postfix (3.6.4-1ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling (LP: #2049337)
- debian/patches/CVE-2023-51764-2.patch: improved fix with reduced
risks of regression. Introduced
"smtpd_forbid_bare_newline = normalize".
- CVE-2023-51764
-- Allen Huang <allen.huang@canonical.com> Mon, 29 Jan 2024 16:02:43 +0800
postfix (3.6.4-1ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling (LP: #2049337)
- debian/patches/CVE-2023-51764.patch: introduced
`smtpd_forbid_bare_newline`. With "smtpd_forbid_bare_newline = yes",
the Postfix SMTP server disconnects a remote SMTP client that
sends a line ending in a 'bare newline'.
- CVE-2023-51764
-- Allen Huang <allen.huang@canonical.com> Tue, 16 Jan 2024 15:11:43 +0000
postfix (3.6.4-1ubuntu1.1) jammy; urgency=medium
* d/p/1995312-unexpected-eof-fix.patch: Workaround for a breaking
change in OpenSSL 3: always turn on SSL_OP_IGNORE_UNEXPECTED_EOF,
to avoid warning messages and missed opportunities for TLS
session reuse. This is safe because the SMTP protocol implements
application-level framing, and is therefore not affected
by TLS truncation attacks. Fix by Viktor Dukhovni (LP: #1995312).
* d/p/1996524-Linux6-support.patch: Adding LINUX6 support for
portability (LP: #1996524).
-- Miriam España Acebal <miriam.espana@canonical.com> Mon, 10 Apr 2023 13:35:27 +0200
postfix (3.6.4-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable. (LP: #1959612) Remaining changes:
- d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for
building against glibc-2.34 with new closefrom().
-- Bryce Harrington <bryce@canonical.com> Mon, 21 Mar 2022 10:40:16 -0700
postfix (3.6.4-1) unstable; urgency=medium
[Scott Kitterman]
* Ignore changes to html files in debian/source/options
* Delete d/p/postfix-dup-postconf.patch, included in upstream release
* Add lintian-override for insecure URI - releases are signed
* Make signing-key.asc minimal
[Wietse Venema]
* 3.6.4
[Christian Göttsche]
* Rework rules to use dh sequencer
* Call subcommand via shell
* Update cleaning to build package twice
* Bump to debhelper compat level 13
* Drop default include path and split CCARGS
* Use mkdir -Z instead of subsequent running restorecon
* Drop custom function pathfind in favor of command -v
* Quote path in update-libc.d
* Update postfix.config
* Quote directory path in postfix-instance-generator
* Drop check on postinst.functions in postfix-sqlite.prerm
* Update postfix-add-policy script
* Update postfix-add-filter script
* Drop versioned symlinks to plugin libraries
* Drop ldconfig calls in maintscripts
* Support parallel build, except do not build man pages parallel
-- Scott Kitterman <scott@kitterman.com> Sat, 15 Jan 2022 18:41:26 -0500
postfix (3.6.3-5ubuntu2) jammy; urgency=medium
* No-change rebuild for icu soname change.
-- Matthias Klose <doko@ubuntu.com> Wed, 09 Feb 2022 09:13:48 +0100
postfix (3.6.3-5ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for
building against glibc-2.34 with new closefrom().
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 11 Jan 2022 07:39:58 -0800
postfix (3.6.3-5) unstable; urgency=medium
[Wietse Venema]
* Fix duplicate bounce_notice_recipient entries in postconf output.
Closes: #999694
[Scott Kitterman]
* Remove left-over ca-certificates.crt file from postfix chroot.
Closes: #991609
* Align sysv init script start/stop/reload more to default init and drop
d/p/09_quiet_startup.diff, no longer needed.
* Add support for chroot_extra_files and chroot_extra_CAdir variables
sourced from /etc/default/postfix to enable users to specify additional
files needed in the chroot. Closes: #948321
* Add information about keeping resolv.conf up to date in the chroot with
the resolvconf package. Closes: #964762
* Add collate.pl script as postfix-collate. Closes: #941457
[Christian Göttsche]
* Drop unreproducible build paths from makedefs.out.
* Enable Link Time Optimiation (LTO).
[Sergio Gelato]
* Correct if-up.d to not error out if postfix can't send mail yet.
Closes: #959864
-- Scott Kitterman <scott@kitterman.com> Tue, 04 Jan 2022 15:20:02 -0500
postfix (3.6.3-4ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for
building against glibc-2.34 with new closefrom().
* Dropped changes, included in Debian:
- d/postfix.postinst: tolerate search domain with a leading dot
- d/rules: Removed LDFLAG -Bsymbolic-functions to fix issue where TLS
is disabled when private/tlmsgr socket is not found.
- Support networkd-dispatcher.
- d/postfix.dirs: Add usr/lib/networkd-dispatcher/{routable,off}.d.
- d/rules: Install debian/ip-{up,down}.d scripts into
usr/lib/networkd-dispatcher/{routable,off}.d, respectively.
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 29 Dec 2021 22:29:13 -0800
postfix (3.6.3-4) unstable; urgency=medium
[Scott Kitterman]
* Update d/p/70_postfix-check.diff to exclude makedefs.out from symlink
check. Closes: #926331
* Test that nothing is reported by postfix check in autopkgtest
* Delete debian/patches/30_shared_libs.diff, no longer needed after linking
corrections in debian/rules
* Do not override user set default_transport in postinst. Closes: #988538
* Add overrides for incorrect unused-debconf-template results
* Update debconf templates
[Christian Göttsche]
* Overhaul compiler flags
* Ignore blhc false positives on for loop
* Drop linking against local build libraries
-- Scott Kitterman <scott@kitterman.com> Tue, 28 Dec 2021 17:00:40 -0500
# For older changelog entries, run 'apt-get changelog postfix'
Generated by dwww version 1.14 on Wed Jan 22 10:17:31 CET 2025.