| postfix-debuginfo-2.11.11-1.el7.x86_64
[5.8 MiB] |
Changelog
by Django (2018-01-17):
agent discarded the error result from vstream_fseek().
File: virtual/mailbox.c.
- Bugfix (introduced: 20090614): with concurrent connections
from the same client IP address, and after-220 tests enabled,
postscreen could overwrite the cached "all tests completed"
result of one connection that completed the after-220 tests,
with the "some tests not completed" result of a concurrent
connection where the client hung up later, without completing
the after-220 tests.
- Bugfix (introduced: Postfix 1.1): the postsuper command did
not count a successful rename operation after error recovery.
Problem reported by Markus Schönhaber. File: postsuper/postsuper.c.
- Bugfix (introduced: Postfix 2.1.0): the Postfix SMTP daemon
did not query sender_canonical_maps when rejecting unknown
senders with "smtpd_reject_unlisted_recipient = yes" or
with reject_unlisted_sender. Stephen R. van den Berg (Mr.
procmail). Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
- Security: Berkeley DB 2 and later try to read settings from
a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting
in privilege escalation with Postfix set-gid programs
(postdrop, postqueue) before they chdir to the Postfix queue
directory, and with the postmap and postalias commands
depending on whether the user's current directory is writable
by other users. This fix does not change Postfix behavior
for Berkeley DB < 3, but reduces file create performance
for Berkeley DB 3 .. 4.6. File: util/dict_db.c.
- Bugfix (introduced: Postfix 2.1): don't log warnings
that some restriction returns OK, when the access map
DISCARD feature is in effect. File: smtpd/smtpd_check.c.
- Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
Berkeley DB configurations with a relative pathname. File:
util/dict_db.c.
- Documentation patches by Sven Neuhaus. Files:
proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html.
- Cleanup: missing mailbox seek-to-end error check in the
local(8) delivery agent. File: local/mailbox.c.
- Cleanup: incorrect mailbox seek-to-end error message in the
virtual(8) delivery agent. File: virtual/mailbox.c.
|
| postfix-debuginfo-2.11.10-1.el7.centos.x86_64
[5.8 MiB] |
Changelog
by Django (2017-06-18):
- Security: Berkeley DB 2 and later try to read settings from
a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting
in privilege escalation with Postfix set-gid programs
(postdrop, postqueue) before they chdir to the Postfix queue
directory, and with the postmap and postalias commands
epending on whether the user's current directory is writable
by other users. This fix does not change Postfix behavior
for Berkeley DB < 3, but reduces file create performance
for Berkeley DB 3 .. 4.6. File: util/dict_db.c.
|
| postfix-debuginfo-2.11.8-1.el7.centos.x86_64
[5.7 MiB] |
Changelog
by Django (2016-06-27):
- Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM
(replace sender) request lost the sender_bcc_maps address.
Fixed by moving some record keeping to the sender output
function. Files: cleanup/cleanup_envelope.c,
cleanup/cleanup_addr.c, cleanup/cleanup_milter.c,
cleanup/cleanup.h, regression tests.
- Bugfix (introduced: Postfix 2.6): the "bad filetype"
header_checks pattern falsely rejected Content-Mumble headers
with ``name="example"; x-apple-part-url="example.com"''.
Fixed by respecting the ";" separator between content
attribute values. Reported by Cedric Knight. File:
proto/header_checks.
- Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h.
|
| postfix-debuginfo-2.11.7-1.el7.centos.x86_64
[5.7 MiB] |
Changelog
by Django (2016-01-04):
- Workaround: disable DNSSEC support for AIX 7x and earlier.
The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
proto/INSTALL.html, dns/dns.h.
- Bugfix (introduced: 20120531-617): the Postfix SMTP server
used a larger-than-1 VSTREAM buffer to read the HAProxy
connection hand-off information. This broke TLS wrappermode,
as the TLS helo packet would end up in the plaintext VSTREAM
buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c.
- Bugfix (introduced: 20090216-24): incorrect postmulti error
message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
File: postmulti/postmulti.c.
- Workaround: don't create a new instance when the template
main.cf and master.cf files are missing, as happens on
Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
- Bugfix (introduced: 19970309, fixed 20150421 in development
release): reset errno before calling readdir(), in order
to distinguish between an end-of-directory and an error
condition. File: scandir.c.
- Bugfix (introduced: 20040124): Milter client panic while
adding a header, because the PREPEND action used the same
output function for header_checks and body_checks. Viktor
Dukhovni and Wietse. File: cleanup/cleanup_message.c.
- Bugfix (introduced: 20031128): xtext_unquote() did not
propagate error reports from xtext_unquote_append(), causing
the decoder to return partial ouput, instead of rejecting
malformed input. Fix by Krzysztof Wojta. File: globa
|
| postfix-debuginfo-2.11.6-1.el7.centos.x86_64
[5.7 MiB] |
Changelog
by Django (2015-10-07):
- Support for Linux 4.*, and some simplification for future
makedefs files. Files: makedefs, util/sys_defs.h.
- Security: opportunistic TLS by default uses "medium" or
stronger ciphers instead of "export" or stronger. See the
RELEASE_NOTES file for how to get the old settings back.
Files: global/mail_params.h, proto/TLS_README.html,
proto/postconf.proto, and files derived from those.
- Security: Postfix TLS support by default no longer uses
SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
|