Monday, January 23, 2023, 9:35:06 AM, Wietse Venema wrote: > [This this announcement will be available at > https://www.postfix.org/announcements/postfix-3.7.4.html]
> Fixed in Postfix 3.7, 3.6, 3.5, 3.4: > * Workaround: with OpenSSL 3 and later always turn on > SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed > opportunities for TLS session reuse. This is safe because the SMTP > protocol implements application-level framing, and is therefore not > affected by TLS truncation attacks. Fix by Viktor Dukhovni. > * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return > lazily-bound handles for digest implementations. In sufficiently > hostile configurations, Postfix could mistakenly believe that a digest > algorithm is available, and fail when it is not. A similar workaround > may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni. > * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in > tls/tls_fprint.c evaluated its argument unconditionally; it should > evaluate the argument only if there was no prior error. Found during > code review. > * Bugfix (bug introduced in Postfix 2.8): postscreen died with a > segmentation violation when postscreen_dnsbl_threshold < 1. It > should reject such input with a fatal error instead. Discovered by > Benny Pedersen. > * Bitrot: fixes for linker warnings from newer Darwin (MacOS) > versions. Viktor Dukhovni. > * Portability: Linux 6 support. > Fixed in Postfix 3.4, 3.5: > * Workaround: shut up compiler warnings for legitimate string comparison > expressions. Back-ported from Postfix 3.6. > Fixed in Postfix 3.7: > * Added missing documentation that cidr:, pcre: and regexp: tables > support inline specification only in Postfix 3.7 and later. > You can find the updated Postfix source code at the mirrors listed at > https://www.postfix.org/. > Wietse I understand that why something non-critical, like the patch below, wouldn't be listed in the announcement but would it have been incorporated into 3.7.4? Tuesday, January 3, 2023, 2:47:45 PM, Viktor Dukhovni wrote: > On Mon, Jan 02, 2023 at 07:32:51PM -0500, Wietse Venema wrote: >> > I was just curious what might cause that string of question marks. >> >> This is what a Postfix string looks like after its memory is freed. >> Something to look at in the train tomorrow. > Simple patch, the cache dictionary name is freed a bit too soon during > shutdown: > --- src/util/dict_cache.c > +++ src/util/dict_cache.c > @@ -659,8 +659,8 @@ void dict_cache_close(DICT_CACHE *cp) > /* > * Destroy the DICT_CACHE object. > */ - myfree(cp->>name); > dict_cache_control(cp, DICT_CACHE_CTL_INTERVAL, 0, DICT_CACHE_CTL_END); + myfree(cp->>name); > dict_close(cp->db); > if (cp->saved_curr_key) > myfree(cp->saved_curr_key); -- Thanks, Phil
