Back to postfix PTS page

Accepted postfix 3.7.9-0+deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted postfix 3.7.9-0+deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 26 Dec 2023 20:32:08 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: postfix_3.7.9-0+deb12u1_source.changes
Debian-source: postfix
Debian-suite: proposed-updates
Debian-version: 3.7.9-0+deb12u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=TdDK929kWgY4R+8Hduiel7WBWKdZNhyg0EpfMnqUKbI=; b=bZd9AdtMMgZo93hj4dAYyFL/zi 4Oc2npvf3SZ64glWvX/LIskVYpN71JvKXdwIhFyuXLIpNDNfAqdl53ytjNAIvxBSUPz8z5PfQfIZP UTizHNB7MAoKyqnMrzfw3Ax7SHKcI6Q6jbytdRLQW8F8DDdkjKIROVKBGMIozDwt+WGIC3BQw+kdK kG+EAGUe1PXBPBsuub4rLQLWhhCO6hvM/lsPK6FxWNzxOE8z1wRnA7yqMp+9C7Q3dtKq+66pYtrvn /Qn76wxlmsl2FR5PGrV7+4lVV5LeFSHt1OaPOWYIZUMj2xclAtMOb3hya4+MtmU9srv96fgfj7/K3 ztZ/vw8A==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1rIE5w-005q1j-SU@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Dec 2023 12:33:24 -0500
Source: postfix
Architecture: source
Version: 3.7.9-0+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Closes: 1059230
Changes:
 postfix (3.7.9-0+deb12u1) bookworm; urgency=medium
 .
   [Wietse Venema]
 .
   * 3.7.7
     - Bugfix (bug introduced: 20140218): when opportunistic TLS fails
       during or after the handshake, don't require that a probe
       message spent a minimum time-in-queue before falling back to
       plaintext. Problem reported by Serg. File: smtp/smtp.h.
     - Bugfix (defect introduced: 19980207): the valid_hostname()
       check in the Postfix DNS client library was blocking unusual
       but legitimate wildcard names (*.name) in some DNS lookup
       results and lookup requests. Examples:
           name          class/type value
         *.one.example   IN CNAME *.other.example
         *.other.example IN A     10.0.0.1
         *.other.example IN TLSA  ..certificate info...
       Such syntax is blesed in RFC 1034 section 4.3.3.
       This problem was reported first in the context of TLSA
       record lookups. Files: util/valid_hostname.[hc],
   * 3.7.8
     - Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix
       SMTP server was waiting for a client command instead of
       replying immediately, after a client certificate verification
       error in TLS wrappermode. Reported by Andreas Kinzler. File:
       smtpd/smtpd.c.
     - Usability: the Postfix SMTP server now attempts to log the
       SASL username after authentication failure. In Postfix
       logging, this appends ", sasl_username=xxx" after the reason
       for SASL authentication failure. The logging replaces an
       unavailable reason with "(reason unavailable)", and replaces
       an unavailable sasl_username with "(unavailable)". Based
       on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
       xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.
