From: ftpmaster@ftp-master.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Oct 2025 13:24:35 +0300
Source: postfix
Architecture: source
Version: 3.10.5-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Postfix Team
Changed-By: Michael Tokarev
Closes: 1115412
Changes:
postfix (3.10.5-1~deb13u1) trixie; urgency=medium
.
* new upstream stable/bugfix 3.10.5 release, with multiple fixes.
From the upstream release notes:
- Workaround for an interface mis-match between the Postfix SMTP client
and MTA-STS policy plugins.
* The existing behavior is to connect to any MX host listed in DNS,
and
to match the server certificate against any STS policy MX host
pattern.
* The corrected behavior is to connect to an MX host only if its
name matches any STS policy MX host pattern, and to match the server
certificate against the MX hostname.
The corrected behavior must be enabled in two places: in Postfix with a
new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes") and
in
an MTA-STS plugin by enabling TLSRPT support, so that the plugin
forwards
STS policy attributes to Postfix. This works even if Postfix TLSRPT
support is disabled at build time or at runtime.
- TLSRPT Workaround: when a TLSRPT policy-type value is "no-policy-
found",
pretend that the TLSRPT policy domain value is equal to the recipient
domain. This ignores that different policy types (TLSA, STS) use
different
policy domains. But this is what Microsoft does, and therefore,
what other tools expect.
- Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP client's
connection reuse logic did not distinguish between sessions that
require SMTPUTF8 support, and sessions that do not. The solution is
1) to store sessions with different SMTPUTF8 requirements
under distinct connection cache storage keys, and
2) to not cache a connection when SMTPUTF8 is required
but the server does not support that feature
- Bugfix (defect introduced: Postfix 3.0, date 20140731):
the smtpd 'disconnect' command statistics did not count commands
with "bad syntax" and "bad UTF-8 syntax" errors
- Postfix 3.11 forward compatibility: to avoid ugly warnings when
Postfix 3.11 is rolled back to an older version, allow a preliminary
'size' record in maildrop queue files created with Postfix 3.11 or
later
- Bugfix (defect introduced: Postfix 3.8, date 20220128):
non-reproducible build, because the 'postconf -e' output order
for new main.cf entries was no longer deterministic
- To make builds predictable, add missing meta_directory and
shlib_directory settings to the stock main.cf file
- Bugfix (defect introduced: Postfix 3.9, date 20230517):
posttls-finger(1) logged an incorrectly-formatted port number
* debian/patches/debian-defaults.patch: refresh, update for 2 new
parameters (with defaults) in main.cf, and make it with less context
* configure-instance.in: fix typo which caused recreating
cadir in chroot and excessive logging (Closes: #1115412)
Checksums-Sha1:
7d8eee98c1e8566e6a3897b59befaae5a1543a28 3291 postfix_3.10.5-1~deb13u1.dsc
f753b2aefb2d34e665b0e77974c8f02554686f70 5039523 postfix_3.10.5.orig.tar.gz
23b7dbba9583adda68ba664136507a9a67634d7a 220 postfix_3.10.5.orig.tar.gz.asc
0c00c07d2f73a9713c6c1082b507861d3fea8fcb 199904 postfix_3.10.5-
~deb13u1.debian.tar.xz
755adbff2fa75354901d54180a6a2f8b0a794d5e 6141 postfix_3.10.5-1~
eb13u1_source.buildinfo
Checksums-Sha256:
1270cf091359e3f0083e3fae3d87cd387f158c314c2326f26fa7bd6b9bc8fea4 3291
postfix_3.10.5-1~deb13u1.dsc
6a926bf702173861b08e49bcb51fca3a2f269f9a337f72ef159bf46052087e35 5039523
postfix_3.10.5.orig.tar.gz
ddd4fbb963a433cf96d23da0fa1f1414cd6ccfdb6bcc5909d310dbfaad27e84c 220
postfix_3.10.5.orig.tar.gz.asc
ada75162040ff3f5875274da0f56c9e291fe04f98a1dd36022d4f5f4cb43053d 199904
postfix_3.10.5-1~deb13u1.debian.tar.xz
e9991c84279e38992a80413dc5df860ae05342f0233ca0a94a34d6a5976e1b7e 6141
postfix_3.10.5-1~deb13u1_source.buildinfo
Files:
cb8ccb9093f79ef50b3fdf22093f6ace 3291 mail optional postfix_3.1
.5-1~deb13u1.dsc
a82fcacc74021672e9df71f783f1651b 5039523 mail optional postfix_
.10.5.orig.tar.gz
0c6e7db742ef5c159df169f82a193ae5 220 mail optional postfix_3.10
5.orig.tar.gz.asc
3d92a3e5f4e1b38e66510f6e660cfada 199904 mail optional postfix_3
10.5-1~deb13u1.debian.tar.xz
c6d7b70388deea52b744383e62b1f9e0 6141 mail optional postfix_3.1
.5-1~deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpAKXgCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeOj39ykDaEbySelkqMiDGnufOkIXl5tSlk74OIMoNN
mRYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAAtvg/+PFkji0x3h9LcGChkGfur5Tn4
bNA4pihbafcdG93+vSkzi2KtyhfbXsayV3i2jXMeVyarz+J/Keu9XIaw0oN0Lhbo
3Ud28Y4HO8t4TnOhhaKujmyCCf4jP+J+84LFJ7DJsEf2/dCaQ6yGzW2HUCB7i07x
gojIEH8cPoD6Mi45eYATpBg6LDEqTv4oYwOUu1nHtpTruWTsX3GhVXJ71xHOGdJH
22CqlEnDtXxITUNhsjKOxIW5kUSXNGYaWDl7NK1NOVUioa/Au4mNIbLIuMrJoD/A
qCAK2XOhvXiz7fbwEdSHIJwkCQ/pd1ahK+hmsQ+CYFZpzk/vjZoSwSxhzZQ30B5C
BkPV8TGMbzGPEg2od3+xtlgDn5kyOhU3252fW8w6wHw4hHyb3Xo2fMkd9st5qZ/F
Iy/Fimk3QUcGNn+5+ZoZPh0JTXa8pZKle6AMlgeIQdNqIRxOKyy2RZetiVVwPgiC
n3iwBdebkjiIjCsUWMbWpxm33HsW36jPwh7/d0KBX4cCsQE281uENI4gUchkq5EO
QzV8OtFeGb0bQJu5SMKWot2XAy3j1+p9uT8Woc5QBVEMobRpu3PaxA61SB4vJVrp
AotO0K+uP9dJ1lemRh9qFIQRCY5e9hacu/VDHygMw93QwnR9OGuEgHgYJHY4jD/Q
6DIxlo/X+JwqdtH5CzE=
=UZ5j
-----END PGP SIGNATURE-----
--============== 43409702758660106=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaQZHnQAKCRCb9qggYcy5
IV7vAPwIUdUpjBQr8uuyCTbpn26ZoeVd+WCmz1eVBcNhA8C8xwEAp6IZ2LFkQmVI
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
