Bug#951564: stretch-pu: package postfix/3.1.14-0+10debu1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
This is the next in the series of postfix 3.1 updates. It includes the
postfix 3.1 relevant fixes from 3.4.8 and 3.4.9 (as there was no
companion 3.1 release with 3.4.8). The only other change is to add the
upstream signing key to make it easier for me to verify upstream
signatures when preparing future updates.
All the fixes in this update are already in Testing and will be in
Buster once the recently requested pu for 3.4.9 is accepted. I have
this version running on a system and have given it basic testing. Given
upstream's history with maintenance updates, I have confidence this is
very low risk. Details follow:
[Scott Kitterman]
* Check GPG signature when downloading new versions via uscan
[Wietse Venema]
* 3.1.15
- Bugfix (introduced: Postfix 2.8): don't gratuitously enable
all after-220 tests when only one such test is enabled.
This made selective tests impossible with 'good' clients.
File: postscreen/postscreen_smtpd.c.
- Bugfix (introduced: Postfix 3.1): support for
smtp_dns_resolver_options was broken while adding support
for negative DNS response caching in postscreen. Postfix
was inadvertently changed to call res_query() instead of
res_search(). Reported by Jaroslav Skarvada. File:
dns/dns_lookup.c.
- Bugfix (introduced: Postfix 3.0): sanitize server responses
before storing them in the verify database, to avoid Postfix
warnings about malformed UTF8. File: verify/verify.c.
- Bugfix (introduced: Postfix 2.5): the Milter connect event
macros were evaluated before the Milter connection itself
had been negotiated. Problem reported by David Bürgin.
Files: milter/milter.h, milter/milter.c, milter/milter8.c
Scott K
diff -Nru postfix-3.1.14/debian/changelog postfix-3.1.15/debian/changelog
--- postfix-3.1.14/debian/changelog 2019-10-01 19:28:19.000000000 -0400
+++ postfix-3.1.15/debian/changelog 2020-02-16 14:59:05.000000000 -0500
@@ -1,3 +1,32 @@
+postfix (3.1.15-0+deb9u1) stretch; urgency=medium
+
+ [Scott Kitterman]
+
+ * Check GPG signature when downloading new versions via uscan
+
+ [Wietse Venema]
+
+ * 3.1.15
+ - Bugfix (introduced: Postfix 2.8): don't gratuitously enable
+ all after-220 tests when only one such test is enabled.
+ This made selective tests impossible with 'good' clients.
+ File: postscreen/postscreen_smtpd.c.
+ - Bugfix (introduced: Postfix 3.1): support for
+ smtp_dns_resolver_options was broken while adding support
+ for negative DNS response caching in postscreen. Postfix
+ was inadvertently changed to call res_query() instead of
+ res_search(). Reported by Jaroslav Skarvada. File:
+ dns/dns_lookup.c.
+ - Bugfix (introduced: Postfix 3.0): sanitize server responses
+ before storing them in the verify database, to avoid Postfix
+ warnings about malformed UTF8. File: verify/verify.c.
+ - Bugfix (introduced: Postfix 2.5): the Milter connect event
+ macros were evaluated before the Milter connection itself
+ had been negotiated. Problem reported by David Bürgin.
+ Files: milter/milter.h, milter/milter.c, milter/milter8.c
+
+ -- Scott Kitterman <scott@kitterman.com> Sun, 16 Feb 2020 14:59:05 -0500
+
postfix (3.1.14-0+deb9u1) stretch; urgency=medium
[Wietse Venema]
diff -Nru postfix-3.1.14/debian/upstream/signing-key.asc postfix-3.1.15/debian/upstream/signing-key.asc
--- postfix-3.1.14/debian/upstream/signing-key.asc 1969-12-31 19:00:00.000000000 -0500
+++ postfix-3.1.15/debian/upstream/signing-key.asc 2020-02-16 14:53:17.000000000 -0500
@@ -0,0 +1,154 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+mQMuBFYZbx0RCADaN3/xzcSgTh/Zdpn5Ia0cRAGF/0ZKbd6azuiFTvXQd/JLZkYj
+DkNHHGZImtQhPf+aa7JXCUSqrbgvSyYOYUI6enx+W8RBzvYBWEccW1Ls4D7mxUmA
+CbHfcGn7gdEXaQaHS4sJzoYCGRboOKyLCGHvSajxr+HidAv9JEzuGb20TRZ9bL9B
+P3LrKIleSSJICH5qU+mGtCE0nZspAhpbLizCAx9jkS5lKfmPI7ua2q+nDQJ3/Q9I
+mfJGM6HR2SvPR5hl9ZoZF0p44bl30hmwezbkx151+Zt23MW+OWUtpoZQBiW5q3J0
+wa6td1llChOrjTYBhSIhiHifC59FCnxp48EzAQCGskLjC2PyrPOOPMRez5yaxLJq
+YhAuOc8hZNVmCSeVKQf+MbxsyUaraay4SpUIwtzRYZVBrdjM8XGeBJcmFBhWHaoD
+G1fIflmP8RfmP0lx8CUSMR4o508mKZ8Rf5VQlAkjUFMeCG+3Hf1bmvZqUwiwy27o
+tuhud+XSN5QErzbP7nakkmE8vUhzWQAYIrg/GMSWOZW74JWuhRUgBgEDG8AMQNRS
+JfABm3/c+xJlidnLjgam73iG0VM/ivzdOKKZM/XCqihmpSJg7U0a2C0cnOOFQkHa
++ym7rgeZJrUM2A/KEWS8i/eqBlp7RZXovpSFfFIWWbM9HngdjND0Kk7RMxtzgt6p
+GrQaqArthyOlMpZ72xTdnUGex5rxgo19J9eJmkrg7wf/cncD5yuR99/myQjAqx+a
+uHOV7vOclyyZB7HLqW5ry4AozRv8TNTPsYUNc7ie4gjslkwXFSgv/RVjBIMeM7Jd
+JRvBvehttr0SnkiiixTFEjw1n9kIJAh3YD+3/zP2rz2nxYyQhCdswcQNVHWQcx17
+bCMgzXw5ysjusG+lej1dueEApXlU6+mfnfbQ05lR4u5wAxfbcqN6vS4aEiYbTixL
+Kgm9wffU9Snshqz4OU4Nj8so2OtDrCyAZ+WQEOY7A+j96VUFeM3FaBnvWz8b5JZg
+JaMbKr5naovFIBaDBzLzxjn42IcI778EwFetXbFGrLSZU17FoufDnOEFKbwkJehh
+o7QkV2lldHNlIFZlbmVtYSA8d2lldHNlQHBvcmN1cGluZS5vcmc+iHoEExEIACIF
+AlYZbx0CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAwLWQ6AyhWn4h8B
+AIMevjwXE2/kAQb/H5VJ+arXkE8FRH0crSCvFcrKTES8AP9ToDZzYv/OvG8swSe3
+oWK5eIFcpE8+G7EpCsBfE/t+gokBHAQQAQIABgUCVhly2AAKCRAHL2DwwSvNmSxM
+CACPPUp1ubd07nR8PET6meHHC7UnsvhibnGD2y1pbHzLBQi6U4oLQqowHj1tF/sk
+xcdC48V+bNCs3Q80lkky9UpjJLaVlQcoJHFrluORDw0RfshRqaYP2T0ZJqYRjV2e
+N1lBoDWaGiNuGfQLxSaj+yRsS66Q0cX3dR5xCXhsa2MYyLa0EavrWNeIve/FdLbk
