproxy(8) client role when the server role was disabled. This typically happened on systems that do not receive mail, after configuring connection reuse for outbound SMTP over TLS.
  * The date portion of the maillog_file_rotate_suffix default value used the minute (%M) instead of the month (%m). Reported by Larry Stone.
2020-05-18 14:21:53 +00:00
taca
ca7830d27a mail/postfix: update to 3.5.1
Update postfix to 3.5.1.


3.5.0 (2020-03-16)

Postfix stable release 3.5.0 is available. Support has ended for
legacy release Postfix 3.1.

The main changes are below. See the RELEASE_NOTES file for further details.

  * Support for the haproxy v2 protocol. The Postfix implementation
    supports TCP over IPv4 and IPv6, as well as non-proxied
    connections; the latter are typically used for heartbeat tests.

  * Support to force-expire email messages. This introduces new
    postsuper(1) command-line options to request expiration, and
    additional information in mailq(1) or postqueue(1) output.

  * The Postfix SMTP and LMTP client support a list of nexthop
    destinations separated by comma or whitespace. These destinations
    will be tried in the specified order. Examples:

    /etc/postfix/main.cf:
        relayhost = foo.example, bar.example
        default_transport = smtp:foo.example, bar.example

Incompatible changes:

  * Logging: Postfix daemon processes now log the from= and to=
    addresses in external (quoted) form in non-debug logging (info,
    warning, etc.). This means that when an address localpart
    contains spaces or other special characters, the localpart will
    be quoted, for example:

	from=<"name with spaces"@example.com>

    Specify "info_log_address_format = internal" for backwards compatibility.

  * Postfix now normalizes IP addresses received with XCLIENT,
    XFORWARD, or with the HaProxy protocol, for consistency with
    direct connections to Postfix. This may change the appearance
    of logging, and the way that check_client_access will match
    subnets of an IPv6 address.


3.5.1 (2020-04-20)

Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14:

  * Bitrot workaround for broken builds after an incompatible change
    in GCC 10.

  * Bitrot workaround for broken DANE/DNSSEC support after an
    incompatible change in GLIBC 2.31. This change avoids the need
    for new options in /etc/resolv.conf.
2020-04-26 09:33:25 +00:00
adam
24daafa112 Recursive revision bump after textproc/icu update 2020-04-12 08:27:48 +00:00
triaxx
668bd34850 postfix: update to 3.4.9
upstream changes:
-----------------
 Fixed in all supported stable releases:

    Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). Reported by Jaroslav Skarvada.

    Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. Problem reported by David Bürgin.

    Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance.
2020-02-11 20:40:27 +00:00
triaxx
c655d85235 mail/postfix: fix insufficient permissions for var/spool/postfix/...
pkgsrc changes:
---------------
  * Remove the subdirectories of var/spool/postfix to avoid insufficient
    permissions when upgrading (Thanks Matthias!).
2020-01-28 08:16:51 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
triaxx
1f7f0659c6 postfix: update to 3.4.8
upstream changes:
-----------------
    Fix for an Exim interoperability problem when postscreen after-220 checks
    are enabled. Bug introduced in Postfix 3.4: the code that detected
    "PIPELINING after BDAT" looked at the wrong variable. The warning now says
    "BDAT without valid RCPT", and the error is no longer treated as a command
    PIPELINING error, thus allowing mail to be delivered. Meanwhile, Exim has
    been fixed to stop sending BDAT commands when postscreen rejects all RCPT
    commands.

    Usability bug, introduced in Postfix 3.4: the parser for key/certificate
    chain files rejected inputs that contain an EC PARAMETERS object. While
    this is technically correct (the documentation says what types are allowed)
    this is surprising behavior because the legacy cert/key parameters will
    accept such inputs. For now, the parser skips object types that it does not
    know about for usability, and logs a warning because ignoring inputs is not
    kosher.

