Package: postfix Version: 3.5.18-0+deb11u1 Severity: serious Upon upgrade of postfix (due to `apt dist-upgrade`), the `master.cf` [and `main.cf`] configuration files were modified by the postinst script, despite existing local changes.
If I understand correctly, this violates Debian Policy 10.7.3 [0]: "local changes must be preserved during a package upgrade". This is why I chose Severity "serious". I would instead expect a handling similar to that of changed conffiles (i.e., one is given an option to or is suggested to apply certain modifications). In `master.cf`, the following lines were appended: > proxymap unix - - n - - proxymap > verify unix - - y - 1 verify > relay unix - - n - - smtp -o > smtp_fallback_relay= > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 See the `fix_master()` function in the postinst script. (sidenote: The first two entries are the same as in `/usr/share/postfix/master.cf.dist`, the last one is different.) In `main.cf`, the following lines were appended: > readme_directory = /usr/share/doc/postfix > html_directory = /usr/share/doc/postfix/html If I understand the postinst script correctly, this modification of `main.cf` should only have happened upon first installation, which this was not. I was unable to reproduce this. So maybe this modification was indeed done earlier. However, even upon initial installation (with pre-existing configuration), this should, in my opinion, not happen. The changes were accompanied by the following message: > Setting up postfix (3.5.18-0+deb11u1) ... > In master.cf: > adding missing entry for proxymap service > adding missing entry for verify service > adding missing entry for relay service > > Postfix (main.cf) configuration was untouched. If you need to make changes, > edit /etc/postfix/main.cf (and others) as needed. To view Postfix > configuration values, see postconf(1). > > After modifying main.cf, be sure to run 'systemctl reload postfix'. The message that `main.cf` was untouched is displayed regardless of whether the above noted modifications of `main.cf` are made. I noticed that many actions in the postinst script are only run if `[ "$mailer" != "No configuration" ]`. I am unsure whether this case would warrant the above mentioned modifications. If so, maybe this condition should be added to these modifications. [0] https://www.debian.org/doc/debian-policy/ch-files.html#behavior -- System Information: Debian Release: 11.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-22-cloud-amd64 (SMP w/2 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages postfix depends on: ii adduser 3.118 ii cpio 2.13+dfsg-4 ii debconf [debconf-2.0] 1.5.77 ii dpkg 1.20.12 ii e2fsprogs 1.46.2-2 ii libc6 2.31-13+deb11u6 ii libdb5.3 5.3.28+dfsg1-0.8 ii libicu67 67.1-7 ii libnsl2 1.3.0-2 ii libsasl2-2 2.1.27+dfsg-2.1+deb11u1 ii libssl1.1 1.1.1n-0+deb11u4 ii lsb-base 11.1.0 ii netbase 6.3 ii ssl-cert 1.1.0+nmu1 Versions of packages postfix recommends: ii ca-certificates 20210119 ii python3 3.9.2-3 Versions of packages postfix suggests: ii bsd-mailx [mail-reader] 8.1.2-0.20180807cvs-2 ii dovecot-core [dovecot-common] 1:2.3.13+dfsg1-2+deb11u1 pn postfix-cdb <none> ii postfix-doc 3.5.18-0+deb11u1 pn postfix-ldap <none> pn postfix-lmdb <none> pn postfix-mysql <none> pn postfix-pcre <none> ii postfix-pgsql 3.5.18-0+deb11u1 pn postfix-sqlite <none> pn procmail <none> pn resolvconf <none> pn ufw <none> -- debconf information: postfix/relay_restrictions_warning: postfix/bad_recipient_delimiter: postfix/destinations: $myhostname, myfancyhostname, localhost.localdomain, , localhost postfix/newaliases: false postfix/not_configured: postfix/main_cf_conversion_warning: true postfix/procmail: false postfix/mailname: myfancyhostname postfix/sqlite_warning: postfix/mailbox_limit: 0 postfix/protocols: all postfix/dynamicmaps_conversion_warning: postfix/tlsmgr_upgrade_warning: postfix/kernel_version_warning: postfix/root_address: postfix/mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 postfix/lmtp_retired_warning: true postfix/retry_upgrade_warning: postfix/recipient_delim: + postfix/chattr: false * postfix/main_mailer_type: No configuration postfix/compat_conversion_warning: true postfix/rfc1035_violation: false postfix/relayhost: postfix/mydomain_warning:
