Reviewed-by: Michael Tremer > On 2 Jun 2024, at 11:14, Adolf Belka wrote: > > - Update from version 3.8.4 to 3.9.0 > - Update of rootfile > - With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With > previous versions the default value was no but to prevent the possibility of an smtp > smuggling attack the option should be yes. Previous version therefore actively set > the value to yes and added it to the main.cf file when being installed. With version > 3.9.0 the default value is now yes so the option no longer needs to be added into > main.cf, so smtp smuggling attack is protected by default now. > - Removed the section from the install.sh file that added the option into main.cf with > version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be > actively added into main.cf > - Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the > source tarball. > > Signed-off-by: Adolf Belka > --- > config/rootfiles/packages/postfix | 1 + > lfs/postfix | 8 ++++---- > src/paks/postfix/install.sh | 4 ---- > 3 files changed, 5 insertions(+), 8 deletions(-) > > diff --git a/config/rootfiles/packages/postfix b/config/rootfiles/packages/postfix > index 23e1efb25..b77a5b42a 100644 > --- a/config/rootfiles/packages/postfix > +++ b/config/rootfiles/packages/postfix > @@ -96,6 +96,7 @@ usr/sbin/sendmail.postfix > #usr/share/man/man5/lmdb_table.5 > #usr/share/man/man5/master.5 > #usr/share/man/man5/memcache_table.5 > +#usr/share/man/man5/mongodb_table.5 > #usr/share/man/man5/mysql_table.5 > #usr/share/man/man5/nisplus_table.5 > #usr/share/man/man5/pcre_table.5 > diff --git a/lfs/postfix b/lfs/postfix > index 7f2625a4e..497168267 100644 > --- a/lfs/postfix > +++ b/lfs/postfix > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2023 IPFire Team # > +# Copyright (C) 2007-2024 IPFire Team # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -26,7 +26,7 @@ include Config > > SUMMARY = A fast, secure, and flexible mailer > > -VER = 3.8.4 > +VER = 3.9.0 > > THISAPP = postfix-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = postfix > -PAK_VER = 44 > +PAK_VER = 45 > > DEPS = > > @@ -70,7 +70,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130ac958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272 > +$(DL_FILE)_BLAKE2 = e07a525d9cbea43d3ed11f3d672452cf94f88ca7bbaf3c3254bf5be4ef675a1797a5fff2444c0db60c6eb53e43734a388a91faed72bb2fb4e3e5a353535602b0 > > install : $(TARGET) > > diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh > index 2e04e74a8..830970e1e 100644 > --- a/src/paks/postfix/install.sh > +++ b/src/paks/postfix/install.sh > @@ -25,10 +25,6 @@ > extract_files > restore_backup ${NAME} > > -# change main.cf parameter from default value to prevent smtp smuggling attack > -# will not be required once postfix-3.9.x is released as default will then be yes > -postconf -e 'smtpd_forbid_bare_newline = yes' > - > postalias /etc/aliases > # Set postfix's hostname > postconf -e "myhostname=$(hostname -f)" > -- > 2.45.1 >