    Bug introduced in Postfix 2.8: don't gratuitously enable all after-220
    tests when only one such test is enabled. This made selective tests
    impossible with 'good' clients. This will be fixed in older Postfix
    versions at some later time.
2019-12-09 08:45:14 +00:00
rillig
f31693dd3a mail: align variable assignments
pkglint -Wall -F --only aligned -r

No manual corrections.
2019-11-02 16:25:17 +00:00
triaxx
d91490f21b postfix: Update to 3.4.7
upstream changes:
-----------------
* Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of
  error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS
  connection reuse.
* Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an
  error result value, causing logfile noise.
* Configuration: the new 'TLS fast shutdown' parameter name was implemented
  incorrectly. The documentation said "tls_fast_shutdown_enable", but the code
  said "tls_fast_shutdown". This was fixed by changing the code, because no-one
  is expected to override the default.
* Performance: workaround for poor TCP loopback performance on LINUX, where
  getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that
  is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or
  server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix
  chooses a VSTREAM buffer size that is a small multiple of the reported bogus
  MSS. This workaround increases the multiplier from 2x to 4x.
* Robustness: the Postfix Dovecot client could segfault (null pointer read) or
  cause an SMTP server assertion to fail when talking to a fake Dovecot server.
  The Postfix Dovecot client now logs a proper error instead. Problem reported
  by Tim Düsterhus.
2019-09-23 20:00:07 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
triaxx
6170c7d4a1 postfix: update to 3.4.6
pkgsrc changes:
---------------
  * change COMMENT to make pkglint happy (inspired by http://www.postfix.org/)
  * update PLIST using make print-PLIST (missing @pkgdir)

upstream changes:
-----------------
20181125

	Cleanup: dict_file_to_xxx() takes a list of file names
	separated by CHARS_COMMA_SP. Shoe-horned into the existing
	API, make it nicer when there is time. File: util/dict_file.c.

20181127

	Cleanup: encapsulated clumsy 'read into VSTRING' code with
	easier-to-use vstream_fread_buf() and vstream_fread_app()
	primitives. Files: global/memcache_proto.c, global/record.c,
	global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c,
	global/xtext.c, milter/milter8.c, util/dict_file.c,
	util/hex_quote.c, util/netstring.c, util/vstream.c,
	util/vstream.h. Verified with "make tests".

	Cleanup: simplified the smtp_fread() API (introduced for
	BDAT support), and changed the name to smtp_fread_buf().
	Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with
	~megabyte BDAT commands.

	Cleanup: simplified a tlsproxy-internal API. File:
	tlsproxy/tlsproxy.c.

20181128

	Initial support for key/certificate chain files that will
	replace the proliferation of separate parameters for
	RSA/DSA/ECC/etc. key and certificate files. Viktor
	Dukhovni.

20181201

	Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET()
	calls with safe vstring_set_payload_size() calls, in code
	that directly writes into VSTRING. Files: tls/tls_session.c,
	tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h,
	xsasl/xsasl_cyrus_client.c.

	Cleanup: postscreen_command_time_limit did not need to be
	a 'raw' parameter. This makes "postconf -x" behavior more
	consistent. Files: global/mail_params.h, postscreen/postscreen.c.

	Documentation: added text that the following parameter
	values are not subject to Postfix parameter $name expansion:
	default_rbl_reply, command_execution_directory, luser_relay,
	smtpd_reject_footer. These have their own documented $name
	substitution mechanism. File: proto/postconf.proto.

20181202

	Bugfix: posttls-finger reported an error for UNIX-domain
	connections, even if they did not fail. Found by Coverity.
	File: posttls-finger/posttls-finger.c.

20181208

	Documentation: add even more redundancy to the rate-delay
	description. File: proto/postconf.proto.

20181210

	Cleanup: code deduplication. File: util/dict_file.c.

20181226

	Cleanup: code deduplication and better encapsulation with
	PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros.
	Files: postscreen/postscreen.h, postscreen/postscreen_state.c.

	Documentation: POSTSCREEN_README did not describe the
	postscreen_post_queue_limit, and attributed the wrong reject
	message to the postscreen_pre_queue_limit. Problem reported
	by Michael Orlitzky. File: proto/POSTSCREEN_README.html.

	(20181226-nonprod) Compatibility: removed support for OpenSSL
	1.0.1 (not supported since December 31, 2016) and earlier
	releases. This eliminated a large number of #ifdefs with
	bitrot workarounds.  Viktor Dukhovni. Files: global/mail_params.h,
	posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c,
	tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
	tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c,
	tls/tls_session.c.

	(20181226-nonprod) Use the OpenSSL 1.0.2 and later API for
	setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h,
	tls/tls_client.c, tls/tls_dh.c.

	(20181226-nonprod) Documentation update for TLS support.
	Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html,
	proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c.

