postfix (3.7.11-0+deb12u1) bookworm; urgency=medium
[Wietse Venema]
* 3.7.11
- Bugfix (defect introduced: Postfix 2.3, date 20051222): the
Dovecot auth client did not reset the 'reason' from a
previous Dovecot auth service response, before parsing the
next Dovecot auth server response in the same SMTP session.
Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c.
- Cleanup: Postfix SMTP server response with an empty
authentication failure reason. File: smtpd/smtpd_sasl_glue.c.
- Bugfix (defect introduced: Postfix 3.1, date: 20151128):
"postqueue -j" produced broken JSON when escaping a control
character as \uXXXX. Found during code maintenance. File:
postqueue/showq_json.c.
- Cleanup: posttls-finger certificate match expectations for
all TLS security levels, including warnings for levels that
don't implement certificate matching. Viktor Dukhovni.
File: posttls-finger.c.
- Bugfix (defect introduced: Postfix 2.3): after prepending
a message header with a Postfix access table PREPEND action,
a Milter request to delete or update an existing header
could have no effect, or it could target the wrong instance
of an existing header. Root cause: the fix dated 20141018
for the Postfix Milter client was incomplete. The client
did correctly hide the first, Postfix-generated, Received:
header when sending message header information to a Milter
with the smfi_header() application callback function, but
it was still hiding the first header (instead of the first
Received: header) when handling requests from a Milter to
delete or update an existing header. Problem report by
Carlos Velasco. This change was verified to have no effect
on requests from a Milter to add or insert a header. File:
cleanup/cleanup_milter.c.
- Workaround: tlsmgr logfile spam. Some OS lies under load:
it says that a socket is readable, then it says that the
socket has unread data, and then it says that read returns
EOF, causing Postfix to spam the log with a warning message.
File: tlsmgr/tlsmgr.c.
- Bugfix (defect introduced: Postfix 3.4): the SMTP server's
BDAT command handler could be tricked to read $message_size_limit
bytes into memory. Found during code maintenance. File:
smtpd/smtpd.c.
- Performance: eliminate worst-case behavior where the queue
manager defers delivery to all destinations over a specific
delivery transport, after only a single delivery agent
failure. The scheduler now throttles one destination, and
allows deliveries to other destinations to keep making
progress. Files: *qmgr/qmgr_deliver.c.
- Safety: drop and log over-size DNS responses resulting in
more than 100 records. This 20x larger than the number of
server addresses that the Postfix SMTP client is willing
to consider when delivering mail, and is well below the
number of records that could cause a tail recursion crash
in dns_rr_append() as reported by Toshifumi Sakaguchi. This
also limits the number of DNS requests from check_*_*_access
restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c,
dns/test_dns_lookup.c, posttls-finger/posttls-finger.c,
smtp/smtp_addr.c, smtpd/smtpd_check.c.
-- Scott Kitterman <scott@kitterman.com> Wed, 06 Mar 2024 10:10:14 -0500
postfix (3.7.10-0+deb12u1) bookworm; urgency=medium
[Wietse Venema]
* 3.7.10
- Security (outbound SMTP smuggling): with the default setting
"cleanup_replace_stray_cr_lf = yes" Postfix will replace
stray <CR> or <LF> characters in message content with a
space character. This prevents Postfix from enabling
outbound (remote) SMTP smuggling, and it also makes evaluation
of Postfix-added DKIM etc. signatures independent from how
a remote mail server handles stray <CR> or <LF> characters.
Files: global/mail_params.h, cleanup/cleanup.c,
cleanup/cleanup_message.c, mantools/postlink, proto/postconf.proto.
- Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
smtpd/smtpd.c, smtpd/smtpd_check.[hc].
-- Scott Kitterman <scott@kitterman.com> Fri, 26 Jan 2024 18:44:58 -0500
postfix (3.7.9-0+deb12u1) bookworm; urgency=medium
[Wietse Venema]
* 3.7.7
- Bugfix (bug introduced: 20140218): when opportunistic TLS fails
during or after the handshake, don't require that a probe
message spent a minimum time-in-queue before falling back to
plaintext. Problem reported by Serg. File: smtp/smtp.h.
