Opened 4 years ago

Closed 4 years ago

#12560 closed enhancement (fixed)

postfix-3.4.7

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 9.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by Bruce Dubbs, 4 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 4 years ago

There is no announcement yet and the patch for glibc-2.30 is still needed (which is surprising).

A diff showed a HISTORY file with these changes:

+20190723
+
+  Bugfix: the documentation said tls_fast_shutdown_enable,
+  but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
+  the code because no-one is expected to override the default.
+  File: global/mail_params.h.
+
+20190820
+
+  Workaround for poor TCP loopback performance on LINUX, where
+  getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment
+  size that is 1/2 to 1/3 of the MTU. For example, with kernel
+  5.1.16-300.fc30.x86_64 the TCP client and server announce
+  an mss of 65495 in the TCP handshake, but getsockopt()
+  returns 32741 (less than half). As a matter of principle,
+  Postfix won't turn on client-side TCP_NODELAY because that
+  hides application performance bugs, and because that still
+  suffers from server-side delayed ACKs. Instead, Postfix
+  avoids sending "small" writes back-to-back, by choosing a
+  VSTREAM buffer size that is a multiple of the reported MSS.
+  This workaround bumps the multiplier from 2x to 4x. File:
+  util/vstream_tweak.c.
+
+20190825
+
+  Bugfix (introduced: 20051222): the Dovecot client could
+  segfault (null pointer read) or cause an SMTP server assertion
+  to fail when talking to a fake Dovecot server. The client
+  now logs a proper error instead. Problem reported by Tim
+  Düsterhus. File: xsasl/xsasl_dovecot_server.c.
+
+20190914
+
+  Bugfix (introduced: Postfix 3.4): don't whitewash OpenSSL
+  error results after a plaintext output error. The code could
+  loop, and with some OpenSSL error results could flood the
+  log with error messages (see below for a specific case).
+  Problem reported by Andreas Schulze. File: tlsproxy/tlsproxy.c.
+
+  Bitrot: don't invoke SSL_shutdown() when the SSL engine
+  thinks it is processing a TLS handshake. The commit at
+  https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
+  changed the error status, incompatibly, from SSL_ERROR_NONE
+  into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.

comment:3 by Bruce Dubbs, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 22191.

Note: See TracTickets for help on using tickets.