Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
This is the next in a series. It contains upstream bug fix releases 3.1.10,
3.1.11, and 3.1.12. I held off after 3.1.10 since it contains somewhat more
new/changed code than these usually do. Both 3.1.11 and 3.1.12 have since
been released with no corrections needed to the refactored code.
I have been running 3.1.10/11 in production for some time and currently have
3.1.12 in production. All with no issues.
I am particularly motivated to move forward with another stable update now
because 3.1.12 fixes an LMTP performance issue that likely has been hurting
any high volume receivers and is a regression for oldstable -> stable. There
are also fixes for several smtputf8 fixes that are oldstable -> stable
regressions.
Other than the openssl related refactoring that has been extensively tested
by the postfix community, most of the changes are documentation. The other
code changes seem reasonably compact and low risk.
Usual fix list:
[ Scott Kitterman ]
* Add detailed smarthost instructions to README.Debian. Thanks to Celejar
for the input. Closes: #919444
* Refresh patches
[Wietse Venema]
* 3.1.10
- Bugfix (introduced: Postfix 2.11): minor memory leak when
minting issuer certs. This affects a tiny minority of use
cases. Viktor Dukhovni, based on a fix by Juan Altmayer
Pizzorno for the ssl_dane library. File: tls/tls_dane.c.
- Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
table lookups could casefold the search string when searching
a lookup table that does not use fixed-string keys (regexp,
pcre, tcp, etc.). Historically, Postfix would not case-fold
the search string with such tables. File: util/dict_utf8.c.
Closes: #917512
- Multiple 'bit rot' fixes for OpenSSL API changes, including
support to disable TLSv1.3, to avoid issuing multiple session
tickets. Viktor Dukhovni. Files: proto/postconf.proto,
proto/TLS_README.html, tls/tls.h, tls/tls_server.c,
tls/tls_misc.c.
- Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could
not disable "SMTPUTF8". because the lookup table was using
"EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c.
- Documentation: update documentation for Postfix versions
that support disabling TLS 1.3. File: proto/postconf.proto.
- Improved logging of TLS 1.3 summary information, and improved
reporting of the same info in Received: message headers.
Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html,
posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h,
tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h,
tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
tls/tls_server.c.
* 3.1.11
- Bugfix (introduced: postfix-2.11): with posttls-finger,
connections to unix-domain servers always resulted in "Failed
to establish session" even after a connection was established.
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
* 3.1.12
- Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
did the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
- Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
Thanks for considering,
Scott K
diff -Nru postfix-3.1.9/debian/changelog postfix-3.1.12/debian/changelog
--- postfix-3.1.9/debian/changelog 2019-02-08 09:07:54.0 -0500
+++ postfix-3.1.12/debian/changelog 2019-04-01 13:01:06.0 -0400
@@ -1,3 +1,61 @@
+postfix (3.1.12-0+deb9u1) stretch; urgency=medium
+
+ [Scott Kitterman]
+
+ * Add detailed smarthost instructions to README.Debian. Thanks to Celejar
+for the input. Closes: #919444
+ * Refresh patches
+
+ [Wietse Venema]
+
+ * 3.1.10
+- Bugfix (introduced: Postfix 2.11): minor memory leak when
+ minting issuer certs. This affects a tiny minority of use
+ cases. Viktor Dukhovni, based on a fix by Juan Altmayer
+ Pizzorno for the ssl_dane library. File: tls/tls_dane.c.
+- Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
+ table lookups could casefold the search string when searching
+ a lookup table that does not use fixed-string keys (regexp,
+ pcre, tcp, etc.). Historically, Postfix would not case-fold
+ the search string with such tables. File: util/dict_utf8.c.
+ Closes: