mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
d46ef1440f
patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
11 lines
442 B
Diff
11 lines
442 B
Diff
--- ./conf/postfix-script.orig 2016-01-31 15:05:46.000000000 -0600
|
|
+++ ./conf/postfix-script 2017-11-05 15:09:40.838097647 -0600
|
|
@@ -275,7 +275,7 @@
|
|
find $todo ! -user root \
|
|
-exec $WARN not owned by root: {} \;
|
|
|
|
- find $todo \( -perm -020 -o -perm -002 \) \
|
|
+ find $todo -type f \( -perm -020 -o -perm -002 \) \
|
|
-exec $WARN group or other writable: {} \;
|
|
|
|
# Check Postfix mail_owner-owned directory tree owner/permissions.
|