[An on-line version of this announcement will be available at
https://www.postfix.org/announcements/postfix-3.9.2.html]
These releases add forward compatibility with upcoming Postfix and
OpenSSL versions, improve PostgreSQL and MySQL performance, and fix
minor bugs.
This will be the last update for Postfix 3.6. Postfix 3.10.0 will
be released in a day or so.
Fixes for Postfix 3.9.2, 3.8.8, 3.7.13, 3.6.17:
* Forward compatibility: Support for OpenSSL 3.5 post-quantum
cryptography. To manage algorithm selection, OpenSSL introduces new
TLS group syntax that Postfix will not attempt to imitate. Instead,
Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups
parameter values to have an empty value. When both are set
empty, the algorithm selection can be managed through OpenSSL
configuration. Viktor Dukhovni.
* Forward compatibility: ignore new queue file flag bits that may be
used with Postfix 3.10 and later. This is a safety in case a Postfix
3.10 upgrade needs to be rolled back, after the new TLS-Required
feature has been used.
* Performance: when a mysql: or pgsql: configuration specifies a single
host, assume that it is a load balancer and reconnect immediately
after a single failure, instead of failing all requests for 60s.
* Bugfix (defect introduced: Postfix 3.4, date 20181113): a server with
multiple TLS certificates could report, for a resumed TLS session,
the wrong server-signature and server-digest names in logging and
Received: message headers. Viktor Dukhovni.
* Bugfix (defect introduced: Postfix 3.3, date 20180107) small memory
leak in the cleanup daemon when generating a "From: full-name "
message header. The impact is limited because the number of requests
is bounded by the "max_use" configuration parameter. Found during
code maintenance.
* Bugfix (defect introduced: Postfix 3.0): the bounce daemon mangled
a non-ASCII address localpart in the "X-Postfix-Sender:" field of
a delivery status notification. It backslash-escaped each byte in a
multi-byte character. This behavior was implemented in Postfix 2.1
(no support for UTF8 local-parts), but it became incorrect after
SMTPUTF8 support was implemented in Postfix 3.0.
* Bugfix (defect introduced: Postfix 3.6): Reverted the default
smtp_tls_dane_insecure_mx_policy setting to "dane" as of Postfix
3.6.17, 3.7.13, 3.8.8, 3.9.2, and 3.10.0. By mistake the default was
dependent on the smtp_tls_security_level setting. Problem reported
by ?mer G?ven.
* Portability: added "include <sys_socket.h>" for a SUNOS5
workaround. Gary R. Schmidt.
You can find the updated Postfix source code at the mirrors listed at
https://www.postfix.org/.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
