Wed Jun 2 15:29:57 2021 UTC ()

mail/postfix: update to 3.6.0

Postfix stable release 3.6.0 is available. This ends the support
for legacy release Postfix 3.2.

The main changes are below. See the RELEASE_NOTES file for further
details.

Incompatible changes:

  * This release requires "postfix stop" before updating, or before
    backing out to an earlier release, because some internal protocols
    have changed. Otherwise, long-running daemons (pickup, qmgr,
    verify, tlsproxy, postscreen) may fail to communicate with the
    rest of Postfix, causing mail delivery delays until Postfix is
    restarted.

  * Respectful logging. Postfix version 3.6 deprecates terminology
    that implies white is better than black. Instead, Postfix prefers
    'allowlist', 'denylist', and variations on those words. This
    change affects Postfix documentation, and postscreen parameters
    and logging.

    To keep the old postscreen logging set "respectful_logging =
    no" in main.cf before setting "compatibility_level = 3.6".  In
    any case, the old postscreen parameter names will keep working
    as before.

Other changes:

  * The minimum supported OpenSSL version is 1.1.1, which will reach
    the end of life by 2023-09-11. Postfix 3.6 is expected to reach
    the end of support in 2025. Until then, Postfix will be updated
    as needed for compatibility with OpenSSL.

    The default fingerprint digest has changed from md5 to sha256
    (Postfix 3.6 with compatibility_level >= 3.6). With a lower
    compatibility_level setting, Postfix defaults to using md5, and
    logs a warning when a Postfix configuration specifies no explicit
    digest type.

    The export-grade Diffie-Hellman key exchange is no longer
    supported, and the tlsproxy_tls_dh512_param_file parameter is
    ignored,

  * Better error messages when someone configures an incorrect
    program in master.cf. To recognize such mistakes, every Postfix
    internal service, including the postdrop command, announces the
    name of its protocol before doing any other I/O, and every
    Postfix client program, including the Postfix sendmail command,
    will verify that the protocol name matches what it expects.

  * Fine-grained control over the envelope sender address for
    submission with the Postfix sendmail (or postdrop) commands.

    Example:

    /etc/postfix/main.cf:
        # Allow root and postfix full control, anyone else can only
        # send mail as themselves. Use "uid:" followed by the numerical
        # UID when the UID has no entry in the UNIX password file.
        local_login_sender_maps =
            inline:{ { root = *}, { postfix = * } },
            pcre:/etc/postfix/login_senders

    /etc/postfix/login_senders:
       # Allow both the bare username and the user@domain forms.
        /(.+)/ $1 $1@example.com

  * Threaded bounces. This allows mail readers to present a
    non-delivery, delayed delivery, or successful delivery notification
    in the same email thread as the original message.

    Unfortunately, this also makes it easy for users to mistakenly
    delete the whole email thread (all related messages), instead
    of deleting only the delivery status notification.

    To enable, specify "enable_threaded_bounces = yes".

  * Postfix by default no longer uses the services(5) database to
    look up the TCP ports for SMTP and LMTP services. Instead, this
    information is configured with the new known_tcp_ports configuration
    parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
    submission=587). When a service is not specified in known_tcp_ports,
    Postfix will still query the services(5) database.

  * Starting with Postfix version 3.6, the compatibility level is
    "3.6". In future Postfix releases, the compatibility level will
    be the Postfix version that introduced the last incompatible
    change. The level is formatted as 'major.minor.patch', where
    'patch' is usually omitted and defaults to zero. Earlier
    compatibility levels are 0, 1 and 2.

    This also introduces main.cf and master.cf support for the
    <=level, < level, and other operators to compare compatibility
    levels. With the standard <=, <, etc. operators, compatibility
    level 3.10 would be less than 3.9, which is undesirable.


