-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 Mar 2024 10:38:51 -0500
Source: postfix
Architecture: source
Version: 3.5.25-0+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: LaMont Jones <lam...@debian.org>
Changed-By: Scott Kitterman <sc...@kitterman.com>
Changes:
postfix (3.5.25-0+deb11u1) bullseye; urgency=medium
.
[Wietse Venema]
.
* 3.5.25
- Bugfix (defect introduced: Postfix 2.3, date 20051222): the
Dovecot auth client did not reset the 'reason' from a
previous Dovecot auth service response, before parsing the
next Dovecot auth server response in the same SMTP session.
Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c.
- Cleanup: Postfix SMTP server response with an empty
authentication failure reason. File: smtpd/smtpd_sasl_glue.c.
- Bugfix (defect introduced: Postfix 3.1, date: 20151128):
"postqueue -j" produced broken JSON when escaping a control
character as \uXXXX. Found during code maintenance. File:
postqueue/showq_json.c.
- Cleanup: posttls-finger certificate match expectations for
all TLS security levels, including warnings for levels that
don't implement certificate matching. Viktor Dukhovni.
File: posttls-finger.c.
- Bugfix (defect introduced: Postfix 2.3): after prepending
a message header with a Postfix access table PREPEND action,
a Milter request to delete or update an existing header
could have no effect, or it could target the wrong instance
of an existing header. Root cause: the fix dated 20141018
for the Postfix Milter client was incomplete. The client
did correctly hide the first, Postfix-generated, Received:
header when sending message header information to a Milter
with the smfi_header() application callback function, but
it was still hiding the first header (instead of the first
Received: header) when handling requests from a Milter to
delete or update an existing header. Problem report by
Carlos Velasco. This change was verified to have no effect
on requests from a Milter to add or insert a header. File:
cleanup/cleanup_milter.c.
- Workaround: tlsmgr logfile spam. Some OS lies under load:
it says that a socket is readable, then it says that the
socket has unread data, and then it says that read returns
EOF, causing Postfix to spam the log with a warning message.
File: tlsmgr/tlsmgr.c.
- Bugfix (defect introduced: Postfix 3.4): the SMTP server's
BDAT command handler could be tricked to read $message_size_limit
bytes into memory. Found during code maintenance. File:
smtpd/smtpd.c.
- Performance: eliminate worst-case behavior where the queue
manager defers delivery to all destinations over a specific
delivery transport, after only a single delivery agent
failure. The scheduler now throttles one destination, and
allows deliveries to other destinations to keep making
progress. Files: *qmgr/qmgr_deliver.c.
- Safety: drop and log over-size DNS responses resulting in
more than 100 records. This 20x larger than the number of
server addresses that the Postfix SMTP client is willing
to consider when delivering mail, and is well below the
number of records that could cause a tail recursion crash
in dns_rr_append() as reported by Toshifumi Sakaguchi. This
also limits the number of DNS requests from check_*_*_access
restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c,
dns/test_dns_lookup.c, posttls-finger/posttls-finger.c,
smtp/smtp_addr.c, smtpd/smtpd_check.c.
Checksums-Sha1:
1257eba1cfe6297467ff561d1fc7f00bec0d2c9d 3039 postfix_3.5.25-0+deb11u1.dsc
f4113ea664e9b240ec11e64799c06f9e0650e2d5 4660537 postfix_3.5.25.orig.tar.gz
aa0e4b11babb2db0c211131670b5294010d6e9b2 220 postfix_3.5.25.orig.tar.gz.asc
93cf6295540636d7fed5c5d04c9e9658c74b59c0 212404
postfix_3.5.25-0+deb11u1.debian.tar.xz
37cad9dec398aa57e8bb6adca95b756458c9ee4a 7462
postfix_3.5.25-0+deb11u1_source.buildinfo
Checksums-Sha256:
35d7d5ac0b26bcfc9d85b73724031fc70b3e09c35c30bc3c13b3fe2cc0e93fc5 3039
postfix_3.5.25-0+deb11u1.dsc
618bd4de7aab3d14763eed93d937a8ebf72cfa186a26751e7463748d78b779d8 4660537
postfix_3.5.25.orig.tar.gz
a8af9bf04470cea2b1bb7f2b1c60a27258130ecde2ebecfaf67d92b0c30be856 220
postfix_3.5.25.orig.tar.gz.asc
bbbba9d8e0d716f1704e85c5892edd2c6441f139964459689c64ceb1d35c53c9 212404
postfix_3.5.25-0+deb11u1.debian.tar.xz
e35072be5e6b102ebc551f45ae44947d6a2422432d4a338f1e301f0f948674d1 7462
postfix_3.5.25-0+deb11u1_source.buildinfo
Files:
c651b271787f5f96862978dbc27ebe69 3039 mail optional
postfix_3.5.25-0+deb11u1.dsc
0849a4b2fff023fac1647ed3c5ba1e9d 4660537 mail optional
postfix_3.5.25.orig.tar.gz
e35958f5a953d319c9e61d33d633d2d9 220 mail optional
postfix_3.5.25.orig.tar.gz.asc
fa975deeb76e93855f22d48a2f8473ac 212404 mail optional
postfix_3.5.25-0+deb11u1.debian.tar.xz
ba4e10ea0b5318f04b9f1280e7c15bf6 7462 mail optional
postfix_3.5.25-0+deb11u1_source.buildinfo-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmXsg6wACgkQeNfe+5rV mvFnXg/8CM0fhk2t7SCqYa7ipHzl2Vc/sSL1UDXW1aNdYwoUeoeRDYqQsKZVFJ4d +lbP2ytm5ZtjVkK2cguu/dJv2auqLlJE4CaWv2399X8tn3yV4e/WDFHErRZmDxPK p2+6Z8m09RsljQAJy346hYgPQb2EFVpOKXyyBVIAuJyj+N48S0MNuCEby+WbcdBE UcNP0GUX9IHq6Brd72Pa3RnvWfIbP++g3slgosTDq/S+4W3N6HoGUr7G6fhx3GsT 9NNv0qJpSYIFssYNcFVuYTH/fRSsDpVb+7/FjeXNK2pD2yUXRc4VgR9Pjdwpoau1 11ma7EFibHxnIcPlXKDQY01O34qw5NexaKdoa47ADCMNT3PqCYZKJij6Cd/5PXXm LKWXHbGc7TgFh2qOLIzcWlACbIxhORllRwAuP/xOJSq67BKMotGMSEte7lRZUS5F jetc0b7MMcHCN3tJXN/L9epLqlaRj2zm2mhQE/67QlO7+SANyL/3IGQGhyRbRKxl Z+3gCfEzssptkkxIWhyVB+qItpgL39chPp2K2YQVB0RHaaItWzbBKbNQcKYPkUs6 ycwnR8YeAQ1rjd/Ngn8P0yMLVc3WcCZXlrMp4cUw2NTF4YEi4kMwdwdllKYP2lea GPFSUwacdQS0mjgjFM485epvGHlkvu681TokytNX3FzRB6pSWWI= =q3Om -----END PGP SIGNATURE-----
pgpVK_wmTsy6L.pgp
Description: PGP signature
