-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 06 Mar 2024 10:10:14 -0500 Source: postfix Binary: postfix postfix-cdb postfix-cdb-dbgsym postfix-dbgsym postfix-ldap postfix-ldap-dbgsym postfix-lmdb postfix-lmdb-dbgsym postfix-mysql postfix-mysql-dbgsym postfix-pcre postfix-pcre-dbgsym postfix-pgsql postfix-pgsql-dbgsym postfix-sqlite postfix-sqlite-dbgsym Architecture: amd64 Version: 3.7.11-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Scott Kitterman Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-ldap - LDAP map support for Postfix postfix-lmdb - LMDB map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix postfix-sqlite - SQLite map support for Postfix Changes: postfix (3.7.11-0+deb12u1) bookworm; urgency=medium . [Wietse Venema] . * 3.7.11 - Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session. Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c. - Cleanup: Postfix SMTP server response with an empty authentication failure reason. File: smtpd/smtpd_sasl_glue.c. - Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance. File: postqueue/showq_json.c. - Cleanup: posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. Viktor Dukhovni. File: posttls-finger.c. - Bugfix (defect introduced: Postfix 2.3): after prepending a message header with a Postfix access table PREPEND action, a Milter request to delete or update an existing header could have no effect, or it could target the wrong instance of an existing header. Root cause: the fix dated 20141018 for the Postfix Milter client was incomplete. The client did correctly hide the first, Postfix-generated, Received: header when sending message header information to a Milter with the smfi_header() application callback function, but it was still hiding the first header (instead of the first Received: header) when handling requests from a Milter to delete or update an existing header. Problem report by Carlos Velasco. This change was verified to have no effect on requests from a Milter to add or insert a header. File: cleanup/cleanup_milter.c. - Workaround: tlsmgr logfile spam. Some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. File: tlsmgr/tlsmgr.c. - Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. File: smtpd/smtpd.c. - Performance: eliminate worst-case behavior where the queue manager defers delivery to all destinations over a specific delivery transport, after only a single delivery agent failure. The scheduler now throttles one destination, and allows deliveries to other destinations to keep making progress. Files: *qmgr/qmgr_deliver.c. - Safety: drop and log over-size DNS responses resulting in more than 100 records. This 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is well below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also limits the number of DNS requests from check_*_*_access restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. Checksums-Sha1: 70f5ecfbdab06dc88afac772864eadefda4d4735 10520 