Received: by mail.netbsd.org (Postfix, from userid 605)
	id A174F84D91; Wed, 28 Feb 2024 15:16:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org;
	s=20240131; t=1709133381;
	bh=JwHlJSFtkXSbGaQ53NIciQBEdjEyy1dhB0tjDIdQej4=;
	h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe;
	b=GGtLlCuEIJWk7qpQHghKAnRog4v9KDe9Pb7WI1EjHMKXnx2uCRvtySZv5YkfBzSDv
	 qBvJK/+kYYxSkuDAEeblR1Fjoh20ZzeWyd8uyoh1h+eCAJP79v+zidgs8072VVLQY/
	 zt8/faBb4VOXTYVbSEcd2EvV71I6FDXuKilYws9Y=
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 946D084D28
	for <pkgsrc-changes@NetBSD.org>; Wed, 28 Feb 2024 15:16:20 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id BxfDvnK_KrL6 for <pkgsrc-changes@netbsd.org>;
	Wed, 28 Feb 2024 15:16:19 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id DF87784CFA
	for <pkgsrc-changes@NetBSD.org>; Wed, 28 Feb 2024 15:16:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org;
	s=20240131; t=1709133379;
	bh=JwHlJSFtkXSbGaQ53NIciQBEdjEyy1dhB0tjDIdQej4=;
	h=Date:From:Subject:To:Reply-To;
	b=bUBEl5TFZ1VktZp1d5kEut8khk4VtyAnzqPypF2SSJ30swVcCbksiOyDIyjQtHW8q
	 0EKnojKDhCDVZ5AB8e7hVqugfZYKTgNJmatR7FmwATHlzGXuuCQPuwucm1jC2WQbd4
	 edz3SwGNBjnR6kqe+UYDH7IUFwWzdbHYyCbEBWtA=
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id D8485FA27; Wed, 28 Feb 2024 15:16:19 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1709133379271110"
MIME-Version: 1.0
Date: Wed, 28 Feb 2024 15:16:19 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/mail/postfix
To: pkgsrc-changes@NetBSD.org
Reply-To: taca@netbsd.org
X-Mailer: log_accum
Message-Id: <20240228151619.D8485FA27@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1709133379271110
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	taca
Date:		Wed Feb 28 15:16:19 UTC 2024

Modified Files:
	pkgsrc/mail/postfix: Makefile.common distinfo

Log Message:
mail/postfix: upadte to 3.8.5

3.8.5 (2024-01-22)

Security: this release improves support to defend against an email
spoofing attack (SMTP smuggling) on recipients at a Postfix server. For
background, see https://www.postfix.org/smtp-smuggling.html.

The improvements provide better logging, and better compatibility with
existing SMTP clients (less need to allowlist clients).

Sites concerned about SMTP smuggling attacks should enable this feature
on Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.

The recommended settings are:

    # Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
    # Otherwise, allow bare <LF> and process it as if the client sent
    # <CR><LF>.
    #
    # This maintains compatibility with many legitimate SMTP client
    # applications that send a mix of standard and non-standard line
    # endings, but will fail to receive email from client implementations
    # that do not terminate DATA content with the standard End-of-DATA
    # sequence <CR><LF>.<CR><LF>.
    #
    # Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
    # The example below allowlists SMTP clients in trusted networks.
    #
    smtpd_forbid_bare_newline = normalize
    smtpd_forbid_bare_newline_exclusions = $mynetworks

Notes:

  * The default setting is "smtpd_forbid_bare_newline = no" in Postfix
    releases < 3.9, for compatibility reasons. This means that Postfix
    is by default vulnerable to SMTP smuggling.

  * The new setting "smtpd_forbid_bare_newline = normalize" is the
    default for Postfix releases 3.9 and later.

  * The old setting "smtpd_forbid_bare_newline = yes" is now an alias for
    "smtpd_forbid_bare_newline = normalize".

  * The new setting "smtpd_forbid_bare_newline = reject" will refuse
    commands or message content with a bare newline. For details see
    the RELEASE_NOTES or the postconf(5) documentation.


To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/mail/postfix/Makefile.common
cvs rdiff -u -r1.207 -r1.208 pkgsrc/mail/postfix/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1709133379271110
Content-Disposition: inline
Content-Length: 1813
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/mail/postfix/Makefile.common
diff -u pkgsrc/mail/postfix/Makefile.common:1.46 pkgsrc/mail/postfix/Makefile.common:1.47
--- pkgsrc/mail/postfix/Makefile.common:1.46	Fri Dec 22 17:29:17 2023
+++ pkgsrc/mail/postfix/Makefile.common	Wed Feb 28 15:16:19 2024
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.46 2023/12/22 17:29:17 wiz Exp $
+# $NetBSD: Makefile.common,v 1.47 2024/02/28 15:16:19 taca Exp $
 # used by mail/postfix/Makefile
 # used by mail/postfix/Makefile.module
 
-DISTNAME=	postfix-3.8.4
+DISTNAME=	postfix-3.8.5
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.porcupine.org/mirrors/postfix-release/official/
 

Index: pkgsrc/mail/postfix/distinfo
diff -u pkgsrc/mail/postfix/distinfo:1.207 pkgsrc/mail/postfix/distinfo:1.208
--- pkgsrc/mail/postfix/distinfo:1.207	Fri Dec 22 17:29:17 2023
+++ pkgsrc/mail/postfix/distinfo	Wed Feb 28 15:16:19 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.207 2023/12/22 17:29:17 wiz Exp $
+$NetBSD: distinfo,v 1.208 2024/02/28 15:16:19 taca Exp $
 
-BLAKE2s (postfix-3.8.4.tar.gz) = f0c1556f2d66b34d0ecb52d84846daec03fdbbfbf743d30a35e1b7d91f30e8e6
-SHA512 (postfix-3.8.4.tar.gz) = 5bae3d62e104714aead1fff28a595bab4315227382f53c8dae2a231f4240e31abda19c1e3befc1db4c89bc5d66c9a43830390365aadabdac5cf36b493c5c48c7
-Size (postfix-3.8.4.tar.gz) = 4864184 bytes
+BLAKE2s (postfix-3.8.5.tar.gz) = c7a28244e2ea352f4631c30fe255e2946cf07a1473401ebc850c55578f4bebde
+SHA512 (postfix-3.8.5.tar.gz) = 26005da5750e7af742f4fc7596ae8320467176e069546c3487418c663b54f56734b4a6541665b8d72d94df2e0fd4f68a2bcc44c50a6d950334d5a5fb2293dff4
+Size (postfix-3.8.5.tar.gz) = 4871284 bytes
 SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c
 SHA1 (patch-ag) = 8ab3cfafa63056f9a7f096da7e55bcccab965180
 SHA1 (patch-ai) = 3d143532e1e9a149c6c06e2efadcd34f6f72e82d


--_----------=_1709133379271110--