Back to postfix PTS page

Accepted postfix 3.4.23-0+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 07 Jan 2022 11:04:17 -0500
Source: postfix
Architecture: source
Version: 3.4.23-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Closes: 926331 959864 964762 968057 988538 991950 999694
Changes:
 postfix (3.4.23-0+deb10u1) buster; urgency=medium
 .
   [Scott Kitterman]
 .
   * Refresh patches
   * Update d/p/70_postfix-check.diff to exclude makedefs.out from synlink
     check.  Closes: #926331
   * Do not override user set default_transport in postinst.  Closes: #988538
   * Add information about keeping resolv.conf up to date in the chroot with
     the resolvconf package.  Closes: #964762
 .
   [Sergio Gelato]
 .
   * Correct if-up.d to not error out if postfix can't send mail yet.
     Closes: #959864
 .
   [Paride Legovini]
 .
   * d/postfix.postinst: tolerate search domain with a leading dot.
     Closes: #991950
 .
   [Wietse Venema]
 .
   * 3.4.15
     - Bugfix (introduced: Postfix 3.0): minor memory leaks in the
       Postfix TLS library, found during tests. File: tls/tls_misc.c.
 .
     - Bugfix (introduced: Postfix 3.0): 4kbyte per session memory
       leak in the Postfix TLS library, found during tests. File:
       tls/tls_misc.c.
 .
     - Workaround for distros that override Postfix protocol
       settings in a system-wide OpenSSL configuration file, causing
       interoperability problems after an OS update. File:
       tls/tls_client.c, tls/tls_server.c.
 .
   * 3.4.16
     - Bugfix (introduced: Postfix 3.4.15): part of a memory leak
       fix was backported to the wrong place. File: tls/tls_misc.c.
 .
     - The Postfix 3.4.15 workaround did not explictly override
       the system-wide OpenSSL configuration of allowed TLS protocol
       versions, for sessions where the remote SMTP client sends
       SNI. It's better to be safe than sorry. File: tls/tls_server.c.
 .
   * 3.4.17
     - Bugfix (introduced: Postfix 3.4, already fixed in Postfix
       3.6): tlsproxy(8) was using the wrong DANE macro for
       connections with DANE trust anchors or with non-DANE trust
       anchors (WTF: Thorsten Habich found this bug in the use
       case that has nothing to do with DANE). This resulted in a
       global certificate verify function pointer race, between
       TLS handshakes that use TLS trust achors and handshakes
       that use PKI. No memory was corrupted in the course of all
       this.  Viktor Dukhovni. File: tlsproxy/tlsproxy.c.
 .
     - Cleanup: the posttls-finger '-X' option reported a false
       conflict with '-r'.  File: posttls-finger/posttls-finger.c.
 .
   * 3.4.18
     - Bugfix (introduced: Postfix 2.0): smtp_sasl_mechanism_filter
       ignored table lookup errors, treating them as 'not found'.
       Found during Postfix 3.6 development. File: smtp/smtp_sasl_proto.c.
 .
     - Bugfix (introduced: Postfix 2.3): when deleting a recipient
       with a milter, delete the recipient from the duplicate
       filter, so that the recipient can be added back. Backported
       from Postfix 3.6. Files: global/been_here.[hc],
       cleanup/cleanup_milter.c.
 .
     - Bugfix (introduced: before Postfix alpha): the code that
       looks for Delivered-To: headers ignored headers longer than
       $line_length_limit. Backported from Postfix 3.6. File:
       global/delivered_hdr.c.
 .
     - Bugfix (introduced: Postfix 2.8): save a copy of the
       postscreen_dnsbl_reply_map lookup result. This has no effect
       when the recommended texthash: look table is used, but it
       may avoid stale data with other lookup tables. File:
       postscreen/postscreen_dnsbl.c.
 .
     - Bugfix (introduced: Postfix 2.2): after processing an
       XCCLIENT command, the smtps service was waiting for a TLS
       handshake. Found by Aki Tuomi. File: smtpd/smtpd.c.
 .
     - Bugfix (introduced: Postfix 2.3): static maps did not free
       their casefolding buffer. File: util/dict_static.c.
 .
   * 3.4.19
     - Feature: when a Postfix program makes a DNS query that
       requests DNSSEC validation (usually for Postfix DANE support)
       but the DNS response is not DNSSEC validated, Postfix will
       send a DNS query configured with the "dnssec_probe" parameter
       to determine if DNSSEC support is available, and logs a
       warning if it is not. By default, the probe has type "ns"
       and domain name ".". The probe is sent once per process
       lifetime. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_sec.c,
       test_dns_lookup.c, global/mail_params.[hc], mantools/postlink.
 .
     - The default "smtp_tls_dane_insecure_mx_policy = dane" was
       causing unnecessary dnssec_probe activity. The default is now
       "dane" when smtp_tls_security_level is "dane", otherwise it is
       "may". File: global/mail_params.h.
 .
