-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 06 Mar 2024 10:10:14 -0500 Source: postfix Binary: postfix postfix-cdb postfix-cdb-dbgsym postfix-dbgsym postfix-ldap postfix-ldap-dbgsym postfix-lmdb postfix-lmdb-dbgsym postfix-mysql postfix-mysql-dbgsym postfix-pcre postfix-pcre-dbgsym postfix-pgsql postfix-pgsql-dbgsym postfix-sqlite postfix-sqlite-dbgsym Architecture: i386 Version: 3.7.11-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Scott Kitterman Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-ldap - LDAP map support for Postfix postfix-lmdb - LMDB map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix postfix-sqlite - SQLite map support for Postfix Changes: postfix (3.7.11-0+deb12u1) bookworm; urgency=medium . [Wietse Venema] . * 3.7.11 - Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session. Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c. - Cleanup: Postfix SMTP server response with an empty authentication failure reason. File: smtpd/smtpd_sasl_glue.c. - Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance. File: postqueue/showq_json.c. - Cleanup: posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. Viktor Dukhovni. File: posttls-finger.c. - Bugfix (defect introduced: Postfix 2.3): after prepending a message header with a Postfix access table PREPEND action, a Milter request to delete or update an existing header could have no effect, or it could target the wrong instance of an existing header. Root cause: the fix dated 20141018 for the Postfix Milter client was incomplete. The client did correctly hide the first, Postfix-generated, Received: header when sending message header information to a Milter with the smfi_header() application callback function, but it was still hiding the first header (instead of the first Received: header) when handling requests from a Milter to delete or update an existing header. Problem report by Carlos Velasco. This change was verified to have no effect on requests from a Milter to add or insert a header. File: cleanup/cleanup_milter.c. - Workaround: tlsmgr logfile spam. Some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. File: tlsmgr/tlsmgr.c. - Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. File: smtpd/smtpd.c. - Performance: eliminate worst-case behavior where the queue manager defers delivery to all destinations over a specific delivery transport, after only a single delivery agent failure. The scheduler now throttles one destination, and allows deliveries to other destinations to keep making progress. Files: *qmgr/qmgr_deliver.c. - Safety: drop and log over-size DNS responses resulting in more than 100 records. This 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is well below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also limits the number of DNS requests from check_*_*_access restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. Checksums-Sha1: 938aa1252a9afc7b1a074abf0189c76696e70661 