-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 Dec 2023 16:07:38 -0500 Source: postfix Architecture: source Version: 3.5.23-0+deb11u1 Distribution: bullseye Urgency: medium Maintainer: LaMont Jones <lamont@debian.org> Changed-By: Scott Kitterman <scott@kitterman.com> Closes: 1059230 Changes: postfix (3.5.23-0+deb11u1) bullseye; urgency=medium . [Wietse Venema] . * 3.5.19 - Portability: the EVP_get_digestbyname change broke OpenSSL 1.0.2 support. File: tls/tls.h. - Bugfix (introduced: Postfix 3.4): the posttls-finger command failed to detect that a connection was resumed in the case that a server did not return a certificate. Viktor Dukhovni. File: posttls-finger/posttls-finger.c. - Workaround: OpenSSL 3.x EVP_get_cipherbyname() can return lazily-bound handles. Postfix now checks that the expected functionality will be available instead of failing later. Fix by Viktor Dukhovni. File: tls/tls_server.c. - Bugfix (introduced: Postfix 3.5): check_ccert_access did not parse inline map specifications. Report and fix by Sean Gallagher. File: global/map_search.c. - Safety: the long form "{ name = value }" in import_environment or export_environment is not documented, but accepted, and it was stored in the process environment as the invalid form "name = value", thus not setting or overriding an entry for "name". This form is now stored as the expected "name=value". Found during code maintenance. Also refined the "missing attribute name" detection. Files: clean_env.c, split_nameval.c. - Bugfix (introduced: Postfix 3.2): the MySQL client could return "not found" instead of "error" during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. * 3.5.20 - Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple name=value entries with the same parameter name. It now logs a warning and skips the earlier update. Found during code maintenance. File: postconf/postconf_edit.c - Bugfix (defect introduced: Postfix 3.3): the command "postconf -M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. File: postconf/postconf_master.c. - Bugfix (defect introduced: Postfix 2.11): the command "postconf -M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. File: postconf/postconf_edit.c. - Bitrot: preliminary support for OpenSSL configuration files, primarily OpenSSL 1.1.1b and later. This introduces new parameters "tls_config_file" and "tls_config_name", which can be used to limit collateral damage from OS distributions that crank up security to 11, increasing the number of plaintext email deliveries. Details are in the postconf(5) manpage under "tls_config_file" and "tls_config_name". Viktor Dukhovni. Files: mantools/postlink, proto/postconf.proto, global/mail_params.h, posttls-finger/posttls-finger.c, smtp/smtp.c, smtp/smtp_proto.c, tls/tls_client.c, tls/tls.h, tls/tls_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h, tls/tls_server.c, tlsproxy/tlsproxy.c. - Cleanup: use TLS_CLIENT_PARAMS to pass the OpensSSL 'init' configurations. This information is independent from the client or server TLS context, and therefore does not belong in tls_*_init() or tls_*_start() calls. The tlsproxy(8) server uses TLS_CLIENT_PARAMS to report differences between its own global TLS settings, and those from its clients. Files: posttls-finger/posttls-finger.c, smtp/smtp.c, smtp/smtp_proto.c, tls/tls.h, tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h, tlsproxy/tlsproxy.c. - Cleanup: reverted cosmetic-only changes to minimize the patch footprint for OpenSSL INI file support; updated daemon manpages with the new tls_config_file and tls_config_name configuration parameters. Files: smtp/smtp.c, smtpd/smtpd.c, tls/tls_client.c, tls/tls.h, tls/tls_server.c, tlsproxy/tlsproxy.c, - Cleanup: made OpenSSL 'default' INI file support error handling consistent with OpenSSL default behavior. Viktor Dukhovni. Files: proto/postconf.proto, tls/tls_misc.c. - Backwards compatibility for stable releases that originally had no OpenSSL INI support. Skip the new OpenSSL INI support code, unless the Postfix configuration actually specifies non-default tls_config_xxx settings. File: tls/tls_misc.c. - Cleanup: added a multiple initialization guard in the tls_library_init() function, and made an initialization error sticky. File: tls/tls_misc.c. - Security: new parameter smtpd_forbid_unauth_pipelining (default: no) to disconnect remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. Files: global/mail_params.h, smtpd/smtpd.c, proto/postconf.proto. * 3.5.21 - Bugfix (bug introduced: 20140218): when opportunistic TLS fails during or after the handshake, don't require that a probe message spent a minimum time-in-queue before falling back to plaintext. Problem reported by Serg. File: smtp/smtp.h. - Bugfix (defect introduced: 19980207): the valid_hostname() check in the Postfix DNS client library was blocking unusual but legitimate wildcard names (*.name) in some DNS lookup results and lookup requests. Examples: name class/type value *.one.example IN CNAME *.other.example *.other.example IN A 10.0.0.1 *.other.example IN TLSA ..certificate info... Such syntax is blesed in RFC 1034 section 4.3.3. This problem was reported first in the context of TLSA record lookups. Files: util/valid_hostname.[hc], dns/dns_lookup.c. * 3.5.22 - Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix SMTP server was waiting for a client command instead of replying immediately, after a client certificate verification error in TLS wrappermode. Reported by Andreas Kinzler. File: smtpd/smtpd.c. - Usability: the Postfix SMTP server now attempts to log the SASL username after authentication failure. In Postfix logging, this appends ", sasl_username=xxx" after the reason for SASL authentication failure. The logging replaces an unavailable reason with "(reason unavailable)", and replaces an unavailable sasl_username with "(unavailable)". Based on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c, xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c. - Bugfix (defect introduced: Postfix 2.11): in forward_path, the expression ${recipient_delimiter} would expand to an empty string when a recipient address had no recipient delimiter. Fixed by restoring Postfix 2.10 behavior to use a configured recipient delimiter value. Reported by Tod A. Sandman. Files: proto/postconf.proto, local/local_expand.c. * 3.5.23 (Closes: #1059230) - Addresses CVE-2023-51764, requires configuration change - Security: with "smtpd_forbid_bare_newline = yes" (default "no" for Postfix < 3.9), reply with "Error: bare <LF> received" and disconnect when an SMTP client sends a line ending in <LF>, violating the RFC 5321 requirement that lines must end in <CR><LF>. This prevents SMTP smuggling attacks that target a recipient at a Postfix server. For backwards compatibility, local clients are excluded by default with "smtpd_forbid_bare_newline_exclusions = $mynetworks". Files: mantools/postlink, proto/postconf.proto, global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h, . [Scott Kitterman] . * Refresh patches Checksums-Sha1: 76d1a77ea4608eeb7d643db76c789b5e7b980a54 3039 postfix_3.5.23-0+deb11u1.dsc d3e41d90e76bd6ad845ecc71fd2105a3e09e6e58 4649997 postfix_3.5.23.orig.tar.gz cc9c887391f16058cf5c1a915d4b20452f6e864b 220 postfix_3.5.23.orig.tar.gz.asc 619eb5bff8d1059f5c252c37e2c9bec563ecec6b 211128 postfix_3.5.23-0+deb11u1.debian.tar.xz d038d955af8dcf0fda95b2d282080f4de9d656c9 7639 postfix_3.5.23-0+deb11u1_source.buildinfo Checksums-Sha256: 73ecce675283e37ae99de4c0b9cddd22b80fe300606c71e16278537ecf358c3f 3039 postfix_3.5.23-0+deb11u1.dsc 35fc0489ddc997cc83a835907e7deb9e725ca0f5bbce2c9d007634f8873b5b31 4649997 postfix_3.5.23.orig.tar.gz 76f3256c4a85e1bac0b0f6dd0dd98b058e30dde68916d93d95bc8c4849813360 220 postfix_3.5.23.orig.tar.gz.asc b141d0aabab7dd7463b11caa168f45f2fe654148f7ffe590c008a4d4a7f46c4b 211128 postfix_3.5.23-0+deb11u1.debian.tar.xz 0ffbf069b71deb167cebe1d07a0b17fbd26306b67195092336c8abd864fe5a5c 7639 postfix_3.5.23-0+deb11u1_source.buildinfo Files: 7c7058ff58950583b6f3cec6b77b53b1 3039 mail optional postfix_3.5.23-0+deb11u1.dsc bb925ee7ac13d061da049ed04bbe6fa5 4649997 mail optional postfix_3.5.23.orig.tar.gz 46ae7ea3bd6bfef63f5e6d7c80401b7c 220 mail optional postfix_3.5.23.orig.tar.gz.asc 9e7c56e4e13cd890167b49a7675daba3 211128 mail optional postfix_3.5.23-0+deb11u1.debian.tar.xz 4fc6ddcc7584e3c88feebc9a2b0b7b5e 7639 mail optional postfix_3.5.23-0+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmWLQNQACgkQeNfe+5rV mvGFcxAAxEHb/VHZ1475KpTQSLua3A9Cqe/IgLUcXQ2B2Ip3RcmTx05fMmbHB2Gr T3W+OtutEfoWUxo+dAI41/Sgu+OpKEebm2lDQdBzrrp2qeeunH3xK055Snr9p7CE Cph7H+Q6YbX3HqRHyB7uZI4XrdYzXropdUyUk31Y75tQJNRWK2JpdeMM5hRkIv6f c52JjcNtqRFQYfk39ZYzZuPl9am/tihXqwyZR/00IhMXOKleR0q9yd45UKokq+Dw 7rA/qE/LRD1Y62NB3uGppMB5/jtT6rGWoQfadF2mWcfWQ9qdmNR7t//uXNECt3Me 0qEiPgzhrvNEZ55ZEjdhZnKiQkfZDAFjCgD0oRryVG7q4WLiFHWGb298+RzxWlz2 8qzikP9W7Qk3xqHIv2uMhR877/sPJfAfgRnyrjySWePG8Rc2TYLlHZhBVPIjBe9d L5AocTgQCpqunMIXUZzsf9ug6Gr6YAQfEE5QIKvw4hIn7gu04STlFM0H7+LhS1Vc fD/oIE8ujkSyvAKb//lbP5jWjC/NFabvX1rOUgTCfYZIJSCWd5UysyqDV7AyoOkU gzyY1XKF/eGSYrzReM6SAIZUKvVs0dCwjVozcqMmMK47YkORXrdc53xYdLX7pXP1 yRUPiJT/Jd+43FdEhUkKOWaSLfRhQHFy7lFDtslTsKboi5VArkc= =0z0h -----END PGP SIGNATURE-----
