---
- branch: MAIN
  date: Tue Jun 30 15:00:45 UTC 2020
  files:
  - new: '1.28'
    old: '1.27'
    path: pkgsrc/mail/postfix/Makefile.common
    pathrev: pkgsrc/mail/postfix/Makefile.common@1.28
    type: modified
  - new: '1.187'
    old: '1.186'
    path: pkgsrc/mail/postfix/distinfo
    pathrev: pkgsrc/mail/postfix/distinfo@1.187
    type: modified
  id: 20200630T150045Z.066473616e6db852d4fd2d38cd3d7712368591c3
  log: |
    mail/postfix: update to 3.5.4

    Update postfix to 3.5.4.

    Fixed in Postfix 3.5.4, 3.4.14:

      * The connection_reuse attribute in smtp_tls_policy_maps always
        resulted in an "invalid attribute name" error. Fix by Thorsten
        Habich.

      * SMTP over TLS connection reuse always failed for Postfix SMTP
        client configurations that specify explicit trust anchors (remote
        SMTP server certificates or public keys). Reported by Thorsten
        Habich.

    Fixed in Postfix versions 3.5.4, 3.4.14, 3.3.12, 3.2.17:

      * The Postfix SMTP client's DANE implementation would always send
        an SNI option with the name in a destination's MX record, even
        if the MX record pointed to a CNAME record. MX records that
        point to CNAME records are not conformant with RFC5321, and so
        are rare.

        Based on the DANE survey of ~2 million hosts it was found that
        with the corrected SMTP client behavior, sending SNI with the
        CNAME-expanded name, the SMTP server would not send a different
        certificate. This fix should therefore be safe.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/mail/postfix'
  unixtime: '1593529245'
  user: taca