- Bugfix (defect introduced: 19980207): the valid_hostname()
check in the Postfix DNS client library was blocking unusual
but legitimate wildcard names (*.name) in some DNS lookup
results and lookup requests. Examples:
name class/type value
*.one.example IN CNAME *.other.example
*.other.example IN A 10.0.0.1
*.other.example IN TLSA ..certificate info...
Such syntax is blesed in RFC 1034 section 4.3.3.
This problem was reported first in the context of TLSA
record lookups. Files: util/valid_hostname.[hc],
* 3.7.8
- Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix
SMTP server was waiting for a client command instead of
replying immediately, after a client certificate verification
error in TLS wrappermode. Reported by Andreas Kinzler. File:
smtpd/smtpd.c.
- Usability: the Postfix SMTP server now attempts to log the
SASL username after authentication failure. In Postfix
logging, this appends ", sasl_username=xxx" after the reason
for SASL authentication failure. The logging replaces an
unavailable reason with "(reason unavailable)", and replaces
an unavailable sasl_username with "(unavailable)". Based
on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.
- Bugfix (defect introduced: Postfix 2.11): in forward_path,
the expression ${recipient_delimiter} would expand to an
empty string when a recipient address had no recipient
delimiter. Fixed by restoring Postfix 2.10 behavior to use
a configured recipient delimiter value. Reported by Tod
A. Sandman. Files: proto/postconf.proto, local/local_expand.c.
* 3.7.9 (Closes: #1059230)
- Addresses CVE-2023-51764, requires configuration change
- Security: with "smtpd_forbid_bare_newline = yes" (default
"no" for Postfix < 3.9), reply with "Error: bare <LF>
received" and disconnect when an SMTP client sends a line
ending in <LF>, violating the RFC 5321 requirement that
lines must end in <CR><LF>. This prevents SMTP smuggling
attacks that target a recipient at a Postfix server. For
backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks". Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
-- Scott Kitterman <scott@kitterman.com> Sun, 24 Dec 2023 12:33:24 -0500
postfix (3.7.6-0+deb12u2) bookworm; urgency=medium
* Correct regression that caused postfix set-permissions to fail (Closes:
#1040329)
- Restore and update debian/patches/05_debian_manpage_differences.diff
- Restore and update debian/patches/05_debian_readme_differences.diff
* Update autopkgtest to test postfix set-permissions
-- Scott Kitterman <scott@kitterman.com> Wed, 05 Jul 2023 17:18:24 -0400
postfix (3.7.6-0+deb12u1) bookworm; urgency=medium
[Scott Kitterman]
* Refresh patches
[Wietse Venema]
* 3.7.6
- Bugfix (defect introduced: Postfix 1.0): the command "postconf
.. name=v1 .. name=v2 .." (multiple instances of the same
parameter name) created multiple name=value entries with
the same parameter name. It now logs a warning and skips
the earlier update. Found during code maintenance. File:
postconf/postconf_edit.c
- Bugfix (defect introduced: Postfix 3.3): the command "postconf
-M name1/type1='name2 type2 ...'" died with a segmentation
violation when the request matched multiple master.cf
entries. The master.cf file was not damaged. Problem reported
by SATOH Fumiyasu. File: postconf/postconf_master.c.
- Bugfix (defect introduced: Postfix 2.11): the command
"postconf -M name1/type1='name2 type2 ...'" could add a
service definition to master.cf that conflicted with an
already existing service definition. It now replaces all
existing service definitions that match the service pattern
'name1/type1' or the service name and type in 'name2 type2
...' with a single service definition 'name2 type2 ...'.
Problem reported by SATOH Fumiyasu. File: postconf/postconf_edit.c.
- Bitrot: preliminary support for OpenSSL configuration files,
primarily OpenSSL 1.1.1b and later. This introduces new
parameters "tls_config_file" and "tls_config_name", which
can be used to limit collateral damage from OS distributions
that crank up security to 11, increasing the number of
plaintext email deliveries. Details are in the postconf(5)
manpage under "tls_config_file" and "tls_config_name".
