Your message dated Sat, 10 Sep 2022 13:40:55 +0100 with message-id <2cfc9645343bdb910fe19c07bddfec2c428346a3.ca...@adam-barratt.org.uk> and subject line Closing requests for updates included in 10.13 has caused the Debian Bug report #1003293, regarding buster-pu: package postfix/3.4.14-0+deb10u1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003293 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu This is similar to #1003261 for bullseye, although there are fewer Debian specific changes because most weren't applicable to or would have been more invasive for buster. I've put together my usual postfix post-release update. Because I'm behind, it's rather larger than usual. Also, a number of packaging bugs that apply to buster have been recently fixed in Bookworm, so the low risk changes there have been backported too. The diff is rather large, so I don't include it in the original bug report to increase the chances this makes it to the mailing list. Also, as usual, I have this update ready to upload and running in production locally. Here is the debian/changelog entry for this update: postfix (3.4.23-0+deb10u1) buster; urgency=medium [Scott Kitterman] * Refresh patches * Update d/p/70_postfix-check.diff to exclude makedefs.out from synlink check. Closes: #926331 * Do not override user set default_transport in postinst. Closes: #988538 * Remove left-over ca-certificates.crt file from postfix chroot. Closes: #991609 * Add information about keeping resolv.conf up to date in the chroot with the resolvconf package. Closes: #964762 [Sergio Gelato] * Correct if-up.d to not error out if postfix can't send mail yet. Closes: #959864 [Paride Legovini] * d/postfix.postinst: tolerate search domain with a leading dot. Closes: #991950 [Wietse Venema] * 3.4.15 - Bugfix (introduced: Postfix 3.0): minor memory leaks in the Postfix TLS library, found during tests. File: tls/tls_misc.c. - Bugfix (introduced: Postfix 3.0): 4kbyte per session memory leak in the Postfix TLS library, found during tests. File: tls/tls_misc.c. - Workaround for distros that override Postfix protocol settings in a system-wide OpenSSL configuration file, causing interoperability problems after an OS update. File: tls/tls_client.c, tls/tls_server.c. * 3.4.16 - Bugfix (introduced: Postfix 3.4.15): part of a memory leak fix was backported to the wrong place. File: tls/tls_misc.c. - The Postfix 3.4.15 workaround did not explictly override the system-wide OpenSSL configuration of allowed TLS protocol versions, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry. File: tls/tls_server.c. * 3.4.17 - Bugfix (introduced: Postfix 3.4, already fixed in Postfix 3.6): tlsproxy(8) was using the wrong DANE macro for connections with DANE trust anchors or with non-DANE trust anchors (WTF: Thorsten Habich found this bug in the use case that has nothing to do with DANE). This resulted in a global certificate verify function pointer race, between TLS handshakes that use TLS trust achors and handshakes that use PKI. No memory was corrupted in the course of all this. Viktor Dukhovni. File: tlsproxy/tlsproxy.c. - Cleanup: the posttls-finger '-X' option reported a false conflict with '-r'. File: posttls-finger/posttls-finger.c. * 3.4.18 - Bugfix (introduced: Postfix 2.0): smtp_sasl_mechanism_filter ignored table lookup errors, treating them as 'not found'. Found during Postfix 3.6 development. File: smtp/smtp_sasl_proto.c. - Bugfix (introduced: Postfix 2.3): when deleting a recipient with a milter, delete the recipient from the duplicate filter, so that the recipient can be added back. Backported from Postfix 3.6. Files: global/been_here.[hc], cleanup/cleanup_milter.c. - Bugfix (introduced: before Postfix alpha): the code that looks for Delivered-To: headers ignored headers longer than $line_length_limit. Backported from Postfix 3.6. File: global/delivered_hdr.c. - Bugfix (introduced: Postfix 2.8): save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: look table is used, but it may avoid stale data with other lookup tables. File: postscreen/postscreen_dnsbl.c. - Bugfix (introduced: Postfix 2.2): after processing an XCCLIENT command, the smtps service was waiting for a TLS handshake. Found by Aki Tuomi. File: smtpd/smtpd.c. - Bugfix (introduced: Postfix 2.3): static maps did not free their casefolding buffer. File: util/dict_static.c. * 3.4.19 - Feature: when a Postfix program makes a DNS query that requests DNSSEC validation (usually for Postfix DANE support) but the DNS response is not DNSSEC validated, Postfix will send a DNS query configured with the "dnssec_probe" parameter to determine if DNSSEC support is available, and logs a warning if it is not. By default, the probe has type "ns" and domain name ".". The probe is sent once per process lifetime. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_sec.c, test_dns_lookup.c, global/mail_params.