20181229

	Explicit maps_file_find() and dict_file_lookup() methods
	that decode base64 content. Decoding content is not built
	into the dict->lookup() method, because that would complicate
	the implementation of map nesting (inline, thash), map
	composition (pipemap, unionmap), and map proxying.  For
	consistency, decoding base64 file content is also not built
	into the maps_find() method. Files: util/dict.h.
	util/dict_file.c, global/maps.[hc], postmap/postmap.c.

20190106

        Documentation: documented the SRC_RHS_IS_FILE flag in
        dict_open.c, and updated the -F description in the postmap
        manpage. Files: util/dict_open.c, postmap/postmap.c.

	(20190106-nonprod) Feature: support for files that combine
	multiple (key, certificate, trust chain) instances in one
	file, to avoid separate files for RSA, DSA, Elliptic Curve,
	and so on. Viktor Dukhovni. Files: .indent.pro,
	global/mail_params.h, posttls-finger/posttls-finger.c,
	smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c,
	smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c,
	tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c,
	tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c,
	tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c.

	(20190106-nonprod) Create a second, no-key no-cert, SSL_CTX
	for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h,
	src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c.

	(20190106-nonprod) Server-side SNI support. Viktor Dukhovni.
	Files: src/global/mail_params.h, src/smtp/smtp.c,
	src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c,
	src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c,

	(20190106-nonprod) Configurable client-side SNI signal.
	Viktor Dukhovni. Files: global/mail_params.h,
	posttls-finger/posttls-finger.c, smtp/lmtp_params.c,
	smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c,
	smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c,
	tls/tls_proxy.h, tls/tls_proxy_client_print.c,
	tls/tls_proxy_client_scan.c.

20190121

	Logging: support for internal logging file, without using
	syslog (it uses the new postlogd daemon instead). This
	solves a usability problem for MacOS, may help getting
	around systemd, and solves 99% of the problem for logging
	to stdout in a container (hopefully we have 100% soon).
	Enable by setting, for example, "maillog_file =
	/var/log/postfix.log").  This works fine for daemons, and
	with some limitations for non-daemon programs.  See
	RELEASE_NOTES for more details.  Files: conf/master.cf,
	conf/post-install, conf/postfix-files, conf/postfix-script,
	mantools/postlink, proto/master, proto/postconf.proto,
	global/mail_params.c, global/mail_params.h, global/mail_proto.h,
	global/maillog_client.c, global/maillog_client.h,
	master/dgram_server.c, master/event_server.c, master/mail_server.h,
	master/master.c, master/master.h, master/master_ent.c,
	master/master_listen.c, master/master_proto.h,
	master/master_wakeup.c, master/multi_server.c,
	master/single_server.c, master/trigger_server.c,
	postalias/postalias.c, postconf/postconf_master.c,
	postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c,
	postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c,
	postmulti/postmulti.c, postqueue/postqueue.c,
	postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h,
	util/listen.h, util/logwriter.c, util/logwriter.h,
	util/msg_logger.c, util/msg_logger.h, util/msg_output.c,
	util/msg_output.h, util/unix_dgram_connect.c,
	util/unix_dgram_listen.c.

	Cleanup: cert/key/chain loading, plus unit tests to exercise
	non-error and error cases. Viktor Dukhovni. Files: tls/*.pem,
	tls*.pem.ref, tls/tls_certkey.c.

20190126

	Safety: Postfix programs will log to either syslog or postlog
	but not both; and postlogd forwards postlog logging to
	syslog, when a configuration change removes the maillog_file
	pathname, but some programs still use the old configuration.
	Files: util/msg_syslog.[hc], util/msg_logger.c,
	global/maillog_client.c, postlogd/postlogd.c,

	Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog
	pipe file descriptor leak. This pipe provides one source
	of liveness, data from this pipe is discarded, and therefore
	this does not enable privilege escalation or DOS. File:
	util/watchdog.c.

	Feature: stdout logging support; requires "postfix start-fg"
	and "maillog_file = /dev/stdout". Files: master/master.c,
	conf/postfix-script.

20190127

	Safety: when maillog_file is specified, 'postfix check' now
	requires that the postlog service is enabled in master.cf.
	Otherwise 'postfix start' etc. will log a fatal error. File:
	conf/postfix-script.

	Documentation: added policy_context example. File:
	proto/SMTPD_POLICY_README.html.

20190128

	Testing: run libtls tests under Valgrind. File tls/Makefile.in.

