-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 09 Mar 2024 10:38:51 -0500 Source: postfix Binary: postfix postfix-cdb postfix-cdb-dbgsym postfix-dbgsym postfix-ldap postfix-ldap-dbgsym postfix-lmdb postfix-lmdb-dbgsym postfix-mysql postfix-mysql-dbgsym postfix-pcre postfix-pcre-dbgsym postfix-pgsql postfix-pgsql-dbgsym postfix-sqlite postfix-sqlite-dbgsym Architecture: amd64 Version: 3.5.25-0+deb11u1 Distribution: bullseye Urgency: medium Maintainer: amd64 Build Daemon (x86-grnet-03) Changed-By: Scott Kitterman Description: postfix - High-performance mail transport agent postfix-cdb - CDB map support for Postfix postfix-ldap - LDAP map support for Postfix postfix-lmdb - LMDB map support for Postfix postfix-mysql - MySQL map support for Postfix postfix-pcre - PCRE map support for Postfix postfix-pgsql - PostgreSQL map support for Postfix postfix-sqlite - SQLite map support for Postfix Changes: postfix (3.5.25-0+deb11u1) bullseye; urgency=medium . [Wietse Venema] . * 3.5.25 - Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session. Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c. - Cleanup: Postfix SMTP server response with an empty authentication failure reason. File: smtpd/smtpd_sasl_glue.c. - Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance. File: postqueue/showq_json.c. - Cleanup: posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. Viktor Dukhovni. File: posttls-finger.c. - Bugfix (defect introduced: Postfix 2.3): after prepending a message header with a Postfix access table PREPEND action, a Milter request to delete or update an existing header could have no effect, or it could target the wrong instance of an existing header. Root cause: the fix dated 20141018 for the Postfix Milter client was incomplete. The client did correctly hide the first, Postfix-generated, Received: header when sending message header information to a Milter with the smfi_header() application callback function, but it was still hiding the first header (instead of the first Received: header) when handling requests from a Milter to delete or update an existing header. Problem report by Carlos Velasco. This change was verified to have no effect on requests from a Milter to add or insert a header. File: cleanup/cleanup_milter.c. - Workaround: tlsmgr logfile spam. Some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. File: tlsmgr/tlsmgr.c. - Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. File: smtpd/smtpd.c. - Performance: eliminate worst-case behavior where the queue manager defers delivery to all destinations over a specific delivery transport, after only a single delivery agent failure. The scheduler now throttles one destination, and allows deliveries to other destinations to keep making progress. Files: *qmgr/qmgr_deliver.c. - Safety: drop and log over-size DNS responses resulting in more than 100 records. This 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is well below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also limits the number of DNS requests