--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package postfix/3.4.7-0+deb10u1
- From: Scott Kitterman <debian@kitterman.com>
- Date: Wed, 15 Jan 2020 11:24:04 -0500
- Message-id: <157910544419.24230.7794388284922598433.reportbug@l5580.kitterman.com>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
This is the next in the usual postfix update series. I waited to see if
upstream feedback revealed any problems (it didn't). This version is in
Testing. I'm running it in production with no issues. Slightly
differently than usual for postfix updates, I am including one packaging
related change to make it so the sysv init works inside a docker
instance. While not essential, it is based on Debian user feedback, so
I think it's worth including since it's a very low risk change.
Details:
[Scott Kitterman]
* Refactor running status detection in sysv init based on upstream
postfix-script so it works in docker. Closes: #941293
[Wietse Venema]
* 3.4.8
- Bugfix (introduced: Postfix 2.8): don't gratuitously enable
all after-220 tests when only one such test is enabled.
This made selective tests impossible with 'good' clients.
File: postscreen/postscreen_smtpd.c.
- Bugfix: the 20180903 postscreen fix for a misleading
"PIPELINING after BDAT" warning looked at the wrong variable.
The warning now says "BDAT without valid RCPT", and the
error is no longer treated as a command PIPELINING error
(but sending BDAT is still a client error, because postscreen
rejects all RCPT commands and does not announce PIPELINING
support). File: postscreen/postscreen_smtpd.c.
- Usability: the parser for key/certificate chain files
rejected inputs that contain an EC PARAMETERS object. While
this is technically correct (the documentation says what
types are allowed) this is surprising behavior because the
legacy cert/key parameters will accept such inputs. For
now, the parser skips object types that it does not know
about for usability, and logs a warning because ignoring
inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c.
Scott K
diff -Nru postfix-3.4.7/debian/changelog postfix-3.4.8/debian/changelog
--- postfix-3.4.7/debian/changelog 2019-10-01 19:21:59.000000000 -0400
+++ postfix-3.4.8/debian/changelog 2020-01-15 09:05:50.000000000 -0500
@@ -1,3 +1,37 @@
+postfix (3.4.8-0+10debu1) buster; urgency=medium
+
+ [Scott Kitterman]
+
+ * Refactor running status detection in sysv init based on upstream
+ postfix-script so it works in docker. Closes: #941293
+
+ [Wietse Venema]
+
+ * 3.4.8
+ - Bugfix (introduced: Postfix 2.8): don't gratuitously enable
+ all after-220 tests when only one such test is enabled.
+ This made selective tests impossible with 'good' clients.
+ File: postscreen/postscreen_smtpd.c.
+
+ - Bugfix: the 20180903 postscreen fix for a misleading
+ "PIPELINING after BDAT" warning looked at the wrong variable.
+ The warning now says "BDAT without valid RCPT", and the
+ error is no longer treated as a command PIPELINING error
+ (but sending BDAT is still a client error, because postscreen
+ rejects all RCPT commands and does not announce PIPELINING
+ support). File: postscreen/postscreen_smtpd.c.
+
+ - Usability: the parser for key/certificate chain files
+ rejected inputs that contain an EC PARAMETERS object. While
+ this is technically correct (the documentation says what
+ types are allowed) this is surprising behavior because the
+ legacy cert/key parameters will accept such inputs. For
+ now, the parser skips object types that it does not know
+ about for usability, and logs a warning because ignoring
+ inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c.
+
+ -- Scott Kitterman <scott@kitterman.com> Wed, 15 Jan 2020 09:05:50 -0500
+
postfix (3.4.7-0+deb10u1) buster; urgency=medium
[Wietse Venema]
diff -Nru postfix-3.4.7/debian/init.d postfix-3.4.8/debian/init.d
--- postfix-3.4.7/debian/init.d 2019-10-01 19:21:45.000000000 -0400
+++ postfix-3.4.8/debian/init.d 2020-01-15 09:02:40.000000000 -0500
@@ -39,16 +39,9 @@
else
POSTCONF="postmulti -i $INSTANCE -x postconf"
fi
-
- queue=$($POSTCONF -hx queue_directory 2>/dev/null || echo /var/spool/postfix)
- daemondir=$($POSTCONF -hx daemon_directory 2>/dev/null || echo /usr/lib/postfix/sbin)
- if [ -f ${queue}/pid/master.pid ]; then
- pid=$(sed 's/ //g' ${queue}/pid/master.pid)
- # what directory does the executable live in. stupid prelink systems.
- dir=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* -> //; s/\/[^\/]*$//')
- if [ "X$dir" = "X${daemondir}" ]; then
- echo y
- fi
+ daemon_directory=$($POSTCONF -hx daemon_directory 2>/dev/null || echo /usr/lib/postfix/sbin)
+ if ! $daemon_directory/master -t 2>/dev/null ; then
+ echo y
fi
}
diff -Nru postfix-3.4.7/HISTORY postfix-3.4.8/HISTORY
--- postfix-3.4.7/HISTORY 2019-09-21 11:57:46.000000000 -0400
+++ postfix-3.4.8/HISTORY 2019-11-11 18:01:20.000000000 -0500
@@ -24293,3 +24293,29 @@
https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
changed the error status, incompatibly, from SSL_ERROR_NONE
into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
+
+20191014
+
+ Bugfix (introduced: Postfix 2.8): don't gratuitously enable
+ all after-220 tests when only one such test is enabled.