20190129

	Safety: require that $maillog_file matches one of the
	pathname prefixes specified in $maillog_file_prefixes. The
	maillog file is created by root, and the prefixes limit the
	damage from a single configuration error. Files:
	global/mail_params.[hc], global/maillog_client.c.

20191201

	Feature: "postfix logrotate" command with configurable
	compression program and datestamp filename suffix. File:
	conf/postfix-script.

20190202

	Cleanup: log a warning when the client sends a malformed
	SNI; log an info message when the client sends a valid SNI
	that does not match the SNI lookup tables; update the
	FORWARD_SECRECY_README logging examples. Viktor Dukhovni.
	Files: proto/FORWARD_SECRECY_README.html, tls/tls.h,
	tls/tls_client.c, tls/tls_misc.c.

20190208

	Debugging: the master(8) daemon now logs a warning if a
	master.cf entry is defined multiple times. File:
	src/master/master_conf.c.

20190209

	Debugging: tlsproxy(8) now logs more details about unexpected
	configuration differences between the Postfix SMTP client
	and the tlsproxy(8) daemon.

20190210

	Documentation: Postfix 3.4.0 RELEASE NOTES.

	Documentation: added BDAT_README.

	Documentation: global TLS settings. Files: mantools/postlink,
	smtp/smtp.c, tlsproxy/tlsproxy.c.

20190211

	Cleanup: removed obsolete parameters: tls_dane_digest_agility,
	tls_dane_trust_anchor_digest_enable; removed openssl_path
	parameter from configuration difference checks in tlsproxy.
	Files: global/mail_params.h, tls/tls_misc.c,
	tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c,
	tls/tls_proxy_client_scan.c, tls/tls_proxy.h.

20190212

	Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c,
	posttls-finger/posttls-finger.c.

20190217

	Cleanup: when the master daemon runs with PID=1 (init mode),
	reap orhpan processes from non-Postfix code running in the
	same container, instead of terminating with a panic. File:
	master/master_spawn.c.

20190218

	Bugfix: tlsproxy did not enable DANE-style PKI because
	libtls seems to have to accreted multiple init functions
	instead of reusing the tls_client_init() and tls_client_start()
	API. And some functions that do initialization don't even
	have init in their name! Problem report by Andreas Schulze.
	Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c.

	Workaround: Postfix libtls makes DANE-specific changes to
	the shared SSL_CTX. To avoid false sharing, tlsproxy needs
	to label the SSL_CTX cache with DANE bits until we can
	remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c.

	Cleanup: Postfix libtls changed the shared SSL_CTX to
	override ciphers. instead of changing the SSL handle. To
	avoid false sharing in tlsproxy, the changes are now made
	to the SSL handle. Viktor Dukhovni. Files: tls/tls.h,
	tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c.

20190219

	Bugfix: in the Postfix SMTP client, TLS wrappermode was not
	tested in tlsproxy mode. It needed some setup for buffering
	and timeouts. Problem report by Andreas Schulze. File:
	smtp/smtp_proto.c.

20190304

	Bugfix: a reversed test broke TLS configurations that specify
	the same filename for a private key and certificate. Reported
	by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
	test. Files: tls/tls_certkey.c, tls/Makefile.in.

20190310

	Bitrot: LINUX5s support, after some sanity checks with a
	rawhide prerelease version. Files: makedefs, util/sys_defs.h.

	Bugfix (introduced: 20181226): broken DANE trust anchor
	file support, caused by left-over debris from the 20181226
	TLS library overhaul. By intrigeri. File: tls/tls_dane.c.

	Bugfix (introduced: Postfix-1.0.1): null pointer read, while
	logging a warning after a corrupted bounce log file. File:
	global/bounce_log.c.

	Bugfix (introduced: Postfix-2.9.0): null pointer read, while
	logging a warning after a postscreen_command_filter read
	error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c

20190312

	Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
	has been producing false rejects starting with the Postfix
	2.2 smtpd_end_of_data_restrictons, and for the same reasons,
	does the same with the Postfix 3.4 BDAT command. The latter
	was reported by Andreas Schulze. File: smtpd/smtpd_check.c.

