Bug#1021645: bullseye-pu: package postfix/3.5.13-0+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu This is another in my occasional series of postfix updates to keep up with upstream maintenance updates to the version in stable (v3.5). Upstream is still judicious and reasonable in their approach to fixing things. The maintenance updates are generally suitable for Debian stable updates. [ Reason ] Fix bugs. As far as I have determined, with one exception that was a Debian patch in the last update earlier in the year and is now in the upstream code, these issues to not correspond to specific BTS bugs, but a number of these changes address issues which Debian users might experience. [ Impact ] Users will continue to have the bugs. Additionally, upstream ocassionally checks if postfix is up to date in Debian and so doing the stable updates helps upstream relations. [ Tests ] Postfix does have an autopkgtest. I have built the proposed package locally (on bullseye) and have it running in production with no issues noted. [ Risks ] Risks should be minimal. This upstream has a very good track record for low risk updates (we have been doing these several cycles and haven't experienced any significan issues. None of the fixes are particularly comples. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Here is the proposed debian/changelog entry with the explanation of the changes: postfix (3.5.17-0+deb11u1) bullseye; urgency=medium [Scott Kitterman] * Delete debian/patches/postfix-dup-postconf.patch, earlier backport now upstream (from 3.5.14) [Wietse Venema] * 3.5.14 - Bugfix (introduced: 20210708): duplicate bounce_notice_recipient entries in postconf output. The fix to send SMTP session transcripts to bounce_notice_recipient was incomplete. Reported by Vincent Lefevre. File: smtpd/smtpd.c. - Bugfix (introduced: Postfix 3.0): the proxymap daemon did not automatically authorize proxied maps inside pipemap (example: pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem reported by Mirko Vogt. Files: proxymap/proxymap.c. - Bugfix (introduced: Postfix 2.5): off-by-one error while writing a string terminator. This code had passed all memory corruption tests, presumably because it wrote over an alignment padding byte, or over an adjacent character byte that was never read. Reported by Robert Siemer. Files: *qmgr/qmgr_feedback.c. - Cleanup: added missing _maps parameter names to the proxy_read_maps default value, based on output from the mantools/missing-proxy-read-maps script. File: global/mail_params.h. * 3.5.15 - Bitrot: Glibc 2.34 implements closefrom(). File: util/sys_defs.h. - Bitrot: Berkeley DB 18 is like Berkeley DB 6. Yasuhiro Kimura. File: util/dict_db.c. * 3.5.16 - Cleanup: added missing _checks, _reply_footer, _reply_filter, _command_filter, and _delivery_status_filter parameter names to the proxy_read_maps default value. Files: global/mail_params.h, mantools/missing-proxy-read-maps. - Bugfix: in an internal client module, "host or service not found" was a fatal error, causing the milter_default_action setting to be ignored. It is now a non-fatal error. The same client is used by many Postfix clients (smtpd_proxy, dovecot auth, tcp_table, memcache, socketmap, and so on). Problem reported by Christian Degenkolb. File: util/inet_connect.c. - Cleanup (problem introduced: Postfix 3.0): with dynamic map loading enabled, an attempt to create a map with "postmap regexp:path" would result in a bogus error message "Is the postfix-regexp package installed?" instead of "unsupported map type for this operation". This happened with all built-in map types (static, cidr, etc.) that have no 'bulk create' support. Problem reported by Greg Klanderman. File: global/dynamicmaps.c. - Cleanup (problem introduced: Postfix 2.7): milter_header_checks maps are now opened before the cleanup server enters the chroot jail. Problem reported by Jesper Dybdal. Files: cleanup/cleanup.h, cleanup/cleanup_init.c, cleanup/cleanup_milter.c, cleanup/cleanup_state.c. * 3.5.17 - Cleanup: Postfix 3.5.0 introduced debug logging noise in map_search_create(). Files: global/map_search.c. - Workaround: in a TLS server disable Postfix's 1-element internal session cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes. It is rarely useful. Report by Spil Oss, fix by Viktor Dukhovni. File: tls/tls_server.c. - Cleanup: Postfix 3.3.0 introduced an uninitialized verify_append() request
NEW changes in stable-new
