From 86dd8b74e24e1414ad78da11da1604f7556a18a0d20f09a8c688aabb5080e6de Mon Sep 17 00:00:00 2001 From: Christian Wittmer Date: Wed, 7 Jun 2023 18:25:08 +0000 Subject: [PATCH] Accepting request 1091141 from home:adkorte:branches:server:mail - update to 3.8.1 * Optional: harden a Postfix SMTP server against remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. With "smtpd_forbid_unauth_pipelining = yes", the server disconnects a client immediately, after responding with "554 5.5.0 Error: SMTP protocol synchronization" and after logging "improper command pipelining" with the unexpected remote SMTP client input. This feature is disabled by default in Postfix 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled by default in Postfix 3.9. A similar feature is enabled by default in the Exim SMTP server. * Optional: some OS distributions crank up TLS security to 11, and in doing so increase the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support that may be used to override OS-level settings. Details are in the postconf(5) manpage under tls_config_file and tls_config_name. * Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple main.cf name=value entries with the same parameter name. It now logs a warning and skips the earlier name(s) and value(s). Found during code maintenance. * Bugfix (defect introduced: Postfix 3.3): the command "postconf -M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 2.11): the command "postconf -M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 3.8) the posttls-finger command could access uninitialized memory when reconnecting. This also fixes a malformed warning message when a destination contains ":service" information. Reported by Thomas Korbar. * Bugfix (defect introduced: Postfix 3.2): the MySQL client could return "not found" instead of "error" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. This was already fixed in Postfix 3.4-3.7. - update to 3.8.1 * Optional: harden a Postfix SMTP server against remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. With "smtpd_forbid_unauth_pipelining = yes", the server disconnects a client immediately, after responding with "554 5.5.0 Error: SMTP protocol synchronization" and after logging "improper command pipelining" with the unexpected remote SMTP client input. This feature is disabled by default in Postfix 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled by default in Postfix 3.9. A similar feature is enabled by default in the Exim SMTP server. * Optional: some OS distributions crank up TLS security to 11, and in doing so increase the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support that may be used to override OS-level settings. Details are in the postconf(5) manpage under tls_config_file and tls_config_name. * Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple main.cf name=value entries with the same parameter name. It now logs a warning and skips the earlier name(s) and value(s). Found during code maintenance. * Bugfix (defect introduced: Postfix 3.3): the command "postconf -M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 2.11): the command "postconf -M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 3.8) the posttls-finger command could access uninitialized memory when reconnecting. This also fixes a malformed warning message when a destination contains ":service" information. Reported by Thomas Korbar. * Bugfix (defect introduced: Postfix 3.2): the MySQL client could return "not found" instead of "error" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. This was already fixed in Postfix 3.4-3.7. OBS-URL: https://build.opensuse.org/request/show/1091141 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=456 --- postfix-3.8.0.tar.gz | 3 --- postfix-3.8.0.tar.gz.asc | 7 ------ postfix-3.8.1.tar.gz | 3 +++ postfix-3.8.1.tar.gz.asc | 7 ++++++ postfix-bdb.changes | 48 ++++++++++++++++++++++++++++++++++++++++ postfix-bdb.spec | 2 +- postfix.changes | 48 ++++++++++++++++++++++++++++++++++++++++ postfix.spec | 2 +- 8 files changed, 108 insertions(+), 12 deletions(-) delete mode 100644 postfix-3.8.0.tar.gz delete mode 100644 postfix-3.8.0.tar.gz.asc create mode 100644 postfix-3.8.1.tar.gz create mode 100644 postfix-3.8.1.tar.gz.asc diff --git a/postfix-3.8.0.tar.gz b/postfix-3.8.0.tar.gz deleted file mode 100644 index 00c1246..0000000 --- a/postfix-3.8.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3ad8029bd2c6b0c576477a0f77bf9d2c0b761cbaa0efbfef47969efea6eade9 -size 4851893 diff --git a/postfix-3.8.0.tar.gz.asc b/postfix-3.8.0.tar.gz.asc deleted file mode 100644 index 76acc9e..0000000 --- a/postfix-3.8.0.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.18 (FreeBSD) - -iFcDBQBkPGrxDAtZDoDKFacRCg/AAPwNXQ/mbp1mtpkHvt4IznBvn/YxlNW1qwnL -N4rUESsQHQD/R0bN2WGvAS2pgStoRdM2Tgf0tx3JzCUqwN1fA58vxSA= -=JS+i ------END PGP SIGNATURE----- diff --git a/postfix-3.8.1.tar.gz b/postfix-3.8.1.tar.gz new file mode 100644 index 0000000..f585fe6 --- /dev/null +++ b/postfix-3.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:54e1bffded3032828a70de22c2a1a94d1c097fc4513e0fdbfcfdbf3bff6b7092 +size 4848293 diff --git a/postfix-3.8.1.tar.gz.asc b/postfix-3.8.1.tar.gz.asc new file mode 100644 index 0000000..57f0412 --- /dev/null +++ b/postfix-3.8.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iFcDBQBkfl0sDAtZDoDKFacRCqQ7AP4iZH0B8R67Io8he9+zxm8rz/1II/dAGsF9 +q1XQrdsVJwD+PZSfj5oKcWHsR7r32QCjcDXAUqyBtvyZ07t6HUhEY08= +=TxIz +-----END PGP SIGNATURE----- diff --git a/postfix-bdb.changes b/postfix-bdb.changes index c85d9ce..e7976c1 100644 --- a/postfix-bdb.changes +++ b/postfix-bdb.