Log message:
mail/postfix: update to 3.7.2

3.7.0 (2022-02-07)

  * Support to inline the content of small cidr:, pcre:, and regexp:
    tables in Postfix parameter values. An example is the new
    smtpd_forbidden_commands default value, "CONNECT GET POST
    regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from
    clients that send garbage.

  * To make the maillog_file feature more useful, including stdout
    logging from a container, the postlog(1) command is now set-gid
    postdrop, so that unprivileged programs can use it to write
    logging through the postlogd(8) daemon. This required hardening
    the postlog(1) command against privilege escalation attacks.

  * Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.

  * Postfix programs now randomize the initial state of in-memory
    hash tables, to defend against hash collision attacks involving
    a large number of attacker-chosen lookup keys. Presently, the
    only known opportunity for such attacks involves remote SMTP
    client IPv6 addresses in the anvil(8) service, and requires
    making hundreds of short-lived connections per second while
    cycling through thousands of different client IP addresses.

  * Updated defense against remote clients or servers that 'trickle'
    SMTP or LMTP traffic. This replaces the old per-record deadlines
    with per-request deadlines and minimum data rates.

  * Many typofixes by raf and Wietse.

3.7.1 (2022-04-18)

  * (problem introduced: Postfix 2.7) The milter_header_checks maps
    are now opened before the cleanup(8) server enters the chroot
    jail. Problem reported by Jesper Dybdal.

  * In an internal client module, "host or service not found" was
    a fatal error, causing the milter_default_action setting to be
    ignored. It is now a non-fatal error, just like a failure to
    connect. Problem reported by Christian Degenkolb.

  * The proxy_read_maps default value was missing up to 27 parameter
    names. The corresponding lookup tables were not automatically
    authorized for use with the proxymap(8) service. The parameter
    names were ending in _checks, _reply_footer, _reply_filter,
    _command_filter, and _delivery_status_filter.

  * (problem introduced: Postfix 3.0) With dynamic map loading
    enabled, an attempt to create a map with "postmap regexp:path"
    would result in a bogus error message "Is the postfix-regexp
    package installed?" instead of "unsupported map type for this
    operation". This happened with all non-dynamic map types (static,
    cidr, etc.) that have no 'bulk create' support. Problem reported
    by Greg Klanderman.

  * In PCRE_README, "pcre2 --libs" should be "pcre2 \ 
--libs8". Problem
    reported by Carlos Velasco.

  * Documented in the postlogd(8) daemon manpage that the Postfix
    >= 3.7 postlog(1) command can run with setgid permissions.

3.7.2 (2022-04-28)

This reverts an overly complex change in the postscreen SMTP engine
(made during Postfix 3.7 development), and replaces it with much
simpler code. The bad change was crashing postscreen on some systems
after receiving malformed input (for example, a TLS "hello" message).

Log message:
*: recursive bump for perl 5.36

Log message:
postfix: FreeBSD 13 support

makedefs already contains the FreeBSD 12 stanza but not version 13.
From cubadevelop via Github Pull Request.

Fixes NetBSD/pkgsrc#97

Log message:
revbump for textproc/icu update

Log message:
postfix: Update to 3.6.4

upstream changes:
-----------------
 Fixed in Postfix 3.6.4, 3.5.14, 3.4.24, 3.3.21:
  o Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
    entries in postconf output. This was caused by an incomplete fix to send
    SMTP session transcripts to $bounce_notice_recipient. Reported by Vincent
    Lefevre.
  o Bug introduced in Postfix 3.0: the proxymap daemon did not automatically
    authorize proxied maps inside pipemap (example:
    pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem reported
    by Mirko Vogt.
  o Bug introduced in Postfix 2.5: off-by-one error while writing a string
    terminator. This code passed all memory corruption tests, presumably
    because it wrote over an alignment padding byte, or over an adjacent
    character byte that was never read. Reported by Robert Siemer.

Fixed in Postfix 3.6.4, 3.5.14, 3.4.24:
  o The proxymap daemon did not automatically authorize map features added
    after Postfix 3.3, caused by missing *_maps parameter names in the
    proxy_read_maps default value. Found during code maintenance.

Log message:
postfix: add -headerpad_max_install_names for Darwin builds

Log message:
postfix: fix install on macOS

Log message:
revbump for icu and libffi

Log message:
mail/postfix: update to 3.6.3

Quote from release announce:

Fixed in Postfix 3.6.3, 3.5.13, 3.4.23, 3.3.20:

  * (problem introduced in Postfix 2.4, released in 2007): queue
    file corruption after a Milter (for example, MIMEDefang) made
    a request to replace the message body with a copy of that message
    body plus additional text (for example, a SpamAssassin report).

    The most likely impacts were a) the queue manager reporting a
    fatal error resulting in email delivery delays, or b) the queue
    manager reporting the corruption and moving the message to the
    corrupt queue for damaged messages.

    However, a determined adversary could craft an email message
    that would trigger the bug, and insert into its queue file a
    content filter destination or a redirect email address. Postfix
    would then deliver the message headers there, in most cases
    without delivering the message body. With enough experimentation,
    an attacker could make Postfix deliver both the message headers
    and body.

    Some details of a successful attack depend on the Milter
    implementation, and on the Postfix and Milter configuration
    details; these can be determined remotely through experimentation.
    Failed experiments may be detected when the queue manager
    terminates with a fatal error, or when the queue manager moves
    damaged files to the "corrupt" queue as evidence.

    Technical details: when Postfix executes a "replace body" Milter
    request it will reuse queue file storage that was used by the
    existing email message body. If the new body is larger, Postfix
    will append body content to the end of the queue file. The
    corruption happened when a Milter (for example, MIMEDefang)
    made a request to replace the body of a message with a new body
    that contained a copy of the original body plus some new text,
    and the original body contained a line longer than $line_length_limit
    bytes (for example, an image encoded in base64 without hard or
    soft line breaks). In queue files, Postfix stores a long text
    line as multiple records with up to $line_length_limit bytes
    each. Unfortunately, Postfix's "replace body" support did not
    account for the additional queue file space needed to store the
    second etc. record headers. And thus, the last record(s) of a
    long text line could overwrite one or more queue file records
    immediately after the space that was previously occupied by the
    original message body.

    Problem report by Benoit Panizzon.

  * (problem introduced in Postfix 2.10, released in 2012): The
    postconf "-x" option could produce incorrect output, because
    multiple functions were implicitly sharing a buffer for
    intermediate results. Problem report by raf, root cause analysis
    by Viktor Dukhovni.

  * (problem introduced in Postfix 2.11, released in 2013): The
    check_ccert_access feature worked as expected, but produced a
    spurious warning when Postfix was built without SASL support.
    Fix by Brad Barden.

  * Fix for a compiler warning due to a missing 'const' qualifier
    when compiling Postfix with OpenSSL 3. Depending on compiler
    settings this could cause the build to fail.

Fixed in Postfix 3.6:

  * The known_tcp_ports settings had no effect. It also wasn't fully
    implemented. Problem report by Peter.

  * Fix for missing space between a hostname and warning text.

Log message:
mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched
conditionally?):

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch