Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Fri, 6 Sep 2013 14:08:18 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/mail/postfix
To: pkgsrc-changes@NetBSD.org
Reply-To: taca@netbsd.org
Message-Id: <20130906140818.63D7F96@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	taca
Date:		Fri Sep  6 14:08:18 UTC 2013

Modified Files:
	pkgsrc/mail/postfix: Makefile distinfo
	pkgsrc/mail/postfix/patches: patch-ai patch-src_dns_dns__lookup.c

Log Message:
Update postfix to 2.9.8.

Changes:

2.9.8

* TLS Interoperability workaround: turn on SHA-2 digests by force.
  This improves interoperability with clients and servers that
  deploy SHA-2 digests without the required support for TLSv1.2-style
  digest negotiation.

* TLS Performance workaround: the Postfix SMTP server TLS session
  cache had become ineffective because recent OpenSSL versions
  enable session tickets by default, resulting in a different
  ticket encryption key for each smtpd(8) process. The workaround
  turns off session tickets. Postfix 2.11 will enable session
  tickets properly.

* TLS Interoperability workaround: Debian Exim versions before
  4.80-3 may fail to communicate with Postfix and possibly other
  MTAs, with the following Exim SMTP client error message:

      TLS error on connection to server-name [server-address]
      (gnutls_handshake): The Diffie-Hellman prime sent by the
      server is not acceptable (not long enough)

  See the RELEASE_NOTES file for a Postfix SMTP server configuration
  workaround.

* Bugfix (defect introduced: 1997): memory leak while forwarding
  mail with the local(8) delivery agent, in code that handles a
  cleanup(8) server error.

2.9.7

* Bugfix (introduced: Postfix 2.0): when myhostname is not listed in
  mydestination, the trivial-rewrite resolver may log "do not list in both
  mydestination and ". The fix is to re-resolve a domain-less address after
  adding $myhostname as the surrogate domain, so that it pops out with the
  right address-class label. Reported by Quanah Gibson-Mount.

* Bugfix (introduced: Postfix 2.3): don't reuse TCP connections when
  smtp_tls_policy_maps is specified. TLS policies may depend on the remote
  destination, but the Postfix <2.11 SMTP connection cache client does not
  distinguish between different destinations that resolve to the same IP
  address. Victor Duchovni. Found during Postfix 2.11 code maintenance.

* Bugfix (introduced: Postfix 2.2): don't reuse TCP connections when SASL
  authentication is enabled. SASL passwords may depend on the remote SMTP
  server hostname, but the Postfix <2.11 SMTP connection cache client does not
  distinguish between different hostnames that resolve to the same IP
  address. Found during Postfix 2.11 code maintenance.


To generate a diff of this commit:
cvs rdiff -u -r1.265 -r1.266 pkgsrc/mail/postfix/Makefile
cvs rdiff -u -r1.149 -r1.150 pkgsrc/mail/postfix/distinfo
cvs rdiff -u -r1.28 -r1.29 pkgsrc/mail/postfix/patches/patch-ai
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/mail/postfix/patches/patch-src_dns_dns__lookup.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.