From patchwork Sun Jun 2 10:14:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7834 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4VsXlX6bGdz3wxV for ; Sun, 2 Jun 2024 10:14:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4VsXlT2fQjz1Vm; Sun, 2 Jun 2024 10:14:29 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4VsXlT155Fz3374; Sun, 2 Jun 2024 10:14:29 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4VsXlP274yz32WG for ; Sun, 2 Jun 2024 10:14:25 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4VsXlN2FHSz1Vk; Sun, 2 Jun 2024 10:14:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1717323264; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=fFyGOz2c9fZ8eyrIq5K0l7rFA70FOHAw+bv8LqOqKSk=; b=li2mvmHp+dndE54lb0V8YhOTIns4Pw8AMbs/GmT4L4wJgCNWi8DgMQHAYakYkFm7STJBUG tgApU0RB/+3ABZVoMGgEzOqHEmI3l3Q+RAYKUSXteQ4mbfOWUjb2tZRBp2KD5M0HBJhfeD qg+OvyrXjG1U8gAVHJzHUY6A1aQKvFg8xoHCk4FMVztFxsemjMuN62BpYOXpp7T0rxd6Zb u0dB20cjRlOp1HsIrFUS2M8FiSaSJk9w1iunyIcFvlrMMbFlO5YdFOyUpYd86kFGsURDav 3I/Az/oeLt1L/pQLS8HAtJzHcJ2xYO7o09Frm1B262+P3JdAEE5N1zmzPBC0yg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1717323264; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=fFyGOz2c9fZ8eyrIq5K0l7rFA70FOHAw+bv8LqOqKSk=; b=19lC2inXA1qwAlw53dx2FqXcQWUoJ8xagQUexcmEM6eeiwr1z8P/jU+gU2UfX8RssQ6AtO cZI01YV9BM7dT9DA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] postfix: Update to version 3.9.0 Date: Sun, 2 Jun 2024 12:14:16 +0200 Message-ID: <20240602101417.2953-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: M3XTOWQKXAKQ4UXNOEHP42EMJLQ3TNDG X-Message-ID-Hash: M3XTOWQKXAKQ4UXNOEHP42EMJLQ3TNDG X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 3.8.4 to 3.9.0 - Update of rootfile - With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With previous versions the default value was no but to prevent the possibility of an smtp smuggling attack the option should be yes. Previous version therefore actively set the value to yes and added it to the main.cf file when being installed. With version 3.9.0 the default value is now yes so the option no longer needs to be added into main.cf, so smtp smuggling attack is protected by default now. - Removed the section from the install.sh file that added the option into main.cf with version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be actively added into main.cf - Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the source tarball. Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer --- config/rootfiles/packages/postfix | 1 + lfs/postfix | 8 ++++---- src/paks/postfix/install.sh | 4 ---- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/config/rootfiles/packages/postfix b/config/rootfiles/packages/postfix index 23e1efb25..b77a5b42a 100644 --- a/config/rootfiles/packages/postfix +++ b/config/rootfiles/packages/postfix @@ -96,6 +96,7 @@ usr/sbin/sendmail.postfix #usr/share/man/man5/lmdb_table.5 #usr/share/man/man5/master.5 #usr/share/man/man5/memcache_table.5 +#usr/share/man/man5/mongodb_table.5 #usr/share/man/man5/mysql_table.5 #usr/share/man/man5/nisplus_table.5 #usr/share/man/man5/pcre_table.5 diff --git a/lfs/postfix b/lfs/postfix index 7f2625a4e..497168267 100644 --- a/lfs/postfix +++ b/lfs/postfix @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = A fast, secure, and flexible mailer -VER = 3.8.4 +VER = 3.9.0 THISAPP = postfix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = postfix -PAK_VER = 44 +PAK_VER = 45 DEPS = @@ -70,7 +70,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130ac958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272 +$(DL_FILE)_BLAKE2 = e07a525d9cbea43d3ed11f3d672452cf94f88ca7bbaf3c3254bf5be4ef675a1797a5fff2444c0db60c6eb53e43734a388a91faed72bb2fb4e3e5a353535602b0 install : $(TARGET) diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh index 2e04e74a8..830970e1e 100644 --- a/src/paks/postfix/install.sh +++ b/src/paks/postfix/install.sh @@ -25,10 +25,6 @@ extract_files restore_backup ${NAME} -# change main.cf parameter from default value to prevent smtp smuggling attack -# will not be required once postfix-3.9.x is released as default will then be yes -postconf -e 'smtpd_forbid_bare_newline = yes' - postalias /etc/aliases # Set postfix's hostname postconf -e "myhostname=$(hostname -f)"