Processing changes file: strongswan_5.9.1-1+deb11u3_source.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_all-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_amd64-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_arm64-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_armel-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_armhf-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_i386-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_mips64el-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_mipsel-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_ppc64el-buildd.changes ACCEPT Processing changes file: strongswan_5.9.1-1+deb11u3_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: barbican_11.0.0-3+deb11u1_source.changes ACCEPT Processing changes file: barbican_11.0.0-3+deb11u1_all-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_source.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_all-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_amd64-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_arm64-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_armhf-buildd.changes ACCEPT Processing changes file: chromium_106.0.5249.91-1~deb11u1_i386-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_source.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_all-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_armel-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_i386-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: dbus_1.12.24-0+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_sourceonly.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_armel-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_i386-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: isc-dhcp_4.4.1-2.3+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: mediawiki_1.35.8-1~deb11u1_source.changes ACCEPT Processing changes file: mediawiki_1.35.8-1~deb11u1_all-buildd.changes ACCEPT Processing changes file: php-twig_2.14.3-1+deb11u2_source.changes ACCEPT Processing changes file: php-twig_2.14.3-1+deb11u2_all-buildd.changes ACCEPT
Re: Migration problem
On 11/10/2022 18:56, Adam D. Barratt wrote: On Tue, 2022-10-11 at 09:57 +0200, Yadd wrote: On 11/10/2022 09:27, Sebastian Ramacher wrote: On 2022-10-11 06:50:09 +0200, Yadd wrote: node-jest is still blocked in unstable but I can't understand why: * tracker.d.o reports nothing * Britney output is unintelligible trying: node-ts-jest node-jest skipped: node-ts-jest node-jest (0, 56, 23) got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 * amd64: jest, node-jest-react, ts-jest Britney is trying to migrate node-js-jest and node-jest together (trying: ...), but it fails to do so since migrating those two source packages would cause new uninstallable packages in testing (amd64: ...) Thanks, but I still don't understand. node-jest-react depends on any version of jest, has already migrate and all of those packages are arch:all. I tried to install ts-jest 29 and jest 29 on a testing schroot with node-jest-react, no problem found... I'm not sure how you managed that. A quick dose run using the current packages files shows that jest 29.1.2~ds1+~cs70.47.21-1 depends on node-cjs-module-lexer, which isn't in testing. Checking the changelog also shows: node-jest (29.1.1~ds1+~cs70.47.20-1) unstable; urgency=medium * Replace component by dependency: cjs-module-lexer (Closes: #1019355) Regards, Adam Oh, thanks a lot, that is the problem! Cheers, Yadd
Re: Migration problem
Hi, On 11-10-2022 18:56, Adam D. Barratt wrote: * Replace component by dependency: cjs-module-lexer (Closes: #1019355) I have hinted node-cjs-module-lexer (as the test fails because of unavailable test dependency, which isn't something an arch:all package should fix) assuming that has the Provides node-jest needs (which I haven't checked). If this assumption is right: the policy phase of britney doesn't take Provides into account for reporting, even if it's only provided by one binary package, hence only the installability check catches it. Paul OpenPGP_signature Description: OpenPGP digital signature
Re: Migration problem
On Tue, 2022-10-11 at 09:57 +0200, Yadd wrote: > On 11/10/2022 09:27, Sebastian Ramacher wrote: > > On 2022-10-11 06:50:09 +0200, Yadd wrote: > > > node-jest is still blocked in unstable but I can't understand > > > why: > > > * tracker.d.o reports nothing > > > * Britney output is unintelligible > > > > > >trying: node-ts-jest node-jest > > >skipped: node-ts-jest node-jest (0, 56, 23) > > > got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > > > * amd64: jest, node-jest-react, ts-jest > > > > Britney is trying to migrate node-js-jest and node-jest together > > (trying: ...), but it fails to do so since migrating those two > > source > > packages would cause new uninstallable packages in testing (amd64: > > ...) > > Thanks, but I still don't understand. node-jest-react depends on any > version of jest, has already migrate and all of those packages are > arch:all. I tried to install ts-jest 29 and jest 29 on a testing > schroot > with node-jest-react, no problem found... I'm not sure how you managed that. A quick dose run using the current packages files shows that jest 29.1.2~ds1+~cs70.47.21-1 depends on node-cjs-module-lexer, which isn't in testing. Checking the changelog also shows: node-jest (29.1.1~ds1+~cs70.47.20-1) unstable; urgency=medium * Replace component by dependency: cjs-module-lexer (Closes: #1019355) Regards, Adam
