diff mbox series

postfix: Update to version 3.9.0

Message ID 20240602101417.2953-1-adolf.belka@ipfire.org
State Staged
Commit a03adc928e832b8b6617cdb153aabea3a3ff42ef
Headers
Series postfix: Update to version 3.9.0 |

Commit Message

Adolf Belka June 2, 2024, 10:14 a.m. UTC 
  - Update from version 3.8.4 to 3.9.0
- Update of rootfile
- With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With
   previous versions the default value was no but to prevent the possibility of an smtp
   smuggling attack the option should be yes. Previous version therefore actively set
   the value to yes and added it to the main.cf file when being installed. With version
   3.9.0 the default value is now yes so the option no longer needs to be added into
   main.cf, so smtp smuggling attack is protected by default now.
- Removed the section from the install.sh file that added the option into main.cf with
   version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be
   actively added into main.cf
- Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the
   source tarball.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/postfix | 1 +
 lfs/postfix                       | 8 ++++----
 src/paks/postfix/install.sh       | 4 ----
 3 files changed, 5 insertions(+), 8 deletions(-)

Comments

Michael Tremer June 3, 2024, 9:30 a.m. UTC | #1 
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 2 Jun 2024, at 11:14, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> - Update from version 3.8.4 to 3.9.0
> - Update of rootfile
> - With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With
>   previous versions the default value was no but to prevent the possibility of an smtp
>   smuggling attack the option should be yes. Previous version therefore actively set
>   the value to yes and added it to the main.cf file when being installed. With version
>   3.9.0 the default value is now yes so the option no longer needs to be added into
>   main.cf, so smtp smuggling attack is protected by default now.
> - Removed the section from the install.sh file that added the option into main.cf with
>   version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be
>   actively added into main.cf
> - Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the
>   source tarball.
> 
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> config/rootfiles/packages/postfix | 1 +
> lfs/postfix                       | 8 ++++----
> src/paks/postfix/install.sh       | 4 ----
> 3 files changed, 5 insertions(+), 8 deletions(-)
> 
> diff --git a/config/rootfiles/packages/postfix b/config/rootfiles/packages/postfix
> index 23e1efb25..b77a5b42a 100644
> --- a/config/rootfiles/packages/postfix
> +++ b/config/rootfiles/packages/postfix
> @@ -96,6 +96,7 @@ usr/sbin/sendmail.postfix
> #usr/share/man/man5/lmdb_table.5
> #usr/share/man/man5/master.5
> #usr/share/man/man5/memcache_table.5
> +#usr/share/man/man5/mongodb_table.5
> #usr/share/man/man5/mysql_table.5
> #usr/share/man/man5/nisplus_table.5
> #usr/share/man/man5/pcre_table.5
> diff --git a/lfs/postfix b/lfs/postfix
> index 7f2625a4e..497168267 100644
> --- a/lfs/postfix
> +++ b/lfs/postfix
> @@ -1,7 +1,7 @@
> ###############################################################################
> #                                                                             #
> # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
> +# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
> #                                                                             #
> # This program is free software: you can redistribute it and/or modify        #
> # it under the terms of the GNU General Public License as published by        #
> @@ -26,7 +26,7 @@ include Config
> 
> SUMMARY    = A fast, secure, and flexible mailer
> 
> -VER        = 3.8.4
> +VER        = 3.9.0
> 
> THISAPP    = postfix-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = postfix
> -PAK_VER    = 44
> +PAK_VER    = 45
> 
> DEPS       =
> 
> @@ -70,7 +70,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130ac958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272
> +$(DL_FILE)_BLAKE2 = e07a525d9cbea43d3ed11f3d672452cf94f88ca7bbaf3c3254bf5be4ef675a1797a5fff2444c0db60c6eb53e43734a388a91faed72bb2fb4e3e5a353535602b0
> 
> install : $(TARGET)
> 
> diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh
> index 2e04e74a8..830970e1e 100644
> --- a/src/paks/postfix/install.sh
> +++ b/src/paks/postfix/install.sh
> @@ -25,10 +25,6 @@
> extract_files
> restore_backup ${NAME}
> 
> -# change main.cf parameter from default value to prevent smtp smuggling attack
> -# will not be required once postfix-3.9.x is released as default will then be yes
> -postconf -e 'smtpd_forbid_bare_newline = yes'
> -
> postalias /etc/aliases
> # Set postfix's hostname
> postconf -e "myhostname=$(hostname -f)"
> -- 
> 2.45.1
>
diff mbox series

Patch

diff --git a/config/rootfiles/packages/postfix b/config/rootfiles/packages/postfix
index 23e1efb25..b77a5b42a 100644
--- a/config/rootfiles/packages/postfix
+++ b/config/rootfiles/packages/postfix
@@ -96,6 +96,7 @@  usr/sbin/sendmail.postfix
 #usr/share/man/man5/lmdb_table.5
 #usr/share/man/man5/master.5
 #usr/share/man/man5/memcache_table.5
+#usr/share/man/man5/mongodb_table.5
 #usr/share/man/man5/mysql_table.5
 #usr/share/man/man5/nisplus_table.5
 #usr/share/man/man5/pcre_table.5
diff --git a/lfs/postfix b/lfs/postfix
index 7f2625a4e..497168267 100644
--- a/lfs/postfix
+++ b/lfs/postfix
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@  include Config
 
 SUMMARY    = A fast, secure, and flexible mailer
 
-VER        = 3.8.4
+VER        = 3.9.0
 
 THISAPP    = postfix-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = postfix
-PAK_VER    = 44
+PAK_VER    = 45
 
 DEPS       =
 
@@ -70,7 +70,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130ac958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272
+$(DL_FILE)_BLAKE2 = e07a525d9cbea43d3ed11f3d672452cf94f88ca7bbaf3c3254bf5be4ef675a1797a5fff2444c0db60c6eb53e43734a388a91faed72bb2fb4e3e5a353535602b0
 
 install : $(TARGET)
 
diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh
index 2e04e74a8..830970e1e 100644
--- a/src/paks/postfix/install.sh
+++ b/src/paks/postfix/install.sh
@@ -25,10 +25,6 @@ 
 extract_files
 restore_backup ${NAME}
 
-# change main.cf parameter from default value to prevent smtp smuggling attack
-# will not be required once postfix-3.9.x is released as default will then be yes
-postconf -e 'smtpd_forbid_bare_newline = yes'
-
 postalias /etc/aliases
 # Set postfix's hostname
 postconf -e "myhostname=$(hostname -f)"