From: Robert Schetterer (robertschetterer.org)
Date: Thu Feb 01 2007 - 09:03:46 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema schrieb:
> Postfix 2.3 patchlevel 07 is available. It fixes minor problems and
> introduces one incompatibility. Note: the stable release is not
> changed except for bugfixes and emergencies. New features are field
> tested as Postfix-2.4-yyyymmdd experimental releases.
>
> - postmap support for NIS maps was broken with Postfix 2.3.
>
> - Workaround to avoid breaking digital signatures for malformed
> MIME attachments.
>
> - Incorrect handling of ![address] forms in match lists. such as
> mynetworks, inet_interfaces etc.
>
> Available from the mirrors listed at http://www.postfix.org/
>
> 9878 Jan 30 20:13 postfix-2.3-patch07.gz
> 450370 Jan 30 20:11 postfix-2.3.7.HISTORY
> 36275 Jan 30 20:11 postfix-2.3.7.RELEASE_NOTES
> 2785739 Jan 30 20:13 postfix-2.3.7.tar.gz
> 280 Jan 30 20:13 postfix-2.3.7.tar.gz.sig
>
> Details are given below the signature.
>
> Wietse
>
> RELEASE_NOTES file:
> ===================
>
> Incompatible changes with Postfix 2.3.7
> ---------------------------------------
>
> Postfix no longer inserts an empty-line header/body separator into
> malformed MIME attachments, to avoid breaking digital signatures.
>
> This change introduces ambiguity. Postfix still treats the remainder
> of the attachment as body content; header_checks rules will therefore
> not detect forbidden MIME types inside a message/rfc822 attachment.
>
> With the empty-line header/body separator no longer inserted by
> Postfix, other software may process the malformed attachment
> differently, and thus may become exposed to forbidden MIME types.
>
>
> HISTORY file:
> =============
>
> 20070104
>
> Bugfix (introduced Postfix 2.3): when creating an alias map
> on a NIS-enabled system, don't case-fold the YP_MASTER_NAME
> and YP_LAST_MODIFIED lookup keys. This requires that an
> application can turn off case folding on the fly. This is
> a point fix. A complete fix requires updates to other map
> types and to the proxymap protocol, which is too much change
> for a stable release. Files: postalias/postalias.c,
> util/dict_db.c, util/dict_dbm.c, util/dict_cdb.c.
>
> 20070112
>
> Bugfix (introduced 20011008): after return from a nested
> access restriction, possible longjump into exited stack
> frame upon configuration error or table lookup error. Victor
> Duchovni. Files: smtpd/smtpd_check.c.
>
> Workaround: don't insert empty-line header/body separator
> into malformed MIME attachments, to avoid breaking digital
> signatures. This change introduces ambiguity. Postfix still
> treats the remainder of the attachment as body content;
> header_checks rules will not detect forbidden MIME types
> inside a message/rfc822 attachment. With the empty-line
> header/body separator no longer inserted by Postfix, other
> software may process the malformed attachment differently,
> and thus may become exposed to forbidden MIME types. This
> is back-ported from Postfix 2.4. File: global/mime_state.c.
>
> 20070118
>
> Bugfix: match lists didn't implement ![ipv6address]. Problem
> reported by Paulo Pacheco. File: util/match_list.c.
>
>
> --
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
>

Hi ll
please corect me if iam wrong
just a small understanding question

changes 20070112
"will not" break such rules in body_checks

/^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\
*"?.*\.(lnk|asd|ocx|reg|bat|c[ho]m|cmd|exe|dll|.....etc

should i be aware of other bugs with filters like clamsmtp, spampd etc
with this change

--
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]