-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 09 Mar 2024 10:38:51 -0500 Source: postfix Binary: postfix postfix-cdb postfix-cdb-dbgsym postfix-dbgsym postfix-ldap postfix-ldap-dbgsym postfix-lmdb postfix-lmdb-dbgsym postfix-mysql postfix-mysql-dbgsym postfix-pcre postfix-pcre-dbgsym postfix-pgsql postfix-pgsql-dbgsym postfix-sqlite postfix-sqlite-dbgsym Architecture: i386 Version: 3.5.25-0+deb11u1 Distribution: bullseye Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Scott Kitterman Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-ldap - LDAP map support for Postfix postfix-lmdb - LMDB map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix postfix-sqlite - SQLite map support for Postfix Changes: postfix (3.5.25-0+deb11u1) bullseye; urgency=medium . [Wietse Venema] . * 3.5.25 - Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session. Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c. - Cleanup: Postfix SMTP server response with an empty authentication failure reason. File: smtpd/smtpd_sasl_glue.c. - Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance. File: postqueue/showq_json.c. - Cleanup: posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. Viktor Dukhovni. File: posttls-finger.c. - Bugfix (defect introduced: Postfix 2.3): after prepending a message header with a Postfix access table PREPEND action, a Milter request to delete or update an existing header could have no effect, or it could target the wrong instance of an existing header. Root cause: the fix dated 20141018 for the Postfix Milter client was incomplete. The client did correctly hide the first, Postfix-generated, Received: header when sending message header information to a Milter with the smfi_header() application callback function, but it was still hiding the first header (instead of the first Received: header) when handling requests from a Milter to delete or update an existing header. Problem report by Carlos Velasco. This change was verified to have no effect on requests from a Milter to add or insert a header. File: cleanup/cleanup_milter.c. - Workaround: tlsmgr logfile spam. Some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. File: tlsmgr/tlsmgr.c. - Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. File: smtpd/smtpd.c. - Performance: eliminate worst-case behavior where the queue manager defers delivery to all destinations over a specific delivery transport, after only a single delivery agent failure. The scheduler now throttles one destination, and allows deliveries to other destinations to keep making progress. Files: *qmgr/qmgr_deliver.c. - Safety: drop and log over-size DNS responses resulting in more than 100 records. This 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is well below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also limits the number of DNS requests from check_*_*_access restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. Checksums-Sha1: 