[An on-line version of this announcement will be available at
https://www.postfix.org/announcements/postfix-3.10.4.html]
Fixes for Postfix 3.10, 3.9, 3.8, 3.7:
* Fixes for postscreen(8):
* Bugfix (defect introduced: Postfix 2.2, date 20050203): after
detecting a lookup table change, and after starting a new
postscreen process, the old postscreen process logged an ENOTSOCK
error while attempting to accept a connection on a socket that
it was no longer listening on. This error was introduced first
in the multi_server skeleton code, and was five years later
duplicated in the event_server skeleton that was created for
postscreen. Problem reported by Florian Piekert.
* Bugfix (defect introduced: Postfix 2.8, date 20101230):
after detecting a cache table change and before starting a new
postscreen process, the old postscreen process did not close the
postscreen_cache_map, and therefore kept an exclusive lock that
could prevent a new postscreen process from starting. Problem
reported by Florian Piekert.
* Fixes for tlsproxy(8):
* Bugfix (defect introduced: Postfix 3.7): incorrect backwards
compatible support for the legacy configuration parameters
tlsproxy_client_level and tlsproxy_client_policy. This
disabled the tlsproxy TLS client role when a legacy parameter
was set (instead of the newer tlsproxy_client_security_level
or tlsproxy_client_policy_maps). Reported by John Doe,
diagnosed by Viktor Dukhovni.
* Bugfix (defect introduced: Postfix 3.4): with the TLS client role
disabled by configuration, the tlsproxy daemon dereferenced a
null pointer while handling a tlsproxy client request. Reported by
John Doe.
* Reducing process churn: Postfix daemons no longer automatically
restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file
modification time change, when they opened that table for writing.
* Portability: deleted an <openssl/engine.h> build dependency,
because the feature is being removed from OpenSSL, and Postfix
no longer needs it.
Fixes for Postfix 3.10 only:
* Cleanup: with "tls_required_enable = yes", the Postfix SMTP client
will no longer maintain TLSRPT statistics for messages that contain
a "TLS-Required: no" header. This can prevent TLSRPT notifications
for TLSRPT notifications.
* Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS
client code logged "Untrusted TLS connection" (wrong) instead of
"Trusted TLS connection" (right), for a new or resumed TLS session,
when a server offered a trusted (valid PKI trust chain) certificate
that did not match the expected server name pattern. Fix by Viktor
Dukhovni.
You can find the updated Postfix source code at the mirrors listed at
https://www.postfix.org/.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
