-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 06 Mar 2024 10:10:14 -0500 Source: postfix Binary: postfix postfix-cdb postfix-cdb-dbgsym postfix-dbgsym postfix-ldap postfix-ldap-dbgsym postfix-lmdb postfix-lmdb-dbgsym postfix-mysql postfix-mysql-dbgsym postfix-pcre postfix-pcre-dbgsym postfix-pgsql postfix-pgsql-dbgsym postfix-sqlite postfix-sqlite-dbgsym Architecture: armel Version: 3.7.11-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-06) Changed-By: Scott Kitterman Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-ldap - LDAP map support for Postfix postfix-lmdb - LMDB map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix postfix-sqlite - SQLite map support for Postfix Changes: postfix (3.7.11-0+deb12u1) bookworm; urgency=medium . [Wietse Venema] . * 3.7.11 - Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session. Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c. - Cleanup: Postfix SMTP server response with an empty authentication failure reason. File: smtpd/smtpd_sasl_glue.c. - Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance. File: postqueue/showq_json.c. - Cleanup: posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. Viktor Dukhovni. File: posttls-finger.c. - Bugfix (defect introduced: Postfix 2.3): after prepending a message header with a Postfix access table PREPEND action, a Milter request to delete or update an existing header could have no effect, or it could target the wrong instance of an existing header. Root cause: the fix dated 20141018 for the Postfix Milter client was incomplete. The client did correctly hide the first, Postfix-generated, Received: header when sending message header information to a Milter with the smfi_header() application callback function, but it was still hiding the first header (instead of the first Received: header) when handling requests from a Milter to delete or update an existing header. Problem report by Carlos Velasco. This change was verified to have no effect on requests from a Milter to add or insert a header. File: cleanup/cleanup_milter.c. - Workaround: tlsmgr logfile spam. Some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. File: tlsmgr/tlsmgr.c. - Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. File: smtpd/smtpd.c. - Performance: eliminate worst-case behavior where the queue manager defers delivery to all destinations over a specific delivery transport, after only a single delivery agent failure. The scheduler now throttles one destination, and allows deliveries to other destinations to keep making progress. Files: *qmgr/qmgr_deliver.c. - Safety: drop and log over-size DNS responses resulting in more than 100 records. This 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is well below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also limits the number of DNS requests from check_*_*_access restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. Checksums-Sha1: bade463913fffc546e514675d96ab04447cf121b 10680 