[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.5.2.html]
Postfix versions 3.5.2, 3.4.12, 3.2.10, 3.2.15:
* A TLS error for a database client caused a false 'lost connection'
error for an SMTP over TLS session in the same Postfix process.
Reported by Alexander Vasarab, diagnosed by Viktor Dukhovni.
This bug was introduced with Postfix 2.2.
* The same bug existed in the tlsproxy(8) daemon, where a TLS
error for one TLS session could cause a false 'lost connection'
error for a concurrent TLS session in the same process. This
bug was introduced with Postfix 2.8.
* The Postfix build now disables DANE support on Linux systems
with libc-musl such as Alpine, because libc-musl provides no
indication whether DNS responses are authentic. This broke DANE
support without a clear explanation.
* Due to implementation changes in the ICU library, some Postfix
daemons reported file access errrors (U_FILE_ACCESS_ERROR) after
chroot(). This was fixed by initializing the ICU library before
making the chroot() call.
* Minor code changes to silence a compiler that special-cases
string literals.
Postfix 3.5.2, 3.4.12:
* Segfault (null pointer) in the tlsproxy(8) client role when the
server role was disabled. This typically happened on systems
that do not receive mail, after configuring connection reuse
for outbound SMTP over TLS.
* The date portion of the maillog_file_rotate_suffix default value
used the minute (%M) instead of the month (%m). Reported by
Larry Stone.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Wietse
