Bug#921475: stretch-pu: package postfix/3.1.9-0+deb9u1

[Scott Kitterman <debian@kitterman.com>]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

This update covers two types of changes:

 - Bug fixes released by upstream in postfix 3.1.9.  As has been the case
   in previous micro-releases the fixes are compact, low risk, and backed by
   postfix's upstream QA.  The release has been out upstream with no noted
   regressions (this is another one I haven't had time to package yet, but it
   deals with other issues, no regressions from 3.1.9).  Additionally, I've
   been running this release in production on one of my servers for two months
   with no problems.

 - Packaging fixes related to the systemd generator.  This has been a long-
   standing problem which affects certain configurations very significnatly.
   It has been in Unstable/Testing with no issues noted and I am no longer
   able to replicate the problems the bugs this close refer to.  For the users
   it affects, these are important fixes.

Please see the attached debdiff.  I have the package ready to upload.

Scott k

diff -Nru postfix-3.1.8/debian/changelog postfix-3.1.9/debian/changelog
--- postfix-3.1.8/debian/changelog	2018-02-23 17:29:18.000000000 -0500
+++ postfix-3.1.9/debian/changelog	2019-02-05 17:51:41.000000000 -0500
@@ -1,3 +1,35 @@
+postfix (3.1.9-0+deb9u1) stretch; urgency=medium
+
+    [Scott Kitterman]
+
+  * Unset inet_interfaces in postfix-instance-generator to avoid postconf
+    failures when the generator runs during boot (Thanks to Stefan Anders for
+    the patch).  Closes: #896155
+  * Also fix use of postmulti in debian/configure-instance.sh since
+    postfix-instance-generator uses it before the network is up.
+    Closes: #882141
+
+    [Wietse Venema]
+
+  * 3.1.9
+    - Cleanup: added 21 missing *_maps parameters to the default
+      proxy_read_maps setting. Files: global/mail_params.h.
+
+    - Bugfix (introduced: 20120117): postconf should scan only
+      built-in or service-defined parameters for ldap, *sql, etc.
+      database names. Files: postconf/postconf_user.c.
+
+    - Bugfix (introduced: 19990302): when luser_relay specifies
+      a non-existent local address, the luser_relay feature becomes
+      a black hole. Reported by Jørgen Thomsen. File: local/unknown.c.
+
+    - Bugfix (introduced: Postfix 2.8): missing tls_server_start()
+      error propagation in tlsproxy(8) resulting in segfault after
+      TLS handshake error. Found during code maintenance. File:
+      tlsproxy/tlsproxy.c.
+
+ -- Scott Kitterman <scott@kitterman.com>  Tue, 05 Feb 2019 17:50:21 -0500
+
 postfix (3.1.8-0+deb9u1) stretch; urgency=medium
 
     [Scott Kitterman]
diff -Nru postfix-3.1.8/debian/configure-instance.sh postfix-3.1.9/debian/configure-instance.sh
--- postfix-3.1.8/debian/configure-instance.sh	2018-02-23 02:31:37.000000000 -0500
+++ postfix-3.1.9/debian/configure-instance.sh	2019-02-05 17:48:40.000000000 -0500
@@ -17,9 +17,9 @@
 fi
 
 if [ "X$INSTANCE" = X ] || [ "X$INSTANCE" = "X-" ]; then
-	POSTCONF="postconf"
+	POSTCONF="postconf -o inet_interfaces="
 else
-	POSTCONF="postmulti -i $INSTANCE -x postconf"
+	POSTCONF="postconf -o inet_interfaces= -c /etc/$INSTANCE"
 fi
 
