Log Message:
postfix: update to 3.4.6

pkgsrc changes:
---------------
  * change COMMENT to make pkglint happy (inspired by http://www.postfix.org/)
  * update PLIST using make print-PLIST (missing @pkgdir)

upstream changes:
-----------------
20181125

	Cleanup: dict_file_to_xxx() takes a list of file names
	separated by CHARS_COMMA_SP. Shoe-horned into the existing
	API, make it nicer when there is time. File: util/dict_file.c.

20181127

	Cleanup: encapsulated clumsy 'read into VSTRING' code with
	easier-to-use vstream_fread_buf() and vstream_fread_app()
	primitives. Files: global/memcache_proto.c, global/record.c,
	global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c,
	global/xtext.c, milter/milter8.c, util/dict_file.c,
	util/hex_quote.c, util/netstring.c, util/vstream.c,
	util/vstream.h. Verified with "make tests".

	Cleanup: simplified the smtp_fread() API (introduced for
	BDAT support), and changed the name to smtp_fread_buf().
	Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with
	~megabyte BDAT commands.

	Cleanup: simplified a tlsproxy-internal API. File:
	tlsproxy/tlsproxy.c.

20181128

	Initial support for key/certificate chain files that will
	replace the proliferation of separate parameters for
	RSA/DSA/ECC/etc. key and certificate files. Viktor
	Dukhovni.

20181201

	Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET()
	calls with safe vstring_set_payload_size() calls, in code
	that directly writes into VSTRING. Files: tls/tls_session.c,
	tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h,
	xsasl/xsasl_cyrus_client.c.

	Cleanup: postscreen_command_time_limit did not need to be
	a 'raw' parameter. This makes "postconf -x" behavior more
	consistent. Files: global/mail_params.h, postscreen/postscreen.c.

	Documentation: added text that the following parameter
	values are not subject to Postfix parameter $name expansion:
	default_rbl_reply, command_execution_directory, luser_relay,
	smtpd_reject_footer. These have their own documented $name
	substitution mechanism. File: proto/postconf.proto.

20181202

	Bugfix: posttls-finger reported an error for UNIX-domain
	connections, even if they did not fail. Found by Coverity.
	File: posttls-finger/posttls-finger.c.

20181208

	Documentation: add even more redundancy to the rate-delay
	description. File: proto/postconf.proto.

20181210

	Cleanup: code deduplication. File: util/dict_file.c.

20181226

	Cleanup: code deduplication and better encapsulation with
	PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros.
	Files: postscreen/postscreen.h, postscreen/postscreen_state.c.

	Documentation: POSTSCREEN_README did not describe the
	postscreen_post_queue_limit, and attributed the wrong reject
	message to the postscreen_pre_queue_limit. Problem reported
	by Michael Orlitzky. File: proto/POSTSCREEN_README.html.

	(20181226-nonprod) Compatibility: removed support for OpenSSL
	1.0.1 (not supported since December 31, 2016) and earlier
	releases. This eliminated a large number of #ifdefs with
	bitrot workarounds.  Viktor Dukhovni. Files: global/mail_params.h,
	posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c,
	tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
	tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c,
	tls/tls_session.c.

	(20181226-nonprod) Use the OpenSSL 1.0.2 and later API for
	setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h,
	tls/tls_client.c, tls/tls_dh.c.

	(20181226-nonprod) Documentation update for TLS support.
	Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html,
	proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c.

20181229

	Explicit maps_file_find() and dict_file_lookup() methods
	that decode base64 content. Decoding content is not built
	into the dict->lookup() method, because that would complicate
	the implementation of map nesting (inline, thash), map
	composition (pipemap, unionmap), and map proxying.  For
	consistency, decoding base64 file content is also not built
	into the maps_find() method. Files: util/dict.h.
	util/dict_file.c, global/maps.[hc], postmap/postmap.c.

20190106

        Documentation: documented the SRC_RHS_IS_FILE flag in
        dict_open.c, and updated the -F description in the postmap
        manpage. Files: util/dict_open.c, postmap/postmap.c.

	(20190106-nonprod) Feature: support for files that combine
	multiple (key, certificate, trust chain) instances in one
	file, to avoid separate files for RSA, DSA, Elliptic Curve,
	and so on. Viktor Dukhovni. Files: .indent.pro,
	global/mail_params.h, posttls-finger/posttls-finger.c,
	smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c,
	smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c,
	tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c,
	tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c,
	tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c.

	(20190106-nonprod) Create a second, no-key no-cert, SSL_CTX
	for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h,
	src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c.

