Subject: CVS commit: pkgsrc/mail/postfix
From: Takahiro Kambe
Date: 2013-09-06 16:08:18
Message id: 20130906140818.63D7F96@cvs.netbsd.org
Log Message:
Update postfix to 2.9.8.

Changes:

2.9.8

* TLS Interoperability workaround: turn on SHA-2 digests by force.
  This improves interoperability with clients and servers that
  deploy SHA-2 digests without the required support for TLSv1.2-style
  digest negotiation.

* TLS Performance workaround: the Postfix SMTP server TLS session
  cache had become ineffective because recent OpenSSL versions
  enable session tickets by default, resulting in a different
  ticket encryption key for each smtpd(8) process. The workaround
  turns off session tickets. Postfix 2.11 will enable session
  tickets properly.

* TLS Interoperability workaround: Debian Exim versions before
  4.80-3 may fail to communicate with Postfix and possibly other
  MTAs, with the following Exim SMTP client error message:

      TLS error on connection to server-name [server-address]
      (gnutls_handshake): The Diffie-Hellman prime sent by the
      server is not acceptable (not long enough)

  See the RELEASE_NOTES file for a Postfix SMTP server configuration
  workaround.

* Bugfix (defect introduced: 1997): memory leak while forwarding
  mail with the local(8) delivery agent, in code that handles a
  cleanup(8) server error.

2.9.7

* Bugfix (introduced: Postfix 2.0): when myhostname is not listed in
  mydestination, the trivial-rewrite resolver may log "do not list in both
  mydestination and ". The fix is to re-resolve a domain-less address after
  adding $myhostname as the surrogate domain, so that it pops out with the
  right address-class label. Reported by Quanah Gibson-Mount.

* Bugfix (introduced: Postfix 2.3): don't reuse TCP connections when
  smtp_tls_policy_maps is specified. TLS policies may depend on the remote
  destination, but the Postfix <2.11 SMTP connection cache client does not
  distinguish between different destinations that resolve to the same IP
  address. Victor Duchovni. Found during Postfix 2.11 code maintenance.

* Bugfix (introduced: Postfix 2.2): don't reuse TCP connections when SASL
  authentication is enabled. SASL passwords may depend on the remote SMTP
  server hostname, but the Postfix <2.11 SMTP connection cache client does not
  distinguish between different hostnames that resolve to the same IP
  address. Found during Postfix 2.11 code maintenance.
Files:
RevisionActionfile
1.266modifypkgsrc/mail/postfix/Makefile
1.150modifypkgsrc/mail/postfix/distinfo
1.29modifypkgsrc/mail/postfix/patches/patch-ai
1.2modifypkgsrc/mail/postfix/patches/patch-src_dns_dns__lookup.c