- update to postfix-3.3.4

Changelog:
20190312
  Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
  has been producing false rejects starting with the Postfix
  2.2 smtpd_end_of_data_restrictons, and for the same reasons,
  did the same with the Postfix 3.4 BDAT command. The latter
  was reported by Andreas Schulze. File: smtpd/smtpd_check.c.

20190328
  Bugfix (introduced: Postfix 3.0): LMTP connections over
  UNIX-domain sockets were cached but not reused, due to a
  cache lookup key mismatch. Therefore, idle cached connections
  could exhaust LMTP server resources, resulting in two-second
  pauses between email deliveries. This problem was investigated
  by Juliana Rodrigueiro. File: smtp/smtp_connect.c.

5 files changed, 15 insertions, 70 deletions

diff --git a/mail/postfix/Makefile b/mail/postfix/Makefile
index 9c7528928a58..52311a4e0ef2 100644
--- a/mail/postfix/Makefile
+++ b/mail/postfix/Makefile
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	postfix
-DISTVERSION=	3.3.3
-PORTREVISION?=	1
+DISTVERSION=	3.3.4
+PORTREVISION?=	0
 PORTEPOCH=	1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	ftp://ftp.porcupine.org/mirrors/postfix-release/ \
diff --git a/mail/postfix/distinfo b/mail/postfix/distinfo
index 64052aca46dd..34a37be9df63 100644
--- a/mail/postfix/distinfo
+++ b/mail/postfix/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1551226020
-SHA256 (postfix/postfix-3.3.3.tar.gz) = 8740ab65037500ee7844192cf6b798d52ecc4838cd018337a504c52da813285a
-SIZE (postfix/postfix-3.3.3.tar.gz) = 4429713
+TIMESTAMP = 1553957353
+SHA256 (postfix/postfix-3.3.4.tar.gz) = 847818bb82d0d7e83303a30206330b5d6bd035bbbb0086782cd87dcb8ac99bd3
+SIZE (postfix/postfix-3.3.4.tar.gz) = 4429964
diff --git a/mail/postfix/files/patch-src_tls_tls__client.c b/mail/postfix/files/patch-src_tls_tls__client.c
index 4f63c0858b26..f9fc15d499d7 100644
--- a/mail/postfix/files/patch-src_tls_tls__client.c
+++ b/mail/postfix/files/patch-src_tls_tls__client.c
@@ -9,12 +9,3 @@
  
      /*
       * Initialize the OpenSSL library by the book! To start with, we must
-@@ -441,7 +441,7 @@ TLS_APPL_STATE *tls_client_init(const TL
-     /*
-      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
-      */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
-     /*
-      * According to the OpenSSL documentation, temporary RSA key is needed
diff --git a/mail/postfix/files/patch-src_tls_tls__rsa.c b/mail/postfix/files/patch-src_tls_tls__rsa.c
deleted file mode 100644
index bbfd96134479..000000000000
--- a/mail/postfix/files/patch-src_tls_tls__rsa.c
+++ /dev/null
@@ -1,20 +0,0 @@
---- src/tls/tls_rsa.c.orig	2016-01-03 14:49:51 UTC
-+++ src/tls/tls_rsa.c
-@@ -57,7 +57,7 @@
-  /*
-   * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
-   */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
- /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
- 
-@@ -109,7 +109,7 @@ int     main(int unused_argc, char *cons
-     /*
-      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
-      */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-     RSA    *rsa;
- 
-     msg_vstream_init(argv[0], VSTREAM_ERR);
diff --git a/mail/postfix/files/patch-src_tls_tls__server.c b/mail/postfix/files/patch-src_tls_tls__server.c
index e6cd6188f0fb..165b6746f31a 100644
--- a/mail/postfix/files/patch-src_tls_tls__server.c
+++ b/mail/postfix/files/patch-src_tls_tls__server.c
@@ -1,38 +1,12 @@
 --- src/tls/tls_server.c.orig	2018-11-17 22:33:15 UTC
 +++ src/tls/tls_server.c
-@@ -174,7 +174,7 @@ static const char server_session_id_cont
- #endif					/* OPENSSL_VERSION_NUMBER */
- 
-  /* OpenSSL 1.1.0 bitrot */
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- typedef const unsigned char *session_id_t;
- 
- #else
-@@ -377,7 +377,7 @@ TLS_APPL_STATE *tls_server_init(const TL
-      */
-     tls_check_version();
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
-     /*
-      * Initialize the OpenSSL library by the book! To start with, we must
-@@ -486,7 +486,7 @@ TLS_APPL_STATE *tls_server_init(const TL
-      * OpenSSL 0.9.8h, while SSL_NO_TICKET was added in 0.9.8f.
-      */
- #ifdef SSL_OP_NO_TICKET
--#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL
-+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL && !defined(LIBRESSL_VERSION_NUMBER)
-     ticketable = (*var_tls_tkt_cipher && scache_timeout > 0
- 		  && !(off & SSL_OP_NO_TICKET));
-     if (ticketable) {
-@@ -595,7 +595,7 @@ TLS_APPL_STATE *tls_server_init(const TL
-     /*
-      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
-      */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
-     /*
-      * According to OpenSSL documentation, a temporary RSA key is needed when
+@@ -517,7 +517,9 @@ TLS_APPL_STATE *tls_server_init(const TL
+ 	 * ticket decryption callback already (since 2.11) asks OpenSSL to
+ 	 * avoid issuing new tickets when the presented ticket is re-usable.
+ 	 */
++#ifndef LIBRESSL_VERSION_NUMBER
+ 	SSL_CTX_set_num_tickets(server_ctx, 1);
++#endif
+     }
+ #endif
+     if (!ticketable)