20190319

	With message_size_limit=0 (which is NOT DOCUMENTED), BDAT
	chunks were always rejected as too large. File: smtpd/smtpd.c

20190328

	Bugfix (introduced: Postfix 3.0): LMTP connections over
	UNIX-domain sockets were cached but not reused, due to a
	cache lookup key mismatch. Therefore, idle cached connections
	could exhaust LMTP server resources, resulting in two-second
	pauses between email deliveries. This problem was investigated
	by Juliana Rodrigueiro. File: smtp/smtp_connect.c.

20190331

	Documentation: tlsext_padding is not a tls_ssl_options
	feature. File: proto/postconf.proto.

20190401

	Portability: added "#undef sun" to util/unix_dgram_connect.c.

20190403

	Bugfix (introduced: Postfix 2.3): a censoring filter broke
	multiline Milter responses for header/body events. Problem
	report by Andreas Thienemann. Files: util/printable.c,
	util/stringops.h, smtpd/smtpd.c

	Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
	0" no longer meant 'unlimited'. Problem report by Luc Pardon.
	File: smtp/smtp_addr.c.

20190615

	Documentation: updated the BUGS section in the smtp(8) manpage
	about TLS connection reuse. File: smtp/smtp.c.

	Workaround for implementations that hang Postfix while
	shutting down a TLS session, until Postfix times out. With
	"tls_fast_shutdown_enable = yes" (the default), Postfix no
	longer waits for the TLS peer to respond to a TLS 'close'
	request. This is recommended with TLSv1.0 and later. Files:
	global/mail_params.h, tls/tls_session.c, and documentation.

20190621

	Bugfix (introduced: Postfix 3.0): the code to reset Postfix
	SMTP server command counts was not called after a HaProxy
	handshake failure, causing stale numbers to be reported.
	The command counts are now reset in the function that reports
	the counts. File: smtpd/smtpd.c.
2019-07-17 13:33:00 +00:00
triaxx
727f1ad8de postfix: fix PR pkg/54338
pkgsrc changes:
---------------
  * Remove -DHAS_EAI since it does not appear anywhere
  * Add pkg-config to USE_TOOLS since patch-ai introduces it
  * Bump revision since binaries are now linked to icui18n
2019-07-16 15:18:28 +00:00
rillig
c7ff05f63e all: replace SUBST_SED with the simpler SUBST_VARS
pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
2019-05-23 19:22:54 +00:00
taca
8f7ac01ab6 mail/postfix: update to 3.3.3
This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. This is the final update for Postfix
3.0.

Fixed in Postfix 3.3 and later:

  * When the master daemon runs with PID=1 (init mode), it will now
    reap child processes from non-Postfix code running in the same
    container, instead of terminating with a panic. Reported by
    Tamas Gerczei.

Fixed in Postfix 3.0 and later:

  * With smtputf8_enable=yes, table lookups could casefold the
    search string when searching a lookup table that does not use
    fixed-string keys (regexp, pcre, tcp, etc.).

  * With the posttls-finger test program, connections to unix-domain
    servers always resulted in "Failed to establish session" even
    after a connection was established. Reported by Jaroslav Skarva.
2019-04-30 03:41:51 +00:00
ryoon
6fc378bce9 Recursive revbump from textproc/icu 2019-04-03 00:32:25 +00:00
taca
7adc7b3de4 mail/postfix: update to 3.3.2
Changes for all supported stable releases:

  * Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
    features.

      - Updated Postfix TLS documentation examples for TLSv1.3. See
        FORWARD_SECRECY_README.

      - New TLSv1.3-specific attributes in Postfix logging and in
        Postfix "Received:" message headers: key exchange, server
        signature, client signature.

      - New option to selectively disable TLSv1.3 in *_tls_protocols
        settings.

      - New server-side support to avoid issuing multiple session
        tickets.

      - New support to allow OpenSSL >= 1.1.0 run-time micro version
        bumps without logging Postfix warnings about library version
        mismatches.

Fixed in all stable releases:

  * Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8",
    because some lookup table was using "EHLO_MASK_SMTPUTF8" instead.

  * Bugfix: minor memory leak in DANE support when minting issuer
    certs. This affects a tiny minority of use cases.

Fixed in Postfix 3.3.2:

  * Bugfix: the Postfix build did not abort if the m4 command was
    not installed, resulting in a broken postconf command.
2018-12-15 16:35:23 +00:00
adam
16dd5de231 revbump after updating textproc/icu 2018-12-09 18:51:58 +00:00
wiz
93b46879c7 Recursive bump for perl5-5.28.0 2018-08-22 09:43:40 +00:00