postfix-cdb-dbgsym_3.7.11-0+deb12u1_armel.deb 74b1c1e1977d6fb2e3c505325355ba23691d4762 333268 postfix-cdb_3.7.11-0+deb12u1_armel.deb 601c0e94a114aaf8c83989d787c0a7c146a88dc2 1743564 postfix-dbgsym_3.7.11-0+deb12u1_armel.deb d131713941a29379e93c4d5064799b193513390f 21972 postfix-ldap-dbgsym_3.7.11-0+deb12u1_armel.deb 372ebac2780834975f4e6534f6c7ff4382025e7f 350048 postfix-ldap_3.7.11-0+deb12u1_armel.deb 39bdc65a31423af0025b859a24a016eeb1bcf43f 18820 postfix-lmdb-dbgsym_3.7.11-0+deb12u1_armel.deb 2386b5544fe17f642ce82e201c8e1d5ea70cfadb 338112 postfix-lmdb_3.7.11-0+deb12u1_armel.deb 20b61b83e7765d49771252c5da8f8a4b388eec84 23680 postfix-mysql-dbgsym_3.7.11-0+deb12u1_armel.deb 23ed119393c10c3323429621dda62206cb8c9a2a 341760 postfix-mysql_3.7.11-0+deb12u1_armel.deb 01214b4ba9ffdfa062d1a8c533755b99ab10e8af 14464 postfix-pcre-dbgsym_3.7.11-0+deb12u1_armel.deb b3fe5fa65d09c841701322aeae9132f81565f6a5 338952 postfix-pcre_3.7.11-0+deb12u1_armel.deb 6734567310622f572567586edea50254b9fdb110 13972 postfix-pgsql-dbgsym_3.7.11-0+deb12u1_armel.deb 63744e50e9f50bf1eb0628cd2a43eb77e955040a 340568 postfix-pgsql_3.7.11-0+deb12u1_armel.deb d003ee8e42c474d1fb47fcfc42b4489a23d0614f 8384 postfix-sqlite-dbgsym_3.7.11-0+deb12u1_armel.deb 108082c74332e30d2984cde28a526dc1984316e1 336916 postfix-sqlite_3.7.11-0+deb12u1_armel.deb 95ce470c9f6ec0d261073e824a02151e288af61d 11614 postfix_3.7.11-0+deb12u1_armel-buildd.buildinfo d896aa20c7cb8bbdc478aa86a85e233686cc9f1c 1400560 postfix_3.7.11-0+deb12u1_armel.deb Checksums-Sha256: 8ec855e99e262a22a94e43beb7403ce8d125b92650c4175cd56565b890140933 10680 postfix-cdb-dbgsym_3.7.11-0+deb12u1_armel.deb 33039b23ac0db4d82fc2e8798b0c88d3700653e10640cbc466e2def0f26a4b9e 333268 postfix-cdb_3.7.11-0+deb12u1_armel.deb e32d56b91405c636e1a9ddced02b62b77bef4055d115599f153bd5aa81762035 1743564 postfix-dbgsym_3.7.11-0+deb12u1_armel.deb 2829de1eaf7177315fccef234c7c4795fd074af4f4008f1b7b11e19b3e08ea24 21972 postfix-ldap-dbgsym_3.7.11-0+deb12u1_armel.deb 28b0d633ccd8bf1c02c46496eea834d85a557fea6cbaa10a73b9176195141928 350048 postfix-ldap_3.7.11-0+deb12u1_armel.deb 557c3d7ecd07acbd37303e9d29bc27e70e8091da0436c580e16bdc4aaa081a92 18820 postfix-lmdb-dbgsym_3.7.11-0+deb12u1_armel.deb 8f0ce01f7a3089c72b73aeacd57bf5fa66ddd9fdcfef6b9b8549c653ba283494 338112 postfix-lmdb_3.7.11-0+deb12u1_armel.deb 53cb03f89e3b3b40bf17c2d99fb669ffc39fc927263d457e27b348798c612ca6 23680 postfix-mysql-dbgsym_3.7.11-0+deb12u1_armel.deb 778a5adeb2df8495d180b09f0327ad4871c03c7e34583b59d8ae38a8324fc1db 341760 postfix-mysql_3.7.11-0+deb12u1_armel.deb dc03f4b84a903de3dadbe737b1f36e3934ebb055f1ea4152e01d1115098952c3 14464 postfix-pcre-dbgsym_3.7.11-0+deb12u1_armel.deb b685346733236c6c4a9779660e30c381affae3e8cec2f975c3b8926c8ad9df2f 338952 postfix-pcre_3.7.11-0+deb12u1_armel.deb c2fcecbe69d4b945e522b634c2ac484f637f619b89e80c81389fd923e5821da2 13972 postfix-pgsql-dbgsym_3.7.11-0+deb12u1_armel.deb 58e122c6ba59f35f2acde67a794233715fbd5927be30cf71fe4d060e0182bcd4 340568 