Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package postfix
About the time we were switching to postfix 3.4 in Buster there were a series
of bug reports/updates from upstream. The first one (3.4.1 was caught in the
transition from experimental to unstable/buster. I decided to wait and see
how things went upstream before uploading/asking for another unblock.
It looks like things have calmed down, so I'd like to get 3.4.4 into buster to
address several bugs, two of which are significant. Since this is a post-
freeze bugfix update, I've taken to using the same level of detail in debian/
changelog that I've used for the stretch pu uploads that we've been doing
(3.1.6, 3.1.8, and 3.1.9).
These are all good bug fixes to have. The broken DANE trust anchor file
support is a serious regression in it's own right and the
reject_multi_recipient_bounce bug, while not new, seems to be more frequent or
more visible with BDAT.
Thanks for considering,
Scott K
unblock postfix/3.4.4-1
diff -Nru postfix-3.4.1/debian/changelog postfix-3.4.4/debian/changelog
--- postfix-3.4.1/debian/changelog 2019-03-07 21:51:20.000000000 -0500
+++ postfix-3.4.4/debian/changelog 2019-03-24 15:35:12.000000000 -0400
@@ -1,3 +1,31 @@
+postfix (3.4.4-1) unstable; urgency=medium
+
+ [Wietse Venema]
+
+ * 3.4.2
+ - Bugfix (introduced: 20181226): broken DANE trust anchor
+ file support, caused by left-over debris from the 20181226
+ TLS library overhaul. Scott Kitterman. File: tls/tls_dane.c.
+ Closes: #924183
+ - Bugfix (introduced: Postfix-1.0.1): null pointer read, while
+ logging a warning after a corrupted bounce log file. File:
+ global/bounce_log.c.
+ - Bugfix (introduced: Postfix-2.9.0): null pointer read, while
+ logging a warning after a postscreen_command_filter read
+ error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
+ * 3.4.3
+ - Bitrot: LINUX5s support, after some sanity checks with a
+ rawhide prerelease version. Files: makedefs, util/sys_defs.h.
+ Closes: #922477
+ * 3.4.4
+ - Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
+ has been producing false rejects starting with the Postfix
+ 2.2 smtpd_end_of_data_restrictons, and for the same reasons,
+ does the same with the Postfix 3.4 BDAT command. The latter
+ was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
+
+ -- Scott Kitterman <sc...@kitterman.com> Sun, 24 Mar 2019 15:28:00 -0400
+
postfix (3.4.1-1) unstable; urgency=medium
[Scott Kitterman]
diff -Nru postfix-3.4.1/HISTORY postfix-3.4.4/HISTORY
--- postfix-3.4.1/HISTORY 2019-03-07 19:08:17.000000000 -0500
+++ postfix-3.4.4/HISTORY 2019-03-14 19:57:12.000000000 -0400
@@ -24169,3 +24169,29 @@
the same filename for a private key and certificate. Reported
by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
test. Files: tls/tls_certkey.c, tls/Makefile.in.
+
+20190310
+
+ Bitrot: LINUX5s support, after some sanity checks with a
+ rawhide prerelease version. Files: makedefs, util/sys_defs.h.
+
+ Bugfix (introduced: 20181226): broken DANE trust anchor
+ file support, caused by left-over debris from the 20181226
+ TLS library overhaul. By intrigeri. File: tls/tls_dane.c.
+
+ Bugfix (introduced: Postfix-1.0.1): null pointer read, while
+ logging a warning after a corrupted bounce log file. File:
+ global/bounce_log.c.
