-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 06 Mar 2024 10:10:14 -0500 Source: postfix Binary: postfix postfix-cdb postfix-cdb-dbgsym postfix-dbgsym postfix-ldap postfix-ldap-dbgsym postfix-lmdb postfix-lmdb-dbgsym postfix-mysql postfix-mysql-dbgsym postfix-pcre postfix-pcre-dbgsym postfix-pgsql postfix-pgsql-dbgsym postfix-sqlite postfix-sqlite-dbgsym Architecture: armhf Version: 3.7.11-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-arm-01) Changed-By: Scott Kitterman Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-ldap - LDAP map support for Postfix postfix-lmdb - LMDB map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix postfix-sqlite - SQLite map support for Postfix Changes: postfix (3.7.11-0+deb12u1) bookworm; urgency=medium . [Wietse Venema] . * 3.7.11 - Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session. Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c. - Cleanup: Postfix SMTP server response with an empty authentication failure reason. File: smtpd/smtpd_sasl_glue.c. - Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance. File: postqueue/showq_json.c. - Cleanup: posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. Viktor Dukhovni. File: posttls-finger.c. - Bugfix (defect introduced: Postfix 2.3): after prepending a message header with a Postfix access table PREPEND action, a Milter request to delete or update an existing header could have no effect, or it could target the wrong instance of an existing header. Root cause: the fix dated 20141018 for the Postfix Milter client was incomplete. The client did correctly hide the first, Postfix-generated, Received: header when sending message header information to a Milter with the smfi_header() application callback function, but it was still hiding the first header (instead of the first Received: header) when handling requests from a Milter to delete or update an existing header. Problem report by Carlos Velasco. This change was verified to have no effect on requests from a Milter to add or insert a header. File: cleanup/cleanup_milter.c. - Workaround: tlsmgr logfile spam. Some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. File: tlsmgr/tlsmgr.c. - Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. File: smtpd/smtpd.c. - Performance: eliminate worst-case behavior where the queue manager defers delivery to all destinations over a specific delivery transport, after only a single delivery agent failure. The scheduler now throttles one destination, and allows deliveries to other destinations to keep making progress. Files: *qmgr/qmgr_deliver.c. - Safety: drop and log over-size DNS responses resulting in more than 100 records. This 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is well below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also limits the number of DNS requests from check_*_*_access restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. Checksums-Sha1: 3040585cfe951403708355f574d9ab36e5373729 