Viktor Dukhovni. Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, posttls-finger/posttls-finger.c,
smtp/smtp.c, smtp/smtp_proto.c, tls/tls_client.c, tls/tls.h,
tls/tls_misc.c, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy.h, tls/tls_server.c,
tlsproxy/tlsproxy.c.
- Cleanup: use TLS_CLIENT_PARAMS to pass the OpensSSL 'init'
configurations. This information is independent from the
client or server TLS context, and therefore does not belong
in tls_*_init() or tls_*_start() calls. The tlsproxy(8)
server uses TLS_CLIENT_PARAMS to report differences between
its own global TLS settings, and those from its clients.
Files: posttls-finger/posttls-finger.c, smtp/smtp.c,
smtp/smtp_proto.c, tls/tls.h, tls/tls_proxy_client_misc.c,
tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c,
tls/tls_proxy.h, tlsproxy/tlsproxy.c.
- Cleanup: reverted cosmetic-only changes to minimize the
patch footprint for OpenSSL INI file support; updated daemon
manpages with the new tls_config_file and tls_config_name
configuration parameters. Files: smtp/smtp.c, smtpd/smtpd.c,
tls/tls_client.c, tls/tls.h, tls/tls_server.c, tlsproxy/tlsproxy.c,
- Cleanup: made OpenSSL 'default' INI file support error
handling consistent with OpenSSL default behavior. Viktor
Dukhovni. Files: proto/postconf.proto, tls/tls_misc.c.
- Backwards compatibility for stable releases that originally
had no OpenSSL INI support. Skip the new OpenSSL INI support
code, unless the Postfix configuration actually specifies
non-default tls_config_xxx settings. File: tls/tls_misc.c.
- Cleanup: added a multiple initialization guard in the
tls_library_init() function, and made an initialization
error sticky. File: tls/tls_misc.c.
- Security: new parameter smtpd_forbid_unauth_pipelining
(default: no) to disconnect remote SMTP clients that violate
RFC 2920 (or 5321) command pipelining constraints. Files:
global/mail_params.h, smtpd/smtpd.c, proto/postconf.proto.
-- Scott Kitterman <scott@kitterman.com> Sat, 17 Jun 2023 13:34:11 -0400
postfix (3.7.5-2) unstable; urgency=medium
[Sergio Durigan Junior]
* Update autopkgtest to work with new sasl2-bin service file.
Closes: #1032306
-- Scott Kitterman <scott@kitterman.com> Wed, 03 May 2023 10:27:40 -0400
postfix (3.7.5-1) unstable; urgency=medium
[Scott Kitterman]
* Fix typo in d/changelog
* Update d/watch to only look for 3.7.x updates for bookworm
[localization folks]
* l10n: Updated Turkish debconf translations. (Atila KOÇ). Closes: #1032459
[Wietse Venema]
* 3.7.5
- Bugfix (introduced: Postfix 3.4): the posttls-finger command
failed to detect that a connection was resumed in the case
that a server did not return a certificate. Viktor Dukhovni.
File: posttls-finger/posttls-finger.c.
- Workaround: OpenSSL 3.x EVP_get_cipherbyname() can return
lazily-bound handles. Postfix now checks that the expected
functionality will be available instead of failing later.
Fix by Viktor Dukhovni. File: tls/tls_server.c.
- Bugfix (introduced: Postfix 3.5): check_ccert_access did
not parse inline map specifications. Report and fix by Sean
Gallagher. File: global/map_search.c.
- Safety: the long form "{ name = value }" in import_environment
or export_environment is not documented, but accepted, and
it was stored in the process environment as the invalid
form "name = value", thus not setting or overriding an entry
for "name". This form is now stored as the expected
"name=value". Found during code maintenance. Also refined
the "missing attribute name" detection. Files: clean_env.c,
split_nameval.c.
- Bugfix (introduced: Postfix 3.2): the MySQL client could
return "not found" instead of "error" during the time that
all MySQL server connections were turned down after error.