+QVFSECvXd62n+P4tH2VEdTocmJ2tioAIMruvVcUFNDxNBa6vNNMtUVM9cNzHbkzH
+sBFTBKqzNfWpLSPXcSWbEZ+DWRBeiVJ683hiRugDeQ2VIinqt/BNO0vbAWtJV9yV
+sVlrpwHoysisUuYIBJYWsCyQiJwEEAECAAYFAlYZddMACgkQ3IDyptUyfLky0QP9
+Hubtzxg2DiiundHEZUIzBHF5Wopi/eCmsZcKXhUcrf8T8zN1y9O2GwUIV+7wIAUp
+n2vEXSbZ+zO3XEmmkClgYPRu+cO9mSswZ2LKZEtfgOTX66JVLK5pusxswLmYnWqV
+l3qC+rJMDIy9NvcV/XwkIqrdBArwDnQEwaU0EaZStkG5Ag0EVhlvHRAIAI/ORSNY
+4F1dujiRX7RiW+VYDTnmz3CIrRF9oKUKvZsqLEaP0hK8Ozn7jgFy0n1jBlFWGxrK
+dQgevQkQf1WpYEUVO20nrS9kx3BWYXsoOlT/3mGXT8gR5CD7vAY4xWl2740c2Km1
+fmJy08JKcOa/j+kUuaNUx5uqskyr66bKyhSvW9qWKKBL92dqoQsquVH3wF5B6j20
+UpiN5rnV65OriY1MwWeaBK7+yfkP4PqTYLQ4CKl0Zcqar17SUvmmWTYZEtm6r9UI
+ZP/uNFMu7kqfQZrmHDozsKJezcKSTuFFJmcLztY+2SfN0iH2DNlbwfJ/g6jyCDz8
+s4EtAQCIIuOOvucABA0H/RN17RQfhJdNLhyvOmHq8xtHpc9ja+JCsn9/cvx9LjaP
+Qeg/sqqpyjCED4cNNFPpw3InHi6dWG6ImdEkzKdyTgvMo1MV0eeuHibxFUDVrNeF
+v3zYKR4/Hy97ETmhd3ny/t19kZh3osDHRq4uau00aGHn01Gxq5tFEFufrVhY27YI
+ZpTmhn67Gspdf+BP92DCOou+IsPaljiuJd0TwU2OXrY+RJYTNANPttCoexqXEhba
+M06kZehxFbeDUj2oFVwCZDiNDcQssKALM1fvC/Gp/HI2HDciKiSeiR8hDlQJavHx
+U/0I/G5kLTeDfXIguf5b7MM8awhG8XeehmqP9RIauoeIYQQYEQgACQUCVhlvHQIb
+DAAKCRAMC1kOgMoVp5aUAP9F2s2Qu/NTmAmLTKbBGTzJlR2JF1XfQOi8H0r6fNvA
+4wD+OeVe1s+AlR80UoTb97YyuGvFvVr4xFm/Qk776pbAXLY=
+=yZP5
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGPfreeware 5.0i for non-commercial use
+
+mQENA0Ije1oAAAEIALlEqB1UICFF3dfwDij9LHtBhtiEfGnv0PL5rRmSJ4rA9pqs
+oM3oc0nfgnB502XpeCkT1RW5ymQggEx7+8fXnWhNUAmNGPrbmWzymvrdr4XnPOoB
+ODlnVYkc9Gt5BLRNSfuLbc1G3nH+FDzhpuJ5zqtb8RrYm5FOPU7eC9QnVoC2nXPW
+fPfTWVXQoCOEuQQ3zZHEculWQYhRVgxI+CFZjWzWgwZq3wWi/nGGZcFYRtCfodH4
+UiP0lvj8tOEhD8vUGQKiQGwiw/BBbiCm5ZPcCkSOWxXbZTUrkfTzwse9Ka2blmgH
+AhlySLtSD/tCX2ykzQEK9JJDw4++By9g8MErzZkABRG0JFdpZXRzZSBWZW5lbWEg
+PHdpZXRzZUBwb3JjdXBpbmUub3JnPokBFQMFEEIje1oHL2DwwSvNmQEBA8oIALG7
+Un8SRtlQ+EXMSK/MyJLD9+T/tS1vq2Z6BwN6oZ0G21VvbMdhXvOEjPUFXhJPIFs8
+pNIYtUV/uQMiMZsATOlJObe3ZkXazdbpGcGAekO0G158CYy2mH50hqYLewTYCt3T
+TNf6fSu+bVFrrQ8S/89QDceN0M+WFECgjlYHMTMqB2Ye2KZRWAQG1S8hLLFG42HV
+QaWAVG4yR4xZEC0sYuMBZQTJlJXWb/CnhdlcdS2y5DRq/UYZ5oM/ZilKnIxnWzvf