postfix-cdb-dbgsym_3.7.11-0+deb12u1_amd64.deb 5ce492011cae141c5c78289a7655a8a27dc9659c 333844 postfix-cdb_3.7.11-0+deb12u1_amd64.deb 12d4536d0550a02573bbba9374066f4cac582399 1821964 postfix-dbgsym_3.7.11-0+deb12u1_amd64.deb a5f9db86c5031012bf2fffaaf87e366cc9917fba 22440 postfix-ldap-dbgsym_3.7.11-0+deb12u1_amd64.deb b1b38fe58b692d3a80c30025cdc37fb513bdf462 351380 postfix-ldap_3.7.11-0+deb12u1_amd64.deb 6be4055e0efeea528fa756569bf7806e39dc0fa3 18856 postfix-lmdb-dbgsym_3.7.11-0+deb12u1_amd64.deb 7c42d87712967949fba9e9daad21571cfaee9157 339520 postfix-lmdb_3.7.11-0+deb12u1_amd64.deb ec0526145628c64d65bd116c7dadf83f6bebb279 23816 postfix-mysql-dbgsym_3.7.11-0+deb12u1_amd64.deb 9a0d8ce117bef281437f110164b71a3e9f53fc21 341720 postfix-mysql_3.7.11-0+deb12u1_amd64.deb 3efbe11dcb60ccd9fbeb75690e0931eb2122dde3 14888 postfix-pcre-dbgsym_3.7.11-0+deb12u1_amd64.deb 11ae53dbb19d212224465e55498ac1bddd783591 339952 postfix-pcre_3.7.11-0+deb12u1_amd64.deb 62fbf8d3a816927cbb3f3417cf17c5886a242839 13856 postfix-pgsql-dbgsym_3.7.11-0+deb12u1_amd64.deb d2fe09839ebc5f8c9ea1c698712b13e1c93c0383 340252 postfix-pgsql_3.7.11-0+deb12u1_amd64.deb 3a5802f86f54243ad6c2a7519bb2ac0631654446 8236 postfix-sqlite-dbgsym_3.7.11-0+deb12u1_amd64.deb 7ea6aa39a30a8412c244da22b7276b707b2817fc 337368 postfix-sqlite_3.7.11-0+deb12u1_amd64.deb c4156c4972e019f584c6c90742f7b3d1d130fbbc 11741 postfix_3.7.11-0+deb12u1_amd64-buildd.buildinfo af9f2cf00965329dfca78890a7b4de2084b2c9a7 1510172 postfix_3.7.11-0+deb12u1_amd64.deb Checksums-Sha256: 2121c871b6f21fae70fb802fcd8c09dbbd8440cc654bada7ff924bf028cb84be 10520 postfix-cdb-dbgsym_3.7.11-0+deb12u1_amd64.deb 7f6aa95714b0ea3020bd9c62579070b87da814776279996df6d1a56fb53494fd 333844 postfix-cdb_3.7.11-0+deb12u1_amd64.deb ce3af92fd068cafdb86f036d5230196b282803609777ec2f5d1d7fcf075d8734 1821964 postfix-dbgsym_3.7.11-0+deb12u1_amd64.deb 35c7d815ec0ea126291f8e72801339e2e95e8254141f63cd8a303cf1db21056c 22440 postfix-ldap-dbgsym_3.7.11-0+deb12u1_amd64.deb adacc6643e84f06ea85a7e487e7e7d9bb3210b57f87556bcb5ff3b71162b974e 351380 postfix-ldap_3.7.11-0+deb12u1_amd64.deb 7bc0636d0ad267a4e60d30e51a5bf030b8c385cd18961319829f01e677217828 18856 postfix-lmdb-dbgsym_3.7.11-0+deb12u1_amd64.deb 617850b1893293b86654a730964e3406f0373bacc290e36950e7dfd9a0e9a05e 339520 postfix-lmdb_3.7.11-0+deb12u1_amd64.deb 3521099ed70bd24f7c76fdb37ba7e17e3acc1c9ca5e7df252051167ecdd882f5 23816 postfix-mysql-dbgsym_3.7.11-0+deb12u1_amd64.deb e6101d43e5bb948e4e429b57807e4df212699594cfb39b9577f37919c841d9d2 341720 postfix-mysql_3.7.11-0+deb12u1_amd64.deb 72f292a84a300f2800c3bcaedcd5669363814a781912d326a98e72bb28daa953 14888 postfix-pcre-dbgsym_3.7.11-0+deb12u1_amd64.deb ea12b70fe2656c99c443e608dd4627cd6cce8139ee88063c473e521aa3992df1 339952 postfix-pcre_3.7.11-0+deb12u1_amd64.deb ae2eb9519f98db01975defd75d73c50fb4c1535b2cd9c0ca40d0135cd224b81d 13856 postfix-pgsql-dbgsym_3.7.11-0+deb12u1_amd64.deb 7b0b7aecc374114ad5f50c4adef19e89877e36e1ee77dfdc8967b898cedad6eb 340252 