9695771df4860b00be7e055843edaee090f68810 9144 postfix-cdb-dbgsym_3.5.25-0+deb11u1_i386.deb 5f3fe9f1aeaa48fcbebb7c155215ad64c07a20fe 364924 postfix-cdb_3.5.25-0+deb11u1_i386.deb 526642e390122517cec6e3aa1b5924eaad190faf 1772624 postfix-dbgsym_3.5.25-0+deb11u1_i386.deb 4585af7e688af61d620099941d7c81d6849d7036 18256 postfix-ldap-dbgsym_3.5.25-0+deb11u1_i386.deb c1318f9243ac950c4de70c7068c7446046529490 383808 postfix-ldap_3.5.25-0+deb11u1_i386.deb 5af491b58574d2414ba0fe067823fabbecc21d15 16368 postfix-lmdb-dbgsym_3.5.25-0+deb11u1_i386.deb a28b146aafe8b8a54f4c3ce3d575e04de5ff6d8f 371508 postfix-lmdb_3.5.25-0+deb11u1_i386.deb 0b8fe7a8aa5803c91a4f61f861820483bee31761 22444 postfix-mysql-dbgsym_3.5.25-0+deb11u1_i386.deb 781aecdf67afdbb613be1ec5acf7dbe8cb1edffc 373792 postfix-mysql_3.5.25-0+deb11u1_i386.deb cd85b7c34dcbf4c1933799def45ceb43fa41d9cb 13116 postfix-pcre-dbgsym_3.5.25-0+deb11u1_i386.deb 95be7ac2ef86049e215c3ca2d80fb788fde354b4 371568 postfix-pcre_3.5.25-0+deb11u1_i386.deb 1a96c7f119797816dc3c6d38828a67842f859f6a 12084 postfix-pgsql-dbgsym_3.5.25-0+deb11u1_i386.deb e6296888dcf779addc20bd86506216810f9f3d20 372436 postfix-pgsql_3.5.25-0+deb11u1_i386.deb fb87d3f82d5b7c57756f4866165a95566f85c369 6892 postfix-sqlite-dbgsym_3.5.25-0+deb11u1_i386.deb 1f460caa36f57460ec0a1a82c86d3fd533a9ccb1 368344 postfix-sqlite_3.5.25-0+deb11u1_i386.deb d7d612067c72d563eefb70bcc46ba4227e5d6caa 12061 postfix_3.5.25-0+deb11u1_i386-buildd.buildinfo e75175a2272ec3bcfa1cc203bc7ab59e841996a3 1598972 postfix_3.5.25-0+deb11u1_i386.deb Checksums-Sha256: 587bde0a0c6bda80977358019e774968c83819fbf92b47b05b52a0bfa22e9075 9144 postfix-cdb-dbgsym_3.5.25-0+deb11u1_i386.deb 8593fa1e3a97cc2c86236eb13f561eae8113e1efe040f613c86db14944274225 364924 postfix-cdb_3.5.25-0+deb11u1_i386.deb f236291934b8dfb7fb77023e3ca1194577e28d903e4aa4f09ab9a76db243b154 1772624 postfix-dbgsym_3.5.25-0+deb11u1_i386.deb e6c19f49fdd4b06ed2261bf0d0b550ffea9f4fce479eca040f137ec447b1f73a 18256 postfix-ldap-dbgsym_3.5.25-0+deb11u1_i386.deb de9ede466cbbe3176898fab1b1d06c511a68be1b1f641796039910c8f64fda72 383808 postfix-ldap_3.5.25-0+deb11u1_i386.deb 9b674b2db3218d175ec83c527e6d358dbdf28651a9411b76c68a8ee4b030b095 16368 postfix-lmdb-dbgsym_3.5.25-0+deb11u1_i386.deb e6acb21329dac9eb409e0299222dddb88f9d7412c2959e523e37e86c43e53c24 371508 postfix-lmdb_3.5.25-0+deb11u1_i386.deb bb6449314c9504d4d477c7bb54e98b2ea16f5c6c0c0253782991799d520036d8 22444 postfix-mysql-dbgsym_3.5.25-0+deb11u1_i386.deb 82d8386c9f548c301ee9de3488a38c507824771b6cb16352c9e2e28949e127c1 373792 postfix-mysql_3.5.25-0+deb11u1_i386.deb 233b2beaeb2ba8be55cc9407a175ace11bea691f65411d347e19cc7492cb3aef 13116 postfix-pcre-dbgsym_3.5.25-0+deb11u1_i386.deb 910dcaa0a453ca037d20900894b43db7280df80c2c908123ce117413db345281 371568 postfix-pcre_3.5.25-0+deb11u1_i386.deb 46954258ab57f2d171cdc7c7d699379604b629e7fc949f955b9c30029f581df5 12084 postfix-pgsql-dbgsym_3.5.25-0+deb11u1_i386.deb 786770de4550f2ffd4a1565cf5e9a874ee3d36a9cf98589d82fbed7f98f92ce8 372436 