Bug#1021645: bullseye-pu: package postfix/3.5.13-0+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
This is another in my occasional series of postfix updates to
keep up with upstream maintenance updates to the version in
stable (v3.5). Upstream is still judicious and reasonable in
their approach to fixing things. The maintenance updates are
generally suitable for Debian stable updates.
[ Reason ]
Fix bugs. As far as I have determined, with one exception that
was a Debian patch in the last update earlier in the year and is
now in the upstream code, these issues to not correspond to
specific BTS bugs, but a number of these changes address issues
which Debian users might experience.
[ Impact ]
Users will continue to have the bugs. Additionally, upstream
ocassionally checks if postfix is up to date in Debian and so
doing the stable updates helps upstream relations.
[ Tests ]
Postfix does have an autopkgtest. I have built the proposed
package locally (on bullseye) and have it running in production
with no issues noted.
[ Risks ]
Risks should be minimal. This upstream has a very good track
record for low risk updates (we have been doing these several
cycles and haven't experienced any significan issues. None of
the fixes are particularly comples.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Here is the proposed debian/changelog entry with the
explanation of the changes:
postfix (3.5.17-0+deb11u1) bullseye; urgency=medium
[Scott Kitterman]
* Delete debian/patches/postfix-dup-postconf.patch, earlier backport now
upstream (from 3.5.14)
[Wietse Venema]
* 3.5.14
- Bugfix (introduced: 20210708): duplicate bounce_notice_recipient
entries in postconf output. The fix to send SMTP session
transcripts to bounce_notice_recipient was incomplete.
Reported by Vincent Lefevre. File: smtpd/smtpd.c.
- Bugfix (introduced: Postfix 3.0): the proxymap daemon did
not automatically authorize proxied maps inside pipemap
(example: pipemap:{proxy:maptype:mapname, ...}) or inside
unionmap. Problem reported by Mirko Vogt. Files:
proxymap/proxymap.c.
- Bugfix (introduced: Postfix 2.5): off-by-one error while
writing a string terminator. This code had passed all memory
corruption tests, presumably because it wrote over an
alignment padding byte, or over an adjacent character byte
that was never read. Reported by Robert Siemer. Files:
*qmgr/qmgr_feedback.c.
- Cleanup: added missing _maps parameter names to the
proxy_read_maps default value, based on output from the
mantools/missing-proxy-read-maps script. File:
global/mail_params.h.
* 3.5.15
- Bitrot: Glibc 2.34 implements closefrom(). File:
util/sys_defs.h.
- Bitrot: Berkeley DB 18 is like Berkeley DB 6. Yasuhiro
Kimura. File: util/dict_db.c.
* 3.5.16
- Cleanup: added missing _checks, _reply_footer, _reply_filter,
_command_filter, and _delivery_status_filter parameter names
to the proxy_read_maps default value. Files: global/mail_params.h,
mantools/missing-proxy-read-maps.
- Bugfix: in an internal client module, "host or service not
found" was a fatal error, causing the milter_default_action
setting to be ignored. It is now a non-fatal error. The
same client is used by many Postfix clients (smtpd_proxy,
dovecot auth, tcp_table, memcache, socketmap, and so on).
Problem reported by Christian Degenkolb. File: util/inet_connect.c.
- Cleanup (problem introduced: Postfix 3.0): with dynamic map
loading enabled, an attempt to create a map with "postmap
regexp:path" would result in a bogus error message "Is the
postfix-regexp package installed?" instead of "unsupported
map type for this operation". This happened with all built-in
map types (static, cidr, etc.) that have no 'bulk create'
support. Problem reported by Greg Klanderman. File:
global/dynamicmaps.c.
- Cleanup (problem introduced: Postfix 2.7): milter_header_checks
maps are now opened before the cleanup server enters the
chroot jail. Problem reported by Jesper Dybdal. Files:
cleanup/cleanup.h, cleanup/cleanup_init.c,
cleanup/cleanup_milter.c, cleanup/cleanup_state.c.
* 3.5.17
- Cleanup: Postfix 3.5.0 introduced debug logging noise in
map_search_create(). Files: global/map_search.c.
- Workaround: in a TLS server disable Postfix's 1-element
internal session cache, to work around an OpenSSL 3.0
regression that broke TLS handshakes. It is rarely useful.
Report by Spil Oss, fix by Viktor Dukhovni. File:
tls/tls_server.c.