+zZM/5+5d7DA0YLjY2uIiSGWs9MfQv1MwvAPjTs/Aiz0j3y5lCa3lVObGskroUhN6
+Pf14rTC6p585H3mQBRuJAJQDBRBCI3uC3IDyptUyfLkBAUJtA/jL8AHJtrrb6/CV
+w0gBL0vIVI2FV2F7FxmttbHV9HqErkB7bypuFoUZkbrYd8jl5aco4E2fet8avoVF
+JKaY+YwcUTpy0wZSwYr6vt+bm1lMDg2BuNdd3j8lcJ5qzTo0SRfuGoJaIDKbqUIR
+g+zlLNnoLgf8qPhyFczoiN/MZKl0
+=Uc/Z
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: 2.6.2
+
+mQCNAirDhV8AAAED/i4LrhQ/mwOgam8ZfQpEcxYoE9kru5oRDGtoVeKae/4bUver
+aGX7qVtskD6vwPwr2FF6JW2c+z2oY4JGPGUArORiigoT82/q6vqT0Wm1jIPsXQSB
+ZCkBoyvBcmXEi+J7eDBbWLPDxeDimgrORbAIQ4uikRafs8KlpNyA8qbVMny5AAUR
+tCV3aWV0c2UgdmVuZW1hIDx3aWV0c2VAd3p2Lndpbi50dWUubmw+iQCVAgUQMGq3
+lNmn2lx+CrKBAQFa9gQArugc+G/gKE/Oq5a572ZobbaI4E76YknpF4quLJ3NxRTP
+DAsAQOfM3tMlpYGPt/8zpqetOpNTElZyblHcHNI95wuYz0U3UH7OwmOGoD8FtON+
+vuUO5bOmUsjnlKV7MetIPZl2Ht81mnouOgtaEClQK3Bjkmqh9gRW61IcuMqcrACJ
+ARUDBRAxDqLR57u1Gl0NQHkBAYAeB/4xfFxNOjvfOrsjLefbcmORFi4ZFJxHLEc+
+szgK8J+nEZnQqpcXJ2QaNpXY3FYFR2NnPOteoTFO//DqX9v9MblYOo5KRKaYhhhz
+VzWhoq9s+nCKaTNEQr1BkAGJsrw4D5M3wTY6vu/z8O7BZFV8N2aFuV/3w8fb3ABi
+80DAaV+2fN+x04gtPEfJJnTvbhBhYMczzvqwnuW/NnWw9SS/rVuWrV60HRWtFQnR
+h7BqqE/8mafjmV0dF3GPM3zKvOq7ivOsfHUslvqP+YdIfuygTAQqkdEK1k1j4+0t
+wqF4XGIXB67w4AyybnvjCbJsQavYQgJIDSngjpSzBPRFyfs5tr/ViQCVAwUQMQ6i
+M05B7Bs/MbpVAQFeSgQAihFUGbn8uY6I7J4H73rwrI49XEJcdmop4/CO3fazP+jM
+pBR+O/EYTXHYb2AB1IWV8jeqMvcjDww9iylfXSdRhu29xPhAFyLq93+AC63p3WnC
+X9HP+6LQepuO8HETMsUo2beywin8V43IEE7wpkV36HhipzhOqSOJg6dHoJxq0jqJ
+AJUDBRAweOef5PJqLyI0q20BAdIhA/4vmWq5lh9ZB9xiNL41NMJcLx9KiXKeewl/
+Lnz2Sc95A6PEo+/0h1TRtdfNE+HBegJ+3GbTz+qsUTNGYslfw1uzhVVwke3VWegi
+j4W7QBKfolXR/QeIOE9YIl6sFiXCupNig8QLyFYZCv3cBF1rg7zcpnpBCoEVe4qB
+gfG8edNMwYkAlQMFEDBzrxICT4RrFG3ijQEBlIID/1tgODC51T64V/b97YYBRPWD
+FMeFI+BIqWDwJrynoAl5qoHdi8nAGAVqpg006bRcaXgra5ZclRFMDytuhL5Ss3v5
+t6ydsulRndafEhY8yFTR4rjHrsxIfa1Ku3PR9m2c6kiRnQW88wL9bjKJ2caDBPeH
+FsePOcUfsUTcZg69bIz+iQCVAwUQMG++9DH/t4NEE7aRAQEFnAP+OWpls7UuOm55
+ZIyKMsXee0KbrXshwR8brHPShEwzYYQG2C0giu/lhpMvLyNg/K7l52+/Jz+x9y4U
+HDffDPFOG4J9QirNL9PCOCpKhpMvX5GXeHiD5VNK15JaD/58J8CnlPnQMfVSrcmq
+JX2XPB2BMrm4y9ibAbxkeWfqO7YXYTiJAJUDBRAwaqn6Gts03AL4jIEBAcqCBAC2
+gsdcPBgHZo8zhbdUZ0GRPiObyjVeC+poW/9f7vFkoX1SBZE9EWoXzxZ5lEDaZlv8