10728 postfix-cdb-dbgsym_3.7.11-0+deb12u1_armhf.deb 2753a1068b89b0020a48b4d7952c7d8ebe9f0047 333228 postfix-cdb_3.7.11-0+deb12u1_armhf.deb 532d04a135a8c0e4aec29c379568ff62d86ecf12 1763212 postfix-dbgsym_3.7.11-0+deb12u1_armhf.deb 1268502ef9703bcdddf4883fa1417e9b160da3af 22136 postfix-ldap-dbgsym_3.7.11-0+deb12u1_armhf.deb 0e4f6937390f06a303d00febed15dd436157444b 350092 postfix-ldap_3.7.11-0+deb12u1_armhf.deb b2a5411749d6c72344d9b0c183d1f23401cdca4c 18924 postfix-lmdb-dbgsym_3.7.11-0+deb12u1_armhf.deb 9297bb079005be12a4df08d19a2705c554008d17 338136 postfix-lmdb_3.7.11-0+deb12u1_armhf.deb 01e96fc132c2d5fb208ded05a4f1b2500b534015 23472 postfix-mysql-dbgsym_3.7.11-0+deb12u1_armhf.deb cc551d564baf51e45555e1b0376fa61bd5a913f7 340712 postfix-mysql_3.7.11-0+deb12u1_armhf.deb 88c87e9453ed11faa41ed353e9036e59cf72e96c 14668 postfix-pcre-dbgsym_3.7.11-0+deb12u1_armhf.deb afb0a4df66a9c7a729fc4b02e8921b9a43b0a8d9 338860 postfix-pcre_3.7.11-0+deb12u1_armhf.deb d3abb4b79a9b4d36f6bbb34b339e3fdf993df0d9 13896 postfix-pgsql-dbgsym_3.7.11-0+deb12u1_armhf.deb 03ac468a1d8061857ec4c0e594e1d025c255fcea 339480 postfix-pgsql_3.7.11-0+deb12u1_armhf.deb caedffad0e5773112373e6a88eb6cb11950eca6f 8464 postfix-sqlite-dbgsym_3.7.11-0+deb12u1_armhf.deb 38c9cca7b95c9e282d0aca9e0c0e5b39dca61cec 336880 postfix-sqlite_3.7.11-0+deb12u1_armhf.deb dcb22e144efd27889952e808903a3bf3d9e359b0 11616 postfix_3.7.11-0+deb12u1_armhf-buildd.buildinfo 790a9fca1d6a9305b9f95e77db8526472ab5ed5c 1421428 postfix_3.7.11-0+deb12u1_armhf.deb Checksums-Sha256: 667be42d2a29133a47bcbdd4b5079d3308b823336e99113b0a4e0589b57f3627 10728 postfix-cdb-dbgsym_3.7.11-0+deb12u1_armhf.deb aa9ff2eb60837b6d41ee6a5cdc922d3d035dfaf1b14f944eedfd0bf11d5c9799 333228 postfix-cdb_3.7.11-0+deb12u1_armhf.deb fb53753c92025c652c8255df95fb0fba681eb075abb9daf996b532a9d04f2847 1763212 postfix-dbgsym_3.7.11-0+deb12u1_armhf.deb 565b2f630c32bd740d7c6baacc395c0ec225cad6cb3d8c970bc6008c0ffbdc82 22136 postfix-ldap-dbgsym_3.7.11-0+deb12u1_armhf.deb 23fe5e9b90ef31bc898cfbd341d9072f71d5f38437e4599484721f527aaab1a9 350092 postfix-ldap_3.7.11-0+deb12u1_armhf.deb aede578d41fbc28bc6f174bcfc8b7450f79718f687166cff78c70241a8cd7b19 18924 postfix-lmdb-dbgsym_3.7.11-0+deb12u1_armhf.deb a1c39bf362d10888e302afff87c439abc570dde8eb9858b56da37978959f41da 338136 postfix-lmdb_3.7.11-0+deb12u1_armhf.deb a498156183b84dea36d5c8d09c8a6fc1b045eefc1e8c654249ae638cdbd8abb1 23472 postfix-mysql-dbgsym_3.7.11-0+deb12u1_armhf.deb d3d0adddd96cee9bc45c67821ae6753a5772426e65feaff3e4156b5b70fd1eda 340712 postfix-mysql_3.7.11-0+deb12u1_armhf.deb 1aabf6d7d4d9fd00ea057ab6192561a58a730d4e09aef3567404b1e6ae807d3d 14668 postfix-pcre-dbgsym_3.7.11-0+deb12u1_armhf.deb 5b44bc04170aaf03feda0219a2285e8ecaa826b65f6020ec5328dbcd8ddee1c5 338860 postfix-pcre_3.7.11-0+deb12u1_armhf.deb e41ec279d25895a04bb0bf6f5c4b22376e3d6e8c8167fbd9ed339dde757e5c6e 13896 postfix-pgsql-dbgsym_3.7.11-0+deb12u1_armhf.deb bf29c542726f82bcfdedc3aa405bd1e1781c242beabd2e1542405c53e7c7d8e5 339480 