Found during code maintenance. File: global/dict_mysql.c.
-- Scott Kitterman <scott@kitterman.com> Sun, 30 Apr 2023 13:53:55 -0400
postfix (3.7.4-2) unstable; urgency=medium
[Christian Göttsche]
* Add patch to disable LD_LIBRARY_PATH check
* Update postfix homepage supporting https
* Merge restorecon calls
* d/postinst: fix mixed indentation
* Quote variables and command output in scripts
* Drop upgrade handling against ancient versions
* Drop unnecessary script include
* Do not manually stop and restart postfix.service
* Switch to PCRE2 (Closes: #999988)
[Scott Kitterman]
* Build depend on libldap-dev instead of transitional libldap2-dev
* Update lintian overrides
* Drop ancient Breaks/Replaces on postfix 3.1.3-7~
-- Scott Kitterman <scott@kitterman.com> Tue, 24 Jan 2023 09:33:52 -0500
postfix (3.7.4-1) unstable; urgency=medium
[Scott Kitterman]
* Drop d/p/support_linux6, addressed upstream
* Drop depends on obsolete package lsb-base
[Wietse Venema]
* 3.7.4 (Closes: #1011040) (LP: #1995312)
[Sven Joachim]
* Replace deprecated c_rehash with openssl rehash (Closes: #895089)
[localization folks]
* l10n: Updated German debconf translations. (Markus Hiereth)
Closes: #1029113
-- Scott Kitterman <scott@kitterman.com> Sat, 21 Jan 2023 20:03:33 -0500
postfix (3.7.3-4) unstable; urgency=medium
* Also add LINUX6 to sys_defs.h (thanks to Bo YU for the fix).
Closes: #1028600
-- Scott Kitterman <scott@kitterman.com> Fri, 13 Jan 2023 18:42:01 -0500
postfix (3.7.3-3) unstable; urgency=medium
[Scott Kitterman]
* Add support for Linux 6 as a Linux major version in makedefs
* Remove obsolete debian/postfix.NEWS
* Update debian/copyright
* Bump standards-version to 4.6.2 without further change
[Gioele Barabucci]
* d/postfix.postinst: Use sed instead of perl
[Daniel Shahaf]
* Fix generic maps terminology in README.Debian. Closes: #1006345
[localization folks]
* l10n: Updated Dutch debconf translations. (Frans Spiesschaert)
Closes: #1004316, #1025842
* l10n: Updated Brazilian Portuguese debconf translations. (Paulo Henrique
de Lima Santana) Closes: #1024200
* l10n: Updated German debconf translations. (Markus Hiereth)
Closes: #1004011
-- Scott Kitterman <scott@kitterman.com> Wed, 11 Jan 2023 11:02:33 -0500
postfix (3.7.3-2) unstable; urgency=medium
* Update autopkgtest expected return code for 3.7 changes
-- Scott Kitterman <scott@kitterman.com> Sun, 09 Oct 2022 01:33:38 -0400
postfix (3.7.3-1) unstable; urgency=medium
[Scott Kitterman]
* Add postfix-resolvconf.path/service to watch for resolv.conf changes and
restart postfix using the existing hook if it is updated. Closes: #1003152
* Document in README.Debian that new postfix-resolvconf.path/service files
need to be manually enabled if needed and override dh_installsystemd to
that effect
* Delete unused postfix lintian overrides
* Fix spelling error in debian/postfix.postinst
* Refresh patches, delete 05_debian_manpage_differences.diff and
05_debian_readme_differences.diff, no longer needed
[Wietse Venema]
* 3.7.3 Closes: #1017313
-- Scott Kitterman <scott@kitterman.com> Sat, 08 Oct 2022 19:36:05 -0400
postfix (3.6.4-1) unstable; urgency=medium
[Scott Kitterman]
* Ignore changes to html files in debian/source/options
* Delete d/p/postfix-dup-postconf.patch, included in upstream release
* Add lintian-override for insecure URI - releases are signed
* Make signing-key.asc minimal
[Wietse Venema]
* 3.6.4
[Christian Göttsche]
* Rework rules to use dh sequencer
* Call subcommand via shell
* Update cleaning to build package twice
* Bump to debhelper compat level 13
* Drop default include path and split CCARGS
* Use mkdir -Z instead of subsequent running restorecon
* Drop custom function pathfind in favor of command -v
* Quote path in update-libc.d
* Update postfix.config
* Quote directory path in postfix-instance-generator
* Drop check on postinst.functions in postfix-sqlite.prerm
* Update postfix-add-policy script
* Update postfix-add-filter script
* Drop versioned symlinks to plugin libraries
* Drop ldconfig calls in maintscripts
* Support parallel build, except do not build man pages parallel
-- Scott Kitterman <scott@kitterman.com> Sat, 15 Jan 2022 18:41:26 -0500
postfix (3.6.3-5) unstable; urgency=medium
[Wietse Venema]
* Fix duplicate bounce_notice_recipient entries in postconf output.