   * 3.4.20
     - Missing null pointer checks (introduced: Postfix 3.4) after
       an internal I/O error during the smtp(8) to tlsproxy(8)
       handshake. Found by Coverity, reported by Jaroslav Skarvada.
       Based on fix by Viktor Dukhovni. File: tls/tls_proxy_client_scan.c.
 .
     - Null pointer bug (introduced: Postfix 3.0) and memory leak
       (introduced: Postfix 3.4) after an inline: table syntax
       error in main.cf or master.cf. Found by Coverity, reported
       by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File:
       util/dict_inline.c.
 .
     - Incomplete null pointer check (introduced: Postfix 2.10)
       after truncated HaProxy version 1 handshake message. Found
       by Coverity, reported by Jaroslav Skarvada. Fix by Viktor
       Dukhovni. File: global/haproxy_srvr.c.
 .
     - Missing null pointer check (introduced: Postfix alpha) after
       null argv[0] value. File: global/mail_task.c.
 .
   * 3.4.21
     - Bugfix (introduced: Postfix 2.11): the command "postmap
       lmdb:/file/name" handled duplicate keys ungracefully,
       discarding entries stored up to and including the duplicate
       key, and causing a double free() call with lmdb versions
       0.9.17 and later. Reported by Adi Prasaja; double free()
       root cause analysis by Howard Chu. File: util/slmdb.c.
 .
     - Typo (introduced: Postfix 3.4): silent_discard should be
       silent-discard. File: proto/BDAT_README.html.
 .
     - Support for Postfix 3.6 compatibility_level syntax, to avoid
       fatal runtime errors when rolling back from Postfix 3.6 to
       an earlier supported version, or when sharing Postfix 3.6
       configuration files with an earlier supported Postfix
       version. File: global/mail_params.c.
 .
   * 3.4.22
     - Bugfix (introduced: Postfix 3.4): the texthash: map
       implementation did not support "postmap -F" behavior.
       Reported by Christopher Gurnee, who also found the missing
       code in the postmap source. File: util/dict_thash.c.
 .
     - Bugfix (introduced: 1999, Postfix 2.11) latent false "Result too
       large" (ERANGE) errors because an strtol() call had no 'errno
       = 0' statement before the call. Back-ported from Postfix 3.6.
       Files: postscreen/postscreen_tests.c, util/mac_expand.c.
 .
     - Bugfix (introduced: Postfix 3.3): "null pointer read" error
       in the cleanup daemon when "header_from_format = standard"
       (the default as of Postfix 3.3) and email was submitted
       with /usr/sbin/sendmail without From: header, and an all-space
       full name was specified in 1) the password file, 2) with
       "sendmail -F", or 3) with the NAME environment variable.
       Found by Renaud Metrich. File: cleanup/cleanup_message.c.
       (Closes: #968057)
 .
     - Bugfix (introduced: 1999): the Postfix SMTP server was
       sending all session transcripts to the error_notice_recipient,
       instead of sending transcripts of bounced mail to the
       bounce_notice_recipient. File: smtpd/smtpd_chat.c.
 .
     - Bugfix (introduced: Postfix 2.4): false "too many reverse
       jump" warnings in the showq daemon. The loop detection code
       was comparing memory addresses instead of queue file names.
       It now properly compares strings. Reported by Mehmet Avcioglu.
       File: global/record.c.
 .
   * 3.4.23
     - Bitrot: OpenSSL 3.x requires const. File: tls/tls_misc.c.
 .
     - Bugfix (bug introduced: Postfix 2.10): postconf -x produced
       incorrect output, because different functions were implicitly
       sharing a buffer for intermediate results. Reported
       by raf, root cause analysis by Viktor Dukhovni. File:
       postconf/postconf_builtin.c.
 .
     - Bugfix (problem introduced: Postfix 2.11): check_ccert_access
       worked as expected, but produced a spurious warning when
       Postfix was built without SASL support. Fix by Brad Barden.
       File: smtpd/smtpd_check.c.
 .
     - Bugfix (introduced: Postfix 2.4): queue file corruption
       after a Milter (for example, MIMEDefang) made a request to
       replace the message body with a copy of that message body
       plus additional text (for example, a SpamAssassin report).
 .
       The most likely impacts were a) the queue manager reporting
       a fatal error resulting in email delivery delays, or b) the
       queue manager reporting the corruption and moving the message
       to the corrupt queue for damaged messages.
 .
       However, a determined adversary could craft an email message
       that would trigger the bug, and insert a content filter
       destination or a redirect email address into its queue file.
       Postfix would then deliver the message headers there, in
       most cases without delivering the message body. With enough
       experimentation, an attacker could make Postfix deliver
       both the message headers and body.
 .
       The details of a successful attack depend on the Milter
       implementation, and on the Postfix and Milter configuration
       details; these can be determined remotely through
       experimentation.  Failed experiments may be detected when
       the queue manager terminates with a fatal error, or when
       the queue manager moves damaged files to the "corrupt" queue
       as evidence.
 .
