postfix*: update to 3.8.4

20230815

	Bugfix (bug introduced: 20140218): when opportunistic TLS fails
	during or after the handshake, don't require that a probe
	message spent a minimum time-in-queue before falling back to
	plaintext. Problem reported by Serg. File: smtp/smtp.h.

20230819

	Bugfix (defect introduced: 19980207): the valid_hostname()
	check in the Postfix DNS client library was blocking unusual
	but legitimate wildcard names (*.name) in some DNS lookup
	results and lookup requests. Examples:

            name          class/type value
            *.one.example   IN CNAME *.other.example
            *.other.example IN A     10.0.0.1
            *.other.example IN TLSA  ..certificate info...

	Such syntax is blesed in RFC 1034 section 4.3.3.

	This problem was reported first in the context of TLSA
	record lookups. Files: util/valid_hostname.[hc],
	dns/dns_lookup.c.

20230929

	Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix
	SMTP server was waiting for a client command instead of
	replying immediately, after a client certificate verification
	error in TLS wrappermode. Reported by Andreas Kinzler. File:
	smtpd/smtpd.c.

20231006

	Usability: the Postfix SMTP server now attempts to log the
	SASL username after authentication failure. In Postfix
	logging, this appends ", sasl_username=xxx" after the reason
	for SASL authentication failure. The logging replaces an
	unavailable reason with "(reason unavailable)", and replaces
	an unavailable sasl_username with "(unavailable)". Based
	on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
	xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.

20231026

	Bugfix (defect introduced: Postfix 2.11): in forward_path,
	the expression ${recipient_delimiter} would expand to an
	empty string when a recipient address had no recipient
	delimiter. Fixed by restoring Postfix 2.10 behavior to use
	a configured recipient delimiter value. Reported by Tod
	A. Sandman. Files: proto/postconf.proto, local/local_expand.c.

20231221

	Security: with "smtpd_forbid_bare_newline = yes" (default
	"no" for Postfix < 3.9), reply with "Error: bare <LF>
	received" and disconnect when an SMTP client sends a line
	ending in <LF>, violating the RFC 5321 requirement that
	lines must end in <CR><LF>. This prevents SMTP smuggling
	attacks that target a recipient at a Postfix server. For
	backwards compatibility, local clients are excluded by
	default with "smtpd_forbid_bare_newline_exclusions =
	$mynetworks". Files: mantools/postlink, proto/postconf.proto,
	global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
	smtpd/smtpd.c.
This commit is contained in:
wiz 2023-12-22 17:29:17 +00:00
parent 8461c550f2
commit 8c1d01819c
10 changed files with 14 additions and 24 deletions

View File

@ -1,5 +1,4 @@
# $NetBSD: Makefile,v 1.4 2023/05/08 04:31:44 triaxx Exp $
#
# $NetBSD: Makefile,v 1.5 2023/12/22 17:29:17 wiz Exp $
COMMENT= Postfix SMTP server cdb backend module

View File

@ -1,8 +1,6 @@
# $NetBSD: Makefile,v 1.8 2023/10/24 22:09:49 wiz Exp $
#
# $NetBSD: Makefile,v 1.9 2023/12/22 17:29:17 wiz Exp $
COMMENT= Postfix SMTP server LDAP backend module
PKGREVISION= 1
POSTFIX_LIB= ldap
POSTFIX_LIBDIR= src/global

View File

@ -1,5 +1,4 @@
# $NetBSD: Makefile,v 1.7 2023/05/08 04:32:44 triaxx Exp $
#
# $NetBSD: Makefile,v 1.8 2023/12/22 17:29:17 wiz Exp $
COMMENT= Postfix SMTP server LMDB backend module

View File

@ -1,5 +1,4 @@
# $NetBSD: Makefile,v 1.8 2021/07/26 15:38:10 taca Exp $
#
# $NetBSD: Makefile,v 1.9 2023/12/22 17:29:17 wiz Exp $
COMMENT= Postfix SMTP server MySQL backend module

View File

@ -1,5 +1,4 @@
# $NetBSD: Makefile,v 1.6 2017/03/04 06:26:42 taca Exp $
#
# $NetBSD: Makefile,v 1.7 2023/12/22 17:29:18 wiz Exp $
COMMENT= Postfix SMTP server PCRE map module

View File

@ -1,5 +1,4 @@
# $NetBSD: Makefile,v 1.8 2017/03/04 06:26:42 taca Exp $
#
# $NetBSD: Makefile,v 1.9 2023/12/22 17:29:18 wiz Exp $
COMMENT= Postfix SMTP server PostgreSQL backend module

View File

@ -1,8 +1,6 @@
# $NetBSD: Makefile,v 1.36 2023/11/08 13:19:59 wiz Exp $
#
# $NetBSD: Makefile,v 1.37 2023/12/22 17:29:18 wiz Exp $
COMMENT= Postfix SMTP server SQLite backend module
PKGREVISION= 1
POSTFIX_LIB= sqlite
POSTFIX_LIBDIR= src/global

View File

@ -1,6 +1,5 @@
# $NetBSD: Makefile,v 1.343 2023/11/08 13:19:59 wiz Exp $
# $NetBSD: Makefile,v 1.344 2023/12/22 17:29:17 wiz Exp $
PKGREVISION= 2
.include "../../mail/postfix/Makefile.common"
COMMENT= Fast, easy to administer, and secure mail transfer agent

View File

@ -1,8 +1,8 @@
# $NetBSD: Makefile.common,v 1.45 2023/07/15 14:56:26 otis Exp $
# $NetBSD: Makefile.common,v 1.46 2023/12/22 17:29:17 wiz Exp $
# used by mail/postfix/Makefile
# used by mail/postfix/Makefile.module
DISTNAME= postfix-3.8.1
DISTNAME= postfix-3.8.4
CATEGORIES= mail
MASTER_SITES= ftp://ftp.porcupine.org/mirrors/postfix-release/official/

View File

@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.206 2023/07/15 14:56:26 otis Exp $
$NetBSD: distinfo,v 1.207 2023/12/22 17:29:17 wiz Exp $
BLAKE2s (postfix-3.8.1.tar.gz) = 505c5e4dc3874af8c06c3fb9e3cdd0297697dbabb13fb902fd29fd382fd2d40a
SHA512 (postfix-3.8.1.tar.gz) = 9eb91f2baab327de22dd55fc5ff398de74856e30be461282f41b1801301873881a8f40ce061c16e0505d51d96aaf0eff8d0ac660e5f6c70c6125133f64a4ee80
Size (postfix-3.8.1.tar.gz) = 4848293 bytes
BLAKE2s (postfix-3.8.4.tar.gz) = f0c1556f2d66b34d0ecb52d84846daec03fdbbfbf743d30a35e1b7d91f30e8e6
SHA512 (postfix-3.8.4.tar.gz) = 5bae3d62e104714aead1fff28a595bab4315227382f53c8dae2a231f4240e31abda19c1e3befc1db4c89bc5d66c9a43830390365aadabdac5cf36b493c5c48c7
Size (postfix-3.8.4.tar.gz) = 4864184 bytes
SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c
SHA1 (patch-ag) = 8ab3cfafa63056f9a7f096da7e55bcccab965180
SHA1 (patch-ai) = 3d143532e1e9a149c6c06e2efadcd34f6f72e82d