Closes: #999694
[Scott Kitterman]
* Remove left-over ca-certificates.crt file from postfix chroot.
Closes: #991609
* Align sysv init script start/stop/reload more to default init and drop
d/p/09_quiet_startup.diff, no longer needed.
* Add support for chroot_extra_files and chroot_extra_CAdir variables
sourced from /etc/default/postfix to enable users to specify additional
files needed in the chroot. Closes: #948321
* Add information about keeping resolv.conf up to date in the chroot with
the resolvconf package. Closes: #964762
* Add collate.pl script as postfix-collate. Closes: #941457
[Christian Göttsche]
* Drop unreproducible build paths from makedefs.out.
* Enable Link Time Optimiation (LTO).
[Sergio Gelato]
* Correct if-up.d to not error out if postfix can't send mail yet.
Closes: #959864
-- Scott Kitterman <scott@kitterman.com> Tue, 04 Jan 2022 15:20:02 -0500
postfix (3.6.3-4) unstable; urgency=medium
[Scott Kitterman]
* Update d/p/70_postfix-check.diff to exclude makedefs.out from symlink
check. Closes: #926331
* Test that nothing is reported by postfix check in autopkgtest
* Delete debian/patches/30_shared_libs.diff, no longer needed after linking
corrections in debian/rules
* Do not override user set default_transport in postinst. Closes: #988538
* Add overrides for incorrect unused-debconf-template results
* Update debconf templates
[Christian Göttsche]
* Overhaul compiler flags
* Ignore blhc false positives on for loop
* Drop linking against local build libraries
-- Scott Kitterman <scott@kitterman.com> Tue, 28 Dec 2021 17:00:40 -0500
postfix (3.6.3-3) unstable; urgency=medium
[Scott Kitterman]
* Force rm of html/Makefile.in in install-indep to avoid potential FTBFS.
Closes: #1002497
* Make all debian/rules rm calls -f to support building when not root
[Christian Göttsche]
* Enable building with multiple jobs
* Drop unnecessary linking libraries
-- Scott Kitterman <scott@kitterman.com> Sat, 25 Dec 2021 16:47:41 -0500
postfix (3.6.3-2) unstable; urgency=medium
[Scott Kitterman]
* Add postfix-mta-sts-resolver to suggests. Closes: #968516
* Include compatibility_level in addition to postifx version when
determining default value for chroot in master.cf. Closes: #995129
* Fixup errors in postifx-add-* man pages. Closes: #995031
* Set compatibility level to 3.6 for fresh installs
* Update main/master.cf.proto on upgrade if not modified. Closes: #991513
* Decruft debconf template:
- Remove ancient (postfix 2.3) mydomain_warning
- Delete old (Postfix 2.10) relay_restrictions_warning
- Delete unused lmtp_retired_warning template
- Delete unused kernel_version_warning template
- Delete unused retry_upgrade_warning template
- Delete unused tlsmgr_upgrade_warning template
* Debconf template cleanup, thanks to Markus Hiereth for the suggestions.