 # if you set myorigin to 'ubuntu.com' or 'debian.org', it's wrong, and annoys the admins of
diff -Nru postfix-3.1.8/debian/postfix-instance-generator postfix-3.1.9/debian/postfix-instance-generator
--- postfix-3.1.8/debian/postfix-instance-generator	2018-02-23 02:31:37.000000000 -0500
+++ postfix-3.1.9/debian/postfix-instance-generator	2019-02-05 17:46:37.000000000 -0500
@@ -9,7 +9,7 @@
 
 ln -s "$SERVICEFILE" "$WANTDIR/postfix@-.service"
 for DIR in $(postconf -h multi_instance_directories); do
-    ln -s "$SERVICEFILE" "$WANTDIR/postfix@$(postconf -hc $DIR multi_instance_name).service"
+    ln -s "$SERVICEFILE" "$WANTDIR/postfix@$(postconf -o inet_interfaces= -hc $DIR multi_instance_name).service"
 done
 
 exit 0
diff -Nru postfix-3.1.8/HISTORY postfix-3.1.9/HISTORY
--- postfix-3.1.8/HISTORY	2018-01-27 21:49:38.000000000 -0500
+++ postfix-3.1.9/HISTORY	2018-05-19 16:45:43.000000000 -0400
@@ -22398,3 +22398,25 @@
 
 	Cleanup: incorrect mailbox seek-to-end error message in the
 	virtual(8) delivery agent. File: virtual/mailbox.c.
+
+20180218
+
+	Cleanup: added 21 missing *_maps parameters to the default
+	proxy_read_maps setting. Files: global/mail_params.h.
+
+	Bugfix (introduced: 20120117): postconf should scan only
+	built-in or service-defined parameters for ldap, *sql, etc.
+	database names. Files: postconf/postconf_user.c.
+
+20180306
+
+	Bugfix (introduced: 19990302): when luser_relay specifies
+	a non-existent local address, the luser_relay feature becomes
+	a black hole. Reported by Jørgen Thomsen. File: local/unknown.c.
+
+20180422
+
+	Bugfix (introduced: Postfix 2.8): missing tls_server_start()
+	error propagation in tlsproxy(8) resulting in segfault after
+	TLS handshake error. Found during code maintenance. File:
+	tlsproxy/tlsproxy.c.
diff -Nru postfix-3.1.8/src/global/mail_params.h postfix-3.1.9/src/global/mail_params.h
--- postfix-3.1.8/src/global/mail_params.h	2016-08-20 09:17:27.000000000 -0400
+++ postfix-3.1.9/src/global/mail_params.h	2018-02-18 10:43:14.000000000 -0500
@@ -2350,7 +2350,28 @@
 				" $" VAR_HELO_CHECKS \
 				" $" VAR_MAIL_CHECKS \
 				" $" VAR_RELAY_CHECKS \
-				" $" VAR_RCPT_CHECKS
+				" $" VAR_RCPT_CHECKS \
+				" $" VAR_VRFY_SND_DEF_XPORT_MAPS \
+				" $" VAR_VRFY_RELAY_MAPS \
+				" $" VAR_VRFY_XPORT_MAPS \
+				" $" VAR_FBCK_TRANSP_MAPS \
+				" $" VAR_LMTP_EHLO_DIS_MAPS \
+				" $" VAR_LMTP_PIX_BUG_MAPS \
+				" $" VAR_LMTP_SASL_PASSWD \
+				" $" VAR_LMTP_TLS_POLICY \
+				" $" VAR_MAILBOX_CMD_MAPS \
+				" $" VAR_MBOX_TRANSP_MAPS \
+				" $" VAR_PSC_EHLO_DIS_MAPS \
+				" $" VAR_RBL_REPLY_MAPS \
+				" $" VAR_SND_DEF_XPORT_MAPS \
+				" $" VAR_SND_RELAY_MAPS \
+				" $" VAR_SMTP_EHLO_DIS_MAPS \
+				" $" VAR_SMTP_PIX_BUG_MAPS \
+				" $" VAR_SMTP_SASL_PASSWD \
+				" $" VAR_SMTP_TLS_POLICY \
+				" $" VAR_SMTPD_EHLO_DIS_MAPS \
+				" $" VAR_VIRT_GID_MAPS \
+				" $" VAR_VIRT_UID_MAPS
 extern char *var_proxy_read_maps;
 
