Opened 6 months ago

Closed 6 months ago

#21996 closed enhancement (fixed)

postfix-3.10.4

Reported by: Bruce Dubbs Owned by: thomas
Priority: normal Milestone: 12.4
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Bruce Dubbs, 6 months ago

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

comment:2 by thomas, 6 months ago

Fixes for Postfix 3.10, 3.9, 3.8, 3.7:

Fixes for postscreen(8):

  • Bugfix (defect introduced: postfix-2.2, date 20050203): after detecting a lookup table change, and after starting a new postscreen process, the old postscreen process logged an ENOTSOCK error while attempting to accept a connection on a socket that it was no longer listening on. This error was introduced first in the multi_server skeleton code, and was five years later duplicated in the event_server skeleton that was created for postscreen. Problem reported by Florian Piekert.
  • Bugfix (defect introduced: Postfix 2.8, date 20101230): after detecting a cache table change and before starting a new postscreen process, the old postscreen process did not close the postscreen_cache_map, and therefore kept an exclusive lock that could prevent a new postscreen process from starting. Problem reported by Florian Piekert.

Fixes for tlsproxy(8):

  • Bugfix (defect introduced: Postfix 3.7): incorrect backwards compatible support for the legacy configuration parameters tlsproxy_client_level and tlsproxy_client_policy. This disabled the tlsproxy TLS client role when a legacy parameter was set (instead of the newer tlsproxy_client_security_level or tlsproxy_client_policy_maps). Reported by John Doe, diagnosed by Viktor Dukhovni.
  • Bugfix (defect introduced: Postfix 3.4): with the TLS client role disabled by configuration, the tlsproxy daemon dereferenced a null pointer while handling a tlsproxy client request. Reported by John Doe.
  • Reducing process churn: Postfix daemons no longer automatically restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file modification time change, when they opened that table for writing.
  • Portability: deleted an <openssl/engine.h> build dependency, because the feature is being removed from OpenSSL, and Postfix no longer needs it.

Fixes for Postfix 3.10 only:

  • Cleanup: with "tls_required_enable = yes", the Postfix SMTP client will no longer maintain TLSRPT statistics for messages that contain a "TLS-Required: no" header. This can prevent TLSRPT notifications for TLSRPT notifications.
  • Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS client code logged "Untrusted TLS connection" (wrong) instead of "Trusted TLS connection" (right), for a new or resumed TLS session, when a server offered a trusted (valid PKI trust chain) certificate that did not match the expected server name pattern. Fix by Viktor Dukhovni.

comment:3 by thomas, 6 months ago

Owner: changed from blfs-book to thomas
Status: newassigned

comment:4 by thomas, 6 months ago

Resolution: fixed
Status: assignedclosed

Fixed in [93d3768b42].

Note: See TracTickets for help on using tickets.