from check_*_*_access restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. Checksums-Sha1: 1b61116eddb00868c34d5430a8ad7996b94ffdd6 9936 postfix-cdb-dbgsym_3.5.25-0+deb11u1_amd64.deb da3c33771fe67bac85399515765e1f593aa01a27 364664 postfix-cdb_3.5.25-0+deb11u1_amd64.deb 62544f3940fe0a2390af3ca7ee9498880757a702 2073804 postfix-dbgsym_3.5.25-0+deb11u1_amd64.deb 23349f18c7403290501f242fb538a30caacf073a 21580 postfix-ldap-dbgsym_3.5.25-0+deb11u1_amd64.deb 5f17078e32541937978835e7fe93003e221e2f13 383084 postfix-ldap_3.5.25-0+deb11u1_amd64.deb 01bfe3f036f6bb33aa7c61f8e63753fa9d866c94 18568 postfix-lmdb-dbgsym_3.5.25-0+deb11u1_amd64.deb f20a8b2da1b63a08743445cddab5a85b54e1cd2e 370972 postfix-lmdb_3.5.25-0+deb11u1_amd64.deb ad9274c393c7d6884d55df0f3a46451d0d43f885 23532 postfix-mysql-dbgsym_3.5.25-0+deb11u1_amd64.deb b154c47a76a7cb14808c317c27a71031e4eb1586 373240 postfix-mysql_3.5.25-0+deb11u1_amd64.deb 3779b827de30764a381a99c8f87dbf46554059fa 14432 postfix-pcre-dbgsym_3.5.25-0+deb11u1_amd64.deb 8e33a1f1b0f62d9d434ae6c1e2e56fcc976e8aed 370388 postfix-pcre_3.5.25-0+deb11u1_amd64.deb 2bf15022acd56d4650a94f13857b25e9f2a77790 13312 postfix-pgsql-dbgsym_3.5.25-0+deb11u1_amd64.deb e4286f857161d4f4baff357ebf59df4f7471ff3f 371176 postfix-pgsql_3.5.25-0+deb11u1_amd64.deb dde2b2c66d3e9b73caa068c5477ed184189ddeb8 7720 postfix-sqlite-dbgsym_3.5.25-0+deb11u1_amd64.deb 1ddb6bdd935821b204ab2e3706300d96d7bb4588 368188 postfix-sqlite_3.5.25-0+deb11u1_amd64.deb 09aa9f93669c24af181e1ab461550d20351e157a 12164 postfix_3.5.25-0+deb11u1_amd64-buildd.buildinfo f83b72b1f6dbf4123b28a302cbc308c7305871fa 1569684 postfix_3.5.25-0+deb11u1_amd64.deb Checksums-Sha256: ad1649e416348ea24190fc5b49400f3f557fdd5c1ca7b6f16d85694e57205177 9936 postfix-cdb-dbgsym_3.5.25-0+deb11u1_amd64.deb 786516cde295d5eb6a5c1a1271012de98c4cf10bb06f38058f054156f2182dc4 364664 postfix-cdb_3.5.25-0+deb11u1_amd64.deb d68a61f4d32e4a26f7686b5f39f12ef4f7b52d93413997695c58509ddff98123 2073804 postfix-dbgsym_3.5.25-0+deb11u1_amd64.deb 4066a1a54942d60347d5965db27dd888b82c5b4aa1f5253a63d5b0f76642e83b 21580 postfix-ldap-dbgsym_3.5.25-0+deb11u1_amd64.deb 44131c1d51fd8c5bad033909e3d67abb911c516537b0b6784b15c0f0623c2e7a 383084 postfix-ldap_3.5.25-0+deb11u1_amd64.deb bec985e52ff4dbb3cbbb6e35fcce9e641e034cc7dd417d5ea8a00fc56aa7494e 18568 postfix-lmdb-dbgsym_3.5.25-0+deb11u1_amd64.deb 9f4075c5c687852242d06a3b74a156b5bb87863dd8ffa981c2e27c973b89b8df 370972 postfix-lmdb_3.5.25-0+deb11u1_amd64.deb 8c43b184c7b22788d73633517eb859f14f79b6ac701e100a6bc2243307eb523d 23532 postfix-mysql-dbgsym_3.5.25-0+deb11u1_amd64.deb a4e63e0ca6aa0dc51e2e2cf5a0d1c8af553dfc9d4b2591f83e75eab663a07fb3 373240 postfix-mysql_3.5.25-0+deb11u1_amd64.deb 273e7326dc695e3956824a97178b53d366dbddd6a59f603f12dd4723e29c8cf2 14432 postfix-pcre-dbgsym_3.5.25-0+deb11u1_amd64.deb d351b78787443ce318aa8954bfa5e0adc9b42501f432b26da1642dbe650a3441 370388 postfix-pcre_3.5.25-0+deb11u1_amd64.deb 1206dfd6406e74103d7ddf1805b36173213a4e4d9c17d963a3aa87bcae22a523 13312 postfix-pgsql-dbgsym_3.5.25-0+deb11u1_amd64.deb 