Accepting request 817783 from server:mail

Update to 3.5.4
successfully tested on Tumbleweed x86_64

OBS-URL: https://build.opensuse.org/request/show/817783
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postfix?expand=0&rev=186

postfix-3.5.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e381089cf2a03105042835776f23489c0a58600a6a6ebc8cb59f5cb1eb4d8d75
-size 4611925

postfix-3.5.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fc2fb1cc27556aa2506bc287af04881cde07c83d5cb213ba835083b4bb796881
+size 4612431

postfix.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Mon Jun 29 18:44:13 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- Update to 3.5.4:
+  * The connection_reuse attribute in smtp_tls_policy_maps always
+    resulted in an "invalid attribute name" error.
+  * SMTP over TLS connection reuse always failed for Postfix SMTP
+    client configurations that specify explicit trust anchors (remote
+    SMTP server certificates or public keys).
+  * The Postfix SMTP client's DANE implementation would always send
+    an SNI option with the name in a destination's MX record, even
+    if the MX record pointed to a CNAME record. MX records that
+    point to CNAME records are not conformant with RFC5321, and so
+    are rare.
+    Based on the DANE survey of ~2 million hosts it was found that
+    with the corrected SMTP client behavior, sending SNI with the
+    CNAME-expanded name, the SMTP server would not send a different
+    certificate. This fix should therefore be safe.
+
 -------------------------------------------------------------------
 Mon Jun 15 16:09:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
 

postfix.spec

@@ -53,7 +53,7 @@
 %bcond_with    libnsl
 %endif
 Name:           postfix
-Version:        3.5.3
+Version:        3.5.4
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0