     - Bugfix (defect introduced: Postfix 2.11): in forward_path,
       the expression ${recipient_delimiter} would expand to an
       empty string when a recipient address had no recipient
       delimiter. Fixed by restoring Postfix 2.10 behavior to use
       a configured recipient delimiter value. Reported by Tod
       A. Sandman. Files: proto/postconf.proto, local/local_expand.c.
   * 3.7.9 (Closes: #1059230)
     - Addresses CVE-2023-51764, requires configuration change
     - Security: with "smtpd_forbid_bare_newline = yes" (default
       "no" for Postfix < 3.9), reply with "Error: bare <LF>
       received" and disconnect when an SMTP client sends a line
       ending in <LF>, violating the RFC 5321 requirement that
       lines must end in <CR><LF>. This prevents SMTP smuggling
       attacks that target a recipient at a Postfix server. For
       backwards compatibility, local clients are excluded by
       default with "smtpd_forbid_bare_newline_exclusions =
       $mynetworks". Files: mantools/postlink, proto/postconf.proto,
       global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
Checksums-Sha1:
 6db951753ca1c6360e817424283906784bc289cb 3008 postfix_3.7.9-0+deb12u1.dsc
 1a7d623ed0af635b6e1134ce73f6afdf5800736a 4835829 postfix_3.7.9.orig.tar.gz
 91f3950f49debd1b5e94b8cdf495c52b778db8be 220 postfix_3.7.9.orig.tar.gz.asc
 d11db873c454cc58610e19312ca01b5fe3d32e84 197796 postfix_3.7.9-0+deb12u1.debian.tar.xz
 4484f05c29ef0f8c64d0733ed070d5ad6ee7bfa5 7695 postfix_3.7.9-0+deb12u1_source.buildinfo
Checksums-Sha256:
 dc186d3d4227a34c9dbf6c0a52bc390a18c1e244c43eb0d3af7d7d6f3040d662 3008 postfix_3.7.9-0+deb12u1.dsc
 d75db038b3dd202a9059d5c149d36fe8a05d54edc4f2e2be93e792eef16988f3 4835829 postfix_3.7.9.orig.tar.gz
 0e43d4b69adccf52e5f75d1603d624f99478af8a4f89786ed65a3a4568484d39 220 postfix_3.7.9.orig.tar.gz.asc
 9627d8ef2ed2b36b1f0fc03b5de5e5fc490567fc997a43cc671b8b67494f4e1e 197796 postfix_3.7.9-0+deb12u1.debian.tar.xz
 7521362d473d53ebde2353073617f41e4e404c2ba95e60d0f609a15e94037826 7695 postfix_3.7.9-0+deb12u1_source.buildinfo
Files:
 fc7122a062a90478f6c8e2406d134fd4 3008 mail optional postfix_3.7.9-0+deb12u1.dsc
 36d5c703793af81f5b7ca2bde5cae502 4835829 mail optional postfix_3.7.9.orig.tar.gz
 4d2f4f2263fad4934d45b2f167dd6a08 220 mail optional postfix_3.7.9.orig.tar.gz.asc
 8f7026cab46bad8cff8ae1e8f1a54403 197796 mail optional postfix_3.7.9-0+deb12u1.debian.tar.xz
 bea806f0819b6ef6ed30df1f1d01e75c 7695 mail optional postfix_3.7.9-0+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmWIa5cACgkQeNfe+5rV
mvFaNw/9E9OmpR0GcUERCWFwpBnJ7qYgtXlRDPVAsIzuMvRYl1wMN4+psij93X/9
Ljw1lBYQbjFdCmCMMF9AymMZFIAIVvdf7ePeJpzCg/IcT3HB34rMARTB08RbZbyt
JHQQXSowrcq1ADl8jI02ju6TR/R4+b+hJgIVsKyaxBktB+KTdhR0bXZG5D6UgCPv
Lqup/eOjc3SISjxLRa1mVkwhTya2er2sQ86DEWOIbfqe/l+xWqucLFuE5wfhQrP6
mAK3+oCGuoPSMmN/H27v4bXoi0MbDJkTk2VMb6R9LJ3tavxu3dxb0VT0XtTZAvNl
OgCSwKMg1j/taXAaJDqdMx1YLS7EqaHHJ1YRNjlExbz2yWuxtJGVo3F3yeuuf+n3
Eff6EYJM3ZCAN5rYQnHGtM3RZPAFI5uQ2C/dWB0c/ApIiHFlehdQqSJE9jYTxp2X
TfVVBkXqxVaae7uKNd25mL7Qd+n60ugOoOSob7ueic2lIejy0a5C/AANwO6Y93QN
h8A0RyZPutkkEPkYh/mHoGZ2fhSsLtI4ZfpDoVOVxTmqAI3aY1qX6FcQ4vUmyOax
RlvupITUKQapZ+3yQ5G+eU4Tw9mUBBfQiVHiuP8gODjql6PNPo3w3QaMZrNi2bML
w+P8zSmY8OGYcu7NHC+6xq/WEA5gWkWXmkoD+KSAYS8hd6Kqxqs=
=ibhl
-----END PGP SIGNATURE-----