- Cleanup: Postfix 3.3.0 introduced an uninitialized
verify_append() request
NEW changes in stable-new
Processing changes file: strongswan_5.9.1-1+deb11u3_source.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_all-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_amd64-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_arm64-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_armel-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_armhf-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_i386-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_mips64el-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_mipsel-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_ppc64el-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: barbican_11.0.0-3+deb11u1_source.changes ACCEPT Processing changes file: barbican_11.0.0-3+deb11u1_all-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_source.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_all-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_amd64-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_arm64-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_armhf-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_i386-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_source.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_all-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_armel-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_i386-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_sourceonly.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_armel-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_i386-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: mediawiki_1.35.8-1~deb11u1_source.changes ACCEPT Processing changes file: mediawiki_1.35.8-1~deb11u1_all-buildd.changes ACCEPT Processing changes file: php-twig_2.14.3-1+deb11u2_source.changes ACCEPT Processing changes file: php-twig_2.14.3-1+deb11u2_all-buildd.changes ACCEPT
Re: Migration problem
On 11/10/2022 18:56, Adam D. Barratt wrote: On Tue, 2022-10-11 at 09:57 +0200, Yadd wrote: On 11/10/2022 09:27, Sebastian Ramacher wrote: On 2022-10-11 06:50:09 +0200, Yadd wrote: node-jest is still blocked in unstable but I can't understand why: * tracker.d.o reports nothing * Britney output is unintelligible trying: node-ts-jest node-jest skipped: node-ts-jest node-jest (0, 56, 23) got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 * amd64: jest, node-jest-react, ts-jest Britney is trying to migrate node-js-jest and node-jest together (trying: ...), but it fails to do so since migrating those two source packages would cause new uninstallable packages in testing (amd64: ...) Thanks, but I still don't understand. node-jest-react depends on any version of jest, has already migrate and all of those packages are arch:all. I tried to install ts-jest 29 and jest 29 on a testing schroot with node-jest-react, no problem found... I'm not sure how you managed that. A quick dose run using the current packages files shows that jest 29.1.2~ds1+~cs70.47.21-1 depends on node-cjs-module-lexer, which isn't in testing. Checking the changelog also shows: node-jest (29.1.1~ds1+~cs70.47.20-1) unstable; urgency=medium * Replace component by dependency: cjs-module-lexer (Closes: #1019355) Regards, Adam Oh, thanks a lot, that is the problem! Cheers, Yadd
Re: Migration problem
Hi, On 11-10-2022 18:56, Adam D. Barratt wrote: * Replace component by dependency: cjs-module-lexer (Closes: #1019355) I have hinted node-cjs-module-lexer (as the test fails because of unavailable test dependency, which isn't something an arch:all package should fix) assuming that has the Provides node-jest needs (which I haven't checked). If this assumption is right: the policy phase of britney doesn't take Provides into account for reporting, even if it's only provided by one binary package, hence only the installability check catches it. Paul OpenPGP_signature Description: OpenPGP digital signature
Re: Migration problem
On Tue, 2022-10-11 at 09:57 +0200, Yadd wrote: > On 11/10/2022 09:27, Sebastian Ramacher wrote: > > On 2022-10-11 06:50:09 +0200, Yadd wrote: > > > node-jest is still blocked in unstable but I can't understand > > > why: > > > * tracker.d.o reports nothing > > > * Britney output is unintelligible > > > > > >trying: node-ts-jest node-jest > > >skipped: node-ts-jest node-jest (0, 56, 23) > > > got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > > > * amd64: jest, node-jest-react, ts-jest > > > > Britney is trying to migrate node-js-jest and node-jest together > > (trying: ...), but it fails to do so since migrating those two > > source > > packages would cause new uninstallable packages in testing (amd64: > > ...) > > Thanks, but I still don't understand. node-jest-react depends on any > version of jest, has already migrate and all of those packages are > arch:all. I tried to install ts-jest 29 and jest 29 on a testing > schroot > with node-jest-react, no problem found... I'm not sure how you managed that. A quick dose run using the current packages files shows that jest 29.1.2~ds1+~cs70.47.21-1 depends on node-cjs-module-lexer, which isn't in testing. Checking the changelog also shows: node-jest (29.1.1~ds1+~cs70.47.20-1) unstable; urgency=medium * Replace component by dependency: cjs-module-lexer (Closes: #1019355) Regards, Adam
