- Update from version 3.10.2 to 3.10.4
- Update of rootfile not required
- Changelog
3.10.4
Fixes for postscreen(8):
Bugfix (defect introduced: postfix-2.2, date
20050203): after detecting a
lookup table change, and after starting a new postscreen process, the old
postscreen process logged an ENOTSOCK error while attempting to accept a
connection on a socket that it was no longer listening on. This error was
introduced first in the multi_server skeleton code, and was five years later
duplicated in the event_server skeleton that was created for postscreen.
Problem reported by Florian Piekert.
Bugfix (defect introduced: Postfix 2.8, date
20101230): after detecting a cache
table change and before starting a new postscreen process, the old postscreen
process did not close the postscreen_cache_map, and therefore kept an
exclusive lock that could prevent a new postscreen process from starting.
Problem reported by Florian Piekert.
Fixes for tlsproxy(8):
Bugfix (defect introduced: Postfix 3.7): incorrect backwards compatible support
for the legacy configuration parameters tlsproxy_client_level and
tlsproxy_client_policy. This disabled the tlsproxy TLS client role when a
legacy parameter was set (instead of the newer tlsproxy_client_security_level
or tlsproxy_client_policy_maps). Reported by John Doe, diagnosed by Viktor
Dukhovni.
Bugfix (defect introduced: Postfix 3.4): with the TLS client role disabled by
configuration, the tlsproxy daemon dereferenced a null pointer while handling
a tlsproxy client request. Reported by John Doe.
Reducing process churn: Postfix daemons no longer automatically restart after a
btree:, dbm:, hash:, lmdb:, or sdbm: table file modification time change, when
they opened that table for writing.
Portability: deleted an <openssl/engine.h> build dependency, because the feature
is being removed from OpenSSL, and Postfix no longer needs it.
Cleanup: with "tls_required_enable = yes", the Postfix SMTP client will no longer
maintain TLSRPT statistics for messages that contain a "TLS-Required: no"
header. This can prevent TLSRPT notifications for TLSRPT notifications.
Bugfix (defect introduced: Postfix 3.6, date
20200710): Postfix TLS client code
logged "Untrusted TLS connection" (wrong) instead of "Trusted TLS connection"
(right), for a new or resumed TLS session, when a server offered a trusted
(valid PKI trust chain) certificate that did not match the expected server name
pattern. Fix by Viktor Dukhovni.
3.10.3
This release fixes defects that were introduced in Postfix 3.10. These were
fixed first in the Postfix 3.11 unstable release.
The defects exist only with the default configuration "tls_required_enable = yes".
Bugfix (defect introduced: Postfix-3.10, date
20250117): include the
current TLS security level in the SMTP connection cache lookup key for
lookups by next-hop destination, to avoid reusing the same SMTP
connection when sending messages with and without a "TLS-Required: no"
header. Likewise, include the current TLS security level in the TLS
session lookup key, to avoid reusing the same TLS session info when
sending messages with and without a "TLS-Required: no" header.
Bugfix (defect introduced: Postfix-3.10, date
20250117): the Postfix SMTP
client attempted to look up TLSA records even with "TLS-Required: no".
This could result in unnecessary failures. Fix by Viktor Dukhovni &
Wietse.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / commitdiff
