Public bug reported: [TEST CASE] Install updated packages and evaluate normal postfix functionality is still working (will vary based on local configuration).
[REGRESSION POTENTIAL] Very small. MRE was granted for postfix based on upstream's demonstrated track record for being very careful. Fixes have had extensive testing upstream, in Debian, and in Quantal. There is a packaging change included as well to fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675247 since this will cause upgrade issues. Here are the upstream changes: 20120401 Bitrot: shut up useless warnings about Cyrus SASL call-back function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h, xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c. 20120422 Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the known TLS protocol list so that protocols can be turned off selectively to work around implementation bugs. Based on a patch by Victor Duchovni. Files: proto/TLS_README.html, proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c, tls/tls_server.c. 20120425 Workaround: bugs in 10-year old gcc versions break compilation with #ifdef inside a macro invocation (NOT: definition). This synchronizes the Postfix 2.9 TLS implementation with Postfix 2.10 to simplify code maintenance. Files: tls/tls.h, tls/tls_client.c, tls/tls_server.c. 20120426 Bugfix (introduced Postfix 2.9): the postconf command flagged parameters defined in master.cf as "unused" when they were used only in main.cf. Problem reported by Michael Tokarev. Files: postconf/postconf_user.c. 20120516 Workaround: apparently, FreeBSD 8.3 kqueue notifications sometimes break when a dnsblog(8) process loses an accept() race on a shared socket, resulting in repeated "connect to private/dnsblog service: Connection refused" warnings. This condition is unique to dnsblog(8). The postscreen(8) daemon closes a postscreen-to-dnsblog connection as soon as it receives a dnsblog(8) reply, resulting in hundreds or thousands of connection requests per second. All other multi-server daemons such as anvil(8) or proxymap(8) have connection lifetimes ranging from 5s to 1000s depending on server load. The workaround is for dnsblog to use the single_server driver instead of the multi_server driver. This one-line code change eliminates the accept() race without any Postfix performance impact. Problem reported by Sahil Tandon. File: dnsblog/dnsblog.c. 20120517 Workaround: to avoid crashes when the OpenSSL library is updated without "postfix reload", the Postfix TLS session cache ID now includes the OpenSSL library version number. Note: this problem cannot be fixed in tlsmgr(8). Code by Victor Duchovni. Files: tls/tls_server.c, tls_client.c. 20120520 Bugfix (introduced Postfix 2.4): the event_drain() function was comparing bitmasks incorrectly causing the program to always wait for the full time limit. This error affected the unused postkick command, but only after s/fifo/unix/ in master.cf. File: util/events.c. Cleanup: laptop users have always been able to avoid unnecessary disk spin-up by doing s/fifo/unix/ in master.cf (this is currently not supported on Solaris systems). However, to make this work reliably, the "postqueue -f" command must wait until its requests have reached the pickup and qmgr servers before closing the UNIX-domain request sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in. ** Affects: postfix (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in Ubuntu. https://bugs.launchpad.net/bugs/1022772 Title: Microversion release update for postfix 2.9.3-2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1022772/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs