1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted postfix 3.5.18-0+deb11u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sun Feb 12 20:40:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sat, 21 Jan 2023 20:17:03 -0500
    Source: postfix
    Architecture: source
    Version: 3.5.18-0+deb11u1
    Distribution: bullseye
    Urgency: medium
    Maintainer: LaMont Jones <lamont@debian.org>
    Changed-By: Scott Kitterman <scott@kitterman.com>
    Changes:
    postfix (3.5.18-0+deb11u1) bullseye; urgency=medium
    .
    [Wietse Venema]
    .
    * 3.5.18
    - Bugfix (introduced: Postfix 2.2): the smtpd_proxy_client
    code mis-parsed the last XFORWARD attribute name in the
    SMTP server's EHLO response. The result was that the
    smtpd_proxy_client code failed to forward the IDENT attribute.
    Fix by Andreas Weigel. File: smtpd/smtpd_proxy.c.
    .
    - Portability: LINUX6 support. Files: makedefs, util/sys_defs.h.
    .
    - Workaround: OpenSSL 3.x EVP_get_digestbyname() can return
    lazily bound handles that may fail to work when one attempts
    to use them, because no provider search happens until one
    constructs an actual operation context. In sufficiently
    hostile configurations, Postfix could mistakenly believe
    that an algorithm is available, when in fact it is not. A
    similar workaround may be needed for EVP_get_cipherbyname().
    Fix by Viktor Dukhovni. Files: tls/tls.h, tls/tls_dane.c,
    tls/tls_fprint.c, tls/tls_misc.c.
    .
    - Bugfix (introduced: Postfix 2.11): the checkok() macro in
    tls/tls_fprint.c evaluated its argument unconditionally;
    it should evaluate the argument only if there was no prior
    error. Found during code review. File: tls/tls_fprint.c.
    .
    - Foolproofing: postscreen segfault with postscreen_dnsbl_threshold
    < 1. It should reject such input with a fatal error instead.
    Discovered by Benny Pedersen. File: postscreen/postscreen.c.
    .
    - Bugfix (introduced: Postfix 2.7): the verify daemon logged
    a garbled cache name when terminating a cache scan in
    progress. Reported by Phil Biggs, fix by Viktor Dukhovni.
    File: util/dict_cache.c.
    .
    - Workaround: STRREF() macro to shut up compiler warnings for
    legitimate string comparison expressions. Back-ported from
    Postfix 3.6 and later. Files: util/stringops.h, flush/flush.c.
    .
    - Workaround for a breaking change in OpenSSL 3: always turn
    on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages
    and missed opportunities for TLS session reuse. This is
    safe because the SMTP protocol implements application-level
    framing, and is therefore not affected by TLS truncation
    attacks. Fix by Viktor Dukhovni. Files: tls/tls.h, tls_client.c,
    tls/tls_server.c.
    Checksums-Sha1:
    06dcb2fd157b1d36b670ea9b715a852690c4dae0 3039 postfix_3.5.18-0+deb11u1.dsc
    b5db9c79fcadb817651b743163419934dbc77e2a 4627739 postfix_3.5.18.orig.tar.gz
    4432a21266b9ba8c719110585cfaeb8c404b3ab3 220 postfix_3.5.18.orig.tar.gz.asc
    a1a5c3215c756da9e19efe6ba7fc515ab3a24489 209192 postfix_3.5.18-0+deb11u1.debian.tar.xz
    48facf31b299e9f6008a5a7629ae384ce3a7e8ac 7572 postfix_3.5.18-0+deb11u1_source.buildinfo
    Checksums-Sha256:
    0e8b7f9cc5a93b9f3405dfcaaa36c7605c458bb7785a4281287deda191a0ab9c 3039 postfix_3.5.18-0+deb11u1.dsc
    1f250722f5e2b85dae7e57196ffab48e251f10eb40e86823a4a8304bc6c02852 4627739 postfix_3.5.18.orig.tar.gz
    d9d85851dfb4e5c1b94060f3207e0ebda19c67be3a2886e9ff79ef2d5f2bddf0 220 postfix_3.5.18.orig.tar.gz.asc
    9c9556d71a45d5e2fbf267cb23f84e4d8046bf21b97bd66b02f856316b0cd559 209192 postfix_3.5.18-0+deb11u1.debian.tar.xz
    051140afb7b329e7c5bbad7a1904f99f74957e895fa7309fe44636f73b4a21dc 7572 postfix_3.5.18-0+deb11u1_source.buildinfo
    Files:
    4c024aee4d22c585da00fbae7cb4ab87 3039 mail optional postfix_3.5.18-0+deb11u1.dsc
    9a8dcd03eda6d456b8c61fd22e41fe18 4627739 mail optional postfix_3.5.18.orig.tar.gz
    ecf1cc875faa396b112c81b1265c0438 220 mail optional postfix_3.5.18.orig.tar.gz.asc
    27f735a3397a4da9b76a138ff3097793 209192 mail optional postfix_3.5.18-0+deb11u1.debian.tar.xz
    556e8e8ff5777951f7ec7f5a51b83f3a 7572 mail optional postfix_3.5.18-0+deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmPey48ACgkQeNfe+5rV mvF2Bg//U1WmYiG6YzM47A4Ktvlg51gDDRfjnnSqb7Hkf8e9hAg/3E/OMFAflxaw LueVi71es5nPwt7Njm0qcheMDd1YQZELweuBbzjKzxqRum97AmpAZ2W0tt7fUau5 6qe3Xdv4LxBugiYsLdJm6SDwt4GvBfyeyM7NOrKGwgVcUg0N6XS5ZRdoczWsIqy7 8J+qrhMF0c4pH9Zq/hW8KrVVLMKB1PAoDHljCkJYvERdb6gce6u/PWIka1PhNyOW E0qPfCj1feNBlNStEtdljkw5vKZ9dgO8fIBAzyhBEko4BFFjjnnglLFGW/jhAo1Y 49E2snk2Rx5ClHwIqz4gVl0dRgApICovVNU+TL/v3aeW0/1gDC1rY8RNMbqvnH1s cMS/1rPvmzqfE2wh5bNr9zic1Qig4wbl5bl3vB9UJQOuiNHPWd6nBCjkcSP7F0ML sJlIBUZttmis86Hv5RTadzXwkjQRsUrXD5f6x32Ax3d85ziudYpcUltPpqKimbJG yP/CaTuOckmc9s0HSKjGiJAmc11Ew/a3nNAXKVPbOWAoF9vfvxpD420oJg/c9SJO g9OHur+ZtDNfAzpsLYhnuNAMfDNtKmngsUMTZz974coNL0UEIxsOL053v6bNbi6L MO++YeTMhIrYjX00TQgjr6OZcKfeCa7CotW8rhv8vh2c/7+rLyY=
    =TIIS
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)