Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 2C4BBA5674 for ; Wed, 22 Jul 2015 20:16:15 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id CF47B14A17F; Wed, 22 Jul 2015 20:16:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 0953C14A179 for ; Wed, 22 Jul 2015 20:16:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 0pVulp6obIVG for ; Wed, 22 Jul 2015 20:16:13 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 2920714A17F for ; Wed, 22 Jul 2015 20:16:13 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 2435298; Wed, 22 Jul 2015 20:16:13 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Wed, 22 Jul 2015 20:16:13 +0000 From: "Matthias Scheler" Subject: CVS commit: [pkgsrc-2015Q2] pkgsrc/mail/postfix To: pkgsrc-changes@NetBSD.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20150722201613.2435298@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tron Date: Wed Jul 22 20:16:13 UTC 2015 Modified Files: pkgsrc/mail/postfix [pkgsrc-2015Q2]: Makefile distinfo pkgsrc/mail/postfix/patches [pkgsrc-2015Q2]: patch-ai Log Message: Pullup ticket #4780 - requested by taca mail/postfix: security update Revisions pulled up: - mail/postfix/Makefile 1.284 - mail/postfix/distinfo 1.160 - mail/postfix/patches/patch-ai 1.33 --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 22 00:25:37 UTC 2015 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix/patches: patch-ai Log Message: Update postfix to 2.11.6, security release. With all supported Postfix releases, the default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any legitimate use today, and have instead become a vehicle for downgrade attacks. There are no other code changes. Postfix documentation has been updated to reflect the new default settings and their rationale; the RELEASE_NOTES give suggestions for how to enable the old ciphers and protocols if your infrastructure requires them. Finally, abandoning deprecated ciphers and protocols does not really improve TLS security without measures to better authenticate remote servers. Secure DNS and TLSA are steps in that direction. To generate a diff of this commit: cvs rdiff -u -r1.283 -r1.283.2.1 pkgsrc/mail/postfix/Makefile cvs rdiff -u -r1.159 -r1.159.2.1 pkgsrc/mail/postfix/distinfo cvs rdiff -u -r1.32 -r1.32.8.1 pkgsrc/mail/postfix/patches/patch-ai Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.