-
postfix (3.8.1-2ubuntu0.2) mantic-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling (LP: #2049337)
- debian/patches/CVE-2023-51764-2.patch: improved fix with reduced
risks of regression. Introduced
"smtpd_forbid_bare_newline = normalize".
- CVE-2023-51764
-- Allen Huang <email address hidden> Tue, 30 Jan 2024 15:39:43 +0800
-
postfix (3.8.1-2ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling (LP: #2049337)
- debian/patches/CVE-2023-51764.patch: introduced
`smtpd_forbid_bare_newline`. With "smtpd_forbid_bare_newline = yes",
the Postfix SMTP server disconnects a remote SMTP client that
sends a line ending in a 'bare newline'.
- CVE-2023-51764
-- Allen Huang <email address hidden> Fri, 19 Jan 2024 12:30:34 +0000
-
postfix (3.8.1-2) unstable; urgency=medium
[Scott Kitterman]
* Delete debian/patches/02_kfreebsd_support.diff, no longer needed
* Drop debian/patches/04_remove_gdbm_support.diff, obsolete
* Add/update patch headers, particularly Forwarded status
* Rename collate.pl patch to 71_debianize_collate.pl.diff
* Fix spelling error in d/changelog
* Do not use full path for ypcat and update-inetd in postinst and
suidunregister in preinst
* Update debconf templates
* Correct regression that caused postfix set-permissions to fail (Closes:
#1040329)
- Restore and update debian/patches/05_debian_manpage_differences.diff
- Restore and update debian/patches/05_debian_readme_differences.diff
* Update autopkgtest to test postfix set-permissions
[localization folks]
* l10n: Add Romanian debconf translations. Closes: #1039560 (Remus-Gabriel
-- Scott Kitterman <email address hidden> Thu, 06 Jul 2023 00:18:21 -0400
-
postfix (3.8.1-1) unstable; urgency=medium
[Christian Göttsche]
* Bump _FORTIFY_SOURCE to level 3
* Enable stack clash protection
[Scott Kitterman]
* Refresh and udpate patches for 3.8.1
* Update default master.cf for new installs to comment out maildrop and
external delivery methods to match upstream, these all require additional
configuration. Closes: #1033346
* Delete unconditional call to fix_master and clarify wording of main.cf
status message in postfix.postinst. Closes: #1035350
* Minor wording improvements in d/po/templates.pot. Closes: #1028095
[Wietse Venema]
* 3.8.0 (Closes: #1036161)
* 3.8.1
-- Scott Kitterman <email address hidden> Sat, 10 Jun 2023 09:31:37 -0400
-
postfix (3.7.5-2) unstable; urgency=medium
[Sergio Durigan Junior]
* Update autopkgtest to work with new sasl2-bin service file.
Closes: #1032306
-- Scott Kitterman <email address hidden> Wed, 03 May 2023 10:27:40 -0400
-
postfix (3.7.5-1) unstable; urgency=medium
[Scott Kitterman]
* Fix typo in d/changelog
* Update d/watch to only look for 3.7.x updates for bookworm
[localization folks]
* l10n: Updated Turkish debconf translations. (Atila KOÇ). Closes: #1032459
[Wietse Venema]
* 3.7.5
- Bugfix (introduced: Postfix 3.4): the posttls-finger command
failed to detect that a connection was resumed in the case
that a server did not return a certificate. Viktor Dukhovni.
File: posttls-finger/posttls-finger.c.
- Workaround: OpenSSL 3.x EVP_get_cipherbyname() can return
lazily-bound handles. Postfix now checks that the expected
functionality will be available instead of failing later.
Fix by Viktor Dukhovni. File: tls/tls_server.c.
- Bugfix (introduced: Postfix 3.5): check_ccert_access did
not parse inline map specifications. Report and fix by Sean
Gallagher. File: global/map_search.c.
- Safety: the long form "{ name = value }" in import_environment
or export_environment is not documented, but accepted, and
it was stored in the process environment as the invalid
form "name = value", thus not setting or overriding an entry
for "name". This form is now stored as the expected
"name=value". Found during code maintenance. Also refined
the "missing attribute name" detection. Files: clean_env.c,
split_nameval.c.
- Bugfix (introduced: Postfix 3.2): the MySQL client could
return "not found" instead of "error" during the time that
all MySQL server connections were turned down after error.
Found during code maintenance. File: global/dict_mysql.c.
-- Scott Kitterman <email address hidden> Sun, 30 Apr 2023 13:53:55 -0400
-
postfix (3.7.4-2build1) lunar; urgency=medium
* Rebuild against latest icu
-- Jeremy Bicha <email address hidden> Sun, 26 Feb 2023 13:50:02 -0500