postfix-pgsql_3.5.25-0+deb11u1_i386.deb 85ca14e507472cfe800a5a6a6e05fddd78584b8507edc5b14396d42f2b67ebc6 6892 postfix-sqlite-dbgsym_3.5.25-0+deb11u1_i386.deb 25d5411a163a97f274161bfb742fe8d62734d5eb7f402eadf0760f8efdaa9a88 368344 postfix-sqlite_3.5.25-0+deb11u1_i386.deb 8cae98f4dc96703cbec431d50ad231670f648c41548d23583188e650b1411025 12061 postfix_3.5.25-0+deb11u1_i386-buildd.buildinfo 308133e71536825e2e30d067b64a5f376edb12646ae615d355c46ac55808f489 1598972 postfix_3.5.25-0+deb11u1_i386.deb Files: 65520fd472b8efa445e43438450c9c8a 9144 debug optional postfix-cdb-dbgsym_3.5.25-0+deb11u1_i386.deb e99c0c2b710437e1949e497c73df6977 364924 mail optional postfix-cdb_3.5.25-0+deb11u1_i386.deb 1a71131536fd289b9d3f2197cff85743 1772624 debug optional postfix-dbgsym_3.5.25-0+deb11u1_i386.deb 9a58a895f2724870bc6cbcf090d04039 18256 debug optional postfix-ldap-dbgsym_3.5.25-0+deb11u1_i386.deb b2d88d1d1c23289c1c5c57257e3d7ef8 383808 mail optional postfix-ldap_3.5.25-0+deb11u1_i386.deb e051b8845f23ff62bf823aa466c8f303 16368 debug optional postfix-lmdb-dbgsym_3.5.25-0+deb11u1_i386.deb 0f14d63ec1f937df831629412d447451 371508 mail optional postfix-lmdb_3.5.25-0+deb11u1_i386.deb a5e4a3f51455bb14554d0a3d8987d851 22444 debug optional postfix-mysql-dbgsym_3.5.25-0+deb11u1_i386.deb b7c9a088db39da9d29a6c130a11f85fc 373792 mail optional postfix-mysql_3.5.25-0+deb11u1_i386.deb fe477b203db4bfde0dceab4b5b9758a6 13116 debug optional postfix-pcre-dbgsym_3.5.25-0+deb11u1_i386.deb 44136a7c9bb61a903e3967210d09546a 371568 mail optional postfix-pcre_3.5.25-0+deb11u1_i386.deb 6360c64624f4da617a9347dada88f904 12084 debug optional postfix-pgsql-dbgsym_3.5.25-0+deb11u1_i386.deb 124a4383faf907a707e4507961f9c6d6 372436 mail optional postfix-pgsql_3.5.25-0+deb11u1_i386.deb 75470aaa3aa31b206f74aded28c1d355 6892 debug optional postfix-sqlite-dbgsym_3.5.25-0+deb11u1_i386.deb 9d6538320f3d938f4ef09a70ce5182f6 368344 mail optional postfix-sqlite_3.5.25-0+deb11u1_i386.deb 4508fe6626092bc89c8365195c34e359 12061 mail optional postfix_3.5.25-0+deb11u1_i386-buildd.buildinfo 40f9ef662fb7e640146665ec52107272 1598972 mail optional postfix_3.5.25-0+deb11u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvy6d65NNYPbL6IQIEQ1nooK/IAQFAmYm0MMACgkQEQ1nooK/ IAT7Iw//e+revtsRefAGjNpAWqAQ9ae8JoWhNUtqwwnzvAXeUvoog9FobcS27Pcy RlNNOkyY0/MimoADExgXAJ5aFp876bt+qhe9v4nPfw+Jx9xcDQ4FL0I4jGr7gRVx pJFCllqIzDWb6rlmIwW9EK0ytilgMX+8RZIVTXhcbMlLvVwXpm/Z7W+ngxS5hpx8 29ym8Jd6uRhwgZ6tM9LspqNwJnaTvWyayTDc7KJNuIRdqKFJwC6znFPclUidwQU6 2kCNHNFHZ9KPj0GtcKSQtq3zXUnouzsBlLkZl21VCaLU2N/zt/pfg1RA0EZoq+Yf TqHF4jX/7mpKOuuHxDFOxkMIRkSfx3woyWhx3qC8Ahc8IQOYui5LboqoWSph8SO0 9j5rhO5Wr0oVaZtGwPiNZmZQoXlKaeJcV9UfJvSdw8w/1hKduUbVc1er8mx++vSM krnXEH0p0K74X3Qi2ZZJetvls4HWID4uOaKVR+0H049gisGvacuG8Ad3f+gTXGjU 73/qlwtPn1GLqw5yJ8vnYxR44S8HnOcVs0K3ZhSPK9An4jBOybXU/CpwXLvvymhI aTSFCZXnbO8pJra92YxmcZ7RZ+Hh37M/Rc5DdrP6S/KRcaCTO/fFLRV/s8ZXKKEf x6nAbwQ2pTnFHJNcvr0vwAHo3r4/0A4J8779GpJ0vMgthuRDiRc= =o3Ev -----END PGP SIGNATURE-----