An experimental, unstable package in packages-stable? An outdated and potentially vulnerable software in the latest OpenBSD 7.4-stable?
I must really have been missing something here... Herbert J. Skuhra <herb...@gojira.at>, 3 Şub 2024 Cmt, 09:04 tarihinde şunu yazdı: > On Fri, Feb 02, 2024 at 08:44:45PM -0600, Brian Conway wrote: > > On Fri, Feb 2, 2024, at 6:44 PM, Herbert J. Skuhra wrote: > > > On Sat, Feb 03, 2024 at 03:00:10AM +0300, Mark wrote: > > >> Hi. > > >> > > >> It seems that the recent Postfix update under 7.4-amd64, > > >> (package: postfix-3.8.20221007p12-sasl2-mysql) breaks TLS connections, > > >> coming from Gmail servers, throwing a TLS library problem. > > >> > > >> Here's the log output; > > >> > > >> postfix/smtpd[32879]: connect from mail-yw1-f178.google.com > [209.85.128.178] > > >> > > >> postfix/smtpd[7374]: Trusted TLS connection established from > > >> mail-lf1-f45.google.com[209.85.167.45]: TLSv1.3 > > >> with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 > > >> server-signature ECDSA (prime256v1) server-digest SHA256 > client-signature > > >> RSA-PSS (2048 bits) client-digest SHA256 > > >> > > >> postfix/smtpd[7374]: warning: TLS library problem: error:0A000126:SSL > > >> routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:308: > > >> postfix/smtpd[7374]: lost connection after STARTTLS from > > >> mail-lf1-f45.google.com[209.85.167.45] > > >> postfix/smtpd[7374]: disconnect from mail-lf1-f45.google.com > [209.85.167.45] > > >> ehlo=1 starttls=1 commands=2 > > >> > > >> Before updating the package, I had postfix-3.8.20221007p11, and it > had no > > >> such problem. > > > > > > Why do you run such an outdated postfix snapshot? > > > > That is the latest version that is supported/available in > packages-stable: > > > > https://cdn.openbsd.org/pub/OpenBSD/7.4/packages-stable/amd64/ > > Yeah, sadly! But no reason to install/run outdated and potentially > vulnerable server software. :-) > > Postfix 3.8.20221007 is an old development snapshot (experimental!). It > should be either updated or removed. Latest version as of today is > postfix-3.9-20240129. There are also updates available for postfix35 > (3.5.24) and postfix (3.7.10/3.8.5). > > -- > Herbert > >