postfix-pgsql_3.7.11-0+deb12u1_armel.deb 32dadb5257af97d095019a69fb8edeb886fbcfbb9558808bcdb72dcde146fa84 8384 postfix-sqlite-dbgsym_3.7.11-0+deb12u1_armel.deb a27268d067aec94ac91007e4ed74f79ad14021dad8efbd6201fc061d4620dede 336916 postfix-sqlite_3.7.11-0+deb12u1_armel.deb 4c031f215fee9bb32c6b318656a972b72b1a641c8cc19fe77259cbb61a98269c 11614 postfix_3.7.11-0+deb12u1_armel-buildd.buildinfo a6be1d7c3e3bc9ad68432d2aa77679703fa2a9bf44d4627cab8f4f0d3cfd79eb 1400560 postfix_3.7.11-0+deb12u1_armel.deb Files: 12d680cc468afde4b3cc82f3561c7641 10680 debug optional postfix-cdb-dbgsym_3.7.11-0+deb12u1_armel.deb e2a514e2c60c74470d17f744b22a7842 333268 mail optional postfix-cdb_3.7.11-0+deb12u1_armel.deb b78c737edb5b0488066bcf41dac8aedf 1743564 debug optional postfix-dbgsym_3.7.11-0+deb12u1_armel.deb 5a4b58f1afd5270a3ceb82c359522ae4 21972 debug optional postfix-ldap-dbgsym_3.7.11-0+deb12u1_armel.deb 0f67b529b2e6337bf87852333fc4ffa6 350048 mail optional postfix-ldap_3.7.11-0+deb12u1_armel.deb 948540c281c1b30cc6fc09accae61d6b 18820 debug optional postfix-lmdb-dbgsym_3.7.11-0+deb12u1_armel.deb 84adafbb1ecf960fc805a02d1e321999 338112 mail optional postfix-lmdb_3.7.11-0+deb12u1_armel.deb 97a6172e0f7626c9dc1b674a278bad71 23680 debug optional postfix-mysql-dbgsym_3.7.11-0+deb12u1_armel.deb d08510aabb5def48d8e2db5aa0e54bb6 341760 mail optional postfix-mysql_3.7.11-0+deb12u1_armel.deb eca28794f59227f031d08845b183943d 14464 debug optional postfix-pcre-dbgsym_3.7.11-0+deb12u1_armel.deb c26e0c0b0f0447280c73f667b81c921d 338952 mail optional postfix-pcre_3.7.11-0+deb12u1_armel.deb c435dccff63dff0b7572e56d6305a78a 13972 debug optional postfix-pgsql-dbgsym_3.7.11-0+deb12u1_armel.deb aa342c501f1e3f6443f9785598a169de 340568 mail optional postfix-pgsql_3.7.11-0+deb12u1_armel.deb 0993f1fbe2602dd0e6ded26f440ef8ea 8384 debug optional postfix-sqlite-dbgsym_3.7.11-0+deb12u1_armel.deb bf341128838a7471efdc96fc18b0543f 336916 mail optional postfix-sqlite_3.7.11-0+deb12u1_armel.deb be36d1d516fe0612109abad00930c7d9 11614 mail optional postfix_3.7.11-0+deb12u1_armel-buildd.buildinfo 9def60e9cb64550973384852db8d271b 1400560 mail optional postfix_3.7.11-0+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdkvJoTVAIZVYaO9cyYck2apzqqMFAmYAp2oACgkQyYck2apz qqMUcQ//UljKyvINtUvtEW/6QssHlWKHTHHaDgZ5kCt+RFMsyL5n8GrMFyCRQNBK rYTh5O2wFkT1D60tC7X71FJZ0qcYiySv0WaNxBMrgYjJYOPJG86Bw+9rS/tSzdP3 8giuJj/pzJyh9n5nFxlIzLuT34016QauQSkZSL/SapR7ZPaV2o+rAQ5/QPPZphsh U+tQXMI+D9ZLOplJQy9CQiPl3JWcZsYzCD0oI11S96sbog1chcMN/RMP9hxOadva lGn+sWUYx5boISoZ/Cyfq13M4tNIRixC/nSGwjKiRhbYkBvmnkdDHWprRwjX/Brw ayELpL3+VMBfjbp1i9N88/q7yehcUpeZCr7AWRl4EY+C0LWYoOsg7++/KnjD3t54 UIwNSrGFd2wT6dsRZTznVfx/IJbrIfTWzgJ5DbBqc5AvbdtWflxr2QqGHlCjW3NK 8V3BXZJ/o/cQPVwxDZFirMS6uFpL9hwSVCXQrbdwtwa78CjHDGeysSOTm+nDA926 ZiDsUVzRwYXWe0W9wWny7FJ1m1H0WsfIKhJgGIXoXTsNzMODeRwpgsbw6x3bvZLw HD4YbeeFMrlfFEih2kK4k1EdCjG7OJ3QW9X3KQZNAwb4ybq253PcmRGtNNMZoc3g lmBMMx7NicfmwhB43nrd+jRI6xCRN2/98rHM/yc09csMFrl7HGw= =+dCZ -----END PGP SIGNATURE-----