-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Dec 2024 21:21:04 +0300 Source: postfix Architecture: source Version: 3.9.1-9 Distribution: unstable Urgency: medium Maintainer: Debian Postfix Team <team+postfix@tracker.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 854475 1003982 Changes: postfix (3.9.1-9) unstable; urgency=medium . * the "let's break the toys" release part 2: * postfix.service: first step at possible hardening at the systemd level Drop as much privileges as seem safe for postfix operations Use ProtectSystem=full, let's see what happens * split startup procedure into two halves, setup+runtime, so that the runtime half can be run with restricted privs, while setup part needs chown etc * stop ordering postfix.service after network-online.target, but keep it after network.target, and mention how to enable this if needed (finally Closes: #854475) * tests: show logging from failed startup phase too * debian-postfix-chroot-cmd.patch: update * README.Debian: recommend un-chrooting postfix * README.Debian: rewrite notes about chroot and proxy: map * configure-instance: use "postfix chroot -c" to include custom services too * hurd.patch: update to include more libdirs like in linux case * debian-re-run-startup-through-systemd.patch: a few updates * rules: stop renaming postfix *.8 manpages to *.8postfix * rules: stop shipping /etc/postfix/dynamicmaps.cf.d * rules: hide dpkg-maintscript-helper calls from lintian. It produces maintainer-script-should-not-use-dpkg-maintscript-helper, which is rather pointless, and other ways to avoid this warning results in uglier d/rules with this place being split into pieces. Fighting with the tools.. :( * configure-instance: avoid removing ca-certificates.crt from the certs dir in chroot (Closes: #1003982), add comment explaining certs storages * 03_ldap3_by_default.diff: do not patch generated man/man5/ldap_table.5 - it is regenerated by "make manpages" * postfix.lintian-overrides: drop 2 now-unused overrides * changelog: add missing newline in an old (2001) entry Checksums-Sha1: bb3e2e2cb1a287a51b2df980fe0456426f457b00 3135 postfix_3.9.1-9.dsc 829c4df23e0b3966e1421568b1fc05dbe1642580 200364 postfix_3.9.1-9.debian.tar.xz 958d235315da85b1740bd49a2a8fed7c99e52c50 8191 postfix_3.9.1-9_source.buildinfo Checksums-Sha256: 395e79a52db6fefbd4118fc2ad8094c434a3c5e08d7a8ca4691a8a7d8daca995 3135 postfix_3.9.1-9.dsc 4a1b6b09990397b55b22946f1510cbeaed14f1805ad78a0771088508f5fb5d1e 200364 postfix_3.9.1-9.debian.tar.xz 35bc80fe94953264701419116d1a184fe4117c343129938ac2fcc31ca422cc47 8191 postfix_3.9.1-9_source.buildinfo Files: 05e83bbe06dee965154b2d27d7e908a3 3135 mail optional postfix_3.9.1-9.dsc 94a34f6e50bb90d4363f13cfb396b9b7 200364 mail optional postfix_3.9.1-9.debian.tar.xz cd3a0f4111a9de7ab1e76e1acb7bdb8f 8191 mail optional postfix_3.9.1-9_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmdq/cIACgkQgqpKJDse lHg/IA/+II9Z9rR8uAflp8AgA8E8EDMdjRp4kN+FxoXIwOiI5rRaJYTV0nhBlNt2 Rtt3pZ2kZuLIY5+ZaKqPJLfUS8w5FJaUB1G0b93sezrTAIDNKOSJggAR39W1E7nd xw2aRKrxIMchWxnLzh7vsjLJRlL2h+lyMpK/H8+laXS0MjWbVg8Rc2AJI33DF3DG hUzvydHHEUaDJ4nqkiuAQHpQetMRqrSaJQFYlCC+5zosne2hvqlaK7oF7i+Nvc4P JsB3vO9/w2SRpQVjRi4/2Qh68OGgsVTcrbz2I8rHVko53bemhDlSs3rSk9eEwfLp 0r8isTec+c0jhw6g4Ub9nYt+m6fqyYe2QI3+cusojD1p+GqRxEuJRd6+pFar5eiu mQvs4DwwvPQdQAhkpXnW4ny29IDYX/+aJhuuVyQCkSxRuYBHsoHagnpqQsIGLePq E3n5/p/kjcOTsD6aTZyDk9Ezn7xnDGP7T5fBa/+O1b2tHERNW/tHWR9nWanQmm1q iP4rXRbyuVP3oRwOEzd9Y49nIPt9REzyrG8XlUQXwGtz/wxw1BpwZkv/woobplBE CdIiZ4m/iaNxhurU4rmv0T6adOJAK6iGMrQJGZvuPPKiHBLbEPW+/5GnVjYC/vbS S4S8gwOlJVeAr0Qpy8YeukuKAYeSKjWLVdnNUqV/IgonHr5Ygpc= =zg3g -----END PGP SIGNATURE-----