(taca)

diff -r1.327 -r1.328 pkgsrc/mail/postfix/Makefile
diff -r1.34 -r1.35 pkgsrc/mail/postfix/Makefile.common
diff -r1.192 -r1.193 pkgsrc/mail/postfix/distinfo
diff -r1.27 -r1.28 pkgsrc/mail/postfix-sqlite/Makefile
diff -r1.40 -r1.41 pkgsrc/mail/postfix/patches/patch-ag
diff -r1.8 -r0 pkgsrc/mail/postfix/patches/patch-src_dns_dns__lookup.c

--- pkgsrc/mail/postfix/Makefile 2021/05/24 19:52:52 1.327
+++ pkgsrc/mail/postfix/Makefile 2021/06/02 15:29:56 1.328

 @@ -1,16 +1,15 @@
-# $NetBSD: Makefile,v 1.327 2021/05/24 19:52:52 wiz Exp $
+# $NetBSD: Makefile,v 1.328 2021/06/02 15:29:56 taca Exp $
 PKGREVISION= 2
 .include "../../mail/postfix/Makefile.common"
 COMMENT=	Fast, easy to administer, and secure mail transfer agent
 CONFLICTS+=	courier-mta-[0-9]* fastforward>=0.51nb2 sendmail-[0-9]*
 CONFLICTS+=	esmtp>=1.2 nullmailer-[0-9]*
 USE_TOOLS+=	perl pkg-config m4
 SPECIAL_PERMS+=	sbin/postdrop ${POSTFIX_USER} ${MAILDROP_GROUP} 2555
 SPECIAL_PERMS+=	sbin/postqueue ${POSTFIX_USER} ${MAILDROP_GROUP} 2555
 REPLACE_PERL+=	auxiliary/qshape/qshape.pl

--- pkgsrc/mail/postfix/Makefile.common 2021/05/02 12:11:51 1.34
+++ pkgsrc/mail/postfix/Makefile.common 2021/06/02 15:29:56 1.35

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile.common,v 1.34 2021/05/02 12:11:51 wiz Exp $
+# $NetBSD: Makefile.common,v 1.35 2021/06/02 15:29:56 taca Exp $
 # used by mail/postfix/Makefile
 # used by mail/postfix/Makefile.module
-DISTNAME=	postfix-3.5.10
+DISTNAME=	postfix-3.6.0
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.porcupine.org/mirrors/postfix-release/official/
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.postfix.org/
 # The postfix license has only very minor diffs from cpl-1.0.
 LICENSE=	cpl-1.0
 #LICENSE=	postfix-license
 DISTINFO_FILE=	${PKGDIR}/../../mail/postfix/distinfo
 PATCHDIR=	${PKGDIR}/../../mail/postfix/patches
 CHECK_HEADERS_SKIP+=	src/global/mail_params.h

--- pkgsrc/mail/postfix/distinfo 2021/04/26 15:26:08 1.192
+++ pkgsrc/mail/postfix/distinfo 2021/06/02 15:29:56 1.193

 @@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.192 2021/04/26 15:26:08 triaxx Exp $
+$NetBSD: distinfo,v 1.193 2021/06/02 15:29:56 taca Exp $
-SHA1 (postfix-3.5.10.tar.gz) = e6fb1a42f14b9c96859fbd04705dc58a0261502c
+SHA1 (postfix-3.6.0.tar.gz) = a2cc20a085a6a954059a955455eb8d89894d6bd9
-RMD160 (postfix-3.5.10.tar.gz) = 73ef7370ab1bb69b2f87b4dc797034f84480589b
+RMD160 (postfix-3.6.0.tar.gz) = 59dbfb03b8d4efd53e4bfa1ff591ffbf67a4c67e
-SHA512 (postfix-3.5.10.tar.gz) = 5845701d3dcdaaea376a44810a84dbe908e96e5ff54921cd40fd2d5c5643ed8e4add5936e149237fea4cb69c1ffb4ceb4171d1e779be096aa21a6e5021b604da
+SHA512 (postfix-3.6.0.tar.gz) = af326472333935de111d7f7025af53a1dfd84382c2d2891e91624ce665c258831f28d92fd73d1ab68f82192d9848025bd30d16eb48b3912b46e3fb50dbf194bf
-Size (postfix-3.5.10.tar.gz) = 4621130 bytes
+Size (postfix-3.6.0.tar.gz) = 4748506 bytes
 SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c
-SHA1 (patch-ag) = c126c572e36bf2bcbd3f6e5d8332a3d26e704109
+SHA1 (patch-ag) = feccf4aba580f581953b32e6c3a2c453fcb9131c
 SHA1 (patch-ai) = 51748ccf92da543f7ff640f36906a29b5db3f6e3
 SHA1 (patch-src_dns_dns__lookup.c) = 1e3fbd8e8b900e3fbd7160344c150bf147e4490a

