Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package postfix for openSUSE:Factory checked 
in at 2024-02-09 23:51:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
 and      /work/SRC/openSUSE:Factory/.postfix.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "postfix"

Fri Feb  9 23:51:52 2024 rev:235 rq:1145294 version:3.8.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix-bdb.changes      2024-01-26 
22:46:30.462556839 +0100
+++ /work/SRC/openSUSE:Factory/.postfix.new.1815/postfix-bdb.changes    
2024-02-09 23:52:06.994524273 +0100
@@ -9,0 +10,23 @@
+Sat Jan  6 22:41:09 UTC 2024 - ch...@computersalat.de
+
+- rework fix for bsc#1192173: keep myhostname and mydestination
+  patched, but with upstream default to have them in correct place
+  when updated via config.postfix
+- rework SMTP Smuggling defaults
+  * yes is now alias of 'normalize'
+    smtpd_forbid_bare_newline = normalize
+  * another new option is 'reject' wich should be used in connection
+    with
+    smtpd_forbid_bare_newline_reject_code = 521
+- rework patches
+  * postfix-bdb-main.cf.patch
+  * postfix-main.cf.patch
+- rebase patches
+  * postfix-linux45.patch
+  * postfix-ssl-release-buffers.patch
+  * postfix-vda-v14-3.0.3.patch
+  * set-default-db-type.patch
+- sync changes files
+  * add missing entries in postfix-bdb.changes
+
+-------------------------------------------------------------------
@@ -20 +43 @@
-- update to 3.8.4
+- update to 3.8.4 (bsc#1218304, CVE-2023-51764):
@@ -24 +47 @@
-    https://www.postfix.org/smtp-smuggling.html.
+    https://www.postfix.org/smtp-smuggling.html
@@ -114,0 +138,6 @@
+Thu May  4 11:23:41 UTC 2023 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Add _multibuild to define 2nd spec file as additional flavor.
+  Eliminates the need for source package links in OBS.
+
+-------------------------------------------------------------------
@@ -192 +221,6 @@
-Mon Nov 14 15:07:44 UTC 2022 - Peter Varkoly <vark...@suse.com>
+Wed Jan 18 12:09:13 UTC 2023 - Hu <cathy...@suse.com>
+
+- Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227).
+
+-------------------------------------------------------------------
+Mon Nov 14 15:05:42 UTC 2022 - Peter Varkoly <vark...@suse.com>
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes  2024-01-26 
22:46:30.538559576 +0100
+++ /work/SRC/openSUSE:Factory/.postfix.new.1815/postfix.changes        
2024-02-09 23:52:07.182531048 +0100
@@ -9,0 +10,23 @@
+Sat Jan  6 22:41:09 UTC 2024 - ch...@computersalat.de
+
+- rework fix for bsc#1192173: keep myhostname and mydestination
+  patched, but with upstream default to have them in correct place
+  when updated via config.postfix
+- rework SMTP Smuggling defaults
+  * yes is now alias of 'normalize'
+    smtpd_forbid_bare_newline = normalize
+  * another new option is 'reject' wich should be used in connection
+    with
+    smtpd_forbid_bare_newline_reject_code = 521
+- rework patches
+  * postfix-bdb-main.cf.patch
+  * postfix-main.cf.patch
+- rebase patches
+  * postfix-linux45.patch
+  * postfix-ssl-release-buffers.patch
+  * postfix-vda-v14-3.0.3.patch
+  * set-default-db-type.patch
+- sync changes files
+  * add missing entries in postfix-bdb.changes
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ postfix-bdb.spec ++++++
--- /var/tmp/diff_new_pack.EuTgXM/_old  2024-02-09 23:52:08.886592453 +0100
+++ /var/tmp/diff_new_pack.EuTgXM/_new  2024-02-09 23:52:08.886592453 +0100
@@ -128,14 +128,14 @@
 %endif
 # /usr/lib/postfix/bin//post-install: line 667: ed: command not found
 Requires(pre):  ed
-Requires(preun):ed
+Requires(preun): ed
 Requires(post): ed
-Requires(postun):ed
+Requires(postun): ed
 # /usr/sbin/config.postfix needs perl
 Requires(pre):  perl
-Requires(preun):perl
+Requires(preun): perl
 Requires(post): perl
-Requires(postun):perl
+Requires(postun): perl
 
 %description
 Postfix aims to be an alternative to the widely-used sendmail program with bdb 
support

++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.EuTgXM/_old  2024-02-09 23:52:08.930594039 +0100
+++ /var/tmp/diff_new_pack.EuTgXM/_new  2024-02-09 23:52:08.934594183 +0100
@@ -110,14 +110,14 @@
 %endif
 # /usr/lib/postfix/bin//post-install: line 667: ed: command not found
 Requires(pre):  /usr/bin/ed
-Requires(preun):/usr/bin/ed
+Requires(preun): /usr/bin/ed
 Requires(post): /usr/bin/ed
-Requires(postun):/usr/bin/ed
+Requires(postun): /usr/bin/ed
 # /usr/sbin/config.postfix needs perl
 Requires(pre):  perl
-Requires(preun):perl
+Requires(preun): perl
 Requires(post): perl
-Requires(postun):perl
+Requires(postun): perl
 
 %description
 Postfix aims to be an alternative to the widely-used sendmail program.


