-
postfix (3.7.11-0+deb12u1) bookworm; urgency=medium
[Wietse Venema]
* 3.7.11
- Bugfix (defect introduced: Postfix 2.3, date 20051222): the
Dovecot auth client did not reset the 'reason' from a
previous Dovecot auth service response, before parsing the
next Dovecot auth server response in the same SMTP session.
Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c.
- Cleanup: Postfix SMTP server response with an empty
authentication failure reason. File: smtpd/smtpd_sasl_glue.c.
- Bugfix (defect introduced: Postfix 3.1, date: 20151128):
"postqueue -j" produced broken JSON when escaping a control
character as \uXXXX. Found during code maintenance. File:
postqueue/showq_json.c.
- Cleanup: posttls-finger certificate match expectations for
all TLS security levels, including warnings for levels that
don't implement certificate matching. Viktor Dukhovni.
File: posttls-finger.c.
- Bugfix (defect introduced: Postfix 2.3): after prepending
a message header with a Postfix access table PREPEND action,
a Milter request to delete or update an existing header
could have no effect, or it could target the wrong instance
of an existing header. Root cause: the fix dated 20141018
for the Postfix Milter client was incomplete. The client
did correctly hide the first, Postfix-generated, Received:
header when sending message header information to a Milter
with the smfi_header() application callback function, but
it was still hiding the first header (instead of the first
Received: header) when handling requests from a Milter to
delete or update an existing header. Problem report by
Carlos Velasco. This change was verified to have no effect
on requests from a Milter to add or insert a header. File:
cleanup/cleanup_milter.c.
- Workaround: tlsmgr logfile spam. Some OS lies under load:
it says that a socket is readable, then it says that the
socket has unread data, and then it says that read returns
EOF, causing Postfix to spam the log with a warning message.
File: tlsmgr/tlsmgr.c.
- Bugfix (defect introduced: Postfix 3.4): the SMTP server's
BDAT command handler could be tricked to read $message_size_limit
bytes into memory. Found during code maintenance. File:
smtpd/smtpd.c.
- Performance: eliminate worst-case behavior where the queue
manager defers delivery to all destinations over a specific
delivery transport, after only a single delivery agent
failure. The scheduler now throttles one destination, and
allows deliveries to other destinations to keep making
progress. Files: *qmgr/qmgr_deliver.c.
- Safety: drop and log over-size DNS responses resulting in
more than 100 records. This 20x larger than the number of
server addresses that the Postfix SMTP client is willing
to consider when delivering mail, and is well below the
number of records that could cause a tail recursion crash
in dns_rr_append() as reported by Toshifumi Sakaguchi. This
also limits the number of DNS requests from check_*_*_access
restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c,
dns/test_dns_lookup.c, posttls-finger/posttls-finger.c,
smtp/smtp_addr.c, smtpd/smtpd_check.c.
-- Scott Kitterman <email address hidden> Wed, 06 Mar 2024 10:10:14 -0500
-
postfix (3.7.10-0+deb12u1) bookworm; urgency=medium
[Wietse Venema]
* 3.7.10
- Security (outbound SMTP smuggling): with the default setting
"cleanup_replace_stray_cr_lf = yes" Postfix will replace
stray <CR> or <LF> characters in message content with a
space character. This prevents Postfix from enabling
outbound (remote) SMTP smuggling, and it also makes evaluation
of Postfix-added DKIM etc. signatures independent from how
a remote mail server handles stray <CR> or <LF> characters.
Files: global/mail_params.h, cleanup/cleanup.c,
cleanup/cleanup_message.c, mantools/postlink, proto/postconf.proto.
- Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
smtpd/smtpd.c, smtpd/smtpd_check.[hc].
-- Scott Kitterman <email address hidden> Fri, 26 Jan 2024 18:44:58 -0500
-
postfix (3.7.6-0+deb12u2) bookworm; urgency=medium
* Correct regression that caused postfix set-permissions to fail (Closes:
#1040329)
- Restore and update debian/patches/05_debian_manpage_differences.diff
- Restore and update debian/patches/05_debian_readme_differences.diff
* Update autopkgtest to test postfix set-permissions
-- Scott Kitterman <email address hidden> Wed, 05 Jul 2023 17:18:24 -0400
-
postfix (3.7.5-2) unstable; urgency=medium
[Sergio Durigan Junior]
* Update autopkgtest to work with new sasl2-bin service file.
Closes: #1032306
-- Scott Kitterman <email address hidden> Wed, 03 May 2023 10:27:40 -0400