+PGua5yQWy+qEm6+MS8puv3dBi5d1kb97tqbvVZcsEpI+e+ygljnV5PtesMjqGaq9
+ZxhueAekfNj5kHo32HupwbDXNHC3j8rFunqfGUUB6okAlQMFEDBqX0voJUrjD0yX
+dQEBjiwEANOf185iXALuJUlV3/MYxnJbmC+J/08rD4at+fxLTbH2LU6WpfVyDEmQ
+xahelAKKVDiPJK2/ct6SEnYG2nmRQKIKiU5k7g05vufQi7CyfHVOQuXvlFZkoNz7
+uDEDk/EKfMUT7Lw7qLilK7POGkWrPhwSdFDgP4qWuq77enjet8RNiQCVAgUQMGgn
+6SJRltlmbQBRAQGk2QP+MR8rAlXGgVNqR1SQjKmutmDe5gFNuHB/StLKdRWOb5fc
+oJspE4TLHoayTMfT0PQtP6BOL3Nn1GvNe/X/J47/rC17VZlP680uG8as7jKeJib4
+6znNJr7lpb9/IeKUTTZk2TbSv4eFjpo6ZlDxRca/5TmvKDjxS4Z973bRSd1CK5iJ
+AJUDBRAwacpgufMnN2zLdBkBAbOUBAC4hEmF/ywCS7Lc95P1S5e+3W5QfBOISSsN
+1sWcFA5+aRXFxA4/zaDOBZiTmKLCVOaBPh66h16QjMyswjGpCyrKG/DHFu0P6Tdo
+cW2hyu9FRNKE7nWDx+JBw3sJNsR5NrdrNSkxuI5ae8VM4qp+AAafTf2yaCQUiiPL
+Bfs10T6D4YkAlQMFEDBpykFiZfpIB1Z0VQEBPV0EAJ65XnrutwZ7isTcGOXrb2Va
+vnsL020c58qHrcpPXFQczp/R6Woh8xYEJdM0CZL+ulDtuODv5ZtZhhy3ZgpKLOk/
+397IWrQDHZwXMIGLxzYN1S6zMTI929fplK9cyRHln3Rstt4fbrLNpyfIXUx0PTC0
+Cp205yzrEcKt/IqX/sKYiQCVAwUQMGnHUAQmfXmOCknRAQEJRwP/SARfkEKPKx9U
+2NEcuJvHC/jpqoUZ/gUQP9nIkRuMLqzO3SraPM4ZlSEyzJg2qagJJ2PaYYN3YAbT
+UfElGpWmS9oy/k7hdg68L2hBPC/z7kRXQF7Ydn4l+X1enKXtMb7cKVBelQfbULmy
+6JY5MSx7Grtrdi91QsQuq2VCkGimJqeJAJUDBRAwZ/3ro2xF3nu86kkBAXyeA/0Z
+MXHkn7nuf1KwhIL/fYaV4zLSDeUclOuO1afEg63bwNNcj1XE6ZpEiHTTY8kbx3Z6
+wWrXsNfEl/rQzjezXgX/py38+YHamyAhrJpb7UyPUW0EBSvhwqx8ZnK1wqqsegy9
+KnutkeF+BXL/EswooKab5zvF1glKBuJyunCrUgG4MYkAlQMFEDBn/C87f8e8znZr
+HwEBH5YD/jtnDovJRAdHQeqKQFma7W9N+Abqx5q3/3dXzPaQDzR/74VsqKwnDOrF
+TMnbsREUCA51tM8ZbC4J5aSzN3tNIFXN+gCixT/8fVxshQuYP2O/sMuHqVDH5FQR
+2UPvORSJWSaFTbfgCOfNbHV18uKDmImiYATWouyS9uLWTlNEjdK3iQCVAwUQMGai
+rFiXq3zaXLJBAQF6QgQA0p/HnqrN5UJr14iJziPYVekkLmdhQ5x1KE+SEpakNkzE
+0dPlL+DKpkW2Ay+puopwOzGa2wWOkcmvtBfWUoFhMDMZS1I86BvYGIlsfAd8rcYf
+pN8qo0e32tgRG8Ftp6TIQQFLwOxVzDVlOCL+AgFI3zc2Qsm5zT2L+ceD3f2F2veJ
+AHUCBRAvzCraaA8r0KMuYqEBAW/UAv9sv6+2UbrUO2a7z+S/keQ+I5Wp+KiZRgjU
+58XRqYlQ0qAFp2F1snjRAYy6GFceVbJvj8ydK3hq6OfADywqG1Eq0kcq+OMt/4tO
+Z0yiXbCegrTvaUukW6ZftonelLXhpSCJAJUDBRAviXcRE9wTBKB3hqEBAW36A/9m
+x57+4pe+0zEbkNIKAqmdT2n1AZXiCc/1sLJ1D5uuZ6kS4xK6P1z9UXMeVgtekmz1
+mF8JuM265VHKNAhWPclur2zhfDKHFz5DTGCUxSGObXzJwnw8+CTHh7wV3NxK5l9o
