-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Aug 2025 09:51:46 +0300
Source: postfix
Architecture: source
Version: 3.10.4-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Postfix Team <team+postfix@tracker.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 1100100 1110704
Changes:
postfix (3.10.4-1~deb13u1) trixie; urgency=medium
.
* New upstream stable/bugfix version 3.10.4, with a handful of fixes.
From the upstream release notes:
- Fixes for postscreen(8):
* Bugfix (defect introduced: Postfix 2.2, date 20050203): after
detecting a lookup table change, and after starting a new
postscreen process, the old postscreen process logged an ENOTSOCK
error while attempting to accept a connection on a socket that
it was no longer listening on. This error was introduced first
in the multi_server skeleton code, and was five years later
duplicated in the event_server skeleton that was created for
postscreen. Problem reported by Florian Piekert.
* Bugfix (defect introduced: Postfix 2.8, date 20101230):
after detecting a cache table change and before starting a new
postscreen process, the old postscreen process did not close the
postscreen_cache_map, and therefore kept an exclusive lock that
could prevent a new postscreen process from starting. Problem
reported by Florian Piekert.
- Fixes for tlsproxy(8):
* Bugfix (defect introduced: Postfix 3.7): incorrect backwards
compatible support for the legacy configuration parameters
tlsproxy_client_level and tlsproxy_client_policy. This
disabled the tlsproxy TLS client role when a legacy parameter
was set (instead of the newer tlsproxy_client_security_level
or tlsproxy_client_policy_maps). Reported by John Doe,
diagnosed by Viktor Dukhovni.
* Bugfix (defect introduced: Postfix 3.4): with the TLS client role
disabled by configuration, the tlsproxy daemon dereferenced a
null pointer while handling a tlsproxy client request. Reported by
John Doe.
- Reducing process churn: Postfix daemons no longer automatically
restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file
modification time change, when they opened that table for writing.
- Portability: deleted an <openssl/engine.h> build dependency,
because the feature is being removed from OpenSSL, and Postfix
no longer needs it.
- Cleanup: with "tls_required_enable = yes", the Postfix SMTP client
will no longer maintain TLSRPT statistics for messages that contain
a "TLS-Required: no" header. This can prevent TLSRPT notifications
for TLSRPT notifications.
- Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS
client code logged "Untrusted TLS connection" (wrong) instead of
"Trusted TLS connection" (right), for a new or resumed TLS session,
when a server offered a trusted (valid PKI trust chain) certificate
that did not match the expected server name pattern. Fix by Viktor
Dukhovni.
* d/gbp.conf: debian-branch=debian/trixie
* configure-instance.in: fix typo
* configure-instance.in: limit maxdepth=1 in /etc/ssl/certs dirs
* configure-instance.in: use home-grown file copy procedure to sync chroot
There are a few issues with using cp(1) to update files in chroot, -
a file should be copied even if the source date is *less* than the
target date (eg, if a package has been downgraded), which is not done
by `cp -u` (#1110704), a file should be copied atomically (copy+rename,
not truncate+copy), and care should be taken with extra attributes
(#1100100). Use a simple perl-based script (using just perl-base)
to update files instead, which fixes all this stuff.
(Closes: #1100100, #1110704)
Checksums-Sha1:
c313b8d1e0c28d6f66d4a92f08a729742da2f0dc 3193 postfix_3.10.4-1~deb13u1.dsc
a6c4489bd7d0868ac0374e2b97b83fc9c2c2c2b9 5050100 postfix_3.10.4.orig.tar.gz
fe2532dfd80afa849c4655788c45787827f0c275 220 postfix_3.10.4.orig.tar.gz.asc
aeaca58181b5da49ae277347d1c7039145c1d220 199408 postfix_3.10.4-1~deb13u1.debian.tar.xz
340ebc36d1c1b3f1399ab0447decd3fe9dd58c02 5738 postfix_3.10.4-1~deb13u1_source.buildinfo
Checksums-Sha256:
03510c7dae7331b27669f6918e39129a570f71885b927d67fd10c90b8fcec30c 3193 postfix_3.10.4-1~deb13u1.dsc
cfb66861fe8f964787ddaeab15f3ca3e7ef3de730f97171afc4a5eca338ca444 5050100 postfix_3.10.4.orig.tar.gz
dd85a2d75a87e5e1d4cae8117b05aed56055b0c85e450e500d01e66017c5e302 220 postfix_3.10.4.orig.tar.gz.asc
1b5c780f721a5ae9efd941d29e940ddb75f2ef362bf9f7bdb4773ce15bfb2e2d 199408 postfix_3.10.4-1~deb13u1.debian.tar.xz
2ff6db19687f3df52dc763b03313d5368d1f5f822d2943a818645c24b6e05dce 5738 postfix_3.10.4-1~deb13u1_source.buildinfo
Files:
6bccc564cfd2e802b2c4a1ca009ddeaf 3193 mail optional postfix_3.10.4-1~deb13u1.dsc
c9f472fe0455eff7a8334479fb0f1154 5050100 mail optional postfix_3.10.4.orig.tar.gz
bc0e8eb3f4aa659c4819d9f35193894f 220 mail optional postfix_3.10.4.orig.tar.gz.asc
a52f5e68ef61263185baadb71b51fd80 199408 mail optional postfix_3.10.4-1~deb13u1.debian.tar.xz
6488c53934e00b75d4d6a072bf38bef3 5738 mail optional postfix_3.10.4-1~deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmioFJoACgkQgqpKJDse
lHj62A/+IfvR4KeS54aLu/lOV/gd+ikfR7CJXx5h9M35gk1A0VcPLpy5yBWeAIr4
bUviIsY5gD9H+8I6pY2hBsIRibEkBLldYCxh2x2yXID1KnyHLFwGw6eakh0Vo6q5
K2UEHef5nYiN1RZ5nANeoil++DqDQrNXR9H64HH41xh83RAxrwHYdINgSf79GGTt
PZXSoAsr7Z7TB1jD4zot9t9845VVOUAFFBQxp1xOM8z9o9tvj7ntR1XRgKDSeML6
TgFo0hyNl6YJX72g/qTwOmR5Sj4+wCz1doOU90fUiV2R0k/PVU+4vqDkL6J3cX5B
+VuRdxRUKOevQ+XU6UqPK4IeOv4dVBdynogJ9WlBSKlq/E5K1aYSccwiV6LoHZNK
ASuwfqL48FVsY6BYp+YuGiW3x7uJdsAoVLrAKxSZS0/p24h2b0Db2hCTTDLhhKbr
CgtDa25nnML9dX96Lv/Vu8mZVbgpO71bYJU/fqBxCQtOUeL6fjre15f424vAH5Uo
HIS2GNSYa6QVPBLbAfml+TmpvWs8sbdra28+gAN+3oBx/tvm3K6Grsch/tXvo0GU
oD4GD0WFWQ6C56d/fhQipq8bI2SwQj2RlExQKlUE8MVC0U/mbBe4ZB+vQdklhTxV
EOTQg6oKN+tcohuAnwH2eyn1ar8mftZnv7fbmo3c4aRY/dQhbIs=
=2kHb
-----END PGP SIGNATURE-----
Attachment:
pgpzSasBrRhLK.pgp
Description: PGP signature