--- - branch: MAIN date: Thu Jul 21 15:08:40 UTC 2022 files: - new: '1.337' old: '1.336' path: pkgsrc/mail/postfix/Makefile pathrev: pkgsrc/mail/postfix/Makefile@1.337 type: modified - new: '1.41' old: '1.40' path: pkgsrc/mail/postfix/Makefile.common pathrev: pkgsrc/mail/postfix/Makefile.common@1.41 type: modified - new: '1.33' old: '1.32' path: pkgsrc/mail/postfix/PLIST pathrev: pkgsrc/mail/postfix/PLIST@1.33 type: modified - new: '1.202' old: '1.201' path: pkgsrc/mail/postfix/distinfo pathrev: pkgsrc/mail/postfix/distinfo@1.202 type: modified - new: '1.31' old: '1.30' path: pkgsrc/mail/postfix-sqlite/Makefile pathrev: pkgsrc/mail/postfix-sqlite/Makefile@1.31 type: modified - new: '1.42' old: '1.41' path: pkgsrc/mail/postfix/patches/patch-ag pathrev: pkgsrc/mail/postfix/patches/patch-ag@1.42 type: modified - new: '1.45' old: '1.44' path: pkgsrc/mail/postfix/patches/patch-ai pathrev: pkgsrc/mail/postfix/patches/patch-ai@1.45 type: modified id: 20220721T150840Z.ccd5da20209ea8aa855feeaf6cd2964b6c902746 log: | mail/postfix: update to 3.7.2 3.7.0 (2022-02-07) * Support to inline the content of small cidr:, pcre:, and regexp: tables in Postfix parameter values. An example is the new smtpd_forbidden_commands default value, "CONNECT GET POST regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from clients that send garbage. * To make the maillog_file feature more useful, including stdout logging from a container, the postlog(1) command is now set-gid postdrop, so that unprivileged programs can use it to write logging through the postlogd(8) daemon. This required hardening the postlog(1) command against privilege escalation attacks. * Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18. * Postfix programs now randomize the initial state of in-memory hash tables, to defend against hash collision attacks involving a large number of attacker-chosen lookup keys. Presently, the only known opportunity for such attacks involves remote SMTP client IPv6 addresses in the anvil(8) service, and requires making hundreds of short-lived connections per second while cycling through thousands of different client IP addresses. * Updated defense against remote clients or servers that 'trickle' SMTP or LMTP traffic. This replaces the old per-record deadlines with per-request deadlines and minimum data rates. * Many typofixes by raf and Wietse. 3.7.1 (2022-04-18) * (problem introduced: Postfix 2.7) The milter_header_checks maps are now opened before the cleanup(8) server enters the chroot jail. Problem reported by Jesper Dybdal. * In an internal client module, "host or service not found" was a fatal error, causing the milter_default_action setting to be ignored. It is now a non-fatal error, just like a failure to connect. Problem reported by Christian Degenkolb. * The proxy_read_maps default value was missing up to 27 parameter names. The corresponding lookup tables were not automatically authorized for use with the proxymap(8) service. The parameter names were ending in _checks, _reply_footer, _reply_filter, _command_filter, and _delivery_status_filter. * (problem introduced: Postfix 3.0) With dynamic map loading enabled, an attempt to create a map with "postmap regexp:path" would result in a bogus error message "Is the postfix-regexp package installed?" instead of "unsupported map type for this operation". This happened with all non-dynamic map types (static, cidr, etc.) that have no 'bulk create' support. Problem reported by Greg Klanderman. * In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem reported by Carlos Velasco. * Documented in the postlogd(8) daemon manpage that the Postfix >= 3.7 postlog(1) command can run with setgid permissions. 3.7.2 (2022-04-28) This reverts an overly complex change in the postscreen SMTP engine (made during Postfix 3.7 development), and replaces it with much simpler code. The bad change was crashing postscreen on some systems after receiving malformed input (for example, a TLS "hello" message). module: pkgsrc subject: 'CVS commit: pkgsrc/mail' unixtime: '1658416120' user: taca