diff --git a/postfix-3.8.0.tar.gz b/postfix-3.8.0.tar.gz deleted file mode 100644 index 00c1246..0000000 --- a/postfix-3.8.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3ad8029bd2c6b0c576477a0f77bf9d2c0b761cbaa0efbfef47969efea6eade9 -size 4851893 diff --git a/postfix-3.8.0.tar.gz.asc b/postfix-3.8.0.tar.gz.asc deleted file mode 100644 index 76acc9e..0000000 --- a/postfix-3.8.0.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.18 (FreeBSD) - -iFcDBQBkPGrxDAtZDoDKFacRCg/AAPwNXQ/mbp1mtpkHvt4IznBvn/YxlNW1qwnL -N4rUESsQHQD/R0bN2WGvAS2pgStoRdM2Tgf0tx3JzCUqwN1fA58vxSA= -=JS+i ------END PGP SIGNATURE----- diff --git a/postfix-3.8.1.tar.gz b/postfix-3.8.1.tar.gz new file mode 100644 index 0000000..f585fe6 --- /dev/null +++ b/postfix-3.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:54e1bffded3032828a70de22c2a1a94d1c097fc4513e0fdbfcfdbf3bff6b7092 +size 4848293 diff --git a/postfix-3.8.1.tar.gz.asc b/postfix-3.8.1.tar.gz.asc new file mode 100644 index 0000000..57f0412 --- /dev/null +++ b/postfix-3.8.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iFcDBQBkfl0sDAtZDoDKFacRCqQ7AP4iZH0B8R67Io8he9+zxm8rz/1II/dAGsF9 +q1XQrdsVJwD+PZSfj5oKcWHsR7r32QCjcDXAUqyBtvyZ07t6HUhEY08= +=TxIz +-----END PGP SIGNATURE----- diff --git a/postfix-bdb.changes b/postfix-bdb.changes index c85d9ce..e7976c1 100644 --- a/postfix-bdb.changes +++ b/postfix-bdb.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Tue Jun 6 18:37:03 UTC 2023 - Arjen de Korte + +- update to 3.8.1 + * Optional: harden a Postfix SMTP server against remote SMTP + clients that violate RFC 2920 (or 5321) command pipelining + constraints. With "smtpd_forbid_unauth_pipelining = yes", the + server disconnects a client immediately, after responding with + "554 5.5.0 Error: SMTP protocol synchronization" and after + logging "improper command pipelining" with the unexpected remote + SMTP client input. This feature is disabled by default in Postfix + 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled + by default in Postfix 3.9. A similar feature is enabled by + default in the Exim SMTP server. + * Optional: some OS distributions crank up TLS security to 11, + and in doing so increase the number of plaintext email deliveries. + This introduces basic OpenSSL configuration file support that + may be used to override OS-level settings. + Details are in the postconf(5) manpage under tls_config_file + and tls_config_name. + * Bugfix (defect introduced: Postfix 1.0): the command "postconf + .. name=v1 .. name=v2 .." (multiple instances of the same + parameter name) created multiple main.cf name=value entries + with the same parameter name. It now logs a warning and skips + the earlier name(s) and value(s). Found during code maintenance. + * Bugfix (defect introduced: Postfix 3.3): the command "postconf + -M name1/type1='name2 type2 ...'" died with a segmentation + violation when the request matched multiple master.cf entries. + The master.cf file was not damaged. Problem reported by SATOH + Fumiyasu. + * Bugfix (defect introduced: Postfix 2.11): the command "postconf + -M name1/type1='name2 type2 ...'" could add a service definition + to master.cf that conflicted with an already existing service + definition. It now replaces all existing service definitions + that match the service pattern 'name1/type1' or the service + name and type in 'name2 type2 ...' with a single service + definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. + * Bugfix (defect introduced: Postfix 3.8) the posttls-finger + command could access uninitialized memory when reconnecting. + This also fixes a malformed warning message when a destination + contains ":service" information. Reported by Thomas Korbar. + * Bugfix (defect introduced: Postfix 3.2): the MySQL client could + return "not found" instead of "error" (for example, resulting + in a 5XX SMTP status instead of 4XX) during the time that all + MySQL server connections were turned down after error. Found + during code maintenance. File: global/dict_mysql.c. This was + already fixed in Postfix 3.4-3.7. + ------------------------------------------------------------------- Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte diff --git a/postfix-bdb.spec b/postfix-bdb.spec index 04497a6..87e75f5 100644 --- a/postfix-bdb.spec +++ b/postfix-bdb.spec @@ -59,7 +59,7 @@ %endif %bcond_without ldap Name: postfix-bdb -Version: 3.8.0 +Version: 3.8.1 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 OR EPL-2.0 diff --git a/postfix.changes b/postfix.changes index 213db13..143a8fe 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Tue Jun 6 18:37:03 UTC 2023 - Arjen de Korte + +- update to 3.8.1 + * Optional: harden a Postfix SMTP server against remote SMTP + clients that violate RFC 2920 (or 5321) command pipelining + constraints. With "smtpd_forbid_unauth_pipelining = yes", the + server disconnects a client immediately, after responding with + "554 5.5.0 Error: SMTP protocol synchronization" and after + logging "improper command pipelining" with the unexpected remote + SMTP client input. This feature is disabled by default in Postfix + 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled + by default in Postfix 3.9. A similar feature is enabled by + default in the Exim SMTP server. + * Optional: some OS distributions crank up TLS security to 11, + and in doing so increase the number of plaintext email deliveries. + This introduces basic OpenSSL configuration file support that + may be used to override OS-level settings. + Details are in the postconf(5) manpage under tls_config_file + and tls_config_name. + * Bugfix (defect introduced: Postfix 1.0): the command "postconf + .. name=v1 .. name=v2 .." (multiple instances of the same + parameter name) created multiple main.cf name=value entries + with the same parameter name. It now logs a warning and skips + the earlier name(s) and value(s). Found during code maintenance. + * Bugfix (defect introduced: Postfix 3.3): the command "postconf + -M name1/type1='name2 type2 ...'" died with a segmentation + violation when the request matched multiple master.cf entries. + The master.cf file was not damaged. Problem reported by SATOH + Fumiyasu. + * Bugfix (defect introduced: Postfix 2.11): the command "postconf + -M name1/type1='name2 type2 ...'" could add a service definition + to master.cf that conflicted with an already existing service + definition. It now replaces all existing service definitions + that match the service pattern 'name1/type1' or the service + name and type in 'name2 type2 ...' with a single service + definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. + * Bugfix (defect introduced: Postfix 3.8) the posttls-finger + command could access uninitialized memory when reconnecting. + This also fixes a malformed warning message when a destination + contains ":service" information. Reported by Thomas Korbar. + * Bugfix (defect introduced: Postfix 3.2): the MySQL client could + return "not found" instead of "error" (for example, resulting + in a 5XX SMTP status instead of 4XX) during the time that all + MySQL server connections were turned down after error. Found + during code maintenance. File: global/dict_mysql.c. This was + already fixed in Postfix 3.4-3.7. + ------------------------------------------------------------------- Thu May 4 11:23:41 UTC 2023 - Dominique Leuenberger diff --git a/postfix.spec b/postfix.spec index bbf7f3f..583500b 100644 --- a/postfix.spec +++ b/postfix.spec @@ -46,7 +46,7 @@ %endif %bcond_without ldap Name: postfix -Version: 3.8.0 +Version: 3.8.1 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 OR EPL-2.0