+ This made selective tests impossible with 'good' clients.
+ File: postscreen/postscreen_smtpd.c.
+
+ Bugfix: the 20180903 postscreen fix for a misleading
+ "PIPELINING after BDAT" warning looked at the wrong variable.
+ The warning now says "BDAT without valid RCPT", and the
+ error is no longer treated as a command PIPELINING error
+ (but sending BDAT is still a client error, because postscreen
+ rejects all RCPT commands and does not announce PIPELINING
+ support). File: postscreen/postscreen_smtpd.c.
+
+20191109
+
+ Usability: the parser for key/certificate chain files
+ rejected inputs that contain an EC PARAMETERS object. While
+ this is technically correct (the documentation says what
+ types are allowed) this is surprising behavior because the
+ legacy cert/key parameters will accept such inputs. For
+ now, the parser skips object types that it does not know
+ about for usability, and logs a warning because ignoring
+ inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c.
diff -Nru postfix-3.4.7/src/global/mail_version.h postfix-3.4.8/src/global/mail_version.h
--- postfix-3.4.7/src/global/mail_version.h 2019-09-21 12:24:58.000000000 -0400
+++ postfix-3.4.8/src/global/mail_version.h 2019-11-24 15:40:32.000000000 -0500
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190921"
-#define MAIL_VERSION_NUMBER "3.4.7"
+#define MAIL_RELEASE_DATE "20191124"
+#define MAIL_VERSION_NUMBER "3.4.8"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -Nru postfix-3.4.7/src/postscreen/postscreen_smtpd.c postfix-3.4.8/src/postscreen/postscreen_smtpd.c
--- postfix-3.4.7/src/postscreen/postscreen_smtpd.c 2019-03-10 15:41:51.000000000 -0400
+++ postfix-3.4.8/src/postscreen/postscreen_smtpd.c 2019-11-11 17:51:04.000000000 -0500
@@ -591,6 +591,8 @@
* never see DATA from a legitimate client, because 1) the server rejects
* every recipient, and 2) the server does not announce PIPELINING.
*/
+ msg_info("DATA without valid RCPT from [%s]:%s",
+ PSC_CLIENT_ADDR_PORT(state));
if (PSC_SMTPD_NEXT_TOKEN(args) != 0)
PSC_CLEAR_EVENT_DROP_SESSION_STATE(state,
psc_smtpd_time_event,
@@ -620,6 +622,8 @@
* client, because 1) the server rejects every recipient, and 2) the
* server does not announce PIPELINING.
*/
+ msg_info("BDAT without valid RCPT from [%s]:%s",
+ PSC_CLIENT_ADDR_PORT(state));
if (state->ehlo_discard_mask & EHLO_MASK_CHUNKING)
PSC_CLEAR_EVENT_DROP_SESSION_STATE(state,
psc_smtpd_time_event,
@@ -1033,7 +1037,7 @@
}
}
/* Command PIPELINING test. */
- if ((state->flags & PSC_SMTPD_CMD_FLAG_HAS_PAYLOAD) == 0
+ if ((cmdp->flags & PSC_SMTPD_CMD_FLAG_HAS_PAYLOAD) == 0
&& (state->flags & PSC_STATE_MASK_PIPEL_TODO_SKIP)
== PSC_STATE_FLAG_PIPEL_TODO && !PSC_SMTPD_BUFFER_EMPTY(state)) {
printable(command, '?');
@@ -1172,16 +1176,18 @@
state->read_state = PSC_SMTPD_CMD_ST_ANY;
/*
- * Opportunistically make postscreen more useful by turning on the
- * pipelining and non-SMTP command tests when a pre-handshake test
- * failed, or when some deep test is configured as enabled.
+ * Disable all after-220 tests when we need to reply with 421 and hang up
+ * after reading the next SMTP client command.
*
- * XXX Make "opportunistically" configurable for each test.
+ * Opportunistically make postscreen more useful, by turning on all
+ * after-220 tests when a bad client failed a before-220 test.
+ *
+ * Otherwise, only apply the explicitly-configured after-220 tests.
*/
- if ((state->flags & PSC_STATE_FLAG_SMTPD_X21) == 0) {
- state->flags |= PSC_STATE_MASK_SMTPD_TODO;
- } else {
+ if (state->flags & PSC_STATE_FLAG_SMTPD_X21) {
state->flags &= ~PSC_STATE_MASK_SMTPD_TODO;
+ } else if (state->flags & PSC_STATE_MASK_ANY_FAIL) {
+ state->flags |= PSC_STATE_MASK_SMTPD_TODO;
}
/*
diff -Nru postfix-3.4.7/src/tls/tls_certkey.c postfix-3.4.8/src/tls/tls_certkey.c
--- postfix-3.4.7/src/tls/tls_certkey.c 2019-03-07 18:57:10.000000000 -0500
+++ postfix-3.4.8/src/tls/tls_certkey.c 2019-11-09 20:54:25.000000000 -0500
@@ -413,8 +413,7 @@
&& strcmp(name, PEM_STRING_DSA) == 0)) {
load_pkey(st, pkey_type, buf, buflen);
} else if (!st->mixed) {
- msg_warn("error loading %s: unexpected PEM type: %s", st->source, name);
- st->state = PEM_LOAD_STATE_NOGO;
+ msg_warn("loading %s: ignoring PEM type: %s", st->source, name);
}
OPENSSL_free(name);
OPENSSL_free(header);
--- End Message ---