-
postfix (3.6.4-1ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling (LP: #2049337)
- debian/patches/CVE-2023-51764-2.patch: improved fix with reduced
risks of regression. Introduced
"smtpd_forbid_bare_newline = normalize".
- CVE-2023-51764
-- Allen Huang <email address hidden> Mon, 29 Jan 2024 16:02:43 +0800
-
postfix (3.6.4-1ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling (LP: #2049337)
- debian/patches/CVE-2023-51764.patch: introduced
`smtpd_forbid_bare_newline`. With "smtpd_forbid_bare_newline = yes",
the Postfix SMTP server disconnects a remote SMTP client that
sends a line ending in a 'bare newline'.
- CVE-2023-51764
-- Allen Huang <email address hidden> Tue, 16 Jan 2024 15:11:43 +0000
-
postfix (3.6.4-1ubuntu1.1) jammy; urgency=medium
* d/p/1995312-unexpected-eof-fix.patch: Workaround for a breaking
change in OpenSSL 3: always turn on SSL_OP_IGNORE_UNEXPECTED_EOF,
to avoid warning messages and missed opportunities for TLS
session reuse. This is safe because the SMTP protocol implements
application-level framing, and is therefore not affected
by TLS truncation attacks. Fix by Viktor Dukhovni (LP: #1995312).
* d/p/1996524-Linux6-support.patch: Adding LINUX6 support for
portability (LP: #1996524).
-- Miriam España Acebal <email address hidden> Mon, 10 Apr 2023 13:35:27 +0200
-
postfix (3.6.4-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable. (LP: #1959612) Remaining changes:
- d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for
building against glibc-2.34 with new closefrom().
-- Bryce Harrington <email address hidden> Mon, 21 Mar 2022 10:40:16 -0700
-
postfix (3.6.3-5ubuntu2) jammy; urgency=medium
* No-change rebuild for icu soname change.
-- Matthias Klose <email address hidden> Wed, 09 Feb 2022 09:13:48 +0100
-
postfix (3.6.3-5ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for
building against glibc-2.34 with new closefrom().
postfix (3.6.3-5) unstable; urgency=medium
[Wietse Venema]
* Fix duplicate bounce_notice_recipient entries in postconf output.
Closes: #999694
[Scott Kitterman]
* Remove left-over ca-certificates.crt file from postfix chroot.
Closes: #991609
* Align sysv init script start/stop/reload more to default init and drop
d/p/09_quiet_startup.diff, no longer needed.
* Add support for chroot_extra_files and chroot_extra_CAdir variables
sourced from /etc/default/postfix to enable users to specify additional
files needed in the chroot. Closes: #948321
* Add information about keeping resolv.conf up to date in the chroot with
the resolvconf package. Closes: #964762
* Add collate.pl script as postfix-collate. Closes: #941457
[Christian Göttsche]
* Drop unreproducible build paths from makedefs.out.
* Enable Link Time Optimiation (LTO).
[Sergio Gelato]
* Correct if-up.d to not error out if postfix can't send mail yet.
Closes: #959864
-- Steve Langasek <email address hidden> Tue, 11 Jan 2022 07:39:58 -0800
-
postfix (3.6.3-4ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for
building against glibc-2.34 with new closefrom().
* Dropped changes, included in Debian:
- d/postfix.postinst: tolerate search domain with a leading dot
- d/rules: Removed LDFLAG -Bsymbolic-functions to fix issue where TLS
is disabled when private/tlmsgr socket is not found.
- Support networkd-dispatcher.
- d/postfix.dirs: Add usr/lib/networkd-dispatcher/{routable,off}.d.
- d/rules: Install debian/ip-{up,down}.d scripts into
usr/lib/networkd-dispatcher/{routable,off}.d, respectively.
postfix (3.6.3-4) unstable; urgency=medium
[Scott Kitterman]
* Update d/p/70_postfix-check.diff to exclude makedefs.out from symlink
check. Closes: #926331
* Test that nothing is reported by postfix check in autopkgtest
* Delete debian/patches/30_shared_libs.diff, no longer needed after linking
corrections in debian/rules
* Do not override user set default_transport in postinst. Closes: #988538
* Add overrides for incorrect unused-debconf-template results
* Update debconf templates
[Christian Göttsche]
* Overhaul compiler flags
* Ignore blhc false positives on for loop
* Drop linking against local build libraries
postfix (3.6.3-3) unstable; urgency=medium
[Scott Kitterman]
* Force rm of html/Makefile.in in install-indep to avoid potential FTBFS.
Closes: #1002497
* Make all debian/rules rm calls -f to support building when not root
[Christian Göttsche]
* Enable building with multiple jobs
* Drop unnecessary linking libraries
postfix (3.6.3-2) unstable; urgency=medium
[Scott Kitterman]
* Add postfix-mta-sts-resolver to suggests. Closes: #968516
* Include compatibility_level in addition to postifx version when
determining default value for chroot in master.cf. Closes: #995129
* Fixup errors in postifx-add-* man pages. Closes: #995031
* Set compatibility level to 3.6 for fresh installs
* Update main/master.cf.proto on upgrade if not modified. Closes: #991513
* Decruft debconf template:
- Remove ancient (postfix 2.3) mydomain_warning
- Delete old (Postfix 2.10) relay_restrictions_warning
- Delete unused lmtp_retired_warning template
- Delete unused kernel_version_warning template
- Delete unused retry_upgrade_warning template
- Delete unused tlsmgr_upgrade_warning template
* Debconf template cleanup, thanks to Markus Hiereth for the suggestions.
Closes: #905653
[Miriam España Acebal]
* Removed LDFLAG -Bsymbolic-functions to fix issue where TLS is disabled
when private/tlmsgr socket is not found. lp: #1885403
[Christian Göttsche]
* Update debian/patches/07_sasl_config.diff:
- Fix conversion warnings by adding explicit cast
- Drop unused function xsasl_getpath
* Fix lintian detected typos in Debian packaging.
* Do not require postfix to be build by root.
* Set -e shell option explicitly.
* Bump watch file standard to version 4.
* Add misc:Pre-Depends to postfix.
* Remove trailing spaces in changelog.
* Add Documentation key to postfix service.
* Drop alternative dependency on obsolete libmysqlclient-dev.
* Add standard salsa ci configuration.
* Drop unused debconf template sqlite_warning.
[Paride Legovini]
* d/postfix.postinst: tolerate search domain with a leading dot.
Closes: #991950
[Sergio Durigan Junior]
* Support networkd-dispatcher. Closes: #999867 lp: #1718227
postfix (3.6.3-1) unstable; urgency=medium
[Scott Kitterman]
* Add license information from TLS_LICENSE. Closes: #991610
* Additional debian/copyright updates
* Refresh patches
* Add Pre-Depends on init-system-helpers (>= 1.54~) due to use of
--skip-systemd-native flag
* Update lintian overrides
* Bump standards-version to 4.6.0 without further change
[Wietse Venema]
* 3.6.3
-- Steve Langasek <email address hidden> Wed, 29 Dec 2021 22:29:13 -0800
-
postfix (3.5.13-1ubuntu3) jammy; urgency=medium
* No-change rebuild against libssl3
-- Steve Langasek <email address hidden> Thu, 09 Dec 2021 00:13:45 +0000
-
postfix (3.5.13-1ubuntu2) jammy; urgency=medium
* Support networkd-dispatcher. (LP: #1718227) (Debian BTS #999867)
- d/postfix.dirs: Add usr/lib/networkd-dispatcher/{routable,off}.d.
- d/rules: Install debian/ip-{up,down}.d scripts into
usr/lib/networkd-dispatcher/{routable,off}.d, respectively.
-- Sergio Durigan Junior <email address hidden> Wed, 17 Nov 2021 18:03:41 -0500
-
postfix (3.5.13-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable. (LP: #1946838)
Remaining changes:
- d/postfix.postinst: tolerate search domain with a leading dot
(LP #1906970)
- d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for
building against glibc-2.34 with new closefrom().
(LP #1939353)
- d/rules: Removed LDFLAG -Bsymbolic-functions to fix issue where TLS
is disabled when private/tlmsgr socket is not found.
(LP #1885403)
-- Bryce Harrington <email address hidden> Tue, 16 Nov 2021 13:50:11 -0800
-
postfix (3.5.6-1ubuntu2) impish; urgency=medium
* d/rules: Removed LDFLAG -Bsymbolic-functions (LP: #1885403).
* d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for building
against glibc-2.34 (LP: #1939353).
-- Miriam España Acebal <email address hidden> Thu, 02 Sep 2021 13:04:29 +0200