+UjqEfQSvsl6H/wc7KspKWyqsZk7LQcYC4o5ZAo/5kIkAlQMFEC+IFuvKbyuD/AwC
+1QEBoS8D/RmXEJrUpr/oFAzFozP7F1sM91xtye2lzK4RGbYUxjlrZs6vWPhGmJzf
+NzX5D03plADkUk6la8cHTFdTDls2jpobVUAeuZXnWOYhRhUnL4NOZdl6Vr2cYd+I
+zfdG9220Oy+jHodN7+16j5/M/ezoxBpZJwsPHfdF7NVOZVIGTbZZiQCVAwUQL30a
+Z9yA8qbVMny5AQEnOwP7BphCYkobRu0ZTT4ZROD5tExJ8IbBv2n29vCddAg+VCuw
+XwGjObwjIUZbGx8pPx1GWOqYATAouFoWBh0WueWK5h+ZUzD6dKl2lMNUTQ3h3uF3
+yZM35YK9jSDrH2u/W4E8orqU+BahkeyRvM0vCINdnm88p2hIIIiLdpCQJB37qrGJ
+AJUCBRAubfYWwMf8FvAPBCEBAVmrA/9xJIGybDPjmtnwc/k2FRbEJQbVkyZq+nja
+aeE5si/TdvrzS580zGnye9uABdRbAKceOa91Rm/OEtmzeDjFPJ/pdcZ13FUDNBlQ
+Shyt4P3abOb24kiL67MwJy+70Wbg+C71O7Hed2NVqFUEtkSg2hlV09kCxr4+aQIR
+fQYVcr7R+YkAlQIFEC5t9dpsodCHBnntkQEBh5oD/1ozk6LmRoT0qN9VHDFKnJzZ
+RagTBfA3JpsxWmnkdOpmMSeb+f7SCwH+FwtRYNLX+8Z54/dR8esPNy08FfDNGz6U
+C2Eu4eLy330wei8QtfLdytcSIij2OJRJetg9xrzw5H7h2Hia3oWJ2CzHFmH2YWEx
+QvYhDAIWTwektUQLYl+viQCVAgUQLmrlqOMR7qLvJ+dxAQGt3QP/WDFIlcxrgy1B
+uxgvT9CkSjjJgKzV1D8z8iodPLul9s+1WxUGYTIYvdN67QXREYLV7yh0YRdBNVBr
+NdtKutstdsbW/y6LHed4Id+sBuK4Y7OAN38mtjuaOpZLFGm8ex15KVvRJb/77u7y
+LOixdFS7DpiSnaXoZpxC9vFMmm2R1Iu0JHdpZXRzZSB2ZW5lbWEgPHdpZXRzZUBw
+b3JjdXBpbmUub3JnPokAlQMFEDTZBvTcgPKm1TJ8uQEBoRMD/RkjT4YtF/ltBN+V
+eCLv272pxZo38JJZEGyWg4QTHXYQ7ayVc22RL3vQLEMRISvZnvl6pe2UMzgI8jOH
+NWhTtvrKuvR/M/nvqTpFf8lp0SiF/ZVVeGCaSmS1Eoyp1dk76qPRCl6RcI6bTv2F
+NT2RRKl3v4t4iEXnEjiyS6irzd2b
+=o1uH
+-----END PGP PUBLIC KEY BLOCK-----
diff -Nru postfix-3.1.14/debian/watch postfix-3.1.15/debian/watch
--- postfix-3.1.14/debian/watch 2019-10-01 19:28:04.000000000 -0400
+++ postfix-3.1.15/debian/watch 2020-02-16 14:53:17.000000000 -0500
@@ -1,3 +1,3 @@
version=3
-opts=pasv ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-(3.1[\d+\.]+)\.tar\.gz
+opts=pasv,pgpsigurlmangle=s/$/.gpg2/ ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-(3.1[\d+\.]+)\.tar\.gz
diff -Nru postfix-3.1.14/HISTORY postfix-3.1.15/HISTORY
--- postfix-3.1.14/HISTORY 2019-09-21 11:55:11.000000000 -0400
+++ postfix-3.1.15/HISTORY 2020-02-02 12:43:43.000000000 -0500
@@ -22559,3 +22559,31 @@
Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
error. File: postscreen/postscreen_smtpd.c.