+
+ Bugfix (introduced: Postfix-2.9.0): null pointer read, while
+ logging a warning after a postscreen_command_filter read
+ error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
+
+20190312
+
+ Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
+ has been producing false rejects starting with the Postfix
+ 2.2 smtpd_end_of_data_restrictons, and for the same reasons,
+ does the same with the Postfix 3.4 BDAT command. The latter
+ was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
+
diff -Nru postfix-3.4.1/makedefs postfix-3.4.4/makedefs
--- postfix-3.4.1/makedefs 2019-02-10 18:11:21.000000000 -0500
+++ postfix-3.4.4/makedefs 2019-03-10 19:42:59.000000000 -0400
@@ -557,7 +557,7 @@
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC-gcc} -shared"}
;;
- Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR
+ Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
case "$CCARGS" in
*-DNO_DB*) ;;
*-DHAS_DB*) ;;
diff -Nru postfix-3.4.1/src/global/bounce_log.c postfix-3.4.4/src/global/bounce_log.c
--- postfix-3.4.1/src/global/bounce_log.c 2014-12-06 20:35:33.000000000 -0500
+++ postfix-3.4.4/src/global/bounce_log.c 2019-03-10 17:08:20.000000000 -0400
@@ -264,7 +264,7 @@
recipient = cp + 1;
if ((cp = strstr(recipient, ">: ")) == 0) {
msg_warn("%s: malformed record: %.30s...",
- VSTREAM_PATH(bp->fp), cp);
+ VSTREAM_PATH(bp->fp), recipient - 1);
continue;
}
*cp = 0;
diff -Nru postfix-3.4.1/src/global/mail_version.h postfix-3.4.4/src/global/mail_version.h
--- postfix-3.4.1/src/global/mail_version.h 2019-03-07 19:08:42.000000000 -0500
+++ postfix-3.4.4/src/global/mail_version.h 2019-03-14 19:53:55.000000000 -0400
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190307"
-#define MAIL_VERSION_NUMBER "3.4.1"
+#define MAIL_RELEASE_DATE "20190314"
+#define MAIL_VERSION_NUMBER "3.4.4"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -Nru postfix-3.4.1/src/postscreen/postscreen_smtpd.c postfix-3.4.4/src/postscreen/postscreen_smtpd.c
--- postfix-3.4.1/src/postscreen/postscreen_smtpd.c 2018-09-03 18:49:28.000000000 -0400
+++ postfix-3.4.4/src/postscreen/postscreen_smtpd.c 2019-03-10 15:41:51.000000000 -0400
@@ -939,7 +939,8 @@
vstring_strcpy(state->cmd_buffer, cp);
} else if (psc_cmd_filter->error != 0) {
msg_fatal("%s:%s lookup error for \"%.100s\"",
- psc_cmd_filter->type, psc_cmd_filter->name, cp);
+ psc_cmd_filter->type, psc_cmd_filter->name,
+ STR(state->cmd_buffer));
}
}
diff -Nru postfix-3.4.1/src/smtpd/smtpd_check.c postfix-3.4.4/src/smtpd/smtpd_check.c
--- postfix-3.4.1/src/smtpd/smtpd_check.c 2018-08-23 09:44:18.000000000 -0400
+++ postfix-3.4.4/src/smtpd/smtpd_check.c 2019-03-12 08:28:20.000000000 -0400
@@ -4583,7 +4583,7 @@
status = check_recipient_rcpt_maps(state, state->recipient);
} else if (strcasecmp(name, REJECT_MUL_RCPT_BOUNCE) == 0) {
if (state->sender && *state->sender == 0 && state->rcpt_count
- > (strcmp(state->where, SMTPD_CMD_DATA) ? 0 : 1))
+ > (strcmp(state->where, SMTPD_CMD_RCPT) != 0))
status = smtpd_check_reject(state, MAIL_ERROR_POLICY,
var_mul_rcpt_code, "5.5.3",
"<%s>: %s rejected: Multi-recipient bounce",
diff -Nru postfix-3.4.1/src/tls/tls_dane.c postfix-3.4.4/src/tls/tls_dane.c
--- postfix-3.4.1/src/tls/tls_dane.c 2019-02-09 20:22:14.000000000 -0500
+++ postfix-3.4.4/src/tls/tls_dane.c 2019-03-10 15:26:20.000000000 -0400
@@ -1125,7 +1125,6 @@
int tls_dane_load_trustfile(TLS_DANE *dane, const char *tafile)
{
-#ifdef TRUST_ANCHOR_SUPPORT
BIO *bp;
char *name = 0;
char *header = 0;
@@ -1217,9 +1216,6 @@
}
/* Some other PEM read error */
tls_print_errors();
-#else
- msg_warn("Trust anchor files not supported");
-#endif
return (0);
}
diff -Nru postfix-3.4.1/src/util/sys_defs.h postfix-3.4.4/src/util/sys_defs.h
--- postfix-3.4.1/src/util/sys_defs.h 2018-03-04 14:01:27.000000000 -0500
+++ postfix-3.4.4/src/util/sys_defs.h 2019-03-10 12:58:04.000000000 -0400
@@ -749,7 +749,7 @@
/*
* LINUX.
*/
-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4)
+#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
#define SUPPORTED
#define UINT32_TYPE unsigned int
#define UINT16_TYPE unsigned short