Closes: #905653
[Miriam España Acebal]
* Removed LDFLAG -Bsymbolic-functions to fix issue where TLS is disabled
when private/tlmsgr socket is not found. lp: #1885403
[Christian Göttsche]
* Update debian/patches/07_sasl_config.diff:
- Fix conversion warnings by adding explicit cast
- Drop unused function xsasl_getpath
* Fix lintian detected typos in Debian packaging.
* Do not require postfix to be build by root.
* Set -e shell option explicitly.
* Bump watch file standard to version 4.
* Add misc:Pre-Depends to postfix.
* Remove trailing spaces in changelog.
* Add Documentation key to postfix service.
* Drop alternative dependency on obsolete libmysqlclient-dev.
* Add standard salsa ci configuration.
* Drop unused debconf template sqlite_warning.
[Paride Legovini]
* d/postfix.postinst: tolerate search domain with a leading dot.
Closes: #991950
[Sergio Durigan Junior]
* Support networkd-dispatcher. Closes: #999867 lp: #1718227
-- Scott Kitterman <scott@kitterman.com> Thu, 23 Dec 2021 00:18:30 -0500
postfix (3.6.3-1) unstable; urgency=medium
[Scott Kitterman]
* Add license information from TLS_LICENSE. Closes: #991610
* Additional debian/copyright updates
* Refresh patches
* Add Pre-Depends on init-system-helpers (>= 1.54~) due to use of
--skip-systemd-native flag
* Update lintian overrides
* Bump standards-version to 4.6.0 without further change
[Wietse Venema]
* 3.6.3
-- Scott Kitterman <scott@kitterman.com> Tue, 21 Dec 2021 00:13:25 -0500
postfix (3.5.13-1) unstable; urgency=medium
[Wietse Venema]
* 3.5.13
[Aaron Thompson]
* Support non-default instance config directories.
[Scott Kitterman]
* Refresh patches
-- Scott Kitterman <scott@kitterman.com> Sat, 13 Nov 2021 16:05:59 -0500
postfix (3.5.6-1) unstable; urgency=medium
[Dominic Raferd]
* Fix configure-instance.sh for postfix 3.0+ chroot default. Closes: #959517
[Scott Kitterman]
* Refresh patches
* Delete debian/patches/tls_version.diff - incorporated upstream
[Wietse Venema]
* 3.5.5
* 3.5.6
-- Scott Kitterman <scott@kitterman.com> Sun, 02 Aug 2020 17:11:04 -0400
postfix (3.5.4-1) unstable; urgency=medium
[Wietse Venema]
* 3.5.4
-- Scott Kitterman <scott@kitterman.com> Mon, 29 Jun 2020 21:16:04 -0400
postfix (3.5.3-1) unstable; urgency=medium
[Wietse Venema]
* 3.5.3 LP: #1881196
[Debian Janitor]
* Trim trailing whitespace.
* Fix day-of-week for changelog entries 0.0.20001030.SNAPSHOT-4,
0.0.20001030.SNAPSHOT-3, 0.0.19991231pl02-1, 0.0.19990122-1.
