Opened 15 months ago

Closed 15 months ago

#17551 closed enhancement (fixed)

postfix-3.7.4

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by Bruce Dubbs, 15 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 15 months ago

Fixed in Postfix 3.7, 3.6, 3.5, 3.4:

Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks.

Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname().

Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. Found during code review.

Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead.

Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.

Portability: Linux 6 support.

Fixed in Postfix 3.7:

Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later.

comment:3 by Bruce Dubbs, 15 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commits 

0d7a65f3f4 Update to cmake-3.25.2.
337ef48216 Update to glib-2.74.5.
b07baeb598 Update to neon-0.32.5.
af7490e06b Update to postfix-3.7.4.
Note: See TracTickets for help on using tickets.