Accepted postfix 3.7.10-0+deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted postfix 3.7.10-0+deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 29 Jan 2024 21:47:09 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: postfix_3.7.10-0+deb12u1_source.changes
- Debian-source: postfix
- Debian-suite: proposed-updates
- Debian-version: 3.7.10-0+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=0qXF6vKofDQ/ZkM8mdw1HbR6jBjYZaBRLHLLHnPQYLc=; b=jeyC7BRIyWbzJNv6kxYz0/5lUo J4rPm5Ms3O+q00kV2+mH1FZUY4IbzH5eknWYVHQloDGbTw97xZ0wCS6Y90Jyof3WGysRgkD40PS8P TuwoqhoEGHrs8vPjWOfxCSZ0OMlcHDmz3Sn3kuCTADS1Rdipfg/P05cuvcfsedCvQo9GDa3pL1r+G SlNkDlixwx5wmum5i3dHKN7y8diMSnk5OXuTfVPoYMUK+1Ex6Z2t+pv4Uf0oGNPQuO78Ej6mWOSpT iZ+igpnipTJdilefR+BPNv6r8uES+c5nyseVnhJWzRUKn/uliflkh1tHeVhP9xDlEOmZn7tSK45ym Fy8IikRw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1rUZTB-007Vsa-R5@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jan 2024 18:44:58 -0500
Source: postfix
Architecture: source
Version: 3.7.10-0+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Changes:
postfix (3.7.10-0+deb12u1) bookworm; urgency=medium
.
[Wietse Venema]
.
* 3.7.10
- Security (outbound SMTP smuggling): with the default setting
"cleanup_replace_stray_cr_lf = yes" Postfix will replace
stray <CR> or <LF> characters in message content with a
space character. This prevents Postfix from enabling
outbound (remote) SMTP smuggling, and it also makes evaluation
of Postfix-added DKIM etc. signatures independent from how
a remote mail server handles stray <CR> or <LF> characters.
Files: global/mail_params.h, cleanup/cleanup.c,
cleanup/cleanup_message.c, mantools/postlink, proto/postconf.proto.
- Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
smtpd/smtpd.c, smtpd/smtpd_check.[hc].
Checksums-Sha1:
fdc489110ac3c85f64b93d16aa2a01fa9d80e8fb 3018 postfix_3.7.10-0+deb12u1.dsc
d924cfdac28564fa8801d38eddbe1690e99812ea 4844097 postfix_3.7.10.orig.tar.gz
6c0031ab0e22051b8be3d575e005540127ee3839 220 postfix_3.7.10.orig.tar.gz.asc
6e220b7b25b4299c697ee44815e57ad5a2612bdf 198076 postfix_3.7.10-0+deb12u1.debian.tar.xz
06d41773561a5f2aeb52bb9d110173ad4b12d715 7699 postfix_3.7.10-0+deb12u1_source.buildinfo
Checksums-Sha256:
4d3a1e599277d9ac9331ae12228cfc16176e5557cc5345d8e958d9c42a69220c 3018 postfix_3.7.10-0+deb12u1.dsc
7c0cba641dc0d8ce28cfc63f244b419e1cc6c8ce1fc55640820d85c7167b906c 4844097 postfix_3.7.10.orig.tar.gz
d05dc17fc622e979824063b8ad0d3c2b4fa394cdf8f13402446d11548febd1eb 220 postfix_3.7.10.orig.tar.gz.asc
c9a6f77f2711bc28675e8f461a6a9d4ee83183896651d8e819e4a04c19f26949 198076 postfix_3.7.10-0+deb12u1.debian.tar.xz
ad1610054f131555fb6bfd112f82478c94938dba069bddf2dbe9fc8dbc280f37 7699 postfix_3.7.10-0+deb12u1_source.buildinfo
Files:
02dc92c19ac0b7b834abbad4069ea7bb 3018 mail optional postfix_3.7.10-0+deb12u1.dsc
aa100b63ce03f75f9be13bf006176e87 4844097 mail optional postfix_3.7.10.orig.tar.gz
caec568812968eb231749bd0c62cb47f 220 mail optional postfix_3.7.10.orig.tar.gz.asc
8847ad6de80caa8f6493a154e184c20f 198076 mail optional postfix_3.7.10-0+deb12u1.debian.tar.xz
138c69fb6a95f369fc82f3e1b2334b49 7699 mail optional postfix_3.7.10-0+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmW1HyQACgkQeNfe+5rV
mvEzAg//URaeAZQxVikh3CZB68a23qF/njqhUcVCVsPdzLpDI74gNPOoow+wPRD8
kIiTmVymm6XTLTtHfO/2dEOGX1H0w2rjEffQJ8D8H1PjVa+921m4JDMSewK4JahD
B3XLFe1YJfiZMj+81GiBJ9rvpsyIlIOJ1ttAtFrdz78nI58QSx4yFhdXKEXp0FA1
YnQhTK5IFA9ucpMKCrSJfn3sNCcUXS7OkkwRX4hN8YVSd4t/jJ1b0yFvut1cux1R
jgmUWsy8CegougZIDWqMcbcKAd9e3Ned1A+ptvcnLUkz+K9AY3OiAqcOC+8vEe35
rudVpezJJPIa/itFDEG/Fz1RE4/VgX7YhPnNJDGX443Gk1cXN50svNmfT6XsMRUp
6mcOFjwGCegmnXlbM2dgwnxNPvZ5HJCKOqY5ghCc0cdfUgNoVMyhJ3faEFjj2aZ/
TGax+eUjnnOdyX/AyshcI+aKlceUDIC7AY1gEtwmQ+9dizKdlD/sp5h9X7Xc4oQ7
E1LPJoxYydy/FhVem1hH5W05KD5l+WA+1/rQEW/QRpqe35DQN9qSvxkzyh+0VhJ5
8NB5wZf7czrzefHVCkc67Naxl3LPOn729tsBN7WBzSVxZyUDeCxxFO5+jKuM6ht1
0KiJIXoRMJmRCG7tjiFRKUwi55A+eugKuZSkEyVU0tKojKINnmA=
=PZ9k
-----END PGP SIGNATURE-----