postfix-pgsql_3.7.11-0+deb12u1_amd64.deb ed4347b65bfa72b6ad87487a3c739443bec3d61df8249f7d59832849a05e98c3 8236 postfix-sqlite-dbgsym_3.7.11-0+deb12u1_amd64.deb 8698fa6ccab101855fae48f0a229692341ea47a486a1e9738da0e6c3d5a3fe06 337368 postfix-sqlite_3.7.11-0+deb12u1_amd64.deb ac0d3468e41d4c390c169895a99c9f622d8858db8283e2a2b98aaaaaaa387406 11741 postfix_3.7.11-0+deb12u1_amd64-buildd.buildinfo a097fa379fb22c5dcb2b95446ec355fbea8aa338c185eb37685f8db87d68b305 1510172 postfix_3.7.11-0+deb12u1_amd64.deb Files: d3721cb377441d68ee911c25cf78a910 10520 debug optional postfix-cdb-dbgsym_3.7.11-0+deb12u1_amd64.deb 923a16e5c59c51fa97da268da0b73968 333844 mail optional postfix-cdb_3.7.11-0+deb12u1_amd64.deb 9445ea0a9f9500465ecfb47e6dfa53a7 1821964 debug optional postfix-dbgsym_3.7.11-0+deb12u1_amd64.deb fdd43948194a63b19638091b5bf3554d 22440 debug optional postfix-ldap-dbgsym_3.7.11-0+deb12u1_amd64.deb e7aa92cb46f71e9584e2041453636b2c 351380 mail optional postfix-ldap_3.7.11-0+deb12u1_amd64.deb f152df14f384fe914c5e8e80b9ad999c 18856 debug optional postfix-lmdb-dbgsym_3.7.11-0+deb12u1_amd64.deb 60c8dd5d43f6bd8a5b7419b823dc8168 339520 mail optional postfix-lmdb_3.7.11-0+deb12u1_amd64.deb 112fd02ce2145f559b2f72349caeaa7b 23816 debug optional postfix-mysql-dbgsym_3.7.11-0+deb12u1_amd64.deb 2e5b753294635d6950ac53786a4cc132 341720 mail optional postfix-mysql_3.7.11-0+deb12u1_amd64.deb 9fcb82263f9e737878b2b26824167ee4 14888 debug optional postfix-pcre-dbgsym_3.7.11-0+deb12u1_amd64.deb bc5aa19d75faa909232f9f45b6cdc00c 339952 mail optional postfix-pcre_3.7.11-0+deb12u1_amd64.deb d1ec9f77eddcdd5c6ed3feb8ebc8b11a 13856 debug optional postfix-pgsql-dbgsym_3.7.11-0+deb12u1_amd64.deb b88e62c458a483c58b0c1a7272c83059 340252 mail optional postfix-pgsql_3.7.11-0+deb12u1_amd64.deb 3df2d766c0bf06a3f12ef0fb8217c78e 8236 debug optional postfix-sqlite-dbgsym_3.7.11-0+deb12u1_amd64.deb 3a330c6f590f282e4a96000d91873cdf 337368 mail optional postfix-sqlite_3.7.11-0+deb12u1_amd64.deb cb8d27831eb07107c6b30c2c633f6ce6 11741 mail optional postfix_3.7.11-0+deb12u1_amd64-buildd.buildinfo cd6d0979126ccb7ce4b30918ee942a6a 1510172 mail optional postfix_3.7.11-0+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE85oDfSLnwLkvY4Ibj5YjFeDZ0JMFAmYAoj0ACgkQj5YjFeDZ 0JOV9A//abxgXkca30T98Kv16hYvBVSNjMYAk0/F/za/+yAvKaGG+6swhcfjxdMC pyJ+Ilk3Zzakh+sivukQI65GON27t34MxQWwNfcYlKfXmdIhGq6/nNUnqIjJXwGj bpulUtimNuiQ628XwhgEFek0xCEgLqOnqjgIuCC76vVLkKfDw0Q8ESeOU3qIm/ea 0eebg3rB32qXbqlMllnPjyrJGRu08TnEjWoPKVAypZxgsvszLaPxiRe28sTLJO6O 5B11DdlGikiMvH3kDCLyqBTqXa32XRJm/4O2Uzth6p1fdnWNhnFMbozTym2naDqz 6a1ALPLzaGbWZMGCUSDBVSmsipxqI4ZMp4sGhzI3/EfEzIU5h6exDBKhqkTBIAJ8 /Yog5Q7MFsac4NG5Ph2gKUchWN9KBtileGA4dNnOnb4jtuUrtaeMuQlH9bl06zxa 5Esx2W2m/fmlWxNJQG2GRy17Q4xQx5AO2fa4BFMKGmG4yc9SFBxbXO4xHfdgY88L 2sCRU/skjfu6erV+A8mM6NiaN4X37l1fKeU1N8fw8uLqMecDQdIeLLpPh00hL3X/ qVKGfI16PvhjMnHKFF7cUOXMGPqJHazWls1/o2o9c0zt7XaIwqo+MQ2k2/Gx1nSx WmVXpC8munzGpfihDhGrMz6Fy3PUnqxCQ2mXdhb7j8jNgw/JJvA= =fdsK -----END PGP SIGNATURE-----