Re: Migration problem
On 11/10/2022 09:27, Sebastian Ramacher wrote: On 2022-10-11 06:50:09 +0200, Yadd wrote: On 09/10/2022 16:42, Yadd wrote: On 09/10/2022 15:26, Paul Gevers wrote: Hi Yadd, [For the future, these mails should go to the release team. I'm not the only one in the team, and there is nothing secret here]. On 09-10-2022 07:44, Yadd wrote: 4 packages are blocked in unstable but I don't understand where is the problem: node-jest, node-ts-jest, node-webpack and node-rollup-plugin-terser. See https://tracker.debian.org/pkg/node-jest (regressions fixed by the 3 other updates). Could you help me to understand this ? It looks like several packages need to go together, but there's no *versioned* relation that describes that. britney schedules the tests taking versions into account so with the right Breaks or Depends, the tests would take more from unstable. Now, it might be that this is only a *test* issue and not a user facing thing. In that case, (if you think it's not a good idea to add the versioned Depends or Breaks) the release team can trigger the combination. Adding unnecessary Breaks makes upgrades a bit harder for apt, so they are not for free, but I haven't encountered issues on that front yet. Paul Hi, yes, issues are only related to tests, that's why I didn't add Breaks fields. I asked to Jérémy to add a "Breaks: jest (<< 29~)" into nodejs, but it will not help here. Cheers, Yadd Hi, node-jest is still blocked in unstable but I can't understand why: * tracker.d.o reports nothing * Britney output is unintelligible trying: node-ts-jest node-jest skipped: node-ts-jest node-jest (0, 56, 23) got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 * amd64: jest, node-jest-react, ts-jest Britney is trying to migrate node-js-jest and node-jest together (trying: ...), but it fails to do so since migrating those two source packages would cause new uninstallable packages in testing (amd64: ...) Thanks, but I still don't understand. node-jest-react depends on any version of jest, has already migrate and all of those packages are arch:all. I tried to install ts-jest 29 and jest 29 on a testing schroot with node-jest-react, no problem found...
Re: Migration problem
On 2022-10-11 06:50:09 +0200, Yadd wrote: > On 09/10/2022 16:42, Yadd wrote: > > On 09/10/2022 15:26, Paul Gevers wrote: > > > Hi Yadd, > > > > > > [For the future, these mails should go to the release team. I'm not > > > the only one in the team, and there is nothing secret here]. > > > > > > On 09-10-2022 07:44, Yadd wrote: > > > > 4 packages are blocked in unstable but I don't understand where > > > > is the problem: node-jest, node-ts-jest, node-webpack and > > > > node-rollup-plugin-terser. > > > > See https://tracker.debian.org/pkg/node-jest (regressions fixed > > > > by the 3 other updates). > > > > Could you help me to understand this ? > > > > > > It looks like several packages need to go together, but there's no > > > *versioned* relation that describes that. britney schedules the > > > tests taking versions into account so with the right Breaks or > > > Depends, the tests would take more from unstable. Now, it might be > > > that this is only a *test* issue and not a user facing thing. In > > > that case, (if you think it's not a good idea to add the versioned > > > Depends or Breaks) the release team can trigger the combination. > > > Adding unnecessary Breaks makes upgrades a bit harder for apt, so > > > they are not for free, but I haven't encountered issues on that > > > front yet. > > > > > > Paul > > > > Hi, > > > > yes, issues are only related to tests, that's why I didn't add Breaks > > fields. I asked to Jérémy to add a "Breaks: jest (<< 29~)" into nodejs, > > but it will not help here. > > > > Cheers, > > Yadd > > Hi, > > node-jest is still blocked in unstable but I can't understand why: > * tracker.d.o reports nothing > * Britney output is unintelligible > > trying: node-ts-jest node-jest > skipped: node-ts-jest node-jest (0, 56, 23) > got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > * amd64: jest, node-jest-react, ts-jest Britney is trying to migrate node-js-jest and node-jest together (trying: ...), but it fails to do so since migrating those two source packages would cause new uninstallable packages in testing (amd64: ...) Cheers > - splitting the component into single items and retrying them > trying: node-jest > skipped: node-jest (0, 56, 24) > got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > * amd64: jest, node-jest-react, ts-jest > trying: node-ts-jest > skipped: node-ts-jest (0, 57, 23) > got: 20+0: a-2:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > * amd64: ts-jest > > Best regards, > Yadd > -- Sebastian Ramacher