postfix-pgsql_3.7.11-0+deb12u1_armhf.deb 91defe2a0b2097e4396b15b311a5b9962b9c47514b38d7b038afd82433cbe4a4 8464 postfix-sqlite-dbgsym_3.7.11-0+deb12u1_armhf.deb cdd038ddb678990fa83bea9b5b593730436c7a9a652dfedfab25cdb119a455ce 336880 postfix-sqlite_3.7.11-0+deb12u1_armhf.deb b22fb4151df9ba670883e402edf141124a653b86ee1b07de4a1d01528bd98ccc 11616 postfix_3.7.11-0+deb12u1_armhf-buildd.buildinfo 502b896d6a36731046e47540e09cf75424a2ebad69fc9a6789eff4defb4593c6 1421428 postfix_3.7.11-0+deb12u1_armhf.deb Files: 9bdf11038fd6b32b95941079b9a0ebc2 10728 debug optional postfix-cdb-dbgsym_3.7.11-0+deb12u1_armhf.deb d206ecc2ef71fec113d63aa74ef9e635 333228 mail optional postfix-cdb_3.7.11-0+deb12u1_armhf.deb 741317ddab238b2d2ca5f48822a1a7d9 1763212 debug optional postfix-dbgsym_3.7.11-0+deb12u1_armhf.deb c5edc4e042275c90a6a736d5b2334ae7 22136 debug optional postfix-ldap-dbgsym_3.7.11-0+deb12u1_armhf.deb aa33de994540eb75860769c932afd166 350092 mail optional postfix-ldap_3.7.11-0+deb12u1_armhf.deb c9ac380e9879bba5c17843bbf4fbe22b 18924 debug optional postfix-lmdb-dbgsym_3.7.11-0+deb12u1_armhf.deb 1f349a0cf01baa0de47450d8e0d2b6f1 338136 mail optional postfix-lmdb_3.7.11-0+deb12u1_armhf.deb 30d39b4fdb5874932642a6f44f181ece 23472 debug optional postfix-mysql-dbgsym_3.7.11-0+deb12u1_armhf.deb 5a65df3499ffeda0901f3146582fe04e 340712 mail optional postfix-mysql_3.7.11-0+deb12u1_armhf.deb 24cf294854fec685129e83fd620fc3ce 14668 debug optional postfix-pcre-dbgsym_3.7.11-0+deb12u1_armhf.deb 0fa164cc5d5da42b3116845e9d11335e 338860 mail optional postfix-pcre_3.7.11-0+deb12u1_armhf.deb c0d8c8595c871893889d5836e11867b2 13896 debug optional postfix-pgsql-dbgsym_3.7.11-0+deb12u1_armhf.deb f94a35627403093248f8c31c9d83c713 339480 mail optional postfix-pgsql_3.7.11-0+deb12u1_armhf.deb 0f84e4c8717eb53099b0d79e4d6724fd 8464 debug optional postfix-sqlite-dbgsym_3.7.11-0+deb12u1_armhf.deb a7021c72f60e1b596f04f4b22477255d 336880 mail optional postfix-sqlite_3.7.11-0+deb12u1_armhf.deb 1fcce7ff97ec92f0b003296dc0d09475 11616 mail optional postfix_3.7.11-0+deb12u1_armhf-buildd.buildinfo 8ea5b18fd52dd9472dc15c61b225eded 1421428 mail optional postfix_3.7.11-0+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4Prg5L5o4koxD5sKbi61NfD5HDwFAmYAo2cACgkQbi61NfD5 HDw84g//bRa35dWkPpk3K23mDccCUVEKxOg6RLeWz+iFnix//fLkigmKWWIHrL/g A5A8Jt7w9PeRKU/Zw3rZp78FO+/Xd59EKo4wiY/VNmSRyjkMDR6TIjzEYlyB3RFw Gu6F9QV515FBXEPL4YH+0m5d+dL1brC8/5GCc5pxxQ4TZec+b7MHMPFO/UHcDb1a He20oi2LAuNmJXsQBeJI2Hw5RjMdIvUNVlADVUWhVpqxHs3Qx4GGOnx9OKm26ku8 BvNKa24nGfS6ki3blh0YMBjEra7zukcW55T99meFfE69XmMQC9zKmiXEYkhbFlh7 /j03J8yNmPSE6ZoLT7iVtJXbgWjK7X8JtiwiOal28K+yo+3vUPEQcdE766qG6L39 esvBnvyfefAs+dFPmzR4vpITI61PqHQU5emFTCWrEXiL93y/4ql+DRXffSXL6et6 eyh/vnP0e2DtAhTgaawxb4ptxvWX34xp/LFCG0adUWoqvH8yOzEszHMUWr6yfOr3 GdLAFkEcwlZCgzMAEqWf14Rz4+xNTu3u0bvqyzTIg4D7jN9uWmIxOqVR4GMtgKp7 M4CxYx0Ym+Uqi24N883QFFwow+xt1zP479k/ZdwQspT+oQeucBfXfNzGitzPeD50 EyM0Q8V2ZEHIHmCUlqxTIyiiEG8PuH8xCys8/XC+D7uA7bFUbac= =lIpn -----END PGP SIGNATURE-----