++++++ postfix-bdb-main.cf.patch ++++++
--- /var/tmp/diff_new_pack.EuTgXM/_old  2024-02-09 23:52:09.002596633 +0100
+++ /var/tmp/diff_new_pack.EuTgXM/_new  2024-02-09 23:52:09.002596633 +0100
@@ -2,7 +2,7 @@
 ===================================================================
 --- conf/main.cf.orig
 +++ conf/main.cf
-@@ -567,6 +567,7 @@ unknown_local_recipient_reject_code = 55
+@@ -576,6 +576,7 @@ unknown_local_recipient_reject_code = 55
  #
  #smtpd_banner = $myhostname ESMTP $mail_name
  #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
@@ -10,7 +10,7 @@
  
  # PARALLEL DELIVERY TO THE SAME DESTINATION
  #
-@@ -673,4 +674,140 @@ sample_directory =
+@@ -682,4 +683,165 @@ sample_directory =
  # readme_directory: The location of the Postfix README files.
  #
  readme_directory =
@@ -39,8 +39,8 @@
 +masquerade_classes = envelope_sender, header_sender, header_recipient
 +masquerade_domains = 
 +masquerade_exceptions = 
-+mydestination = $myhostname, localhost.$mydomain
-+myhostname = localhost
++mydestination = $myhostname, localhost.$mydomain, localhost
++myhostname = 
 +mynetworks_style = subnet
 +relayhost = 
 +
@@ -70,6 +70,19 @@
 +smtpd_recipient_restrictions = 
 +
 +
++######################################################################
++# SMTP Smuggling (CVE-2023-51764)
++# no: allows SMTP smuggling
++# yes / normalize : 
++#   but allow local clients with non-standard SMTP implementations
++#   such as netcat, fax machines, or load balancer health checks.
++# reject: 
++#   rejects a command or message that contains a bare newline
++######################################################################
++smtpd_forbid_bare_newline = normalize
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++#smtpd_forbid_bare_newline_reject_code = 521
++
 +############################################################
 +# SASL stuff
 +############################################################
@@ -93,6 +106,7 @@
 +smtp_use_tls = no
 +#smtp_tls_loglevel = 0
 +smtp_enforce_tls = no
++smtp_tls_security_level = 
 +smtp_tls_CAfile = 
 +smtp_tls_CApath = 
 +smtp_tls_cert_file = 
@@ -103,6 +117,8 @@
 +
 +smtpd_use_tls = no
 +#smtpd_tls_loglevel = 0
++smtpd_enforce_tls = no
++smtpd_tls_security_level = 
 +smtpd_tls_CAfile = 
 +smtpd_tls_CApath = 
 +smtpd_tls_cert_file = 
@@ -111,9 +127,17 @@
 +smtpd_tls_exclude_ciphers = RC4
 +smtpd_tls_received_header = no
 +############################################################
++# OpenDKIM
++############################################################
++#smtpd_milters = unix:/run/opendkim/opendkim.sock
++#non_smtpd_milters = $smtpd_milters
++#milter_default_action = accept
++#milter_protocol = 2
++############################################################
 +# Start MySQL from postfixwiki.org
 +############################################################
 +relay_domains = $mydestination, hash:/etc/postfix/relay
++#relay_recipient_maps = hash:/etc/postfix/relay_recipients
 +#virtual_alias_domains = 
 +#virtual_alias_maps = hash:/etc/postfix/virtual
 +#virtual_uid_maps = static:303
@@ -146,6 +170,7 @@
 +#unknown_client_reject_code = 550
 +#unknown_hostname_reject_code = 550
 +#unverified_recipient_reject_code = 550
++#unverified_sender_reject_code = 550
 +#soft_bounce = yes
 +############################################################
 +#debug_peer_list = example.com

++++++ postfix-linux45.patch ++++++
--- /var/tmp/diff_new_pack.EuTgXM/_old  2024-02-09 23:52:09.018597210 +0100
+++ /var/tmp/diff_new_pack.EuTgXM/_new  2024-02-09 23:52:09.022597354 +0100
@@ -2,6 +2,8 @@
  makedefs |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
+Index: makedefs
+===================================================================
 --- makedefs.orig
 +++ makedefs
 @@ -631,8 +631,8 @@ EOF

++++++ postfix-main.cf.patch ++++++
--- /var/tmp/diff_new_pack.EuTgXM/_old  2024-02-09 23:52:09.034597786 +0100
+++ /var/tmp/diff_new_pack.EuTgXM/_new  2024-02-09 23:52:09.038597931 +0100
@@ -50,7 +50,7 @@
  
  # PARALLEL DELIVERY TO THE SAME DESTINATION
  #
-@@ -682,4 +683,155 @@ sample_directory =
+@@ -682,4 +683,165 @@ sample_directory =
  # readme_directory: The location of the Postfix README files.
  #
  readme_directory =
@@ -79,6 +79,8 @@
 +masquerade_classes = envelope_sender, header_sender, header_recipient
 +masquerade_domains = 
 +masquerade_exceptions = 
++mydestination = $myhostname, localhost.$mydomain, localhost
++myhostname = 
 +mynetworks_style = subnet
 +relayhost = 
 +
@@ -107,12 +109,19 @@
 +
 +smtpd_recipient_restrictions = 
 +
-+# mitigation for CVE-2023-51764 - SMTP smuggling attack
-+# but allow local clients with non-standard SMTP implementations
-+# such as netcat, fax machines, or load balancer health checks.
-+#
-+smtpd_forbid_bare_newline = yes
++
++######################################################################
++# SMTP Smuggling (CVE-2023-51764)
++# no: allows SMTP smuggling
++# yes / normalize : 
++#   but allow local clients with non-standard SMTP implementations
++#   such as netcat, fax machines, or load balancer health checks.
++# reject: 
++#   rejects a command or message that contains a bare newline
++######################################################################
++smtpd_forbid_bare_newline = normalize
 +smtpd_forbid_bare_newline_exclusions = $mynetworks
++#smtpd_forbid_bare_newline_reject_code = 521
 +
 +############################################################
 +# SASL stuff
@@ -168,7 +177,7 @@
 +# Start MySQL from postfixwiki.org
 +############################################################
 +relay_domains = $mydestination, lmdb:/etc/postfix/relay
-+relay_recipient_maps = lmdb:/etc/postfix/relay_recipients
++#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients
 +#virtual_alias_domains = 
 +#virtual_alias_maps = lmdb:/etc/postfix/virtual
 +#virtual_uid_maps = static:303
@@ -201,6 +210,7 @@
 +#unknown_client_reject_code = 550
 +#unknown_hostname_reject_code = 550
 +#unverified_recipient_reject_code = 550
++#unverified_sender_reject_code = 550
 +#soft_bounce = yes
 +############################################################
 +#debug_peer_list = example.com

++++++ postfix-ssl-release-buffers.patch ++++++
--- /var/tmp/diff_new_pack.EuTgXM/_old  2024-02-09 23:52:09.082599516 +0100
+++ /var/tmp/diff_new_pack.EuTgXM/_new  2024-02-09 23:52:09.090599804 +0100
@@ -2,7 +2,7 @@
 ===================================================================
 --- src/tls/tls_client.c.orig
 +++ src/tls/tls_client.c
-@@ -693,6 +693,11 @@ TLS_APPL_STATE *tls_client_init(const TL
+@@ -700,6 +700,11 @@ TLS_APPL_STATE *tls_client_init(const TL
      SSL_CTX_set_security_level(client_ctx, 0);
  #endif
  
@@ -18,7 +18,7 @@
 ===================================================================
 --- src/tls/tls_server.c.orig
 +++ src/tls/tls_server.c
-@@ -493,6 +493,10 @@ TLS_APPL_STATE *tls_server_init(const TL
+@@ -500,6 +500,10 @@ TLS_APPL_STATE *tls_server_init(const TL
      SSL_CTX_set_security_level(sni_ctx, 0);
  #endif
  

++++++ postfix-vda-v14-3.0.3.patch ++++++
--- /var/tmp/diff_new_pack.EuTgXM/_old  2024-02-09 23:52:09.110600525 +0100
+++ /var/tmp/diff_new_pack.EuTgXM/_new  2024-02-09 23:52:09.114600669 +0100
@@ -19,7 +19,7 @@
 ===================================================================
 --- src/global/mail_params.h.orig
 +++ src/global/mail_params.h
-@@ -2657,6 +2657,54 @@ extern char *var_virt_uid_maps;
+@@ -2661,6 +2661,54 @@ extern char *var_virt_uid_maps;
  #define DEF_VIRT_GID_MAPS             ""
  extern char *var_virt_gid_maps;
  


++++++ set-default-db-type.patch ++++++
--- /var/tmp/diff_new_pack.EuTgXM/_old  2024-02-09 23:52:09.150601967 +0100
+++ /var/tmp/diff_new_pack.EuTgXM/_new  2024-02-09 23:52:09.154602111 +0100
@@ -69,7 +69,7 @@
 ===================================================================
 --- src/global/mail_params.h.orig
 +++ src/global/mail_params.h
-@@ -2960,7 +2960,7 @@ extern int var_vrfy_pend_limit;
+@@ -2964,7 +2964,7 @@ extern int var_vrfy_pend_limit;
  extern char *var_verify_service;
  
  #define VAR_VERIFY_MAP                        "address_verify_map"
@@ -78,7 +78,7 @@
  extern char *var_verify_map;
  
  #define VAR_VERIFY_POS_EXP            "address_verify_positive_expire_time"
-@@ -3762,7 +3762,7 @@ extern char *var_multi_cntrl_cmds;
+@@ -3776,7 +3776,7 @@ extern char *var_multi_cntrl_cmds;
    * postscreen(8)
    */
  #define VAR_PSC_CACHE_MAP     "postscreen_cache_map"

Reply via email to