9788 postfix-cdb-dbgsym_3.7.11-0+deb12u1_i386.deb 4a1d4fc13d0615ec83bf95bd9466bee40f37a69d 334104 postfix-cdb_3.7.11-0+deb12u1_i386.deb 0c27b6f93546f464696285ec06012e3d71919893 1592044 postfix-dbgsym_3.7.11-0+deb12u1_i386.deb 7dbc2bfe1eae4eab144acc5244f91e5c912b10c4 19304 postfix-ldap-dbgsym_3.7.11-0+deb12u1_i386.deb 09e5b5b48ebc5b109868a47920e2af11e64d28ec 352176 postfix-ldap_3.7.11-0+deb12u1_i386.deb 36dfc07206696597d93c00e38c41dbb230c3cc62 16872 postfix-lmdb-dbgsym_3.7.11-0+deb12u1_i386.deb ebb03d1ee961dd16a1bb483a0815f01f052881de 340008 postfix-lmdb_3.7.11-0+deb12u1_i386.deb 6c8474ba4e26779f59251dd32e092725fcd8d1b6 22572 postfix-mysql-dbgsym_3.7.11-0+deb12u1_i386.deb ace152d83600707d05d4a813623fb11604708bea 342112 postfix-mysql_3.7.11-0+deb12u1_i386.deb b35c43822c29731dceb4e07b02131b1872495f50 13688 postfix-pcre-dbgsym_3.7.11-0+deb12u1_i386.deb 472d81e94f05d45d48993711ad383768fdcdd532 340280 postfix-pcre_3.7.11-0+deb12u1_i386.deb 8a2ca8481a8c9c928097a7516f07622edd6146b0 12716 postfix-pgsql-dbgsym_3.7.11-0+deb12u1_i386.deb 6342eb8c1743993f075b67731231a1ecfa0b0d7b 340768 postfix-pgsql_3.7.11-0+deb12u1_i386.deb d080f4423e65fd7d274d8d8c56b30dda76b2d8b2 7548 postfix-sqlite-dbgsym_3.7.11-0+deb12u1_i386.deb 6908582db7eee45c4dbf084650a4b29aa7bebf41 337512 postfix-sqlite_3.7.11-0+deb12u1_i386.deb 8a1dafd1b1081301437bf0c9c968dfb83f33b620 11652 postfix_3.7.11-0+deb12u1_i386-buildd.buildinfo 95b8a3b6e7d59d638abf4a895b01ff5fa8fcc030 1537756 postfix_3.7.11-0+deb12u1_i386.deb Checksums-Sha256: 07575c19fed215326ec54b9cd3d581be4b36782387dc099cd573c45832d5a9f3 9788 postfix-cdb-dbgsym_3.7.11-0+deb12u1_i386.deb 2557cdf21a8f426de219597b062195b0c53fb5a9d6b36620345cbee441e38766 334104 postfix-cdb_3.7.11-0+deb12u1_i386.deb 94e1c9b8c40321af268303bca51b96d0ee38e5db859239fdb118318cc79e718b 1592044 postfix-dbgsym_3.7.11-0+deb12u1_i386.deb a75352d61c14c4b45e3634b05efdca0753f0e9ec473aa4a647f7548c0a0d2012 19304 postfix-ldap-dbgsym_3.7.11-0+deb12u1_i386.deb d256c2e494044d96ad5378de78786f61c64d55678b7d83563a2bb2e7e2e2d6dc 352176 postfix-ldap_3.7.11-0+deb12u1_i386.deb fb73d295b187a3c8df4dae6905bca4a85a635514acce92e7337652ecd449910f 16872 postfix-lmdb-dbgsym_3.7.11-0+deb12u1_i386.deb 3ac14d110b61e060e27b4e0153683fb6226ce55e5c626dfdfbdfa46f08e1bef6 340008 postfix-lmdb_3.7.11-0+deb12u1_i386.deb eb24bf616a41f7568556792423553475020211c1e4eb1d134a137afb197b5689 22572 postfix-mysql-dbgsym_3.7.11-0+deb12u1_i386.deb 1b0204127012102172e916fd78aa8d07bb1143b7bfe959d39d32a7221ef10db7 342112 postfix-mysql_3.7.11-0+deb12u1_i386.deb e97a55f2a51edcdb4f777ebc7c5ec7e4138849b225dab2a5428f43a0db8a0386 13688 postfix-pcre-dbgsym_3.7.11-0+deb12u1_i386.deb d075ba071af615bf10b87dbc6b7d3abd287f86a6929c08941f090fe65fac202e 340280 postfix-pcre_3.7.11-0+deb12u1_i386.deb d17002825e0ceabb408ce2f748a0a5bca4c2f1055085883f5a88693b8422194a 12716 postfix-pgsql-dbgsym_3.7.11-0+deb12u1_i386.deb c33262a684180f5a41916985b03b12210c54d03f664b982dbd58f16a8122af69 340768 