Bug 46636 - postfix: Multiple issues (4.3)
postfix: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P5 normal (vote)
: UCS 4.3-0-errata
Assigned To: Philipp Hahn
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-13 17:30 CET by Philipp Hahn
Modified: 2018-05-16 17:04 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 0.0 ()


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-03-13 17:30:22 CET
New Debian postfix 3.1.8-0+deb9u1 fixes:
This update addresses the following issues:
* Rewrite debian/postfix-instance-generator to avoid use of postmulti to fix
  failures when inet_interfaces != all.
* DANE support. Postfix builds with OpenSSL 1.0.0 or 1.0.1 failed to send
  email to some sites with "TLSA 2 X X" records associated with an
  intermediate CA certificate.
* Missing dynamicmaps support in the Postfix sendmail command broke
  authorized_submit_users with a dynamically-loaded map type.
* Do not log warnings that some restriction returns OK, when the access map
  DISCARD feature is in effect.
* The DB_CONFIG bugfix broke Berkeley DB configurations with a relative
  pathname.
* Reportedly, some res_query(3) implementation can return -1 with h_errno==0.
  Instead of terminating with a panic, the Postfix DNS client now logs a
  warning and sets h_errno to TRY_AGAIN.
* Missing mailbox seek-to-end error check in the local(8) delivery agent.
* Incorrect mailbox seek-to-end error message in the virtual(8) delivery
  agent.
Comment 1 Philipp Hahn univentionstaff 2018-03-13 17:35:12 CET
[4.3-0] aaabf31243 Bug #46636: postfix_3.1.8-0+deb9u1
Comment 2 Quality Assurance univentionstaff 2018-05-04 16:44:10 CEST
--- mirror/ftp/4.3/unmaintained/4.3-0/source/postfix_3.1.6-0+deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-0/source/postfix_3.1.8-0+deb9u1.dsc
@@ -1,3 +1,41 @@
+3.1.8-0+deb9u1 [Fri, 23 Feb 2018 17:29:10 -0500] Scott Kitterman <scott@kitterman.com>:
+
+    [Scott Kitterman]
+
+  * Rewrite debian/postfix-instance-generator to avoid use of postmulti to fix
+    failures when inet_interfaces != all.  Closes: #882141
+  * Refresh patches
+  * Add postfix 3.1 specific watch file
+
+    [Wietse Venema]
+
+  * 3.1.7
+    - Bugfix (introduced: Postfix 3.1): DANE support. Postfix
+      builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to
+      some sites with "TLSA 2 X X" records associated with an
+      intermediate CA certificate. Problem report and initial
+      fix by Erwan Legrand. File: src/tls/tls_dane.c.
+    - Bugfix (introduced: Postfix 3.0) missing dynamicmaps support
+      in the Postfix sendmail command broke authorized_submit_users
+      with a dynamically-loaded map type. File: sendmail/sendmail.c. 
+  * 3.1.8
+    - Bugfix (introduced: Postfix 2.1): don't log warnings
+      that some restriction returns OK, when the access map
+      DISCARD feature is in effect. File: smtpd/smtpd_check.c.
+    - Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
+      Berkeley DB configurations with a relative pathname.  File:
+      util/dict_db.c. Closes: #879200
+    - Workaround: reportedly, some res_query(3) implementation
+      can return -1 with h_errno==0. Instead of terminating with
+      a panic, the Postfix DNS client now logs a warning and sets
+      h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
+    - Documentation patches by Sven Neuhaus. Files:
+      proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html.
+    - Cleanup: missing mailbox seek-to-end error check in the
+      local(8) delivery agent. File: local/mailbox.c.
+    - Cleanup: incorrect mailbox seek-to-end error message in the
+      virtual(8) delivery agent. File: virtual/mailbox.c.
+
 3.1.6-0+deb9u1 [Wed, 27 Sep 2017 00:56:28 -0400] Scott Kitterman <scott@kitterman.com>:
 
     [Wietse Venema]
Comment 3 Arvid Requate univentionstaff 2018-05-15 11:24:43 CEST
* No UCS specific patches
* Comparison to previously shipped version ok
* Binary package update Ok
* Jenkins Mail tests ok
* Advisory Ok
Comment 4 Arvid Requate univentionstaff 2018-05-16 17:04:10 CEST
<http://errata.software-univention.de/ucs/4.3/68.html>