diff options
| author | Olli Hauer <ohauer@FreeBSD.org> | 2021-01-18 17:05:31 +0000 |
|---|---|---|
| committer | Olli Hauer <ohauer@FreeBSD.org> | 2021-01-18 17:05:31 +0000 |
| commit | b41a087a4a6fa613253e7c083f2d34bb8a0fafa6 (patch) | |
| tree | 57ae9cc35c6bc3741021e7896b055678b34d885f /lang/gcc9-devel | |
| parent | x11/xcb-imdkit: Update to 1.0.2 (diff) | |
- update to 3.5.9
========
20210116
Feature: when a Postfix program makes a DNS query that
requests DNSSEC validation (usually for Postfix DANE support)
but the DNS response is not DNSSEC validated, Postfix will
send a DNS query configured with the "dnssec_probe" parameter
to determine if DNSSEC support is available, and logs a
warning if it is not. By default, the probe has type "ns"
and domain name ".". The probe is sent once per process
lifetime. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_sec.c,
test_dns_lookup.c, global/mail_params.[hc], mantools/postlink.
The makedefs script no longer disables DNSSEC when Postfix
is built with libc-musl. Instead Postfix will rely on the
new dnssec_probe feature, and will log a warning when Postfix
requests DNSSEC validation, but the infrastructure does not
validate DNSSEC signatures. File: makedefs.
The default "smtp_tls_dane_insecure_mx_policy = dane" was
causing unnecessary dnssec_probe activity. The default is now
"dane" when smtp_tls_security_level is "dane", otherwise it is
"may". File: global/mail_params.h.
Diffstat (limited to 'lang/gcc9-devel')
0 files changed, 0 insertions, 0 deletions