Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted postfix 3.10.5-1~deb13u1 (source) into proposed-updates
Date: Sat, 01 Nov 2025 17:47:09 +0000
Signed by: Michael Tokarev <mjt@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Oct 2025 13:24:35 +0300
Source: postfix
Architecture: source
Version: 3.10.5-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Postfix Team <team+postfix@tracker.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 1115412
Changes:
 postfix (3.10.5-1~deb13u1) trixie; urgency=medium
 .
   * new upstream stable/bugfix 3.10.5 release, with multiple fixes.
     From the upstream release notes:
   - Workaround for an interface mis-match between the Postfix SMTP client
     and MTA-STS policy plugins.
      * The existing behavior is to connect to any MX host listed in DNS, and
        to match the server certificate against any STS policy MX host pattern.
      * The corrected behavior is to connect to an MX host only if its
        name matches any STS policy MX host pattern, and to match the server
        certificate against the MX hostname.
     The corrected behavior must be enabled in two places: in Postfix with a
     new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes") and in
     an MTA-STS plugin by enabling TLSRPT support, so that the plugin forwards
     STS policy attributes to Postfix. This works even if Postfix TLSRPT
     support is disabled at build time or at runtime.
   - TLSRPT Workaround: when a TLSRPT policy-type value is "no-policy-found",
     pretend that the TLSRPT policy domain value is equal to the recipient
     domain. This ignores that different policy types (TLSA, STS) use different
     policy domains.  But this is what Microsoft does, and therefore,
     what other tools expect.
   - Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP client's
     connection reuse logic did not distinguish between sessions that
     require SMTPUTF8 support, and sessions that do not. The solution is
      1) to store sessions with different SMTPUTF8 requirements
         under distinct connection cache storage keys, and
      2) to not cache a connection when SMTPUTF8 is required
         but the server does not support that feature
   - Bugfix (defect introduced: Postfix 3.0, date 20140731):
     the smtpd 'disconnect' command statistics did not count commands
     with "bad syntax" and "bad UTF-8 syntax" errors
   - Postfix 3.11 forward compatibility: to avoid ugly warnings when
     Postfix 3.11 is rolled back to an older version, allow a preliminary
     'size' record in maildrop queue files created with Postfix 3.11 or later
   - Bugfix (defect introduced: Postfix 3.8, date 20220128):
     non-reproducible build, because the 'postconf -e' output order
     for new main.cf entries was no longer deterministic
   - To make builds predictable, add missing meta_directory and
     shlib_directory settings to the stock main.cf file
   - Bugfix (defect introduced: Postfix 3.9, date 20230517):
     posttls-finger(1) logged an incorrectly-formatted port number
   * debian/patches/debian-defaults.patch: refresh, update for 2 new
     parameters (with defaults) in main.cf, and make it with less context
   * configure-instance.in: fix typo which caused recreating
     cadir in chroot and excessive logging (Closes: #1115412)
Checksums-Sha1:
 7d8eee98c1e8566e6a3897b59befaae5a1543a28 3291 postfix_3.10.5-1~deb13u1.dsc
 f753b2aefb2d34e665b0e77974c8f02554686f70 5039523 postfix_3.10.5.orig.tar.gz
 23b7dbba9583adda68ba664136507a9a67634d7a 220 postfix_3.10.5.orig.tar.gz.asc
 0c00c07d2f73a9713c6c1082b507861d3fea8fcb 199904 postfix_3.10.5-1~deb13u1.debian.tar.xz
 755adbff2fa75354901d54180a6a2f8b0a794d5e 6141 postfix_3.10.5-1~deb13u1_source.buildinfo
Checksums-Sha256:
 1270cf091359e3f0083e3fae3d87cd387f158c314c2326f26fa7bd6b9bc8fea4 3291 postfix_3.10.5-1~deb13u1.dsc
 6a926bf702173861b08e49bcb51fca3a2f269f9a337f72ef159bf46052087e35 5039523 postfix_3.10.5.orig.tar.gz
 ddd4fbb963a433cf96d23da0fa1f1414cd6ccfdb6bcc5909d310dbfaad27e84c 220 postfix_3.10.5.orig.tar.gz.asc
 ada75162040ff3f5875274da0f56c9e291fe04f98a1dd36022d4f5f4cb43053d 199904 postfix_3.10.5-1~deb13u1.debian.tar.xz
 e9991c84279e38992a80413dc5df860ae05342f0233ca0a94a34d6a5976e1b7e 6141 postfix_3.10.5-1~deb13u1_source.buildinfo
Files:
 cb8ccb9093f79ef50b3fdf22093f6ace 3291 mail optional postfix_3.10.5-1~deb13u1.dsc
 a82fcacc74021672e9df71f783f1651b 5039523 mail optional postfix_3.10.5.orig.tar.gz
 0c6e7db742ef5c159df169f82a193ae5 220 mail optional postfix_3.10.5.orig.tar.gz.asc
 3d92a3e5f4e1b38e66510f6e660cfada 199904 mail optional postfix_3.10.5-1~deb13u1.debian.tar.xz
 c6d7b70388deea52b744383e62b1f9e0 6141 mail optional postfix_3.10.5-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJpAKXgCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeOj39ykDaEbySelkqMiDGnufOkIXl5tSlk74OIMoNN
mRYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAAtvg/+PFkji0x3h9LcGChkGfur5Tn4
bNA4pihbafcdG93+vSkzi2KtyhfbXsayV3i2jXMeVyarz+J/Keu9XIaw0oN0Lhbo
3Ud28Y4HO8t4TnOhhaKujmyCCf4jP+J+84LFJ7DJsEf2/dCaQ6yGzW2HUCB7i07x
gojIEH8cPoD6Mi45eYATpBg6LDEqTv4oYwOUu1nHtpTruWTsX3GhVXJ71xHOGdJH
22CqlEnDtXxITUNhsjKOxIW5kUSXNGYaWDl7NK1NOVUioa/Au4mNIbLIuMrJoD/A
qCAK2XOhvXiz7fbwEdSHIJwkCQ/pd1ahK+hmsQ+CYFZpzk/vjZoSwSxhzZQ30B5C
BkPV8TGMbzGPEg2od3+xtlgDn5kyOhU3252fW8w6wHw4hHyb3Xo2fMkd9st5qZ/F
Iy/Fimk3QUcGNn+5+ZoZPh0JTXa8pZKle6AMlgeIQdNqIRxOKyy2RZetiVVwPgiC
n3iwBdebkjiIjCsUWMbWpxm33HsW36jPwh7/d0KBX4cCsQE281uENI4gUchkq5EO
QzV8OtFeGb0bQJu5SMKWot2XAy3j1+p9uT8Woc5QBVEMobRpu3PaxA61SB4vJVrp
AotO0K+uP9dJ1lemRh9qFIQRCY5e9hacu/VDHygMw93QwnR9OGuEgHgYJHY4jD/Q
6DIxlo/X+JwqdtH5CzE=
=UZ5j
-----END PGP SIGNATURE-----
News for package postfix