	(20190106-nonprod) Server-side SNI support. Viktor Dukhovni.
	Files: src/global/mail_params.h, src/smtp/smtp.c,
	src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c,
	src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c,

	(20190106-nonprod) Configurable client-side SNI signal.
	Viktor Dukhovni. Files: global/mail_params.h,
	posttls-finger/posttls-finger.c, smtp/lmtp_params.c,
	smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c,
	smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c,
	tls/tls_proxy.h, tls/tls_proxy_client_print.c,
	tls/tls_proxy_client_scan.c.

20190121

	Logging: support for internal logging file, without using
	syslog (it uses the new postlogd daemon instead). This
	solves a usability problem for MacOS, may help getting
	around systemd, and solves 99% of the problem for logging
	to stdout in a container (hopefully we have 100% soon).
	Enable by setting, for example, "maillog_file =
	/var/log/postfix.log").  This works fine for daemons, and
	with some limitations for non-daemon programs.  See
	RELEASE_NOTES for more details.  Files: conf/master.cf,
	conf/post-install, conf/postfix-files, conf/postfix-script,
	mantools/postlink, proto/master, proto/postconf.proto,
	global/mail_params.c, global/mail_params.h, global/mail_proto.h,
	global/maillog_client.c, global/maillog_client.h,
	master/dgram_server.c, master/event_server.c, master/mail_server.h,
	master/master.c, master/master.h, master/master_ent.c,
	master/master_listen.c, master/master_proto.h,
	master/master_wakeup.c, master/multi_server.c,
	master/single_server.c, master/trigger_server.c,
	postalias/postalias.c, postconf/postconf_master.c,
	postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c,
	postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c,
	postmulti/postmulti.c, postqueue/postqueue.c,
	postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h,
	util/listen.h, util/logwriter.c, util/logwriter.h,
	util/msg_logger.c, util/msg_logger.h, util/msg_output.c,
	util/msg_output.h, util/unix_dgram_connect.c,
	util/unix_dgram_listen.c.

	Cleanup: cert/key/chain loading, plus unit tests to exercise
	non-error and error cases. Viktor Dukhovni. Files: tls/*.pem,
	tls*.pem.ref, tls/tls_certkey.c.

20190126

	Safety: Postfix programs will log to either syslog or postlog
	but not both; and postlogd forwards postlog logging to
	syslog, when a configuration change removes the maillog_file
	pathname, but some programs still use the old configuration.
	Files: util/msg_syslog.[hc], util/msg_logger.c,
	global/maillog_client.c, postlogd/postlogd.c,

	Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog
	pipe file descriptor leak. This pipe provides one source
	of liveness, data from this pipe is discarded, and therefore
	this does not enable privilege escalation or DOS. File:
	util/watchdog.c.

	Feature: stdout logging support; requires "postfix start-fg"
	and "maillog_file = /dev/stdout". Files: master/master.c,
	conf/postfix-script.

20190127

	Safety: when maillog_file is specified, 'postfix check' now
	requires that the postlog service is enabled in master.cf.
	Otherwise 'postfix start' etc. will log a fatal error. File:
	conf/postfix-script.

	Documentation: added policy_context example. File:
	proto/SMTPD_POLICY_README.html.

20190128

	Testing: run libtls tests under Valgrind. File tls/Makefile.in.

20190129

	Safety: require that $maillog_file matches one of the
	pathname prefixes specified in $maillog_file_prefixes. The
	maillog file is created by root, and the prefixes limit the
	damage from a single configuration error. Files:
	global/mail_params.[hc], global/maillog_client.c.

20191201

	Feature: "postfix logrotate" command with configurable
	compression program and datestamp filename suffix. File:
	conf/postfix-script.

20190202

	Cleanup: log a warning when the client sends a malformed
	SNI; log an info message when the client sends a valid SNI
	that does not match the SNI lookup tables; update the
	FORWARD_SECRECY_README logging examples. Viktor Dukhovni.
	Files: proto/FORWARD_SECRECY_README.html, tls/tls.h,
	tls/tls_client.c, tls/tls_misc.c.

20190208

	Debugging: the master(8) daemon now logs a warning if a
	master.cf entry is defined multiple times. File:
	src/master/master_conf.c.

20190209

	Debugging: tlsproxy(8) now logs more details about unexpected
	configuration differences between the Postfix SMTP client
	and the tlsproxy(8) daemon.

20190210

	Documentation: Postfix 3.4.0 RELEASE NOTES.

	Documentation: added BDAT_README.

	Documentation: global TLS settings. Files: mantools/postlink,
	smtp/smtp.c, tlsproxy/tlsproxy.c.