 #define VAR_PROXY_WRITE_MAPS	"proxy_write_maps"
diff -Nru postfix-3.1.8/src/global/mail_version.h postfix-3.1.9/src/global/mail_version.h
--- postfix-3.1.8/src/global/mail_version.h	2018-01-27 08:01:13.000000000 -0500
+++ postfix-3.1.9/src/global/mail_version.h	2018-05-19 16:42:39.000000000 -0400
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20180127"
-#define MAIL_VERSION_NUMBER	"3.1.8"
+#define MAIL_RELEASE_DATE	"20180519"
+#define MAIL_VERSION_NUMBER	"3.1.9"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -Nru postfix-3.1.8/src/local/unknown.c postfix-3.1.9/src/local/unknown.c
--- postfix-3.1.8/src/local/unknown.c	2015-01-11 15:30:20.000000000 -0500
+++ postfix-3.1.9/src/local/unknown.c	2018-03-06 19:29:36.000000000 -0500
@@ -73,11 +73,14 @@
 #include <sent.h>
 #include <deliver_pass.h>
 #include <defer.h>
+#include <canon_addr.h>
 
 /* Application-specific. */
 
 #include "local.h"
 
+#define STREQ(x,y) (strcasecmp((x),(y)) == 0)
+
 /* deliver_unknown - delivery for unknown recipients */
 
 int     deliver_unknown(LOCAL_STATE state, USER_ATTR usr_attr)
@@ -85,6 +88,7 @@
     const char *myname = "deliver_unknown";
     int     status;
     VSTRING *expand_luser;
+    VSTRING *canon_luser;
     static MAPS *transp_maps;
     const char *map_transport;
 
