Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted postfix 3.10.5-1 (source) into unstable
Date: Tue, 28 Oct 2025 10:36:52 +0000
Signed by: Michael Tokarev <mjt@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Oct 2025 13:02:25 +0300
Source: postfix
Architecture: source
Version: 3.10.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Postfix Team <team+postfix@tracker.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Changes:
 postfix (3.10.5-1) unstable; urgency=medium
 .
   * new upstream stable release.  From the Release Notes:
 .
   * Workaround for an interface mis-match between the Postfix SMTP
     client and MTA-STS policy plugins.
 .
       * The existing behavior is to connect to any MX host listed
         in DNS, and to match the server certificate against any STS
         policy MX host pattern.
 .
       * The corrected behavior is to connect to an MX host only if
         its name matches any STS policy MX host pattern, and to
         match the server certificate against the MX hostname.
 .
     The corrected behavior must be enabled in two places: in Postfix
     with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default:
     "yes") and in an MTA-STS plugin by enabling TLSRPT support, so
     that the plugin forwards STS policy attributes to Postfix. This
     works even if Postfix TLSRPT support is disabled at build time
     or at runtime.
 .
   * TLSRPT Workaround: when a TLSRPT policy-type value is
     "no-policy-found", pretend that the TLSRPT policy domain value
     is equal to the recipient domain. This ignores that different
     policy types (TLSA, STS) use different policy domains. But this
     is what Microsoft does, and therefore, what other tools expect.
 .
   * Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP
     client's connection reuse logic did not distinguish between
     sessions that require SMTPUTF8 support, and sessions that do
     not. The solution is 1) to store sessions with different SMTPUTF8
     requirements under distinct connection cache storage keys, and
     2) to not cache a connection when SMTPUTF8 is required but the
     server does not support that feature.
 .
   * Bugfix (defect introduced: Postfix 3.0, date 20140731): the
     smtpd 'disconnect' command statistics did not count commands
     with "bad syntax" and "bad UTF-8 syntax" errors.
 .
   * Bugfix: the August 2025 patch broke DBM library support which
     is still needed on Solaris; and the same change could result
     in warnings with "database X is older than source file Y".
 .
   * Postfix 3.11 forward compatibility: to avoid ugly warnings when
     Postfix 3.11 is rolled back to an older version, allow a
     preliminary 'size' record in maildrop queue files created with
     Postfix 3.11 or later.
 .
   * Bugfix (defect introduced: Postfix 3.8, date 20220128):
     non-reproducible build, because the 'postconf -e' output order
     for new main.cf entries was no longer deterministic. Problem
     reported by Oleksandr Natalenko, diagnosis by Eray Aslan.
 .
   * To make builds predictable, add missing meta_directory and
     shlib_directory settings to the stock main.cf file. Problem
     diagnosed by Eray Aslan.
 .
   * Bugfix (defect introduced: Postfix 3.9, date 20230517):
     posttls-finger(1) logged an incorrectly-formatted port number.
     Viktor Dukhovni.
Checksums-Sha1:
 7dd021c1611f02fda52754c391fb882856447ab9 3259 postfix_3.10.5-1.dsc
 f753b2aefb2d34e665b0e77974c8f02554686f70 5039523 postfix_3.10.5.orig.tar.gz
 23b7dbba9583adda68ba664136507a9a67634d7a 220 postfix_3.10.5.orig.tar.gz.asc
 3bdd9e1dfd2824b85a29e0fd9b4e6d96666913cd 199504 postfix_3.10.5-1.debian.tar.xz
 219160a2f9973762022014f985e8392f11cebb9a 6109 postfix_3.10.5-1_source.buildinfo
Checksums-Sha256:
 72d8b9c67f1dd5e8cb5f73dede2bd78f368b12a723bdbe13ed070285d6d09e11 3259 postfix_3.10.5-1.dsc
 6a926bf702173861b08e49bcb51fca3a2f269f9a337f72ef159bf46052087e35 5039523 postfix_3.10.5.orig.tar.gz
 ddd4fbb963a433cf96d23da0fa1f1414cd6ccfdb6bcc5909d310dbfaad27e84c 220 postfix_3.10.5.orig.tar.gz.asc
 6fb08107cc9f9e4de3f344f641f70d48a0a59f173ef047427bb3d46c896bb5dd 199504 postfix_3.10.5-1.debian.tar.xz
 c4750bd21129f4d866923a0d2ff10c40097fd56056fe8855795e67a18d0b8040 6109 postfix_3.10.5-1_source.buildinfo
Files:
 fdf748628a9ba5a79f3e9876303eda53 3259 mail optional postfix_3.10.5-1.dsc
 a82fcacc74021672e9df71f783f1651b 5039523 mail optional postfix_3.10.5.orig.tar.gz
 0c6e7db742ef5c159df169f82a193ae5 220 mail optional postfix_3.10.5.orig.tar.gz.asc
 1ffeb41e4bd6a7e21997e9cd47f812d7 199504 mail optional postfix_3.10.5-1.debian.tar.xz
 3e85799f5cbf328b76c7c4fd58e5c3e6 6109 mail optional postfix_3.10.5-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJpAJTCCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeDw+HXkwGEimPtBx0Jjm2fTHeSD+nrv4Tr3a+k4Lny
KxYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AABLTg/7BkGlt7CamDgix5klc4UBykMJ
8djOGg4UQGLFWo+2Q5iW08YoeJSknuEMO2EPgw6dRqplvfZVg0+Lma0JhW3Px874
OHJOtq9CsNn2XyCLBWK7zP/qTVwKokVxsb0KdDieI4xIAUPe7ce5w1+zz+M9dwg6
hw8m9GirytEhP5xwMSVT6ixXUAh3mlhgVzIQTcJPnFY1uVNkkqoRr02gNCjihMLV
MAEjT5FafNR4VHq1pBHf9M5ZKfJRYy1rg+KAO6r9j3IfydM6tQC2zuOrq3ukaCjH
Rn4OBc1K2iHxijK7/SQ+TACJ7TI4B/RzBX22s75geWcTrCClUo2JqM5Li7Ri6RoN
SJv7QTmsrGHAGBsByCiy4AwqJohsek7ms0ZfrBOuF8tVrEbkO4dzHcaCy9GmEt8U
6v3YQN1o2wcqo+CkqNHQk8BD/RWNUjyIYTIaGGp7igVXRK3cjh9miAvETepoeMnE
KmYG76kDc2Fm3TJLWGFr019c6dmL3tnfd/4pG+z+u+lRwTJ5JyExL7iJxQzucKy0
h6kBbMzrEJMmSmaqwjVfFXmYIbZrFWx3nNSaZH5A+2nFXTbJztNywEwOiiHAV6zM
h2fLZXpZ5LfuJurP76D5G3TOfoZFQLJnBjxT6PM9/cVGU0J9jSWcPIWVSZ47GQ7M
VPe4leoIfq0yfeudKTg=
=hCRH
-----END PGP SIGNATURE-----
News for package postfix