+
+20191014
+
+ Bugfix (introduced: Postfix 2.8): don't gratuitously enable
+ all after-220 tests when only one such test is enabled.
+ This made selective tests impossible with 'good' clients.
+ File: postscreen/postscreen_smtpd.c.
+
+20191214
+
+ Bugfix (introduced: Postfix 3.1): support for
+ smtp_dns_resolver_options was broken while adding support
+ for negative DNS response caching in postscreen. Postfix
+ was inadvertently changed to call res_query() instead of
+ res_search(). Reported by Jaroslav Skarvada. File:
+ dns/dns_lookup.c.
+
+ Bugfix (introduced: Postfix 3.0): sanitize server responses
+ before storing them in the verify database, to avoid Postfix
+ warnings about malformed UTF8. File: verify/verify.c.
+
+20200115
+
+ Bugfix (introduced: Postfix 2.5): the Milter connect event
+ macros were evaluated before the Milter connection itself
+ had been negotiated. Problem reported by David Bürgin.
+ Files: milter/milter.h, milter/milter.c, milter/milter8.c
+
diff -Nru postfix-3.1.14/src/dns/dns_lookup.c postfix-3.1.15/src/dns/dns_lookup.c
--- postfix-3.1.14/src/dns/dns_lookup.c 2017-12-20 20:50:28.000000000 -0500
+++ postfix-3.1.15/src/dns/dns_lookup.c 2019-12-15 11:10:55.000000000 -0500
@@ -396,7 +396,7 @@
if (keep_notfound)
/* Prepare for returning a null-padded server reply. */
memset(answer, 0, anslen);
- len = res_query(name, class, type, answer, anslen);
+ len = res_search(name, class, type, answer, anslen);
/* Begin API creep workaround. */
if (len < 0 && h_errno == 0) {
SET_H_ERRNO(TRY_AGAIN);
diff -Nru postfix-3.1.14/src/global/mail_version.h postfix-3.1.15/src/global/mail_version.h
--- postfix-3.1.14/src/global/mail_version.h 2019-09-21 12:25:29.000000000 -0400
+++ postfix-3.1.15/src/global/mail_version.h 2020-02-02 15:09:19.000000000 -0500
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190921"
-#define MAIL_VERSION_NUMBER "3.1.14"
+#define MAIL_RELEASE_DATE "20200203"
+#define MAIL_VERSION_NUMBER "3.1.15"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -Nru postfix-3.1.14/src/milter/milter8.c postfix-3.1.15/src/milter/milter8.c
--- postfix-3.1.14/src/milter/milter8.c 2015-01-26 15:04:15.000000000 -0500
+++ postfix-3.1.15/src/milter/milter8.c 2020-02-02 12:43:12.000000000 -0500
@@ -1916,15 +1916,6 @@
#define STR_NE(x,y) (strcmp((x), (y)) != 0)
/*
- * XXX Sendmail 8 libmilter closes the MTA-to-filter socket when it finds
- * out that the SMTP client has disconnected. Because of this, Postfix
- * has to open a new MTA-to-filter socket for each SMTP client.
- */
-#ifdef LIBMILTER_AUTO_DISCONNECT
- milter8_connect(milter);
-#endif
-
- /*
* Report the event.
*/
switch (milter->state) {
@@ -2833,6 +2824,10 @@
/*
* Fill in the structure. Note: all strings must be copied.
+ *
+ * XXX Sendmail 8 libmilter closes the MTA-to-filter socket when it finds
+ * out that the SMTP client has disconnected. Because of this, Postfix
+ * has to open a new MTA-to-filter socket for each SMTP client.