@@ -139,8 +143,20 @@
     if (*var_luser_relay) {
 	state.msg_attr.unmatched = 0;
 	expand_luser = vstring_alloc(100);
+	canon_luser = vstring_alloc(100);
 	local_expand(expand_luser, var_luser_relay, &state, &usr_attr, (void *) 0);
-	status = deliver_resolve_addr(state, usr_attr, STR(expand_luser));
+	/* In case luser_relay specifies a domain-less address. */
+	canon_addr_external(canon_luser, vstring_str(expand_luser));
+	/* Assumes that the address resolver won't change the address. */
+	if (STREQ(vstring_str(canon_luser), state.msg_attr.rcpt.address)) {
+	    dsb_simple(state.msg_attr.why, "5.1.1",
+		       "unknown user: \"%s\"", state.msg_attr.user);
+	    status = bounce_append(BOUNCE_FLAGS(state.request),
+				   BOUNCE_ATTR(state.msg_attr));
+	} else {
+	    status = deliver_resolve_addr(state, usr_attr, STR(expand_luser));
+	}
+	vstring_free(canon_luser);
 	vstring_free(expand_luser);
 	return (status);
     }
@@ -149,8 +165,6 @@
      * If no alias was found for a required reserved name, toss the message
      * into the bit bucket, and issue a warning instead.
      */
-#define STREQ(x,y) (strcasecmp(x,y) == 0)
-
     if (STREQ(state.msg_attr.user, MAIL_ADDR_MAIL_DAEMON)
 	|| STREQ(state.msg_attr.user, MAIL_ADDR_POSTMASTER)) {
 	msg_warn("required alias not found: %s", state.msg_attr.user);
diff -Nru postfix-3.1.8/src/postconf/postconf_user.c postfix-3.1.9/src/postconf/postconf_user.c
--- postfix-3.1.8/src/postconf/postconf_user.c	2014-12-06 20:35:32.000000000 -0500
+++ postfix-3.1.9/src/postconf/postconf_user.c	2018-05-19 16:46:58.000000000 -0400
@@ -290,8 +290,13 @@
 	}
 	SCAN_USER_PARAMETER_VALUE(cparam_value, PCF_PARAM_FLAG_USER, local_scope);
 #ifdef LEGACY_DBMS_SUPPORT
-	pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter,
-				     local_scope);
+#define PCF_BUILTIN_PARAMETER(node) ((node)->flags & PCF_PARAM_FLAG_BUILTIN)
+#define PCF_SERVICE_PARAMETER(node) ((node)->flags & PCF_PARAM_FLAG_SERVICE)
+
+	if (node != 0
+	    && (PCF_BUILTIN_PARAMETER(node) || PCF_SERVICE_PARAMETER(node)))
+	    pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter,
+					 local_scope);
 #endif
     }
 }
diff -Nru postfix-3.1.8/src/postconf/test28.ref postfix-3.1.9/src/postconf/test28.ref
--- postfix-3.1.8/src/postconf/test28.ref	2013-01-07 20:31:05.000000000 -0500
+++ postfix-3.1.9/src/postconf/test28.ref	2018-02-19 10:50:01.000000000 -0500
@@ -1,10 +1,10 @@
 config_directory = .
 db = memcache
-foo_domain = bar
 header_checks = ldap:hh
 hh_domain = whatever
 yy = aap
 zz_domain = whatever
+./postconf: warning: ./main.cf: unused parameter: foo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: zz=$yy
 ./postconf: warning: ./main.cf: unused parameter: aa_domain=whatever
 ./postconf: warning: ./main.cf: unused parameter: xx=proxy:ldap:foo
diff -Nru postfix-3.1.8/src/postconf/test29.ref postfix-3.1.9/src/postconf/test29.ref
--- postfix-3.1.8/src/postconf/test29.ref	2013-01-07 20:31:36.000000000 -0500
+++ postfix-3.1.9/src/postconf/test29.ref	2018-02-19 10:50:13.000000000 -0500
@@ -1,16 +1,16 @@
 config_directory = .
-ldapfoo_domain = bar
-memcachefoo_domain = bar
-mysqlfoo_domain = bar
-pgsqlfoo_domain = bar
-sqlitefoo_domain = bar
 ./postconf: warning: ./main.cf: unused parameter: sqlitexx=proxy:sqlite:sqlitefoo
 ./postconf: warning: ./main.cf: unused parameter: pgsqlxx=proxy:pgsql:pgsqlfoo
+./postconf: warning: ./main.cf: unused parameter: ldapfoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: memcachefoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: memcachexx=proxy:memcache:memcachefoo
 ./postconf: warning: ./main.cf: unused parameter: mysqlxx=proxy:mysql:mysqlfoo
 ./postconf: warning: ./main.cf: unused parameter: ldapxx=proxy:ldap:ldapfoo
 ./postconf: warning: ./main.cf: unused parameter: ldapfoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: memcachefoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domain=bar
+./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domain=bar
diff -Nru postfix-3.1.8/src/tlsproxy/tlsproxy.c postfix-3.1.9/src/tlsproxy/tlsproxy.c
--- postfix-3.1.8/src/tlsproxy/tlsproxy.c	2016-02-13 20:32:01.000000000 -0500
+++ postfix-3.1.9/src/tlsproxy/tlsproxy.c	2018-05-19 09:24:34.000000000 -0400
@@ -659,7 +659,7 @@
 
 /* tlsp_start_tls - turn on TLS or force disconnect */
 
-static void tlsp_start_tls(TLSP_STATE *state)
+static int tlsp_start_tls(TLSP_STATE *state)
 {
     TLS_SERVER_START_PROPS props;
     static char *cipher_grade;
@@ -712,7 +712,7 @@
 
     if (state->tls_context == 0) {
 	tlsp_state_free(state);
-	return;
+	return (-1);
     }
 
     /*
@@ -725,6 +725,7 @@
      * XXX Do we care about certificate verification results? Not as long as
      * postscreen(8) doesn't actually receive email.
      */
+    return (0);
 }
 
 /* tlsp_get_fd_event - receive final postscreen(8) hand-off information */
@@ -772,7 +773,8 @@
      * Perform the TLS layer before-handshake initialization. We perform the
      * remainder after the TLS handshake completes.
      */
-    tlsp_start_tls(state);
+    if (tlsp_start_tls(state) < 0)
+	return;
 
     /*
      * Trigger the initial proxy server I/Os.