2d064c5ce335f38721c96e199d1aef7c8bf9db0a270c21adce7829dabcb43f38 371176 postfix-pgsql_3.5.25-0+deb11u1_amd64.deb 36fd5a53c8c6a5dafbc1dc25eb5db810351bdbfbe717ccbcf11aa3efefa711cf 7720 postfix-sqlite-dbgsym_3.5.25-0+deb11u1_amd64.deb ff85688e09b5ac3316918abb0aded5f9129257c7de41ede1c07c7b6f7e17b030 368188 postfix-sqlite_3.5.25-0+deb11u1_amd64.deb 9e99515004061314ab0a8b22111f7fc520b2a5df4f279250eef3ee38a37150a2 12164 postfix_3.5.25-0+deb11u1_amd64-buildd.buildinfo d16e22c52660978dd9f810435dd422f89cde661e33ce894afd231a970223c671 1569684 postfix_3.5.25-0+deb11u1_amd64.deb Files: 6289b7c801a5a96067e6e5550d24f135 9936 debug optional postfix-cdb-dbgsym_3.5.25-0+deb11u1_amd64.deb 23530b468c7bafc53f0e18dafa6116e1 364664 mail optional postfix-cdb_3.5.25-0+deb11u1_amd64.deb 9ba7eba8ef40efeb1932ae4fba0cb688 2073804 debug optional postfix-dbgsym_3.5.25-0+deb11u1_amd64.deb 681090445aeab46f4947707f0121a4ed 21580 debug optional postfix-ldap-dbgsym_3.5.25-0+deb11u1_amd64.deb 00977524e527da8e8a359c1418914f4c 383084 mail optional postfix-ldap_3.5.25-0+deb11u1_amd64.deb a6bf7203f42647af59c569c031212d82 18568 debug optional postfix-lmdb-dbgsym_3.5.25-0+deb11u1_amd64.deb 0bc23423e72274f0cf7c1a35e1248987 370972 mail optional postfix-lmdb_3.5.25-0+deb11u1_amd64.deb e9a2b0ec8e278b213231c3f43ab954ff 23532 debug optional postfix-mysql-dbgsym_3.5.25-0+deb11u1_amd64.deb 2ab503e404ffe7661b3301201b0b2007 373240 mail optional postfix-mysql_3.5.25-0+deb11u1_amd64.deb aca7f9c30273fb03072a00341778746a 14432 debug optional postfix-pcre-dbgsym_3.5.25-0+deb11u1_amd64.deb 0147152d425716e812ef64784c24f6f7 370388 mail optional postfix-pcre_3.5.25-0+deb11u1_amd64.deb 8f8489b59abe6c7b5834abdc5fdbafed 13312 debug optional postfix-pgsql-dbgsym_3.5.25-0+deb11u1_amd64.deb f42e41d7b103ad86990bb629cd039b73 371176 mail optional postfix-pgsql_3.5.25-0+deb11u1_amd64.deb 7671b37366e2a941c950c00bfd36cdc0 7720 debug optional postfix-sqlite-dbgsym_3.5.25-0+deb11u1_amd64.deb 0a597625c535fa14bc2f99955e52940f 368188 mail optional postfix-sqlite_3.5.25-0+deb11u1_amd64.deb 1b0681d7b4744d9b560221985e8effe1 12164 mail optional postfix_3.5.25-0+deb11u1_amd64-buildd.buildinfo e2b62b236a7b91d703b523b49c6c9467 1569684 mail optional postfix_3.5.25-0+deb11u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmYm0I8ACgkQgDm7h4zf CpKmtw//euS6rrbJvr8kaxX3qAEFB4lMOUZxnMp4IaOUSMqXJ9Zmt33VunA8dpJ8 syDOc/aCL0yk0IqnFXtu2KWbz23wkW6ivBmAc8uq4JjLS2m2LbRb9EP+mLYfWjLT a1Zlq/m0yXJ9qy/qDS1Va2oIq59aJ2MX+QfZmXBF3gLUKGNTpTxF2vXwPQp+9IJv KSTwvqLrsQwSkxUDszJGbSSS7cD0+ohc9evpKs8RciqJ8G4EIUvdWWr/fZQlPzqm DbNe/ZjvLLSw2h4BmkL5hLUHNTzY7+Aea7HgIHzqYWnGjnIiTvBfHn5z5deiHIyJ 6yJXjgmnRN7BtNwPszD9YWq6xRxAzmFBDKAGkMr6uqwYHHbfKEP9Cfi1Yaix/LGY pzIKv9Q3igE2RyAQtIqWrj39ECJ+Drv332Ni/Fcx9oEvtp/IsrNMPT5SEJ8E9+Bf jHCS2fnl7QCfBgVJqlOQY1afMGKy+UrwZaedmZUJ11MaS/739voOSkzWDm+GKQW3 T7SowehGfKLHPzmQJ6VNhTUjcqbd5y+BRv3VtGNQqBXY2VUIi5PWP749AqHtCsd9 AXpV5iaw8byS4lBuTwV90s58HeQzwDvR14eX45fHCUU9Dx8UG1EjyMJGXDEka2Gn Cg62XnAcrOZe1rNqA+JNRC6Cw9MAxOR1jUCtQjerN/YS9HwsLTs= =jXXL -----END PGP SIGNATURE-----