- postmap support for NIS maps was broken with Postfix 2.3.
- Workaround to avoid breaking digital signatures for malformed
MIME attachments.
- Incorrect handling of ![address] forms in match lists. such as
mynetworks, inet_interfaces etc.
Available from the mirrors listed at http://www.postfix.org/
9878 Jan 30 20:13 postfix-2.3-patch07.gz
450370 Jan 30 20:11 postfix-2.3.7.HISTORY
36275 Jan 30 20:11 postfix-2.3.7.RELEASE_NOTES
2785739 Jan 30 20:13 postfix-2.3.7.tar.gz
280 Jan 30 20:13 postfix-2.3.7.tar.gz.sig
Details are given below the signature.
Wietse
RELEASE_NOTES file:
===================
Incompatible changes with Postfix 2.3.7
---------------------------------------
Postfix no longer inserts an empty-line header/body separator into
malformed MIME attachments, to avoid breaking digital signatures.
This change introduces ambiguity. Postfix still treats the remainder
of the attachment as body content; header_checks rules will therefore
not detect forbidden MIME types inside a message/rfc822 attachment.
With the empty-line header/body separator no longer inserted by
Postfix, other software may process the malformed attachment
differently, and thus may become exposed to forbidden MIME types.
HISTORY file:
=============
20070104
Bugfix (introduced Postfix 2.3): when creating an alias map
on a NIS-enabled system, don't case-fold the YP_MASTER_NAME
and YP_LAST_MODIFIED lookup keys. This requires that an
application can turn off case folding on the fly. This is
a point fix. A complete fix requires updates to other map
types and to the proxymap protocol, which is too much change
for a stable release. Files: postalias/postalias.c,
util/dict_db.c, util/dict_dbm.c, util/dict_cdb.c.
20070112
Bugfix (introduced 20011008): after return from a nested
access restriction, possible longjump into exited stack
frame upon configuration error or table lookup error. Victor
Duchovni. Files: smtpd/smtpd_check.c.
Workaround: don't insert empty-line header/body separator
into malformed MIME attachments, to avoid breaking digital
signatures. This change introduces ambiguity. Postfix still
treats the remainder of the attachment as body content;
header_checks rules will not detect forbidden MIME types
inside a message/rfc822 attachment. With the empty-line
header/body separator no longer inserted by Postfix, other
software may process the malformed attachment differently,
and thus may become exposed to forbidden MIME types. This
is back-ported from Postfix 2.4. File: global/mime_state.c.
20070118
Bugfix: match lists didn't implement ![ipv6address]. Problem
reported by Paulo Pacheco. File: util/match_list.c.
Hi @ll
please corect me if iam wrong
just a small understanding question
changes 20070112
"will not" break such rules in body_checks
/^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\
*"?.*\.(lnk|asd|ocx|reg|bat|c[ho]m|cmd|exe|dll|.....etc
should i be aware of other bugs with filters like clamsmtp, spampd etc
with this change
--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
https://www.schetterer.org
Munich/Bavaria/Germany
--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.
As documented they DID NOT work in a MALFORMED attachment and they
STILL DO NOT work in a MALFORMED attachment.
Wietse