please unblock postfix_2.3.6-1
Please let postfix 2.3.6-1 into testing. Wietse is probably one of the
most risk averse upstream authors I've ever had the pleasure of
working with - hence his changes in 2.3.5 and 2.3.6 are limited
specifically to bug fixes.
2.3.3-2 introduced a bug (#402788) that affects many upgrades of postfix.
This was fixed in 2.3.5-3, and should really be fixed in etch.
Debian changelog since 2.3.4-3:
postfix (2.3.6-1) unstable; urgency=low
* New upstream version
* French debconf template. Closes: #404132
* Galician debconf template. Closes: #404573
* fix typos in debconf messages. Closes: #399916
* Catalan debconf template. Closes: #405320
-- LaMont Jones <firstname.lastname@example.org> Fri, 5 Jan 2007 19:31:31 -0700
postfix (2.3.5-3) unstable; urgency=low
* Fix typo. Closes: #403121
* German translation update. Closes: #403310
-- LaMont Jones <email@example.com> Sat, 16 Dec 2006 06:30:17 -0700
postfix (2.3.5-2) unstable; urgency=low
* Don't call update-inetd in postinst if it's not there. Fixes Ubuntu
bug #73511. Not yet reported in Debian.
-- LaMont Jones <firstname.lastname@example.org> Wed, 13 Dec 2006 09:04:10 -0700
postfix (2.3.5-1) unstable; urgency=low
* New upstream version
* mydomain needs some cleanup if we're upgrading from < 2.3.5-1 on a machine
where hostname(2) is a short name. Bug introduced in 2.3.3-2.
-- LaMont Jones <email@example.com> Tue, 12 Dec 2006 15:33:53 -0700
Upstream changelog since 2.3.4:
Bugfix: the Postfix install/upgrade procedure broke with
non-default config_directory. File: conf/post-install.
Bugfix: null pointer bug in end-of-header Milter action
when the last header line is too large. Reported by Mark
Martinec. The root of the problem is that the MIME state
engine may execute up to three call-back functions when it
reaches the end of the headers, before it returns to the
caller; as long as call-backs return no result, each call-back
has to check for itself if a previous call-back ran into a
problem. File: milter/milter8.c.
Workaround: reduce effective header_size_limit to 60000
when Milter inspection is enabled, to avoid breaking the
Milter protocol request length limit. File:
Workaround: more agressive early refill of in-memory
recipients to prevent a worst-case scenario where the queue
manager became starved until after the last batch of slow
in-memory recipients of jumbo multi-recipient mail. Files:
Safety: don't read more than 5000 recipients at a time, to
avoid spending too much time away from interrupts. File:
Workaround: don't complain with "Error 0" in the trivial-rewrite,
verify, proxymap or connection cache client when the server
exits after the client sends its request. We still complain,
however, when the problem persists. Files: global/rewrite_clnt.c,
global/resolve_clnt.c, global/verify_clnt.c, global/scache_clnt.c,
Safety: the header_size_limit is now enforced more strictly,
to avoid inter-operability problems with the Milter protocol.
Long headers are truncated at a line boundary if possible,
otherwise they are cut between line boundaries. File:
Bugfix (introduced with Postfix 2.2): with SMTP server
tarpit delays of smtp_rset_timeout or larger, the SMTP
client could get out of sync with the server while reusing
a connection. The symptoms were "recipient rejected .. in
reply to DATA". Fix by Victor Duchovni and Wietse. File:
Compatibility with Postfix < 2.3: undo the change to bounce
instead of defer after pipe-to-command delivery fails with
a signal. File: global/pipe_command.c.
Workaround: apparently, some mail software removes or hides
"<postmaster>" in the Postfix bounce text, because it
processes the text as if it were HTML. This confuses users.
The bounce template has been updated to remove the < and
>. File: bounce/bounce_templates.c.
Cleanup: when smtp_generic_maps is turned on, don't parse
MIME structures in the message body. Victor Duchovni. File:
Robustness: low-cost re-entrancy guard that allows daemons
to call msg_fatal() etc. from a signal handler, without
risking memory corruption, or deadlock on Redhat Linux.
This works provided that the signal handler never returns.
In that special case we need not guarantee after-the-fact
consistency of the interrupted process. File: util/msg_output.c.
Robustness: replace exit() calls by _exit(). File: util/msg.c,
Cleanup: document under what conditions these protections
work, with REENTRANCY sections in the relevant man pages.
Files: util/vbuf_print.c. util/msg.c, util/msg_output.c.
Cleanup: when doing server access control by the remote TLS
client fingerprint, do not require client certificate
verification. Victor Duchovni. File: smtpd/smtpd_check.c.
Safety: when the remote TLS client certificate isn't verified,
don't send ccert_subject and ccert_issuer attributes in
check_policy_service requests. Victor Duchovni. File:
Bugfix: the postconf command still complained about an
unqualified machine name, because it was not updated with
the 20050513 change that introduced a default "mydomain =
localdomain". File: postconf/postconf.c.
Cleanup: the sendmail and postqueue commands no longer
terminate with a non-standard error status after a run-time
error in some Postfix internal routine (typically, some
essential file is not accessible, or the system is out of
memory). Files: sendmail/sendmail.c, postqueue/postqueue.c.
Workaround: PMilter 0.95 does not deliver SMFIC_EOB+data
to the application as SMFIC_BODY+data followed by SMFIC_EOB.
To avoid compatibility problems, Postfix now sends
SMFIC_BODY+data followed by SMFIC_EOB. File: milter/milter8.c.
Bugfix (introduced with Postfix 2.3): when inserting
Milter-generated headers at increasing positions in a
message, a later header could end up at a previously used
insertion point. Thus, inserting headers at positions (N,
N+M) could work as if (N, N) had been specified. Problem
reported by Mark Martinec. File: milter/milter8.c.
Bugfix (introduced with Postfix 2.3): the MX hostname syntax
check was skipped with reject_unknown_helo_hostname and
reject_unknown_sender/recipient_domain, so that Postfix
would still accept mail from domains with a zero-length MX
hostname. File: smtpd/smtpd_check.c.