From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2.pdinc.us (mail2.pdinc.us [67.90.184.28]) by sourceware.org (Postfix) with ESMTPS id F101D3856DF4 for ; Thu, 28 Apr 2022 14:39:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F101D3856DF4 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=pdinc.us Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=pdinc.us Received: from blackfat (nsa1.pdinc.us [67.90.184.2]) (authenticated bits=0) by mail2.pdinc.us (8.14.4/8.14.4) with ESMTP id 23SEdxU0015700 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 28 Apr 2022 10:39:59 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 mail2.pdinc.us 23SEdxU0015700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pdinc.us; s=default; t=1651156799; bh=AFx2yCXxsyBRUTnJf2Mxv01dgccH1lfnDN7CLkP51U4=; h=From:To:Subject:Date:From; b=DwAPTI6Sws2qlizOqb8S945SeBz82wNbSRfSF6insE2DryZJCi/N2u3+IcOIBp405 Tv2QwiixjtD0KJTqD+UgY0tWLIxne6Cxx9aIQWnds/v4ESCHKcXZrZksANcP+1dX29 zbkCuvkt16qZewtXLWpToRjqmxMpCss44P3baQ8GND+TGhulvr96KxCJNE4jEfjEaz zlhsxs9OJnlSvYQ6Mv84epR5dDDIjPdbEVB7mT+5km6/ZT86ENbzYVSYD/PvszUH8e 5L+Lu3Tz9G/omJ2C+WbZ09SI2LXK5qmggM4KSU6ajKbk+Z9GqU6nPDaXw9emo2BSmO HPM8qngcrC0og== From: "Jason Pyeron" To: Subject: FW: Postfix stable release 3.7.2 - interest in updated package? Date: Thu, 28 Apr 2022 10:39:56 -0400 Organization: PD Inc Message-ID: <038401d85b0d$d4a2a140$7de7e3c0$@pdinc.us> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdhbDS9zuZeOWcTbThWLO+hVG8Mj3Q== Content-Language: en-us X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_INFOUSMEBIZ, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2022 14:40:01 -0000 I will prioritize the packaging of this release (see below) based on community interest, otherwise looking at late May. My task #10403 -Jason -----Original Message----- From: Wietse Venema Sent: Thursday, April 28, 2022 9:23 AM To: Postfix announce Cc: Postfix users Subject: Postfix stable release 3.7.2 [An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.7.2.html] This reverts an overly complex change in the postscreen SMTP engine (made during Postfix 3.7 development), and replaces it with much simpler code. The bad change was crashing postscreen on some systems after receiving malformed input (for example, a TLS "hello" message). Workarounds are at the end of this text. Under conditions described below, the postscreen program attempted to read through an uninitialized 'const' pointer. The pointer value depended on the compiler type and compiler options, but crucially, it did not depend on network inputs. The conditions were that 1) postscreen was enabled (not the default), 2) SMTPUTF8 support was enabled (the default), and 3) postscreen received non-UTF8 input, for example, a TLS or RDP (remote desktop) handshake request. Depending on compiler details, the result of the read operation could be "uninteresting", a combined memory leak and file handle leak, or a postscreen crash with a segmentation violation (signal 11). The segmentation violation result was observed by Michael Grimm while running Postfix 3.7 and 3.8 on a FreeBSD 13.1 pre-release version, while the result was "uninteresting" with FreeBSD 13.0 (both systems use Clang instead of GCC). The result was also "uninteresting" on Fedora Linux with GCC, and on a few older systems with GCC. Workarounds: * Do nothing. On most systems the result is "uninteresting". * Do nothing. On systems where postscreen does crash, the crashes are rare, harmless, and postscreen restarts immediately when an SMTP client connects. On systems where postscreen does leak a file handle, it will restart when it reaches a resource limit. * Disable postscreen. Follow instructions in https://www.postfix.org/POSTSCREEN_README.html#turnoff You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.