From 55c1a99ea55ade1186ed8f9d37bc6f60cf16b36a Mon Sep 17 00:00:00 2001 From: Wietse Z Venema Date: Mon, 17 Nov 2025 00:00:00 -0500 Subject: [PATCH] postfix-3.11-20251117 --- postfix/HISTORY | 3 +++ postfix/man/man5/postconf.5 | 16 ++++++++-------- postfix/mantools/postconf2man | 3 ++- postfix/src/global/mail_version.h | 2 +- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 71b5b6358..15c184b4f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -30041,3 +30041,6 @@ Apologies for any names omitted. Testing: add 'update' to global library test targets. File: global/Makefile.in. + + Bugfix: garbage in the postconf.5 text. Perl numbers () regexp + patterns in unexpected ways. File: mantools/postconf2man. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index aad40767b..06c4e8bcc 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -7897,46 +7897,46 @@ connection failed before or in the TLS handshake. Examples for REQUIRETLS policies (set with smtp_requiretls_policy), where "\fIxxx\fR" is a TLS security level: .IP "tls=xxx/requiretls" -\&ddEnforce' policy compliant. +\&'Enforce' policy compliant. After a successful TLS handshake that required a certificate match, the remote server announced REQUIRETLS support, and the client sent REQUIRETLS. .IP "tls=xxx/!requiretls:nocertmatch" -\&ddEnforce' policy +\&'Enforce' policy violation. The connection was not used because the remote server certificate did not match as required by the TLS security policy, or no connection was made because the TLS security policy disabled server certificate matching. .br .IP "tls=xxx/requiretls:nocertmatch" -\&ddOpportunistic+starttls' +\&'Opportunistic+starttls' or 'opportunistic' policy compliant. After a successful TLS handshake that did not require a server certificate match, the remote server announced REQUIRETLS support, and the client sent REQUIRETLS. .br .IP "tls=xxx/!requiretls:nostarttls" -\&ddEnforce' or +\&'Enforce' or \&'opportunistic+starttls' policy violation. The connection was not used because the remote server did not support STARTTLS. .br .IP "tls=xxx/!requiretls:noencryption" -\&ddEnforce' or +\&'Enforce' or \&'opportunistic+starttls' policy violation. No connection was made used because the TLS security policy disabled encryption. .br .IP "tls=xxx/!requiretls:none" -\&ddEnforce' policy violation. +\&'Enforce' policy violation. After a successful TLS handshake, the connection was not used because the remote server did not support REQUIRETLS. .br .IP "tls=xxx/requiretls:none" -\&ddOpportunistic+starttls' +\&'Opportunistic+starttls' policy compliant. After a successful TLS handshake, the remote server did not announce REQUIRETLS support, and the connection was used without sending REQUIRETLS. .br .IP "tls=xxx/requiretls:none" -\&ddOpportunistic' policy +\&'Opportunistic' policy compliant. The remote server did not announce support for STARTTLS or REQUIRETLS, and the connection was used without sending REQUIRETLS. .br diff --git a/postfix/mantools/postconf2man b/postfix/mantools/postconf2man index 601547460..189e84e85 100755 --- a/postfix/mantools/postconf2man +++ b/postfix/mantools/postconf2man @@ -39,7 +39,8 @@ while(<>) { #$block =~ s/\n\./\n\\\&./g; $block =~ s/\n\./\n\134\&./g; $block =~ s/\n'/\n\134\&'/g; - $block =~ s/(<(p|dd|br)+>\s*)(['.])/$1\134\&$2/g; + $block =~ s/(<(p|dd|br)+>\s*)'/$1\134\&'/g; + $block =~ s/(<(p|dd|br)+>\s*)\./$1\134\&./g; if ($block =~ /

/) { $block =~ s/

]+>([^<]+)<\/a><\/H2>/\n.SH \1\n/g; $block =~ tr/a-z/A-Z/; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index a2a56d994..6fd5d9510 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20251116" +#define MAIL_RELEASE_DATE "20251117" #define MAIL_VERSION_NUMBER "3.11" #ifdef SNAPSHOT -- 2.47.3