*/
milter = (MILTER8 *) mymalloc(sizeof(*milter));
milter->m.name = mystrdup(name);
@@ -2840,6 +2835,11 @@
milter->m.next = 0;
milter->m.parent = parent;
milter->m.macros = 0;
+#ifdef LIBMILTER_AUTO_DISCONNECT
+ milter->m.connect_on_demand = (void (*) (struct MILTER *)) milter8_connect;
+#else
+ milter->m.connect_on_demand = 0;
+#endif
milter->m.conn_event = milter8_conn_event;
milter->m.helo_event = milter8_helo_event;
milter->m.mail_event = milter8_mail_event;
diff -Nru postfix-3.1.14/src/milter/milter.c postfix-3.1.15/src/milter/milter.c
--- postfix-3.1.14/src/milter/milter.c 2017-02-21 17:32:57.000000000 -0500
+++ postfix-3.1.15/src/milter/milter.c 2020-02-02 12:43:12.000000000 -0500
@@ -417,6 +417,8 @@
if (msg_verbose)
msg_info("report connect to all milters");
for (resp = 0, m = milters->milter_list; resp == 0 && m != 0; m = m->next) {
+ if (m->connect_on_demand != 0)
+ m->connect_on_demand(m);
any_macros = MILTER_MACRO_EVAL(global_macros, m, milters, conn_macros);
resp = m->conn_event(m, client_name, client_addr, client_port,
addr_family, any_macros);
diff -Nru postfix-3.1.14/src/milter/milter.h postfix-3.1.15/src/milter/milter.h
--- postfix-3.1.14/src/milter/milter.h 2016-01-23 19:44:00.000000000 -0500
+++ postfix-3.1.15/src/milter/milter.h 2020-02-02 12:43:12.000000000 -0500
@@ -35,6 +35,7 @@
struct MILTER *next; /* linkage */
struct MILTERS *parent; /* parent information */
struct MILTER_MACROS *macros; /* private macros */
+ void (*connect_on_demand) (struct MILTER *);
const char *(*conn_event) (struct MILTER *, const char *, const char *, const char *, unsigned, ARGV *);
const char *(*helo_event) (struct MILTER *, const char *, int, ARGV *);
const char *(*mail_event) (struct MILTER *, const char **, ARGV *);
diff -Nru postfix-3.1.14/src/postscreen/postscreen_smtpd.c postfix-3.1.15/src/postscreen/postscreen_smtpd.c
--- postfix-3.1.14/src/postscreen/postscreen_smtpd.c 2019-06-30 13:22:15.000000000 -0400
+++ postfix-3.1.15/src/postscreen/postscreen_smtpd.c 2020-02-02 13:00:33.000000000 -0500
@@ -1127,16 +1127,18 @@
state->read_state = PSC_SMTPD_CMD_ST_ANY;
/*
- * Opportunistically make postscreen more useful by turning on the
- * pipelining and non-SMTP command tests when a pre-handshake test
- * failed, or when some deep test is configured as enabled.
+ * Disable all after-220 tests when we need to hang up immediately after
+ * reading the first SMTP client command.
*
- * XXX Make "opportunistically" configurable for each test.
+ * Opportunistically make postscreen more useful, by turning on all
+ * after-220 tests when a bad client failed a before-220 test.
+ *
+ * Otherwise, only apply the explicitly-configured after-220 tests.
*/
- if ((state->flags & PSC_STATE_FLAG_SMTPD_X21) == 0) {
- state->flags |= PSC_STATE_MASK_SMTPD_TODO;
- } else {
+ if (state->flags & PSC_STATE_FLAG_SMTPD_X21) {
state->flags &= ~PSC_STATE_MASK_SMTPD_TODO;
+ } else if (state->flags & PSC_STATE_MASK_ANY_FAIL) {
+ state->flags |= PSC_STATE_MASK_SMTPD_TODO;
}
/*
diff -Nru postfix-3.1.14/src/verify/verify.c postfix-3.1.15/src/verify/verify.c
--- postfix-3.1.14/src/verify/verify.c 2016-02-13 20:08:52.000000000 -0500
+++ postfix-3.1.15/src/verify/verify.c 2019-12-14 20:15:46.000000000 -0500
@@ -389,6 +389,7 @@
|| STATUS_FROM_RAW_ENTRY(raw_data) != DEL_RCPT_STAT_OK) {
probed = 0;
updated = (long) time((time_t *) 0);
+ printable(STR(text), '?');
verify_make_entry(buf, addr_status, probed, updated, STR(text));
if (msg_verbose)
msg_info("PUT %s status=%d probed=%ld updated=%ld text=%s",
Reply to: