of validation of bdf font files
(CVE 2007-1351)
fix a possible memory corruption due to integer overflow, caused by lack
of validation of fonts.dir files
(CVE 2007-1352)
bump PKGREVISION
The footprint of new features with Postfix 2.4.0 is significantly
smaller than with earlier releases. And that is the whole point of
approaching completeness: fewer visible changes.
Below is a brief summary of what has changed. See the RELEASE_NOTES
file for more, including compatibility issues that may affect your
site. The HISTORY file gives a blow-by-blow account of what happened
over the past year.
Wietse
- Postfix can now manage thousands of connections without needing
special main.cf, master.cf, or compile-time tweaks, on systems with
BSD kqueue, Solaris /dev/poll, or Linux epoll support.
- Milter support for message body replacement. The resulting queue
files are backwards compatible with Postfix 2.3. The existing Milter
support for message header manipulations was revised and is now
implemented by much simpler code.
- Minor improvements in TLS session cache management and in the
implementation of certificate fingerprint based authentication. A
more extensive revision of TLS internals will appear first in Postfix
2.5 snapshots.
- Improvements in queue manager performance when deferring large
amounts of mail, or when delivering mail with lots of recipients.
- Workarounds for SMTP servers that reply and hang up prematurely,
for file system clocks that are out of sync, and for broken kernel
lock management in POP servers.
No change on other platforms, so skipped PKGREVISION bump. Steve
has already fed the patches back to the author.
Currently the package hardcodes some search paths from /usr/pkg - I have
an sent a question to the author as to how he would best like to handle
those in his framework.
pkgsrc change:
- add BUILD_DEFS.
- use INSTALL_DATA_DIR and NO_BUILD.
Chages from 1.24:
* 2006-07-17: version 1.27
- fix socket permissions with Net::Server >= 0.94 (Leos Bitto)
* 2006-07-12: version 1.26
- added support for Exim (Guy Antony Halse)
- greatly improve cleanup speed with explicit transactions (Maeda Atusi)
* 2006-06-29: version 1.25
- updated whitelist
- bugfix: --privacy was not working
- change default greylist-text not to include the number of
seconds left, since it seems that spammers are misusing it.
- added --hostname option (Maarten de Vries)
This is based on a suggestion by Yorick Hardy, who reports that it
improved behavior. Without the patch, the cups usb driver tries to
read status from ulpt(4) (for most printers), and this results in no
output.