--- pkgsrc/mail/postfix-sqlite/Makefile 2021/04/21 11:42:09 1.27
+++ pkgsrc/mail/postfix-sqlite/Makefile 2021/06/02 15:29:57 1.28

 @@ -1,18 +1,17 @@
-# $NetBSD: Makefile,v 1.27 2021/04/21 11:42:09 adam Exp $
+# $NetBSD: Makefile,v 1.28 2021/06/02 15:29:57 taca Exp $
+#
 COMMENT=		Postfix SMTP server SQLite backend module
 PKGREVISION=		2
 POSTFIX_LIB=		sqlite
 POSTFIX_LIBDIR=		src/global
 POSTFIX_LIB_DICT=	yes
 POSTFIX_LIB_MKMAP=	no
 .include "../../mail/postfix/Makefile.module"
 CCARGS+=		-I${BUILDLINK_PREFIX.sqlite3}/include
 AUXLIBS_MODULE=		-L${BUILDLINK_PREFIX.sqlite3}/lib -lsqlite3		\
 			${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.sqlite3}/lib
 .include "../../databases/sqlite3/buildlink3.mk"

--- pkgsrc/mail/postfix/patches/patch-ag 2019/07/17 13:33:00 1.40
+++ pkgsrc/mail/postfix/patches/patch-ag 2021/06/02 15:29:57 1.41

 @@ -1,27 +1,27 @@
-$NetBSD: patch-ag,v 1.40 2019/07/17 13:33:00 triaxx Exp $
+$NetBSD: patch-ag,v 1.41 2021/06/02 15:29:57 taca Exp $
-* Add support for NetBSD 8.
+* Add common support for NetBSD.
 * Only define HAS_DB if it hasn't been defined.
 * Add support for FreeBSD 11 and 12.
---- src/util/sys_defs.h.orig	2019-03-10 16:58:04.000000000 +0000
+--- src/util/sys_defs.h.orig	2020-05-21 13:34:23.000000000 +0000
 +++ src/util/sys_defs.h
 @@ -30,14 +30,11 @@
  #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
      || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
      || defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \
--    || defined(FREEBSD11) \
+-    || defined(FREEBSD11) || defined(FREEBSD12) \
-+    || defined(FREEBSD11) || defined(FREEBSD12) \
++    || defined(FREEBSD11) || defined(FREEBSD12) || defined(FREEBSD13) \
      || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
      || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
      || defined(OPENBSD5) || defined(OPENBSD6) \
 -    || defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \
 -    || defined(NETBSD4) || defined(NETBSD5) || defined(NETBSD6) \
 -    || defined(NETBSD7) \
 -    || defined(EKKOBSD1) || defined(DRAGONFLY)
 +    || defined(NETBSD) || defined(EKKOBSD1) || defined(DRAGONFLY)
  #define SUPPORTED
  #include <sys/param.h>
  #define UINT32_TYPE	unsigned int
 @@ -49,7 +46,9 @@
  #define DEF_MAILBOX_LOCK "flock, dotlock"