       Technical details: when Postfix executes a "replace body"
       Milter request it will reuse queue file storage that was
       used by the existing email message body. If the new body
       is larger, Postfix will append body content to the end of
       the queue file. The corruption happened when a Milter (for
       example, MIMEDefang) made a request to replace the body of
       a message with a new body that contained a copy of the
       original body plus some new text, and the original body
       contained a line longer than $line_length_limit bytes (for
       example, an image encoded in base64 without hard or soft
       line breaks). In queue files, Postfix stores a long text
       line as multiple records with up to $line_length_limit bytes
       each. Unfortunately, Postfix's "replace body" support did
       not account for the additional queue file space needed to
       store the second etc.  record headers. And thus, the last
       record(s) of a long text line could overwrite one or more
       queue file records immediately after the space that was
       previously occupied by the original message body.
 .
       Problem report by BenoƮt Panizzon.
 .
   * Fix duplicate bounce_notice_recipient entries in postconf output.
     Closes: #999694
 .
   [Andreas Hasenack]
 .
   * Fix autopkgtest so it works and uses python3
Checksums-Sha1:
 e903e80bac9de49d9045fb7bfd04c6985f3d47b5 3041 postfix_3.4.23-0+deb10u1.dsc
 8aea6a870705c87ffc57738c3feb70869961298e 4586103 postfix_3.4.23.orig.tar.gz
 38424cd34d40d71b79d5221c0ed9c4b3977355e2 220 postfix_3.4.23.orig.tar.gz.asc
 a53e31440ac4296136b79fe471027f2dc55cad8d 209768 postfix_3.4.23-0+deb10u1.debian.tar.xz
 76e17309c02f36ced78e9be2137b78b2769ff6d4 12680 postfix_3.4.23-0+deb10u1_amd64.buildinfo
Checksums-Sha256:
 58601ef5f16a02ace3bede850b26d984549503887ebdac5633d41aaeb8664ffe 3041 postfix_3.4.23-0+deb10u1.dsc
 1759e953bf7baccb533899845c17753bf57a99ebac9c21717626262966a122f9 4586103 postfix_3.4.23.orig.tar.gz
 05ea60983d569ea342a00ca7dafa4f5406ce5540a8053080a85c6ba7774e1eb2 220 postfix_3.4.23.orig.tar.gz.asc
 7562025896e6d49be6313fedd543a89d38ced27764a4fe58cfab4f6f5abc4eb1 209768 postfix_3.4.23-0+deb10u1.debian.tar.xz
 38954c962c46ed95706e2b394f8d30a2934c27300f243aa4e1e25fb58520cb46 12680 postfix_3.4.23-0+deb10u1_amd64.buildinfo
Files:
 0353cec0d47775667fd3ac9d20507701 3041 mail optional postfix_3.4.23-0+deb10u1.dsc
 99c3b5c6d7c8639bc76f216950fc5266 4586103 mail optional postfix_3.4.23.orig.tar.gz
 fa2a629a3d8f0b8e1ee00c8af40d11d9 220 mail optional postfix_3.4.23.orig.tar.gz.asc
 7ecbb11453b1d02e181ac547ab77a27e 209768 mail optional postfix_3.4.23-0+deb10u1.debian.tar.xz
 a951df3dbabb0c322f585677d426c92b 12680 mail optional postfix_3.4.23-0+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmI4gYYACgkQeNfe+5rV
mvGQGQ//dMaM9SpCOv30oXv31zEJtOJEM+XwmnCCYfjbFJ+d/goPukFUB8Ye6xyO
3RUpLXTPF6DYdhuQkLMxSRuRpaWbtNRCZbPIt/TnpMyvc2zrktaffdFGYSnbkh6g
IXIHDdym3+t597f6dsi6NWGu5qCkJqr3DtSSmnujTTNr8mwu+gt4tKtlkGc4d50u
hO4WUG5u6WtrkLOJ1DNVo4SuKthH3mBddc38bvPHFjjAtRglBn/r7c9dX/dKOQTb
dyE3BqMiW72wZn0r9XIViXW1rkk8NJl8sZgNQ0leFb/OTZcJQRqSy+DeE0kVtJZY
d98YLRIor6hDm6cFaImY2k6iIvOgQQJXP5LyD8wo7LFdVgauz5ARhkemZrwScPL7
ZhW2/7Wa2VGQJSMXBvZW1Zth81FPBQ+u9xN0X/1AVex6cGUY3P1kTMPVMdKMxUVY
Bst4GXgCYrK8D+THR3Ha5XoiEErvAR5K7V/jgRAUY0R1yejnIZKtDwApgjt68CqV
sG4+IKB0XC6G0RSOy9Ha8ns1dzzd8xUUCF8w8x0reWTl9+xCUj0RZa9gniHxks7p
DEIRdoNpO29QGiS4Lu2nHEtQ+geFON28BTtIRt5FFtRdhZk4PeLTkf4+i87pLbL3
qhXJx+XVRfbPrqPQpAxMEdyYF9K1qtN2QNPFYZKQtt+e5wcRVDo=
=NOVY
-----END PGP SIGNATURE-----