Version in base suite: 3.4.7-0+deb10u1 Base version: postfix_3.4.7-0+deb10u1 Target version: postfix_3.4.8-0+10debu1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/postfix/postfix_3.4.7-0+deb10u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/p/postfix/postfix_3.4.8-0+10debu1.dsc HISTORY | 26 ++++++++++++++++++++++++++ debian/changelog | 34 ++++++++++++++++++++++++++++++++++ debian/init.d | 13 +++---------- src/global/mail_version.h | 4 ++-- src/postscreen/postscreen_smtpd.c | 22 ++++++++++++++-------- src/tls/tls_certkey.c | 3 +-- 6 files changed, 80 insertions(+), 22 deletions(-) diff -Nru postfix-3.4.7/HISTORY postfix-3.4.8/HISTORY --- postfix-3.4.7/HISTORY 2019-09-21 15:57:46.000000000 +0000 +++ postfix-3.4.8/HISTORY 2019-11-11 23:01:20.000000000 +0000 @@ -24293,3 +24293,29 @@ https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59 changed the error status, incompatibly, from SSL_ERROR_NONE into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c. + +20191014 + + Bugfix (introduced: Postfix 2.8): don't gratuitously enable + all after-220 tests when only one such test is enabled. + This made selective tests impossible with 'good' clients. + File: postscreen/postscreen_smtpd.c. + + Bugfix: the 20180903 postscreen fix for a misleading + "PIPELINING after BDAT" warning looked at the wrong variable. + The warning now says "BDAT without valid RCPT", and the + error is no longer treated as a command PIPELINING error + (but sending BDAT is still a client error, because postscreen + rejects all RCPT commands and does not announce PIPELINING + support). File: postscreen/postscreen_smtpd.c. + +20191109 + + Usability: the parser for key/certificate chain files + rejected inputs that contain an EC PARAMETERS object. While + this is technically correct (the documentation says what + types are allowed) this is surprising behavior because the + legacy cert/key parameters will accept such inputs. For + now, the parser skips object types that it does not know + about for usability, and logs a warning because ignoring + inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c. diff -Nru postfix-3.4.7/debian/changelog postfix-3.4.8/debian/changelog --- postfix-3.4.7/debian/changelog 2019-10-01 23:21:59.000000000 +0000 +++ postfix-3.4.8/debian/changelog 2020-01-15 14:05:50.000000000 +0000 @@ -1,3 +1,37 @@ +postfix (3.4.8-0+10debu1) buster; urgency=medium + + [Scott Kitterman] + + * Refactor running status detection in sysv init based on upstream + postfix-script so it works in docker. Closes: #941293 + + [Wietse Venema] + + * 3.4.8 + - Bugfix (introduced: Postfix 2.8): don't gratuitously enable + all after-220 tests when only one such test is enabled. + This made selective tests impossible with 'good' clients. + File: postscreen/postscreen_smtpd.c. + + - Bugfix: the 20180903 postscreen fix for a misleading + "PIPELINING after BDAT" warning looked at the wrong variable. + The warning now says "BDAT without valid RCPT", and the + error is no longer treated as a command PIPELINING error + (but sending BDAT is still a client error, because postscreen + rejects all RCPT commands and does not announce PIPELINING + support). File: postscreen/postscreen_smtpd.c. + + - Usability: the parser for key/certificate chain files + rejected inputs that contain an EC PARAMETERS object. While + this is technically correct (the documentation says what + types are allowed) this is surprising behavior because the + legacy cert/key parameters will accept such inputs. For + now, the parser skips object types that it does not know + about for usability, and logs a warning because ignoring + inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c. + + -- Scott Kitterman Wed, 15 Jan 2020 09:05:50 -0500 + postfix (3.4.7-0+deb10u1) buster; urgency=medium [Wietse Venema] diff -Nru postfix-3.4.7/debian/init.d postfix-3.4.8/debian/init.d --- postfix-3.4.7/debian/init.d 2019-10-01 23:21:45.000000000 +0000 +++ postfix-3.4.8/debian/init.d 2020-01-15 14:02:40.000000000 +0000 @@ -39,16 +39,9 @@ else POSTCONF="postmulti -i $INSTANCE -x postconf" fi - - queue=$($POSTCONF -hx queue_directory 2>/dev/null || echo /var/spool/postfix) - daemondir=$($POSTCONF -hx daemon_directory 2>/dev/null || echo /usr/lib/postfix/sbin) - if [ -f ${queue}/pid/master.pid ]; then - pid=$(sed 's/ //g' ${queue}/pid/master.pid) - # what directory does the executable live in. stupid prelink systems. - dir=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* -> //; s/\/[^\/]*$//') - if [ "X$dir" = "X${daemondir}" ]; then - echo y - fi + daemon_directory=$($POSTCONF -hx daemon_directory 2>/dev/null || echo /usr/lib/postfix/sbin) + if ! $daemon_directory/master -t 2>/dev/null ; then + echo y fi } diff -Nru postfix-3.4.7/src/global/mail_version.h postfix-3.4.8/src/global/mail_version.h --- postfix-3.4.7/src/global/mail_version.h 2019-09-21 16:24:58.000000000 +0000 +++ postfix-3.4.8/src/global/mail_version.h 2019-11-24 20:40:32.000000000 +0000 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190921" -#define MAIL_VERSION_NUMBER "3.4.7" +#define MAIL_RELEASE_DATE "20191124" +#define MAIL_VERSION_NUMBER "3.4.8" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -Nru postfix-3.4.7/src/postscreen/postscreen_smtpd.c postfix-3.4.8/src/postscreen/postscreen_smtpd.c --- postfix-3.4.7/src/postscreen/postscreen_smtpd.c 2019-03-10 19:41:51.000000000 +0000 +++ postfix-3.4.8/src/postscreen/postscreen_smtpd.c 2019-11-11 22:51:04.000000000 +0000 @@ -591,6 +591,8 @@ * never see DATA from a legitimate client, because 1) the server rejects * every recipient, and 2) the server does not announce PIPELINING. */ + msg_info("DATA without valid RCPT from [%s]:%s", + PSC_CLIENT_ADDR_PORT(state)); if (PSC_SMTPD_NEXT_TOKEN(args) != 0) PSC_CLEAR_EVENT_DROP_SESSION_STATE(state, psc_smtpd_time_event, @@ -620,6 +622,8 @@ * client, because 1) the server rejects every recipient, and 2) the * server does not announce PIPELINING. */ + msg_info("BDAT without valid RCPT from [%s]:%s", + PSC_CLIENT_ADDR_PORT(state)); if (state->ehlo_discard_mask & EHLO_MASK_CHUNKING) PSC_CLEAR_EVENT_DROP_SESSION_STATE(state, psc_smtpd_time_event, @@ -1033,7 +1037,7 @@ } } /* Command PIPELINING test. */ - if ((state->flags & PSC_SMTPD_CMD_FLAG_HAS_PAYLOAD) == 0 + if ((cmdp->flags & PSC_SMTPD_CMD_FLAG_HAS_PAYLOAD) == 0 && (state->flags & PSC_STATE_MASK_PIPEL_TODO_SKIP) == PSC_STATE_FLAG_PIPEL_TODO && !PSC_SMTPD_BUFFER_EMPTY(state)) { printable(command, '?'); @@ -1172,16 +1176,18 @@ state->read_state = PSC_SMTPD_CMD_ST_ANY; /* - * Opportunistically make postscreen more useful by turning on the - * pipelining and non-SMTP command tests when a pre-handshake test - * failed, or when some deep test is configured as enabled. + * Disable all after-220 tests when we need to reply with 421 and hang up + * after reading the next SMTP client command. * - * XXX Make "opportunistically" configurable for each test. + * Opportunistically make postscreen more useful, by turning on all + * after-220 tests when a bad client failed a before-220 test. + * + * Otherwise, only apply the explicitly-configured after-220 tests. */ - if ((state->flags & PSC_STATE_FLAG_SMTPD_X21) == 0) { - state->flags |= PSC_STATE_MASK_SMTPD_TODO; - } else { + if (state->flags & PSC_STATE_FLAG_SMTPD_X21) { state->flags &= ~PSC_STATE_MASK_SMTPD_TODO; + } else if (state->flags & PSC_STATE_MASK_ANY_FAIL) { + state->flags |= PSC_STATE_MASK_SMTPD_TODO; } /* diff -Nru postfix-3.4.7/src/tls/tls_certkey.c postfix-3.4.8/src/tls/tls_certkey.c --- postfix-3.4.7/src/tls/tls_certkey.c 2019-03-07 23:57:10.000000000 +0000 +++ postfix-3.4.8/src/tls/tls_certkey.c 2019-11-10 01:54:25.000000000 +0000 @@ -413,8 +413,7 @@ && strcmp(name, PEM_STRING_DSA) == 0)) { load_pkey(st, pkey_type, buf, buflen); } else if (!st->mixed) { - msg_warn("error loading %s: unexpected PEM type: %s", st->source, name); - st->state = PEM_LOAD_STATE_NOGO; + msg_warn("loading %s: ignoring PEM type: %s", st->source, name); } OPENSSL_free(name); OPENSSL_free(header);