[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.2.html]
This announcement (June 13, 2017) includes changes that were released
with an earlier update (June 10, 2017). The announcement was postponed
to avoid confusion due to repeated notification.
Fixed in all supported releases:
* Security: Berkeley DB versions 2 and later try to read settings
from a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting in
privilege escalation with Postfix set-gid programs (postdrop,
postqueue) before they chdir to the Postfix queue directory,
and with the postmap and postalias commands depending on whether
the user's current directory is writable by other users. This
fix does not change Postfix behavior for Berkeley DB versions
< 3, but it does reduce postmap and postalias 'create' performance
with Berkeley DB versions 3.0 .. 4.6.
Fixed in Postfix 3.2 and later:
* The SMTP server receive_override_options were not restored at
the end of an SMTP session, after the options were modified by
an smtpd_milter_maps setting of "DISABLE". Milter support
remained disabled for the life time of the smtpd process.
* After the Postfix 3.2 address/domain table lookup overhaul, the
check_sender_access and check_recipient_access features ignored
a non-default parent_domain_matches_subdomains setting.
Fixed in Postfix 3.1 and later:
* Compatibility: some Milter applications do not recognize
single-character macro names when Postfix sends these as {name}.
Postfix now sends such macros without {} as it has done
historically.
Fixed in Postfix 3.0 and later:
* Compatibility: prevent MIME downgrade of Postfix-generated
message/delivery status. It's supposed to be 7bit, therefore
quoted-printable encoding is not expected, and can result in
users seeing garbled non-delivery reports.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Wietse
