Bug#948988: buster-pu: package postfix/3.4.7-0+deb10u1

2020-01-18 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Wed, 2020-01-15 at 11:24 -0500, Scott Kitterman wrote:
> This is the next in the usual postfix update series.  I waited to see
> if upstream feedback revealed any problems (it didn't).  This version
> is in Testing.  I'm running it in production with no
> issues.  Slightly differently than usual for postfix updates, I am
> including one packaging related change to make it so the sysv init
> works inside a docker instance.  While not essential, it is based on
> Debian user feedback, so I think it's worth including since it's a
> very low risk change.
> 

Please go ahead, thanks.

Regards,

Adam

Bug#948988: buster-pu: package postfix/3.4.7-0+deb10u1

2020-01-15 Thread Scott Kitterman 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

This is the next in the usual postfix update series.  I waited to see if
upstream feedback revealed any problems (it didn't).  This version is in
Testing.  I'm running it in production with no issues.  Slightly
differently than usual for postfix updates, I am including one packaging
related change to make it so the sysv init works inside a docker
instance.  While not essential, it is based on Debian user feedback, so
I think it's worth including since it's a very low risk change.

Details:

  [Scott Kitterman]

  * Refactor running status detection in sysv init based on upstream
postfix-script so it works in docker.  Closes: #941293

  [Wietse Venema]

  * 3.4.8
- Bugfix (introduced: Postfix 2.8): don't gratuitously enable
  all after-220 tests when only one such test is enabled.
  This made selective tests impossible with 'good' clients.
  File: postscreen/postscreen_smtpd.c.

- Bugfix: the 20180903 postscreen fix for a misleading
  "PIPELINING after BDAT" warning looked at the wrong variable.
  The warning now says "BDAT without valid RCPT", and the
  error is no longer treated as a command PIPELINING error
  (but sending BDAT is still a client error, because postscreen
  rejects all RCPT commands and does not announce PIPELINING
  support). File: postscreen/postscreen_smtpd.c.

- Usability: the parser for key/certificate chain files
  rejected inputs that contain an EC PARAMETERS object. While
  this is technically correct (the documentation says what
  types are allowed) this is surprising behavior because the
  legacy cert/key parameters will accept such inputs. For
  now, the parser skips object types that it does not know
  about for usability, and logs a warning because ignoring
  inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c.

Scott K
diff -Nru postfix-3.4.7/debian/changelog postfix-3.4.8/debian/changelog
--- postfix-3.4.7/debian/changelog  2019-10-01 19:21:59.0 -0400
+++ postfix-3.4.8/debian/changelog  2020-01-15 09:05:50.0 -0500
@@ -1,3 +1,37 @@
+postfix (3.4.8-0+10debu1) buster; urgency=medium
+
+  [Scott Kitterman]
+
+  * Refactor running status detection in sysv init based on upstream
+postfix-script so it works in docker.  Closes: #941293
+
+  [Wietse Venema]
+
+  * 3.4.8 
+- Bugfix (introduced: Postfix 2.8): don't gratuitously enable
+  all after-220 tests when only one such test is enabled.
+  This made selective tests impossible with 'good' clients.
+  File: postscreen/postscreen_smtpd.c.
+
+- Bugfix: the 20180903 postscreen fix for a misleading
+  "PIPELINING after BDAT" warning looked at the wrong variable.
+  The warning now says "BDAT without valid RCPT", and the
+  error is no longer treated as a command PIPELINING error
+  (but sending BDAT is still a client error, because postscreen
+  rejects all RCPT commands and does not announce PIPELINING
+  support). File: postscreen/postscreen_smtpd.c.
+
+- Usability: the parser for key/certificate chain files
+  rejected inputs that contain an EC PARAMETERS object. While
+  this is technically correct (the documentation says what
+  types are allowed) this is surprising behavior because the
+  legacy cert/key parameters will accept such inputs. For
+  now, the parser skips object types that it does not know
+  about for usability, and logs a warning because ignoring
+  inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c.
+
+ -- Scott Kitterman   Wed, 15 Jan 2020 09:05:50 -0500
+
 postfix (3.4.7-0+deb10u1) buster; urgency=medium
 
   [Wietse Venema]
diff -Nru postfix-3.4.7/debian/init.d postfix-3.4.8/debian/init.d
--- postfix-3.4.7/debian/init.d 2019-10-01 19:21:45.0 -0400
+++ postfix-3.4.8/debian/init.d 2020-01-15 09:02:40.0 -0500
@@ -39,16 +39,9 @@
 else
POSTCONF="postmulti -i $INSTANCE -x postconf"
 fi
-
-queue=$($POSTCONF -hx queue_directory 2>/dev/null || echo 
/var/spool/postfix)
-daemondir=$($POSTCONF -hx daemon_directory 2>/dev/null || echo 
/usr/lib/postfix/sbin)
-if [ -f ${queue}/pid/master.pid ]; then
-   pid=$(sed 's/ //g' ${queue}/pid/master.pid)
-   # what directory does the executable live in.  stupid prelink systems.
-   dir=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* -> //; 
s/\/[^\/]*$//')
-   if [ "X$dir" = "X${daemondir}" ]; then
-   echo y
-   fi
+daemon_directory=$($POSTCONF -hx daemon_directory 2>/dev/null || echo 
/usr/lib/postfix/sbin)
+if ! $daemon_directory/master -t 2>/dev/null ; then
+echo y
 fi
 }
 
diff -Nru postfix-3.4.7/HISTORY postfix-3.4.8/HISTORY
--- postfix-3.4.7/HISTORY   2019-09-21 11:57:46.0 -0400
+++ postfix-3.4.8/HISTORY   2019-11-11 18:01:20.0 -050