-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jan 2024 18:44:58 -0500
Source: postfix
Architecture: source
Version: 3.7.10-0+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Changes:
postfix (3.7.10-0+deb12u1) bookworm; urgency=medium
.
[Wietse Venema]
.
* 3.7.10
- Security (outbound SMTP smuggling): with the default setting
"cleanup_replace_stray_cr_lf = yes" Postfix will replace
stray <CR> or <LF> characters in message content with a
space character. This prevents Postfix from enabling
outbound (remote) SMTP smuggling, and it also makes evaluation
of Postfix-added DKIM etc. signatures independent from how
a remote mail server handles stray <CR> or <LF> characters.
Files: global/mail_params.h, cleanup/cleanup.c,
cleanup/cleanup_message.c, mantools/postlink, proto/postconf.proto.
- Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
smtpd/smtpd.c, smtpd/smtpd_check.[hc].
Checksums-Sha1:
fdc489110ac3c85f64b93d16aa2a01fa9d80e8fb 3018 postfix_3.7.10-0+deb12u1.dsc
d924cfdac28564fa8801d38eddbe1690e99812ea 4844097 postfix_3.7.10.orig.tar.gz
6c0031ab0e22051b8be3d575e005540127ee3839 220 postfix_3.7.10.orig.tar.gz.asc
6e220b7b25b4299c697ee44815e57ad5a2612bdf 198076 postfix_3.7.10-0+deb12u1.debian.tar.xz
06d41773561a5f2aeb52bb9d110173ad4b12d715 7699 postfix_3.7.10-0+deb12u1_source.buildinfo
Checksums-Sha256:
4d3a1e599277d9ac9331ae12228cfc16176e5557cc5345d8e958d9c42a69220c 3018 postfix_3.7.10-0+deb12u1.dsc
7c0cba641dc0d8ce28cfc63f244b419e1cc6c8ce1fc55640820d85c7167b906c 4844097 postfix_3.7.10.orig.tar.gz
d05dc17fc622e979824063b8ad0d3c2b4fa394cdf8f13402446d11548febd1eb 220 postfix_3.7.10.orig.tar.gz.asc
c9a6f77f2711bc28675e8f461a6a9d4ee83183896651d8e819e4a04c19f26949 198076 postfix_3.7.10-0+deb12u1.debian.tar.xz
ad1610054f131555fb6bfd112f82478c94938dba069bddf2dbe9fc8dbc280f37 7699 postfix_3.7.10-0+deb12u1_source.buildinfo
Files:
02dc92c19ac0b7b834abbad4069ea7bb 3018 mail optional postfix_3.7.10-0+deb12u1.dsc
aa100b63ce03f75f9be13bf006176e87 4844097 mail optional postfix_3.7.10.orig.tar.gz
caec568812968eb231749bd0c62cb47f 220 mail optional postfix_3.7.10.orig.tar.gz.asc
8847ad6de80caa8f6493a154e184c20f 198076 mail optional postfix_3.7.10-0+deb12u1.debian.tar.xz
138c69fb6a95f369fc82f3e1b2334b49 7699 mail optional postfix_3.7.10-0+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmW1HyQACgkQeNfe+5rV
mvEzAg//URaeAZQxVikh3CZB68a23qF/njqhUcVCVsPdzLpDI74gNPOoow+wPRD8
kIiTmVymm6XTLTtHfO/2dEOGX1H0w2rjEffQJ8D8H1PjVa+921m4JDMSewK4JahD
B3XLFe1YJfiZMj+81GiBJ9rvpsyIlIOJ1ttAtFrdz78nI58QSx4yFhdXKEXp0FA1
YnQhTK5IFA9ucpMKCrSJfn3sNCcUXS7OkkwRX4hN8YVSd4t/jJ1b0yFvut1cux1R
jgmUWsy8CegougZIDWqMcbcKAd9e3Ned1A+ptvcnLUkz+K9AY3OiAqcOC+8vEe35
rudVpezJJPIa/itFDEG/Fz1RE4/VgX7YhPnNJDGX443Gk1cXN50svNmfT6XsMRUp
6mcOFjwGCegmnXlbM2dgwnxNPvZ5HJCKOqY5ghCc0cdfUgNoVMyhJ3faEFjj2aZ/
TGax+eUjnnOdyX/AyshcI+aKlceUDIC7AY1gEtwmQ+9dizKdlD/sp5h9X7Xc4oQ7
E1LPJoxYydy/FhVem1hH5W05KD5l+WA+1/rQEW/QRpqe35DQN9qSvxkzyh+0VhJ5
8NB5wZf7czrzefHVCkc67Naxl3LPOn729tsBN7WBzSVxZyUDeCxxFO5+jKuM6ht1
0KiJIXoRMJmRCG7tjiFRKUwi55A+eugKuZSkEyVU0tKojKINnmA=
=PZ9k
-----END PGP SIGNATURE-----
