Accepted postfix 3.4.7-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 01 Oct 2019 19:21:59 -0400
Source: postfix
Architecture: source
Version: 3.4.7-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Changes:
 postfix (3.4.7-0+deb10u1) buster; urgency=medium
 .
   [Wietse Venema]
 .
   * 3.4.6
     - Documentation: tlsext_padding is not a tls_ssl_options
       feature. File: proto/postconf.proto.
     - Portability: added "#undef sun" to util/unix_dgram_connect.c
       (documented for completeness - no impact on Debian)
     - Bugfix (introduced: Postfix 2.3): a censoring filter broke
       multiline Milter responses for header/body events. Problem
       report by Andreas Thienemann. Files: util/printable.c,
       util/stringops.h, smtpd/smtpd.c
     - Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
       0" no longer meant 'unlimited'. Problem report by Luc Pardon.
       File: smtp/smtp_addr.c.
     - Documentation: updated the BUGS section in the smtp(8) manpage
       about TLS connection reuse. File: smtp/smtp.c.
     - Workaround for implementations that hang Postfix while
       shutting down a TLS session, until Postfix times out. With
       "tls_fast_shutdown_enable = yes" (the default), Postfix no
       longer waits for the TLS peer to respond to a TLS 'close'
       request. This is recommended with TLSv1.0 and later. Files:
       global/mail_params.h, tls/tls_session.c, and documentation.
     - Bugfix (introduced: Postfix 3.0): the code to reset Postfix
       SMTP server command counts was not called after a HaProxy
       handshake failure, causing stale numbers to be reported.
       The command counts are now reset in the function that reports
       the counts. File: smtpd/smtpd.c.
   * 3.4.7
     - Bugfix: the documentation said tls_fast_shutdown_enable,
       but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
       the code because no-one is expected to override the default.
       File: global/mail_params.h.
     - Workaround for poor TCP loopback performance on LINUX, where
       getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment
       size that is 1/2 to 1/3 of the MTU. For example, with kernel
       5.1.16-300.fc30.x86_64 the TCP client and server announce
       an mss of 65495 in the TCP handshake, but getsockopt()
       returns 32741 (less than half). As a matter of principle,
       Postfix won't turn on client-side TCP_NODELAY because that
       hides application performance bugs, and because that still
       suffers from server-side delayed ACKs. Instead, Postfix
       avoids sending "small" writes back-to-back, by choosing a
       VSTREAM buffer size that is a multiple of the reported MSS.
       This workaround bumps the multiplier from 2x to 4x. File:
       util/vstream_tweak.c.
     - Bugfix (introduced: 20051222): the Dovecot client could
       segfault (null pointer read) or cause an SMTP server assertion
       to fail when talking to a fake Dovecot server. The client
       now logs a proper error instead. Problem reported by Tim
       Düsterhus. File: xsasl/xsasl_dovecot_server.c.
     - Bugfix (introduced: Postfix 3.4): don't whitewash OpenSSL
       error results after a plaintext output error. The code could
       loop, and with some OpenSSL error results could flood the
       log with error messages (see below for a specific case).
       Problem reported by Andreas Schulze. File: tlsproxy/tlsproxy.c.
     - Bitrot: don't invoke SSL_shutdown() when the SSL engine
       thinks it is processing a TLS handshake. The commit at
       https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
       changed the error status, incompatibly, from SSL_ERROR_NONE
       into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
Checksums-Sha1:
 2897aa8e05ef80b75890b4abddba50f119bd0646 2770 postfix_3.4.7-0+deb10u1.dsc
 675438e5eb2093579480a14e8f8552e784f03f32 4572758 postfix_3.4.7.orig.tar.gz
 f6f430292473f06cb88b2661222d38bf8c3dd39c 197332 postfix_3.4.7-0+deb10u1.debian.tar.xz
 fe35837703639a4a875dfc5b05883b58b3551583 7683 postfix_3.4.7-0+deb10u1_source.buildinfo
Checksums-Sha256:
 282235523fc3bd76a2e7a855177db518942170666e9003a920a5a5a6cc820408 2770 postfix_3.4.7-0+deb10u1.dsc
 fe3253121d3ba8836a23774225518560b35e40497951ad5bec154afa8205f967 4572758 postfix_3.4.7.orig.tar.gz
 5414006ff391a713543b323b03f09970cbccab9b368845b73e5e0ccd68024c4b 197332 postfix_3.4.7-0+deb10u1.debian.tar.xz
 fd87a93d52daa00a54a38a2afaa734e8545cff63a8f181fb27633f43d88fcbcb 7683 postfix_3.4.7-0+deb10u1_source.buildinfo
Files:
 14d34d876d39a0f6b8c914c63ec330e1 2770 mail optional postfix_3.4.7-0+deb10u1.dsc
 b29ab85e8f6ef7fae132b004e777671b 4572758 mail optional postfix_3.4.7.orig.tar.gz
 9ed5f95aa2d063dd789425061498c6d4 197332 mail optional postfix_3.4.7-0+deb10u1.debian.tar.xz
 64c42c3213999c793173ed37101cbe73 7683 mail optional postfix_3.4.7-0+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAl2T4JwACgkQeNfe+5rV
mvHU/w/9FaAZxeIkuecv5AbiCitfM2yPJz3PSYsDTDWgv0USaH4Ony+Hljpt+M0q
1HZq12Pslj4bqOxhKC/VoMMOrveUNehtkcEQF3DYpsXi7f2J1yMdC3oztihPizr7
+nul2BSQuAUTUoXJvur842oLrt5WvpGDHiFCZSJO76FndmXT/cHl6LasP/SPue25
akQc9nTICDevjNQLJ8YY3l7zG/hejPUlR9pr3fuNb6lw09UYGCR/1iCAvKY+SJSv
lIeY77CsJ8e2LzCf5MvYjWBCLIQG4VuTc8qczw4NaUtozDKZDE7oaSRsDbTatlW6
XaMFCkZwB6aGcgZfbcGUFJRO0+RQeqly0bM5OsHrH6dvsyhnxPhHQchfzDvvW+Ky
J01AavC4+IiT36USWwUomdq4cSgE1aczk/WkcW80BuUqLUq6UchC0dOW4oyHdxH6
Xjgbd6wBE/jWly2kvwO1Y2Dd5Aqtf2UKkhsnVH/fZJGIVpCbqzeV6G1r4aREChnG
qWoXMXaljkn0Evf9I7yrvd6NNI1PJrqFq8IoHebAzU9FAUF31Z1T/sEmUUndYhXv
H/481sn68QYyH1rwqu2alNEz6gerDuRz7onTk/HxMlwr4byFyLFFSTtuZ4enY9mx
m+OnnTYxIljxrCeEX++GqH1fI4okEls9Kl0EOC1g0vzFwdFKEDY=
=U+RS
-----END PGP SIGNATURE-----