-- Scott Kitterman <scott@kitterman.com> Mon, 15 Jun 2020 16:23:34 -0400
postfix (3.5.2-1) unstable; urgency=medium
[Scott Kitterman]
* Update README.Debian to mention postfix-doc. Closes: #234009
* Spelling fixes in README.Debian
[Wietse Venema]
* 3.5.2
[Cody Brownstein]
* Fix README.Debian instructions for SMTP generic mapping and related
example
-- Scott Kitterman <scott@kitterman.com> Mon, 18 May 2020 15:25:47 -0400
postfix (3.5.1-1) unstable; urgency=medium
[Scott Kitterman]
* Delete d/p/gcc_10_glibc_2_31.patch, incorporated in 3.5.1
[Wietse Venema]
* 3.5.1
-- Scott Kitterman <scott@kitterman.com> Mon, 20 Apr 2020 17:21:21 -0400
postfix (3.5.0-2) unstable; urgency=medium
[Scott Kitterman]
* Add patch from upstream for GCC-10 and Glibc 2.31 support. Closes: #957697
[Aaron Thompson]
* Fix bug in tls_CApath copying. LP: #1872288
-- Scott Kitterman <scott@kitterman.com> Fri, 17 Apr 2020 11:51:01 -0400
postfix (3.5.0-1) unstable; urgency=medium
[Scott Kitterman]
* Drop debian/patches/80_glibc2.30-ftbfs.diff, incorporated upstream
* Refresh patches
[Wietse Venema]
* 3.5.0
-- Scott Kitterman <scott@kitterman.com> Mon, 16 Mar 2020 16:32:19 -0400
postfix (3.4.10-1) unstable; urgency=medium
[Scott Kitterman]
* Update postfix.postinst text to refer to systemctl vice service
[Wietse Venema]
* 3.4.10
-- Scott Kitterman <scott@kitterman.com> Fri, 13 Mar 2020 01:11:35 -0400
postfix (3.4.9-1) unstable; urgency=medium
[Scott Kitterman]
* Correct Debian's smtp (8) man page name in d/p/debian-man-name.diff for
lmtp. Closes: #920356
* Fix d/init.d running change so it works with multi-instance again
- Thanks to jaroslav@thinline.cz for the fix. Closes: #944922
* Bump standards-version to 4.5.0 without further change
* Switch from debian/compat to debhelper-compat and bump compat to 12
- Update debian/rules to use dh_installsystemd instead of
dh_systemd_enable and dh_systemd_start
- Update debian/rules for new example install path
[Wietse Venema]
* 3.4.9
-- Scott Kitterman <scott@kitterman.com> Sat, 15 Feb 2020 22:34:22 -0500
postfix (3.4.8-1) unstable; urgency=medium
[Scott Kitterman]
* Stop generating obsolete Upstream substvar
* Bump standards-version to 4.4.1 without further change
* Use -l instead of LD_LIBRARY_PATH for dh_shlibdeps
* Check GPG signature when downloading new versions via uscan
[Wietse Venema]
* 3.4.8
-- Scott Kitterman <scott@kitterman.com> Sun, 12 Jan 2020 02:26:14 -0500
postfix (3.4.7-2) unstable; urgency=medium
[Andreas Hasenack]
* Update autopkgtest to use python3. Closes: #943212 LP: #1845334
[Scott Kitterman]
* Update smtp_tls_CApath to /etc/ssl/certs so it actually works.
Closes: #923083
* Refactor running status detection in sysv init based on upstream
postfix-script so it works in docker. Closes: #941293
-- Scott Kitterman <scott@kitterman.com> Sun, 03 Nov 2019 13:09:50 -0500
postfix (3.4.7-1) unstable; urgency=medium
[Andreas Hasenack]
* d/p/80_glibc2.30-ftbfs.diff: fix build with glibc 2.30 (LP: #1842923)
[Scott Kitterman]
* Refresh patches
* Modernize default TLS setup:
- Drop addition of smtpd_tls_session_cache_database to TLS parameters (no
longer needed since TLS session tickets are used now). Closes: #934803
- Replace use of obsolescent smtpd_use_tls=yes with
smtpd_tls_security_level=may in default TLS setting. Closes: #520936
- Add smtp_tls_security_level=may to default TLS settings so that both
client and server TLS are now enabled be default for new installations.
Closes: #163144
- Stop copying smtp_tls_CAfile into chroot, not needed per postfix docs
- Also copy smtpd_tls_CApath files into chroot. Closes: #579248
- Add smtp_tls_CApath using /usr/share/ca-certificates/ to default TLS
configuration so postfix smtp client can use the system certificate
store to verify smtp server certificates, add ca-certificates to postfix
Recommends. Closes: #923083
* Bump standards version to 4.4.0 without further change
* Fix spelling errors in Debian provided man pages
[Christian Göttsche]
* Fix debian/rules so build flags are applied Closes: #879668
[Wietse Venema]
* 3.4.6
* 3.4.7
-- Scott Kitterman <scott@kitterman.com> Sun, 22 Sep 2019 16:21:17 -0400
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog postfix`.
Generated by dwww version 1.15 on Mon Sep 1 14:08:43 CEST 2025.