[hc], mantools/postlink. - The default "smtp_tls_dane_insecure_mx_policy = dane" was causing unnecessary dnssec_probe activity. The default is now "dane" when smtp_tls_security_level is "dane", otherwise it is "may". File: global/mail_params.h. * 3.4.20 - Missing null pointer checks (introduced: Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File: tls/tls_proxy_client_scan.c. - Null pointer bug (introduced: Postfix 3.0) and memory leak (introduced: Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found by Coverity, reported by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File: util/dict_inline.c. - Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. File: global/haproxy_srvr.c. - Missing null pointer check (introduced: Postfix alpha) after null argv[0] value. File: global/mail_task.c. * 3.4.21 - Bugfix (introduced: Postfix 2.11): the command "postmap lmdb:/file/name" handled duplicate keys ungracefully, discarding entries stored up to and including the duplicate key, and causing a double free() call with lmdb versions 0.9.17 and later. Reported by Adi Prasaja; double free() root cause analysis by Howard Chu. File: util/slmdb.c. - Typo (introduced: Postfix 3.4): silent_discard should be silent-discard. File: proto/BDAT_README.html. - Support for Postfix 3.6 compatibility_level syntax, to avoid fatal runtime errors when rolling back from Postfix 3.6 to an earlier supported version, or when sharing Postfix 3.6 configuration files with an earlier supported Postfix version. File: global/mail_params.c. * 3.4.22 - Bugfix (introduced: Postfix 3.4): the texthash: map implementation did not support "postmap -F" behavior. Reported by Christopher Gurnee, who also found the missing code in the postmap source. File: util/dict_thash.c. - Bugfix (introduced: 1999, Postfix 2.11) latent false "Result too large" (ERANGE) errors because an strtol() call had no 'errno = 0' statement before the call. Back-ported from Postfix 3.6. Files: postscreen/postscreen_tests.c, util/mac_expand.c. - Bugfix (introduced: Postfix 3.3): "null pointer read" error in the cleanup daemon when "header_from_format = standard" (the default as of Postfix 3.3) and email was submitted with /usr/sbin/sendmail without From: header, and an all-space full name was specified in 1) the password file, 2) with "sendmail -F", or 3) with the NAME environment variable. Found by Renaud Metrich. File: cleanup/cleanup_message.c. (Closes: #968057) - Bugfix (introduced: 1999): the Postfix SMTP server was sending all session transcripts to the error_notice_recipient, instead of sending transcripts of bounced mail to the bounce_notice_recipient. File: smtpd/smtpd_chat.c. - Bugfix (introduced: Postfix 2.4): false "too many reverse jump" warnings in the showq daemon. The loop detection code was comparing memory addresses instead of queue file names. It now properly compares strings. Reported by Mehmet Avcioglu. File: global/record.c. * 3.4.23 - Bitrot: OpenSSL 3.x requires const. File: tls/tls_misc.c. - Bugfix (bug introduced: Postfix 2.10): postconf -x produced incorrect output, because different functions were implicitly sharing a buffer for intermediate results. Reported by raf, root cause analysis by Viktor Dukhovni. File: postconf/postconf_builtin.c. - Bugfix (problem introduced: Postfix 2.11): check_ccert_access worked as expected, but produced a spurious warning when Postfix was built without SASL support. Fix by Brad Barden. File: smtpd/smtpd_check.c. - Bugfix (introduced: Postfix 2.4): queue file corruption after a Milter (for example, MIMEDefang) made a request to replace the message body with a copy of that message body plus additional text (for example, a SpamAssassin report). The most likely impacts were a) the queue manager reporting a fatal error resulting in email delivery delays, or b) the queue manager reporting the corruption and moving the message to the corrupt queue for damaged messages. However, a determined adversary could craft an email message that would trigger the bug, and insert a content filter destination or a redirect email address into its queue file. Postfix would then deliver the message headers there, in most cases without delivering the message body. With enough experimentation, an attacker could make Postfix deliver both the message headers and body. The details of a successful attack depend on the Milter implementation, and on the Postfix and Milter configuration details; these can be determined remotely through experimentation. Failed experiments may be detected when the queue manager terminates with a fatal error, or when the queue manager moves damaged files to the "corrupt" queue as evidence. Technical details: when Postfix executes a "replace body" Milter request it will reuse queue file storage that was used by the existing email message body. If the new body is larger, Postfix will append body content to the end of the queue file. The corruption happened when a Milter (for example, MIMEDefang) made a request to replace the body of a message with a new body that contained a copy of the original body plus some new text, and the original body contained a line longer than $line_length_limit bytes (for example, an image encoded in base64 without hard or soft line breaks). In queue files, Postfix stores a long text line as multiple records with up to $line_length_limit bytes each. Unfortunately, Postfix's "replace body" support did not account for the additional queue file space needed to store the second etc. record headers. And thus, the last record(s) of a long text line could overwrite one or more queue file records immediately after the space that was previously occupied by the original message body. Problem report by BenoƮt Panizzon. * Fix duplicate bounce_notice_recipient entries in postconf output. Closes: #999694 [Andreas Hasenack] * Fix autopkgtest so it works and uses python3 -- Scott Kitterman <sc...@kitterman.com> Fri, 07 Jan 2022 11:04:17 -0500 Scott K
--- End Message ---
--- Begin Message ---Package: release.debian.org Version: 10.13 Hi, Each of the updates referenced in these bugs was included in today's 10.13 point release. Regards, Adam
--- End Message ---
