Log message:
mail/postfix: update to 3.5.1

Update postfix to 3.5.1.

3.5.0 (2020-03-16)

Postfix stable release 3.5.0 is available. Support has ended for
legacy release Postfix 3.1.

The main changes are below. See the RELEASE_NOTES file for further details.

  * Support for the haproxy v2 protocol. The Postfix implementation
    supports TCP over IPv4 and IPv6, as well as non-proxied
    connections; the latter are typically used for heartbeat tests.

  * Support to force-expire email messages. This introduces new
    postsuper(1) command-line options to request expiration, and
    additional information in mailq(1) or postqueue(1) output.

  * The Postfix SMTP and LMTP client support a list of nexthop
    destinations separated by comma or whitespace. These destinations
    will be tried in the specified order. Examples:

    /etc/postfix/main.cf:
        relayhost = foo.example, bar.example
        default_transport = smtp:foo.example, bar.example

Incompatible changes:

  * Logging: Postfix daemon processes now log the from= and to=
    addresses in external (quoted) form in non-debug logging (info,
    warning, etc.). This means that when an address localpart
    contains spaces or other special characters, the localpart will
    be quoted, for example:

	from=<"name with spaces"@example.com>

    Specify "info_log_address_format = internal" for backwards \ 
compatibility.

  * Postfix now normalizes IP addresses received with XCLIENT,
    XFORWARD, or with the HaProxy protocol, for consistency with
    direct connections to Postfix. This may change the appearance
    of logging, and the way that check_client_access will match
    subnets of an IPv6 address.

3.5.1 (2020-04-20)

Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14:

  * Bitrot workaround for broken builds after an incompatible change
    in GCC 10.

  * Bitrot workaround for broken DANE/DNSSEC support after an
    incompatible change in GLIBC 2.31. This change avoids the need
    for new options in /etc/resolv.conf.

Log message:
Recursive revision bump after textproc/icu update

Log message:
mail/postfix: update to 3.3.3

This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. This is the final update for Postfix
3.0.

Fixed in Postfix 3.3 and later:

  * When the master daemon runs with PID=1 (init mode), it will now
    reap child processes from non-Postfix code running in the same
    container, instead of terminating with a panic. Reported by
    Tamas Gerczei.

Fixed in Postfix 3.0 and later:

  * With smtputf8_enable=yes, table lookups could casefold the
    search string when searching a lookup table that does not use
    fixed-string keys (regexp, pcre, tcp, etc.).

  * With the posttls-finger test program, connections to unix-domain
    servers always resulted in "Failed to establish session" even
    after a connection was established. Reported by Jaroslav Skarva.

Log message:
Recursive revbump from textproc/icu

Log message:
mail/postfix: update to 3.3.2

Changes for all supported stable releases:

  * Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
    features.

      - Updated Postfix TLS documentation examples for TLSv1.3. See
        FORWARD_SECRECY_README.

      - New TLSv1.3-specific attributes in Postfix logging and in
        Postfix "Received:" message headers: key exchange, server
        signature, client signature.

      - New option to selectively disable TLSv1.3 in *_tls_protocols
        settings.

      - New server-side support to avoid issuing multiple session
        tickets.

      - New support to allow OpenSSL >= 1.1.0 run-time micro version
        bumps without logging Postfix warnings about library version
        mismatches.

Fixed in all stable releases:

  * Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8",
    because some lookup table was using "EHLO_MASK_SMTPUTF8" instead.

  * Bugfix: minor memory leak in DANE support when minting issuer
    certs. This affects a tiny minority of use cases.

Fixed in Postfix 3.3.2:

  * Bugfix: the Postfix build did not abort if the m4 command was
    not installed, resulting in a broken postconf command.

Log message:
revbump after updating textproc/icu

Log message:
Recursive revbump from textproc/icu-62.1

Log message:
mail/postfix: update to 3.3.1

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.1.html]

Fixed in Postfix 3.3:

  * Postfix did not support running as a PID=1 process, which
    complicated Postfix deployment in containers. The "postfix
    start-fg" command will now run the Postfix master daemon as a
    PID=1 process if possible. Thanks for inputs from Andreas
    Schulze, Eray Aslan, and Viktor Dukhovni.

  * Segfault in the postconf(1) command after it could not open a
    Postfix database configuration file due to a file permission
    error (dereferencing a null pointer). Reported by Andreas
    Hasenack, fixed by Viktor Dukhovni.

Fixed in Postfix 3.3, 3.2, 3.1, 3.0:

  * The luser_relay feature became a black hole, when the luser_relay
    parameter was set to a non-existent local address (i.e. mail
    disappeared silently). Reported by J?rgen Thomsen.

  * Missing error propagation in the tlsproxy(8) daemon could result
    in a segfault after TLS handshake error (dereferencing a
    0xffff...ffff pointer). This daemon handles the TLS protocol
    when a non-whitelisted client sends a STARTTLS command to
    postscreen(8).

Log message:
revbump after icu update

Log message:
mail/postfix: Update to 3.2.4

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.4.html]

This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. Older supported releases are unaffected.

Fixed in Postfix 3.1 and later:

  * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
    1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
    records associated with an intermediate CA certificate. Problem
    report and initial fix by Erwan Legrand.

Fixed in Postfix 3.0 and later:

  * Missing dynamicmaps support in the Postfix sendmail command.
    This broke authorized_submit_users settings that use a
    dynamically-loaded map type. Problem reported by Ulrich Zehl.