- Update from version 3.8.4 to 3.9.0 - Update of rootfile - With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With previous versions the default value was no but to prevent the possibility of an smtp smuggling attack the option should be yes. Previous version therefore actively set the value to yes and added it to the main.cf file when being installed. With version 3.9.0 the default value is now yes so the option no longer needs to be added into main.cf, so smtp smuggling attack is protected by default now. - Removed the section from the install.sh file that added the option into main.cf with version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be actively added into main.cf - Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the source tarball.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/packages/postfix | 1 + lfs/postfix | 8 ++++---- src/paks/postfix/install.sh | 4 ---- 3 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/config/rootfiles/packages/postfix b/config/rootfiles/packages/postfix index 23e1efb25..b77a5b42a 100644 --- a/config/rootfiles/packages/postfix +++ b/config/rootfiles/packages/postfix @@ -96,6 +96,7 @@ usr/sbin/sendmail.postfix #usr/share/man/man5/lmdb_table.5 #usr/share/man/man5/master.5 #usr/share/man/man5/memcache_table.5 +#usr/share/man/man5/mongodb_table.5 #usr/share/man/man5/mysql_table.5 #usr/share/man/man5/nisplus_table.5 #usr/share/man/man5/pcre_table.5 diff --git a/lfs/postfix b/lfs/postfix index 7f2625a4e..497168267 100644 --- a/lfs/postfix +++ b/lfs/postfix @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = A fast, secure, and flexible mailer
-VER = 3.8.4 +VER = 3.9.0
THISAPP = postfix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = postfix -PAK_VER = 44 +PAK_VER = 45
DEPS =
@@ -70,7 +70,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130ac958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272 +$(DL_FILE)_BLAKE2 = e07a525d9cbea43d3ed11f3d672452cf94f88ca7bbaf3c3254bf5be4ef675a1797a5fff2444c0db60c6eb53e43734a388a91faed72bb2fb4e3e5a353535602b0
install : $(TARGET)
diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh index 2e04e74a8..830970e1e 100644 --- a/src/paks/postfix/install.sh +++ b/src/paks/postfix/install.sh @@ -25,10 +25,6 @@ extract_files restore_backup ${NAME}
-# change main.cf parameter from default value to prevent smtp smuggling attack -# will not be required once postfix-3.9.x is released as default will then be yes -postconf -e 'smtpd_forbid_bare_newline = yes' - postalias /etc/aliases # Set postfix's hostname postconf -e "myhostname=$(hostname -f)"
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 2 Jun 2024, at 11:14, Adolf Belka adolf.belka@ipfire.org wrote:
- Update from version 3.8.4 to 3.9.0
- Update of rootfile
- With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With previous versions the default value was no but to prevent the possibility of an smtp smuggling attack the option should be yes. Previous version therefore actively set the value to yes and added it to the main.cf file when being installed. With version 3.9.0 the default value is now yes so the option no longer needs to be added into main.cf, so smtp smuggling attack is protected by default now.
- Removed the section from the install.sh file that added the option into main.cf with version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be actively added into main.cf
- Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the source tarball.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/packages/postfix | 1 + lfs/postfix | 8 ++++---- src/paks/postfix/install.sh | 4 ---- 3 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/config/rootfiles/packages/postfix b/config/rootfiles/packages/postfix index 23e1efb25..b77a5b42a 100644 --- a/config/rootfiles/packages/postfix +++ b/config/rootfiles/packages/postfix @@ -96,6 +96,7 @@ usr/sbin/sendmail.postfix #usr/share/man/man5/lmdb_table.5 #usr/share/man/man5/master.5 #usr/share/man/man5/memcache_table.5 +#usr/share/man/man5/mongodb_table.5 #usr/share/man/man5/mysql_table.5 #usr/share/man/man5/nisplus_table.5 #usr/share/man/man5/pcre_table.5 diff --git a/lfs/postfix b/lfs/postfix index 7f2625a4e..497168267 100644 --- a/lfs/postfix +++ b/lfs/postfix @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = A fast, secure, and flexible mailer
-VER = 3.8.4 +VER = 3.9.0
THISAPP = postfix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = postfix -PAK_VER = 44 +PAK_VER = 45
DEPS =
@@ -70,7 +70,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130ac958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272 +$(DL_FILE)_BLAKE2 = e07a525d9cbea43d3ed11f3d672452cf94f88ca7bbaf3c3254bf5be4ef675a1797a5fff2444c0db60c6eb53e43734a388a91faed72bb2fb4e3e5a353535602b0
install : $(TARGET)
diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh index 2e04e74a8..830970e1e 100644 --- a/src/paks/postfix/install.sh +++ b/src/paks/postfix/install.sh @@ -25,10 +25,6 @@ extract_files restore_backup ${NAME}
-# change main.cf parameter from default value to prevent smtp smuggling attack -# will not be required once postfix-3.9.x is released as default will then be yes -postconf -e 'smtpd_forbid_bare_newline = yes'
postalias /etc/aliases # Set postfix's hostname postconf -e "myhostname=$(hostname -f)" -- 2.45.1
-
Adolf Belka -
Michael Tremer