Re: Migration problem
On 11/10/2022 09:27, Sebastian Ramacher wrote: On 2022-10-11 06:50:09 +0200, Yadd wrote: On 09/10/2022 16:42, Yadd wrote: On 09/10/2022 15:26, Paul Gevers wrote: Hi Yadd, [For the future, these mails should go to the release team. I'm not the only one in the team, and there is nothing secret here]. On 09-10-2022 07:44, Yadd wrote: 4 packages are blocked in unstable but I don't understand where is the problem: node-jest, node-ts-jest, node-webpack and node-rollup-plugin-terser. See https://tracker.debian.org/pkg/node-jest (regressions fixed by the 3 other updates). Could you help me to understand this ? It looks like several packages need to go together, but there's no *versioned* relation that describes that. britney schedules the tests taking versions into account so with the right Breaks or Depends, the tests would take more from unstable. Now, it might be that this is only a *test* issue and not a user facing thing. In that case, (if you think it's not a good idea to add the versioned Depends or Breaks) the release team can trigger the combination. Adding unnecessary Breaks makes upgrades a bit harder for apt, so they are not for free, but I haven't encountered issues on that front yet. Paul Hi, yes, issues are only related to tests, that's why I didn't add Breaks fields. I asked to Jérémy to add a "Breaks: jest (<< 29~)" into nodejs, but it will not help here. Cheers, Yadd Hi, node-jest is still blocked in unstable but I can't understand why: * tracker.d.o reports nothing * Britney output is unintelligible trying: node-ts-jest node-jest skipped: node-ts-jest node-jest (0, 56, 23) got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 * amd64: jest, node-jest-react, ts-jest Britney is trying to migrate node-js-jest and node-jest together (trying: ...), but it fails to do so since migrating those two source packages would cause new uninstallable packages in testing (amd64: ...) Thanks, but I still don't understand. node-jest-react depends on any version of jest, has already migrate and all of those packages are arch:all. I tried to install ts-jest 29 and jest 29 on a testing schroot with node-jest-react, no problem found...
Re: Migration problem
On 2022-10-11 06:50:09 +0200, Yadd wrote: > On 09/10/2022 16:42, Yadd wrote: > > On 09/10/2022 15:26, Paul Gevers wrote: > > > Hi Yadd, > > > > > > [For the future, these mails should go to the release team. I'm not > > > the only one in the team, and there is nothing secret here]. > > > > > > On 09-10-2022 07:44, Yadd wrote: > > > > 4 packages are blocked in unstable but I don't understand where > > > > is the problem: node-jest, node-ts-jest, node-webpack and > > > > node-rollup-plugin-terser. > > > > See https://tracker.debian.org/pkg/node-jest (regressions fixed > > > > by the 3 other updates). > > > > Could you help me to understand this ? > > > > > > It looks like several packages need to go together, but there's no > > > *versioned* relation that describes that. britney schedules the > > > tests taking versions into account so with the right Breaks or > > > Depends, the tests would take more from unstable. Now, it might be > > > that this is only a *test* issue and not a user facing thing. In > > > that case, (if you think it's not a good idea to add the versioned > > > Depends or Breaks) the release team can trigger the combination. > > > Adding unnecessary Breaks makes upgrades a bit harder for apt, so > > > they are not for free, but I haven't encountered issues on that > > > front yet. > > > > > > Paul > > > > Hi, > > > > yes, issues are only related to tests, that's why I didn't add Breaks > > fields. I asked to Jérémy to add a "Breaks: jest (<< 29~)" into nodejs, > > but it will not help here. > > > > Cheers, > > Yadd > > Hi, > > node-jest is still blocked in unstable but I can't understand why: > * tracker.d.o reports nothing > * Britney output is unintelligible > > trying: node-ts-jest node-jest > skipped: node-ts-jest node-jest (0, 56, 23) > got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > * amd64: jest, node-jest-react, ts-jest Britney is trying to migrate node-js-jest and node-jest together (trying: ...), but it fails to do so since migrating those two source packages would cause new uninstallable packages in testing (amd64: ...) Cheers > - splitting the component into single items and retrying them > trying: node-jest > skipped: node-jest (0, 56, 24) > got: 22+0: a-4:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > * amd64: jest, node-jest-react, ts-jest > trying: node-ts-jest > skipped: node-ts-jest (0, 57, 23) > got: 20+0: a-2:a-17:a-0:a-0:i-0:m-0:m-0:p-0:s-1 > * amd64: ts-jest > > Best regards, > Yadd > -- Sebastian Ramacher