20190211

	Cleanup: removed obsolete parameters: tls_dane_digest_agility,
	tls_dane_trust_anchor_digest_enable; removed openssl_path
	parameter from configuration difference checks in tlsproxy.
	Files: global/mail_params.h, tls/tls_misc.c,
	tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c,
	tls/tls_proxy_client_scan.c, tls/tls_proxy.h.

20190212

	Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c,
	posttls-finger/posttls-finger.c.

20190217

	Cleanup: when the master daemon runs with PID=1 (init mode),
	reap orhpan processes from non-Postfix code running in the
	same container, instead of terminating with a panic. File:
	master/master_spawn.c.

20190218

	Bugfix: tlsproxy did not enable DANE-style PKI because
	libtls seems to have to accreted multiple init functions
	instead of reusing the tls_client_init() and tls_client_start()
	API. And some functions that do initialization don't even
	have init in their name! Problem report by Andreas Schulze.
	Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c.

	Workaround: Postfix libtls makes DANE-specific changes to
	the shared SSL_CTX. To avoid false sharing, tlsproxy needs
	to label the SSL_CTX cache with DANE bits until we can
	remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c.

	Cleanup: Postfix libtls changed the shared SSL_CTX to
	override ciphers. instead of changing the SSL handle. To
	avoid false sharing in tlsproxy, the changes are now made
	to the SSL handle. Viktor Dukhovni. Files: tls/tls.h,
	tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c.

20190219

	Bugfix: in the Postfix SMTP client, TLS wrappermode was not
	tested in tlsproxy mode. It needed some setup for buffering
	and timeouts. Problem report by Andreas Schulze. File:
	smtp/smtp_proto.c.

20190304

	Bugfix: a reversed test broke TLS configurations that specify
	the same filename for a private key and certificate. Reported
	by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
	test. Files: tls/tls_certkey.c, tls/Makefile.in.

20190310

	Bitrot: LINUX5s support, after some sanity checks with a
	rawhide prerelease version. Files: makedefs, util/sys_defs.h.

	Bugfix (introduced: 20181226): broken DANE trust anchor
	file support, caused by left-over debris from the 20181226
	TLS library overhaul. By intrigeri. File: tls/tls_dane.c.

	Bugfix (introduced: Postfix-1.0.1): null pointer read, while
	logging a warning after a corrupted bounce log file. File:
	global/bounce_log.c.

	Bugfix (introduced: Postfix-2.9.0): null pointer read, while
	logging a warning after a postscreen_command_filter read
	error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c

20190312

	Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
	has been producing false rejects starting with the Postfix
	2.2 smtpd_end_of_data_restrictons, and for the same reasons,
	does the same with the Postfix 3.4 BDAT command. The latter
	was reported by Andreas Schulze. File: smtpd/smtpd_check.c.

20190319

	With message_size_limit=0 (which is NOT DOCUMENTED), BDAT
	chunks were always rejected as too large. File: smtpd/smtpd.c

20190328

	Bugfix (introduced: Postfix 3.0): LMTP connections over
	UNIX-domain sockets were cached but not reused, due to a
	cache lookup key mismatch. Therefore, idle cached connections
	could exhaust LMTP server resources, resulting in two-second
	pauses between email deliveries. This problem was investigated
	by Juliana Rodrigueiro. File: smtp/smtp_connect.c.

20190331

	Documentation: tlsext_padding is not a tls_ssl_options
	feature. File: proto/postconf.proto.

20190401

	Portability: added "#undef sun" to util/unix_dgram_connect.c.

20190403

	Bugfix (introduced: Postfix 2.3): a censoring filter broke
	multiline Milter responses for header/body events. Problem
	report by Andreas Thienemann. Files: util/printable.c,
	util/stringops.h, smtpd/smtpd.c

	Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
	0" no longer meant 'unlimited'. Problem report by Luc Pardon.
	File: smtp/smtp_addr.c.

20190615

	Documentation: updated the BUGS section in the smtp(8) manpage
	about TLS connection reuse. File: smtp/smtp.c.

	Workaround for implementations that hang Postfix while
	shutting down a TLS session, until Postfix times out. With
	"tls_fast_shutdown_enable = yes" (the default), Postfix no
	longer waits for the TLS peer to respond to a TLS 'close'
	request. This is recommended with TLSv1.0 and later. Files:
	global/mail_params.h, tls/tls_session.c, and documentation.

20190621

	Bugfix (introduced: Postfix 3.0): the code to reset Postfix
	SMTP server command counts was not called after a HaProxy
	handshake failure, causing stale numbers to be reported.
	The command counts are now reset in the function that reports
	the counts. File: smtpd/smtpd.c.