Re: Updating extrepo-offline-data in Debian Stable

2024-03-06 Thread Paul Gevers 

Hi zigo,

Disclaimer: I'm not acting as SRM, the final call is with team members 
that do.


On 07-03-2024 12:28 a.m., Thomas Goirand wrote:
So IMO, it'd make a lot of sense to be able to update the 
extrepo-offline-data package in Stable, so that Stable (currently 
bookworm) would get the latest up-to-date repository list data.


That seems reasonable to me as long as it's data only.

Having said that and not knowing if it doesn't already do that, if 
extrepro would update a cache when online, it's offline option could 
also be refreshed at a convenience moment without the need for an 
up-to-date package in stable. I hope it's needless to say that I don't 
mean that this mechanisme should replace the data package, merely 
complement it.


Paul


OpenPGP_signature.asc
Description: OpenPGP digital signature

Updating extrepo-offline-data in Debian Stable

2024-03-06 Thread Thomas Goirand 

Hi,

As you may know, extrepo is a system make it easy to add external 
non-official Debian repositories to a Debian system.


Typically, Debian users will use it under Debian Stable, for things 
packaged outside of Debian.


Since Bookworm, there's a package called "extrepo-offline-data" that 
contains all the repository definitions that are normally hosted through 
a page in Salsa. This really is a data only package, to be used by 
extrepo itself, with the --offline-data option.


However nice the feature is, it really is useful with up-to-date 
repositories and the repository keys they contain. Though unfortunately, 
most repositories in extrepo, appear *AFTER* Debian stable is released. 
That's the case for most repository maintained by some upstream authors, 
but also for any repository that is backports to the current stable.


So IMO, it'd make a lot of sense to be able to update the 
extrepo-offline-data package in Stable, so that Stable (currently 
bookworm) would get the latest up-to-date repository list data.


I know there's the bpo repository that is open for such an upload, but 
it'd be IMO a way nicer to update extrepo-offline-data in the normal 
non-backports repository of Debian, so that users of extrepo wont have 
to do the extra step of (temporarily) enabling backports only to access 
to another repository.


Your thoughts?

Cheers,

Thomas Goirand (zigo)

Bug#1065562: bookworm-pu: package postfix/3.7.10-0+deb12u1

2024-03-06 Thread Scott Kitterman 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: post...@packages.debian.org
Control: affects -1 + src:postfix

[ Reason ]
Standard postfix post-release update

[ Impact ]
They will still have the bugs that are fixed by this update.

[ Tests ]
There is an autopkgtest, which passes locally.  I also have the package
in production on one server and it is running fine.

[ Risks ]
Risk is low.  Changes are relatively minor and are as released by
upstream, which has an excellent track record for such things.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
  * 3.7.11
- Bugfix (defect introduced: Postfix 2.3, date 20051222): the
  Dovecot auth client did not reset the 'reason' from  a
  previous Dovecot auth service response, before parsing the
  next Dovecot auth server response in the same SMTP session.
  Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c.
- Cleanup: Postfix SMTP server response with an empty
  authentication failure reason. File: smtpd/smtpd_sasl_glue.c.
- Bugfix (defect introduced: Postfix 3.1, date: 20151128):
  "postqueue -j" produced broken JSON when escaping a control
  character as \u. Found during code maintenance. File:
  postqueue/showq_json.c.
- Cleanup: posttls-finger certificate match expectations for
  all TLS security levels, including warnings for levels that
  don't implement certificate matching. Viktor Dukhovni.
  File: posttls-finger.c.
- Bugfix (defect introduced: Postfix 2.3): after prepending
  a message header with a Postfix access table PREPEND action,
  a Milter request to delete or update an existing header
  could have no effect, or it could target the wrong instance
  of an existing header. Root cause: the fix dated 20141018
  for the Postfix Milter client was incomplete. The client
  did correctly hide the first, Postfix-generated, Received:
  header when sending message header information to a Milter
  with the smfi_header() application callback function, but
  it was still hiding the first header (instead of the first
  Received: header) when handling requests from a Milter to
  delete or update an existing header. Problem report by
  Carlos Velasco. This change was verified to have no effect
  on requests from a Milter to add or insert a header. File:
  cleanup/cleanup_milter.c.
- Workaround: tlsmgr logfile spam. Some OS lies under load:
  it says that a socket is readable, then it says that the
  socket has unread data, and then it says that read returns
  EOF, causing Postfix to spam the log with a warning message.
  File: tlsmgr/tlsmgr.c.
- Bugfix (defect introduced: Postfix 3.4): the SMTP server's
  BDAT command handler could be tricked to read $message_size_limit
  bytes into memory. Found during code maintenance. File:
  smtpd/smtpd.c.
- Performance: eliminate worst-case behavior where the queue
  manager defers delivery to all destinations over a specific
  delivery transport, after only a single delivery agent
  failure. The scheduler now throttles one destination, and
  allows deliveries to other destinations to keep making
  progress. Files: *qmgr/qmgr_deliver.c.
- Safety: drop and log over-size DNS responses resulting in
  more than 100 records. This 20x larger than the number of
  server addresses that the Postfix SMTP client is willing
  to consider when delivering mail, and is well below the
  number of records that could cause a tail recursion crash
  in dns_rr_append() as reported by Toshifumi Sakaguchi. This
  also limits the number of DNS requests from check_*_*_access
  restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c,
  dns/test_dns_lookup.c, posttls-finger/posttls-finger.c,
  smtp/smtp_addr.c, smtpd/smtpd_check.c.

[ Other info ]
N/A

Scott K
diff -Nru postfix-3.7.10/debian/changelog postfix-3.7.11/debian/changelog
--- postfix-3.7.10/debian/changelog 2024-01-26 18:44:58.0 -0500
+++ postfix-3.7.11/debian/changelog 2024-03-06 10:10:14.0 -0500
@@ -1,3 +1,66 @@
+postfix (3.7.11-0+deb12u1) bookworm; urgency=medium
+
+  [Wietse Venema]
+
+  * 3.7.11
+- Bugfix (defect introduced: Postfix 2.3, date 20051222): the
+  Dovecot auth client did not reset the 'reason' from  a
+  previous Dovecot auth service response, before parsing the
+  next Dovecot auth server response in the same SMTP session.
+  Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c.
+- Cleanup: Postfix SMTP server response with an empty
+  authentication failure reason. File: smtpd/smtpd_sasl_glue.c.
+- Bugfix (

Processed: bookworm-pu: package postfix/3.7.10-0+deb12u1

2024-03-06 Thread Debian Bug Tracking System 
Processing control commands:

> affects -1 + src:postfix
Bug #1065562 [release.debian.org] bookworm-pu: package postfix/3.7.10-0+deb12u1
Added indication that 1065562 affects src:postfix

-- 
1065562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065562
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems