Accepted postfix 3.4.7-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 01 Oct 2019 19:21:59 -0400
Source: postfix
Architecture: source
Version: 3.4.7-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Changes:
postfix (3.4.7-0+deb10u1) buster; urgency=medium
.
[Wietse Venema]
.
* 3.4.6
- Documentation: tlsext_padding is not a tls_ssl_options
feature. File: proto/postconf.proto.
- Portability: added "#undef sun" to util/unix_dgram_connect.c
(documented for completeness - no impact on Debian)
- Bugfix (introduced: Postfix 2.3): a censoring filter broke
multiline Milter responses for header/body events. Problem
report by Andreas Thienemann. Files: util/printable.c,
util/stringops.h, smtpd/smtpd.c
- Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
0" no longer meant 'unlimited'. Problem report by Luc Pardon.
File: smtp/smtp_addr.c.
- Documentation: updated the BUGS section in the smtp(8) manpage
about TLS connection reuse. File: smtp/smtp.c.
- Workaround for implementations that hang Postfix while
shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later. Files:
global/mail_params.h, tls/tls_session.c, and documentation.
- Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. File: smtpd/smtpd.c.
* 3.4.7
- Bugfix: the documentation said tls_fast_shutdown_enable,
but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
the code because no-one is expected to override the default.
File: global/mail_params.h.
- Workaround for poor TCP loopback performance on LINUX, where
getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment
size that is 1/2 to 1/3 of the MTU. For example, with kernel
5.1.16-300.fc30.x86_64 the TCP client and server announce
an mss of 65495 in the TCP handshake, but getsockopt()
returns 32741 (less than half). As a matter of principle,
Postfix won't turn on client-side TCP_NODELAY because that
hides application performance bugs, and because that still
suffers from server-side delayed ACKs. Instead, Postfix
avoids sending "small" writes back-to-back, by choosing a
VSTREAM buffer size that is a multiple of the reported MSS.
This workaround bumps the multiplier from 2x to 4x. File:
util/vstream_tweak.c.
- Bugfix (introduced: 20051222): the Dovecot client could
segfault (null pointer read) or cause an SMTP server assertion
to fail when talking to a fake Dovecot server. The client
now logs a proper error instead. Problem reported by Tim
Düsterhus. File: xsasl/xsasl_dovecot_server.c.
- Bugfix (introduced: Postfix 3.4): don't whitewash OpenSSL
error results after a plaintext output error. The code could
loop, and with some OpenSSL error results could flood the
log with error messages (see below for a specific case).
Problem reported by Andreas Schulze. File: tlsproxy/tlsproxy.c.
- Bitrot: don't invoke SSL_shutdown() when the SSL engine
thinks it is processing a TLS handshake. The commit at
https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
changed the error status, incompatibly, from SSL_ERROR_NONE
into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
Checksums-Sha1:
2897aa8e05ef80b75890b4abddba50f119bd0646 2770 postfix_3.4.7-0+deb10u1.dsc
675438e5eb2093579480a14e8f8552e784f03f32 4572758 postfix_3.4.7.orig.tar.gz
f6f430292473f06cb88b2661222d38bf8c3dd39c 197332 postfix_3.4.7-0+deb10u1.debian.tar.xz
fe35837703639a4a875dfc5b05883b58b3551583 7683 postfix_3.4.7-0+deb10u1_source.buildinfo
Checksums-Sha256:
282235523fc3bd76a2e7a855177db518942170666e9003a920a5a5a6cc820408 2770 postfix_3.4.7-0+deb10u1.dsc
fe3253121d3ba8836a23774225518560b35e40497951ad5bec154afa8205f967 4572758 postfix_3.4.7.orig.tar.gz
5414006ff391a713543b323b03f09970cbccab9b368845b73e5e0ccd68024c4b 197332 postfix_3.4.7-0+deb10u1.debian.tar.xz
fd87a93d52daa00a54a38a2afaa734e8545cff63a8f181fb27633f43d88fcbcb 7683 postfix_3.4.7-0+deb10u1_source.buildinfo
Files:
14d34d876d39a0f6b8c914c63ec330e1 2770 mail optional postfix_3.4.7-0+deb10u1.dsc
b29ab85e8f6ef7fae132b004e777671b 4572758 mail optional postfix_3.4.7.orig.tar.gz
9ed5f95aa2d063dd789425061498c6d4 197332 mail optional postfix_3.4.7-0+deb10u1.debian.tar.xz
64c42c3213999c793173ed37101cbe73 7683 mail optional postfix_3.4.7-0+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAl2T4JwACgkQeNfe+5rV
mvHU/w/9FaAZxeIkuecv5AbiCitfM2yPJz3PSYsDTDWgv0USaH4Ony+Hljpt+M0q
1HZq12Pslj4bqOxhKC/VoMMOrveUNehtkcEQF3DYpsXi7f2J1yMdC3oztihPizr7
+nul2BSQuAUTUoXJvur842oLrt5WvpGDHiFCZSJO76FndmXT/cHl6LasP/SPue25
akQc9nTICDevjNQLJ8YY3l7zG/hejPUlR9pr3fuNb6lw09UYGCR/1iCAvKY+SJSv
lIeY77CsJ8e2LzCf5MvYjWBCLIQG4VuTc8qczw4NaUtozDKZDE7oaSRsDbTatlW6
XaMFCkZwB6aGcgZfbcGUFJRO0+RQeqly0bM5OsHrH6dvsyhnxPhHQchfzDvvW+Ky
J01AavC4+IiT36USWwUomdq4cSgE1aczk/WkcW80BuUqLUq6UchC0dOW4oyHdxH6
Xjgbd6wBE/jWly2kvwO1Y2Dd5Aqtf2UKkhsnVH/fZJGIVpCbqzeV6G1r4aREChnG
qWoXMXaljkn0Evf9I7yrvd6NNI1PJrqFq8IoHebAzU9FAUF31Z1T/sEmUUndYhXv
H/481sn68QYyH1rwqu2alNEz6gerDuRz7onTk/HxMlwr4byFyLFFSTtuZ4enY9mx
m+OnnTYxIljxrCeEX++GqH1fI4okEls9Kl0EOC1g0vzFwdFKEDY=
=U+RS
-----END PGP SIGNATURE-----