Opened 8 weeks ago

Closed 7 weeks ago

#21094 closed enhancement (fixed)

postfix-3.9.2

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: normal Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version

Change History (3)

comment:1 by Bruce Dubbs, 7 weeks ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 7 weeks ago

Fixes for Postfix 3.9.2, 3.8.8, 3.7.13, 3.6.17:

  • Forward compatibility: Support for OpenSSL 3.5 post-quantum cryptography. To manage algorithm selection, OpenSSL introduces new TLS group syntax that Postfix will not attempt to imitate. Instead, Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups parameter values to have an empty value. When both are set empty, the algorithm selection can be managed through OpenSSL configuration.
  • Forward compatibility: ignore new queue file flag bits that may be used with Postfix 3.10 and later. This is a safety in case a Postfix 3.10 upgrade needs to be rolled back, after the new TLS-Required feature has been used.
  • Performance: when a mysql: or pgsql: configuration specifies a single host, assume that it is a load balancer and reconnect immediately after a single failure, instead of failing all requests for 60s.
  • Bugfix (defect introduced: Postfix 3.4, date 20181113): a server with multiple TLS certificates could report, for a resumed TLS session, the wrong server-signature and server-digest names in logging and Received: message headers.
  • Bugfix (defect introduced: Postfix 3.3, date 20180107) small memory leak in the cleanup daemon when generating a "From: full-name " message header. The impact is limited because the number of requests is bounded by the "max_use" configuration parameter. Found during code maintenance.
  • Bugfix (defect introduced: Postfix 3.0): the bounce daemon mangled a non-ASCII address localpart in the "X-Postfix-Sender:" field of a delivery status notification. It backslash-escaped each byte in a multi-byte character. This behavior was implemented in Postfix 2.1 (no support for UTF8 local-parts), but it became incorrect after SMTPUTF8 support was implemented in Postfix 3.0.
  • Bugfix (defect introduced: Postfix 3.6): Reverted the default smtp_tls_dane_insecure_mx_policy setting to "dane" as of Postfix 3.6.17, 3.7.13, 3.8.8, 3.9.2, and 3.10.0. By mistake the default was dependent on the smtp_tls_security_level setting.
  • Portability: added "include <sys_socket.h>" for a SUNOS5 workaround.

comment:3 by Bruce Dubbs, 7 weeks ago

Resolution: fixed
Status: assignedclosed

Fixed at commit 2015e41f8d.

Note: See TracTickets for help on using tickets.