postfix-pgsql_3.7.11-0+deb12u1_i386.deb 6d4c426fa4b75146db4a43032c69a15e9e5d73f03921b1040fc5fd5094297164 7548 postfix-sqlite-dbgsym_3.7.11-0+deb12u1_i386.deb 5efdac8f2c2cd8ccfb31c068cd71a7f8b7902aac6c0de79b7e9302705ccf4d1b 337512 postfix-sqlite_3.7.11-0+deb12u1_i386.deb 4bd19cb81029da1950627b915743be4c17cd9c08a787c72c3168505e5fb00b55 11652 postfix_3.7.11-0+deb12u1_i386-buildd.buildinfo bea6f277589020b528f40277e51f3ec935aaeb0ad7eeadef8b64d0d56151858e 1537756 postfix_3.7.11-0+deb12u1_i386.deb Files: 6884e46b0c1a7bc690295ae985109498 9788 debug optional postfix-cdb-dbgsym_3.7.11-0+deb12u1_i386.deb f7ffc49fb349e1cc9945c3979df1ec34 334104 mail optional postfix-cdb_3.7.11-0+deb12u1_i386.deb 3f1945777331f19857a6d21068037528 1592044 debug optional postfix-dbgsym_3.7.11-0+deb12u1_i386.deb d0196061c0966d570fedc066f5b15899 19304 debug optional postfix-ldap-dbgsym_3.7.11-0+deb12u1_i386.deb fe36d11fc5d9f7d8d29363e896181025 352176 mail optional postfix-ldap_3.7.11-0+deb12u1_i386.deb ce61949cdd50408c8efba8baf02fba90 16872 debug optional postfix-lmdb-dbgsym_3.7.11-0+deb12u1_i386.deb c449e4e89728ca1adff949ad1e5805c0 340008 mail optional postfix-lmdb_3.7.11-0+deb12u1_i386.deb e4bb61d477dcba96cb15032ff474ca4f 22572 debug optional postfix-mysql-dbgsym_3.7.11-0+deb12u1_i386.deb 5ac410aacde537b55fd399b810ef0615 342112 mail optional postfix-mysql_3.7.11-0+deb12u1_i386.deb bd764ad1c337f841e34e19300372cb40 13688 debug optional postfix-pcre-dbgsym_3.7.11-0+deb12u1_i386.deb 3d0336754a52a8db1bbf79cd8c212792 340280 mail optional postfix-pcre_3.7.11-0+deb12u1_i386.deb 7e146d0f95475de0cf09cbb36b1903fc 12716 debug optional postfix-pgsql-dbgsym_3.7.11-0+deb12u1_i386.deb 7aa491655553e0f271347148189a02bb 340768 mail optional postfix-pgsql_3.7.11-0+deb12u1_i386.deb 1bf523022e6dcd16962ff5b763b3c2e2 7548 debug optional postfix-sqlite-dbgsym_3.7.11-0+deb12u1_i386.deb 8636fed94f770501688bdf2771fe7bb2 337512 mail optional postfix-sqlite_3.7.11-0+deb12u1_i386.deb e92b10cc86f04807fe1850c41e8518fd 11652 mail optional postfix_3.7.11-0+deb12u1_i386-buildd.buildinfo 98660373780c8111b240c14f5b60b699 1537756 mail optional postfix_3.7.11-0+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEqYm4ZPyuLwhx8Meo2VckltclZ4AFAmYApAEACgkQ2Vckltcl Z4DLSw/7BNLJ4ZZV08qMMumCqRh05E6LZmUMSqBP0V2bYNcaOKpqXVa+sIJ2gYBe dR/IHg+FReQBPAJkG/MU+GDdpUdkph+4AX1T24AMuZW+rrZzCneedj6TyWcyUEVo yjwPyuzOScfRcYUfV58u6dj94XqzNqEKSzVJCFSgc7r/hDw2IBmP2HwxYs4IvNtP C+lZAHFd0ee9eCFxg+iqo/5d0yJwRaPP1w6ebWHosCuhJwnscsXh+NZBVNjatDoV aiMwyJ4Zrf1IKYHC1GFDA92j2jEBmJMdEmSD/ZjK1e+fC5NNZ0IGTlISUWzHAwCw X37bTEI6aa9Pg98yJAetcjLID8moizgVZLPsg5TWvPmCqsyw9a6KpEurj0WXE+xn NWb7VW/L+tfuVjvZnGQEP2t+BRq5g4sCynmu3QDYwbLcnWAdFqyqUaPlDnA2mDjl 9WQoajNxU9MkJY5BW0x1M9TJC9uohVJmVSB5lOSNkfSCoLAgIwoaOJV/bY6WbnjF vVkpOy0VbNX6+W3vAJqp0k0mCQRn0YK8hrk7uGNBOiqCXSBT4m0NMVEdQAIJLHgP bh2RKD2xuF1+RVe2lWNFqYFEeOdoS+RmiHrzZso51Gebb2SWJp5gFk/R0uwU5kw7 t/BPwEs003ZiJ90LH0XZ8arCdWYdyOc4JvieEvm4T2DnCNJWbyY= =ERcs -----END PGP SIGNATURE-----