Microversion release update for postfix 2.9.3-2

Bug #1022772 reported by Scott Kitterman on 2012-07-10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postfix (Ubuntu)
Scott Kitterman

Bug Description

[TEST CASE] Install updated packages and evaluate normal postfix functionality is still working (will vary based on local configuration).

[REGRESSION POTENTIAL] Very small. MRE was granted for postfix based on upstream's demonstrated track record for being very careful. Fixes have had extensive testing upstream, in Debian, and in Quantal.

There is a packaging change included as well to fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675247 since this will cause upgrade issues.

Here are the upstream changes:


 Bitrot: shut up useless warnings about Cyrus SASL call-back
 function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
 xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.


 Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
 known TLS protocol list so that protocols can be turned off
 selectively to work around implementation bugs. Based on
 a patch by Victor Duchovni. Files: proto/TLS_README.html,
 proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,


 Workaround: bugs in 10-year old gcc versions break compilation
 with #ifdef inside a macro invocation (NOT: definition).
 This synchronizes the Postfix 2.9 TLS implementation with
 Postfix 2.10 to simplify code maintenance. Files: tls/tls.h,
 tls/tls_client.c, tls/tls_server.c.


 Bugfix (introduced Postfix 2.9): the postconf command flagged
 parameters defined in master.cf as "unused" when they were
 used only in main.cf. Problem reported by Michael Tokarev.
 Files: postconf/postconf_user.c.


 Workaround: apparently, FreeBSD 8.3 kqueue notifications
 sometimes break when a dnsblog(8) process loses an accept()
 race on a shared socket, resulting in repeated "connect to
 private/dnsblog service: Connection refused" warnings. This
 condition is unique to dnsblog(8). The postscreen(8) daemon
 closes a postscreen-to-dnsblog connection as soon as it
 receives a dnsblog(8) reply, resulting in hundreds or
 thousands of connection requests per second. All other
 multi-server daemons such as anvil(8) or proxymap(8) have
 connection lifetimes ranging from 5s to 1000s depending on
 server load. The workaround is for dnsblog to use the
 single_server driver instead of the multi_server driver.
 This one-line code change eliminates the accept() race
 without any Postfix performance impact. Problem reported
 by Sahil Tandon. File: dnsblog/dnsblog.c.


 Workaround: to avoid crashes when the OpenSSL library is
 updated without "postfix reload", the Postfix TLS session
 cache ID now includes the OpenSSL library version number.
 Note: this problem cannot be fixed in tlsmgr(8). Code by
 Victor Duchovni. Files: tls/tls_server.c, tls_client.c.


 Bugfix (introduced Postfix 2.4): the event_drain() function
 was comparing bitmasks incorrectly causing the program to
 always wait for the full time limit. This error affected
 the unused postkick command, but only after s/fifo/unix/
 in master.cf. File: util/events.c.

 Cleanup: laptop users have always been able to avoid
 unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
 (this is currently not supported on Solaris systems).
 However, to make this work reliably, the "postqueue -f"
 command must wait until its requests have reached the pickup
 and qmgr servers before closing the UNIX-domain request
 sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.

Scott Kitterman (kitterman) wrote :

Marking high because of the upgrade fix and the SSL fixes. Those need to be resolved before 12.04.1.

Changed in postfix (Ubuntu):
status: New → Invalid
Changed in postfix (Ubuntu Precise):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Scott Kitterman (kitterman)
milestone: none → ubuntu-12.04.1
tags: added: precise

Hello Scott, or anyone else affected,

Accepted postfix into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/postfix/2.9.3-2~12.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in postfix (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Marc Deslauriers (mdeslaur) wrote :

I have run the QRT testing script on postfix in precise-proposed, and it passed without any issue.

Scott Kitterman (kitterman) wrote :

I have it installed here and it's working fine. The MRE was based on upstream testing, the QRT suite, and basic user testing, so marking verification done.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postfix - 2.9.3-2~12.04.1

postfix (2.9.3-2~12.04.1) precise-proposed; urgency=low

  * Microversion update (LP: #1022772)

postfix (2.9.3-2) unstable; urgency=low

  [LaMont Jones]

  * add sqlite entry to dynamicmaps.cf on upgrade. Closes: #675247

  [localization folks]

  * l10n: update spanish translations. Closes: #674938 (Francisco Javier

postfix (2.9.3-1) unstable; urgency=low

  * New upstream

postfix (2.9.2-1) unstable; urgency=low

  [Wietse Venema]

  - Bitrot: shut up useless warnings about Cyrus SASL call-back function
    pointer type mis-matches.
  - Bitrot: OpenSSL 1.0.1 introduces new protocols. Update the known TLS
    protocol list so that protocols can be turned off selectively to
    work around implementation bugs. Based on a patch by Victor Duchovni.

  [LaMont Jones]

  * Suggest: postfix-doc, for completeness. Closes: #670376
 -- Scott Kitterman <email address hidden> Mon, 09 Jul 2012 20:49:45 -0400

Changed in postfix (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers