Accepted postfix 3.5.18-0+deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted postfix 3.5.18-0+deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 12 Feb 2023 19:32:12 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: postfix_3.5.18-0+deb11u1_source.changes
- Debian-source: postfix
- Debian-suite: proposed-updates
- Debian-version: 3.5.18-0+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=ipJd3NiDWSHBSffshApezDTDdW6iE9Tz8OdGGt4X+rc=; b=n09/buuf6NXv3QPIGt2Emg3+BL Qg7QwhVFikPd26Cr8uWjgA11+yblMZIQ2aJGeIogFNeM7E4I2oUK0um5CMJidF/rSGSeOa+oYYFJD fST7YY1d1doBNSqAariVYiz4U7U0XFTTQDVwVp0FoOENTR+m9/KcqbA5lIPGr/sJjtPHVkdE/inhR x0aAWxvqzXQDz1NhHy7C2gylsUtbJhH6YagDkI4B177UdtghSfW9aidEC6eF8lWzOLjsbwcH4ZClX ccfYFi9cWl3Kp+RQjGIBvphuS6lQVbKLwYtH0Z+TyS/MySQQihiz0eMlxxM33QaMLMPAxB4B+5IRZ 4wkhW+ag==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pRI56-00D0nr-Qi@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 21 Jan 2023 20:17:03 -0500
Source: postfix
Architecture: source
Version: 3.5.18-0+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Changes:
postfix (3.5.18-0+deb11u1) bullseye; urgency=medium
.
[Wietse Venema]
.
* 3.5.18
- Bugfix (introduced: Postfix 2.2): the smtpd_proxy_client
code mis-parsed the last XFORWARD attribute name in the
SMTP server's EHLO response. The result was that the
smtpd_proxy_client code failed to forward the IDENT attribute.
Fix by Andreas Weigel. File: smtpd/smtpd_proxy.c.
.
- Portability: LINUX6 support. Files: makedefs, util/sys_defs.h.
.
- Workaround: OpenSSL 3.x EVP_get_digestbyname() can return
lazily bound handles that may fail to work when one attempts
to use them, because no provider search happens until one
constructs an actual operation context. In sufficiently
hostile configurations, Postfix could mistakenly believe
that an algorithm is available, when in fact it is not. A
similar workaround may be needed for EVP_get_cipherbyname().
Fix by Viktor Dukhovni. Files: tls/tls.h, tls/tls_dane.c,
tls/tls_fprint.c, tls/tls_misc.c.
.
- Bugfix (introduced: Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally;
it should evaluate the argument only if there was no prior
error. Found during code review. File: tls/tls_fprint.c.
.
- Foolproofing: postscreen segfault with postscreen_dnsbl_threshold
< 1. It should reject such input with a fatal error instead.
Discovered by Benny Pedersen. File: postscreen/postscreen.c.
.
- Bugfix (introduced: Postfix 2.7): the verify daemon logged
a garbled cache name when terminating a cache scan in
progress. Reported by Phil Biggs, fix by Viktor Dukhovni.
File: util/dict_cache.c.
.
- Workaround: STRREF() macro to shut up compiler warnings for
legitimate string comparison expressions. Back-ported from
Postfix 3.6 and later. Files: util/stringops.h, flush/flush.c.
.
- Workaround for a breaking change in OpenSSL 3: always turn
on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages
and missed opportunities for TLS session reuse. This is
safe because the SMTP protocol implements application-level
framing, and is therefore not affected by TLS truncation
attacks. Fix by Viktor Dukhovni. Files: tls/tls.h, tls_client.c,
tls/tls_server.c.
Checksums-Sha1:
06dcb2fd157b1d36b670ea9b715a852690c4dae0 3039 postfix_3.5.18-0+deb11u1.dsc
b5db9c79fcadb817651b743163419934dbc77e2a 4627739 postfix_3.5.18.orig.tar.gz
4432a21266b9ba8c719110585cfaeb8c404b3ab3 220 postfix_3.5.18.orig.tar.gz.asc
a1a5c3215c756da9e19efe6ba7fc515ab3a24489 209192 postfix_3.5.18-0+deb11u1.debian.tar.xz
48facf31b299e9f6008a5a7629ae384ce3a7e8ac 7572 postfix_3.5.18-0+deb11u1_source.buildinfo
Checksums-Sha256:
0e8b7f9cc5a93b9f3405dfcaaa36c7605c458bb7785a4281287deda191a0ab9c 3039 postfix_3.5.18-0+deb11u1.dsc
1f250722f5e2b85dae7e57196ffab48e251f10eb40e86823a4a8304bc6c02852 4627739 postfix_3.5.18.orig.tar.gz
d9d85851dfb4e5c1b94060f3207e0ebda19c67be3a2886e9ff79ef2d5f2bddf0 220 postfix_3.5.18.orig.tar.gz.asc
9c9556d71a45d5e2fbf267cb23f84e4d8046bf21b97bd66b02f856316b0cd559 209192 postfix_3.5.18-0+deb11u1.debian.tar.xz
051140afb7b329e7c5bbad7a1904f99f74957e895fa7309fe44636f73b4a21dc 7572 postfix_3.5.18-0+deb11u1_source.buildinfo
Files:
4c024aee4d22c585da00fbae7cb4ab87 3039 mail optional postfix_3.5.18-0+deb11u1.dsc
9a8dcd03eda6d456b8c61fd22e41fe18 4627739 mail optional postfix_3.5.18.orig.tar.gz
ecf1cc875faa396b112c81b1265c0438 220 mail optional postfix_3.5.18.orig.tar.gz.asc
27f735a3397a4da9b76a138ff3097793 209192 mail optional postfix_3.5.18-0+deb11u1.debian.tar.xz
556e8e8ff5777951f7ec7f5a51b83f3a 7572 mail optional postfix_3.5.18-0+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmPey48ACgkQeNfe+5rV
mvF2Bg//U1WmYiG6YzM47A4Ktvlg51gDDRfjnnSqb7Hkf8e9hAg/3E/OMFAflxaw
LueVi71es5nPwt7Njm0qcheMDd1YQZELweuBbzjKzxqRum97AmpAZ2W0tt7fUau5
6qe3Xdv4LxBugiYsLdJm6SDwt4GvBfyeyM7NOrKGwgVcUg0N6XS5ZRdoczWsIqy7
8J+qrhMF0c4pH9Zq/hW8KrVVLMKB1PAoDHljCkJYvERdb6gce6u/PWIka1PhNyOW
E0qPfCj1feNBlNStEtdljkw5vKZ9dgO8fIBAzyhBEko4BFFjjnnglLFGW/jhAo1Y
49E2snk2Rx5ClHwIqz4gVl0dRgApICovVNU+TL/v3aeW0/1gDC1rY8RNMbqvnH1s
cMS/1rPvmzqfE2wh5bNr9zic1Qig4wbl5bl3vB9UJQOuiNHPWd6nBCjkcSP7F0ML
sJlIBUZttmis86Hv5RTadzXwkjQRsUrXD5f6x32Ax3d85ziudYpcUltPpqKimbJG
yP/CaTuOckmc9s0HSKjGiJAmc11Ew/a3nNAXKVPbOWAoF9vfvxpD420oJg/c9SJO
g9OHur+ZtDNfAzpsLYhnuNAMfDNtKmngsUMTZz974coNL0UEIxsOL053v6bNbi6L
MO++YeTMhIrYjX00TQgjr6OZcKfeCa7CotW8rhv8vh2c/7+rLyY=
=TIIS
-----END PGP SIGNATURE-----