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Tue Jun 6 18:37:03 UTC 2023 - Arjen de Korte + +- update to 3.8.1 + * Optional: harden a Postfix SMTP server against remote SMTP + clients that violate RFC 2920 (or 5321) command pipelining + constraints. With "smtpd_forbid_unauth_pipelining = yes", the + server disconnects a client immediately, after responding with + "554 5.5.0 Error: SMTP protocol synchronization" and after + logging "improper command pipelining" with the unexpected remote + SMTP client input. This feature is disabled by default in Postfix + 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled + by default in Postfix 3.9. A similar feature is enabled by + default in the Exim SMTP server. + * Optional: some OS distributions crank up TLS security to 11, + and in doing so increase the number of plaintext email deliveries. + This introduces basic OpenSSL configuration file support that + may be used to override OS-level settings. + Details are in the postconf(5) manpage under tls_config_file + and tls_config_name. + * Bugfix (defect introduced: Postfix 1.0): the command "postconf + .. name=v1 .. name=v2 .." (multiple instances of the same + parameter name) created multiple main.cf name=value entries + with the same parameter name. It now logs a warning and skips + the earlier name(s) and value(s). Found during code maintenance. + * Bugfix (defect introduced: Postfix 3.3): the command "postconf + -M name1/type1='name2 type2 ...'" died with a segmentation + violation when the request matched multiple master.cf entries. + The master.cf file was not damaged. Problem reported by SATOH + Fumiyasu. + * Bugfix (defect introduced: Postfix 2.11): the command "postconf + -M name1/type1='name2 type2 ...'" could add a service definition + to master.cf that conflicted with an already existing service + definition. It now replaces all existing service definitions + that match the service pattern 'name1/type1' or the service + name and type in 'name2 type2 ...' with a single service + definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. + * Bugfix (defect introduced: Postfix 3.8) the posttls-finger + command could access uninitialized memory when reconnecting. + This also fixes a malformed warning message when a destination + contains ":service" information. Reported by Thomas Korbar. + * Bugfix (defect introduced: Postfix 3.2): the MySQL client could + return "not found" instead of "error" (for example, resulting + in a 5XX SMTP status instead of 4XX) during the time that all + MySQL server connections were turned down after error. Found + during code maintenance. File: global/dict_mysql.c. This was + already fixed in Postfix 3.4-3.7. + ------------------------------------------------------------------- Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte diff --git a/postfix-bdb.spec b/postfix-bdb.spec index 04497a6..87e75f5 100644 --- a/postfix-bdb.spec +++ b/postfix-bdb.spec @@ -59,7 +59,7 @@ %endif %bcond_without ldap Name: postfix-bdb -Version: 3.8.0 +Version: 3.8.1 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 OR EPL-2.0 diff --git a/postfix.changes b/postfix.changes index 213db13..143a8fe 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Tue Jun 6 18:37:03 UTC 2023 - Arjen de Korte + +- update to 3.8.1 + * Optional: harden a Postfix SMTP server against remote SMTP + clients that violate RFC 2920 (or 5321) command pipelining + constraints. With "smtpd_forbid_unauth_pipelining = yes", the + server disconnects a client immediately, after responding with + "554 5.5.0 Error: SMTP protocol synchronization" and after + logging "improper command pipelining" with the unexpected remote + SMTP client input. This feature is disabled by default in Postfix + 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled + by default in Postfix 3.9. A similar feature is enabled by + default in the Exim SMTP server. + * Optional: some OS distributions crank up TLS security to 11, + and in doing so increase the number of plaintext email deliveries. + This introduces basic OpenSSL configuration file support that + may be used to override OS-level settings. + Details are in the postconf(5) manpage under tls_config_file + and tls_config_name. + * Bugfix (defect introduced: Postfix 1.0): the command "postconf + .. name=v1 .. name=v2 .." (multiple instances of the same + parameter name) created multiple main.cf name=value entries + with the same parameter name. It now logs a warning and skips + the earlier name(s) and value(s). Found during code maintenance. + * Bugfix (defect introduced: Postfix 3.3): the command "postconf + -M name1/type1='name2 type2 ...'" died with a segmentation + violation when the request matched multiple master.cf entries. + The master.cf file was not damaged. Problem reported by SATOH + Fumiyasu. + * Bugfix (defect introduced: Postfix 2.11): the command "postconf + -M name1/type1='name2 type2 ...'" could add a service definition + to master.cf that conflicted with an already existing service + definition. It now replaces all existing service definitions + that match the service pattern 'name1/type1' or the service + name and type in 'name2 type2 ...' with a single service + definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. + * Bugfix (defect introduced: Postfix 3.8) the posttls-finger + command could access uninitialized memory when reconnecting. + This also fixes a malformed warning message when a destination + contains ":service" information. Reported by Thomas Korbar. + * Bugfix (defect introduced: Postfix 3.2): the MySQL client could + return "not found" instead of "error" (for example, resulting + in a 5XX SMTP status instead of 4XX) during the time that all + MySQL server connections were turned down after error. Found + during code maintenance. File: global/dict_mysql.c. This was + already fixed in Postfix 3.4-3.7. + ------------------------------------------------------------------- Thu May 4 11:23:41 UTC 2023 - Dominique Leuenberger diff --git a/postfix.spec b/postfix.spec index bbf7f3f..583500b 100644 --- a/postfix.spec +++ b/postfix.spec @@ -46,7 +46,7 @@ %endif %bcond_without ldap Name: postfix -Version: 3.8.0 +Version: 3.8.1 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 OR EPL-2.0