| Message ID | 20250826184904.6229-19-adolf.belka@ipfire.org |
|---|---|
| State | New |
| Headers |
Return-Path: <development+bounces-863-patchwork=ipfire.org@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cBGtY0FMQz3xPW for <patchwork@web04.haj.ipfire.org>; Tue, 26 Aug 2025 18:49:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cBGtX5F4zz5Nx for <patchwork@ipfire.org>; Tue, 26 Aug 2025 18:49:56 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=ipfire.org header.s=202003rsa header.b=LW3qtxkU; dkim=pass header.d=ipfire.org header.s=202003ed25519 header.b=uNgrSpS9; dmarc=pass (policy=reject) header.from=ipfire.org; spf=softfail (mail01.ipfire.org: 2001:678:b28::201 is neither permitted nor denied by domain of "development+bounces-863-patchwork=ipfire.org@lists.ipfire.org") smtp.mailfrom="development+bounces-863-patchwork=ipfire.org@lists.ipfire.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1756234196; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=o2aNXzVf544gyFSeBujXJbBKzfR/1XI2Zkj7dPD1jv4=; b=ELYm73UDomTyYZB4BY/bDxKv4EBy84LpC0OZRB8RcQFRMC9MxiCXP3lJa80JS7uZmRwgE+ mBuWMKS0/xSWB7XZdgo43lB/HKiWD85t5/09YluNO7/eMrJkCx89MYDqnk6L+W2MbhzOc2 7yPRyHZfLHJe3DJBGjhLkCYmTPevzfVOQ5PRjmDJBBJYLfPgTHBgJBKCWfSOF8R488Bj8o 5vnxs+0g2rKo/gxTQOJGEe4kr6QYtL8+08rJOxyjnhSIdqQ09trIz4wY9IDKo8bPSXmKL2 sPH7eSQwbgaNuXP0CtFnUibT7iPsbeNAUaRf4f/jUVZrKjs32PfPkl7b1mgIOw== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=ipfire.org header.s=202003rsa header.b=LW3qtxkU; dkim=pass header.d=ipfire.org header.s=202003ed25519 header.b=uNgrSpS9; dmarc=pass (policy=reject) header.from=ipfire.org; spf=softfail (mail01.ipfire.org: 2001:678:b28::201 is neither permitted nor denied by domain of "development+bounces-863-patchwork=ipfire.org@lists.ipfire.org") smtp.mailfrom="development+bounces-863-patchwork=ipfire.org@lists.ipfire.org" ARC-Seal: i=1; s=202003rsa; d=ipfire.org; t=1756234196; a=rsa-sha256; cv=none; b=oXA1If35OzuUijZSSm+4i86lP77q9UQxu6MXSGrBA+gIFTnnOkztbqNJ9fd+Xq7HhN2B++ 21t42BxpEI0MAl1AmYZLCEPrDpu9bRM7BVQCOqFV/Q5ud2iLWNO4wCWZX9eCtArEH1FnwI gP/ko5q+f/D7r09etfGamiQx/2rrHpjor9pYndpqYNA0rg19+VgAxCB11+eil+KNQhcghG sEcUpG4qHg7dC1wAsIBf9idcjA2DUdBmDsLQsU9XEKwKh1TD9Y75kIJxkaEKothzKUD8j8 t4Vsy1xcp2RpfHSJ9TU2PyWxe300otvTXFfNDw+mEc0Grr6PWnjayWhWUFu5og== Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cBGt628N6z33m2 for <patchwork@ipfire.org>; Tue, 26 Aug 2025 18:49:34 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cBGt00BFWz34Rd for <development@lists.ipfire.org>; Tue, 26 Aug 2025 18:49:28 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cBGsy2nHRz5VP; Tue, 26 Aug 2025 18:49:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1756234166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=o2aNXzVf544gyFSeBujXJbBKzfR/1XI2Zkj7dPD1jv4=; b=LW3qtxkUOZIfy7IaGr2fkgNWAI4+kv8qfc224G3mTi5ssL3zFeuebG3QJFiIe2Njr/bRIy cOr75ZtdMYTJkFuBzuuHP1plMBK4HZiZO8sMqCpqdwH/rZY2CB+l2Oy4zJeXMI+PgB5Ytv a7HCkHFo/++bi5e6vGWWEFkNXz+Pnk+YZzokf0hSZX/VfCYNxvnOKB00ZhmQK7MXD58tPg oho9xiGhXG1M4lvEmC3GBgnJvHyQJuQIEBfdTYxPq7/rgLIU0m12yTwyCb2jpc+KNnCyC/ p/Y/lqCSMeE+OvV2rDQ66u4eB1dHmv0g5rqOZKEOlzZYausHGB1H2PXFokjlRQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1756234166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=o2aNXzVf544gyFSeBujXJbBKzfR/1XI2Zkj7dPD1jv4=; b=uNgrSpS95v1zX5zEZiVKSIIv/NgiDHMHj3o1+aHMy9bRWiHaPDI8DsPM6f8slu9o024lx+ A1Q0mABFfJOIxyCg== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Cc: Adolf Belka <adolf.belka@ipfire.org> Subject: [PATCH] postfix: Update to version 3.10.4 Date: Tue, 26 Aug 2025 20:49:00 +0200 Message-ID: <20250826184904.6229-19-adolf.belka@ipfire.org> In-Reply-To: <20250826184904.6229-1-adolf.belka@ipfire.org> References: <20250826184904.6229-1-adolf.belka@ipfire.org> Precedence: list List-Id: <development.lists.ipfire.org> List-Subscribe: <https://lists.ipfire.org/>, <mailto:development+subscribe@lists.ipfire.org?subject=subscribe> List-Unsubscribe: <https://lists.ipfire.org/>, <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development+help@lists.ipfire.org?subject=help> Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Queue-Id: 4cBGtX5F4zz5Nx X-Rspamd-Action: no action X-Spamd-Result: default: False [-10.56 / 11.00]; BAYES_HAM(-2.65)[98.44%]; DWL_DNSWL_MED(-2.00)[ipfire.org:dkim]; FROM_INTERNAL_BULK_SENDERS(-2.00)[2001:678:b28::201]; R_DKIM_ALLOW(-1.65)[ipfire.org:s=202003rsa,ipfire.org:s=202003ed25519]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-1.00)[-1.000]; DKIM_REPUTATION(-0.92)[-0.9150402043277]; DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50)[]; R_MISSING_CHARSET(0.50)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; IP_REPUTATION_HAM(-0.36)[asn: 204867(-0.10), country: DE(0.00), ip: 2001:678:b28::(-0.26)]; RCVD_IN_DNSWL_MED(-0.20)[2001:678:b28::25:received]; MAILLIST(-0.18)[generic]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; MX_GOOD(-0.01)[]; RECEIVED_HELO_LOCALHOST(0.00)[]; ARC_SIGNED(0.00)[ipfire.org:s=202003rsa:i=1]; TO_DN_SOME(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TAGGED_FROM(0.00)[bounces-863-patchwork=ipfire.org]; RCVD_COUNT_THREE(0.00)[3]; ASN(0.00)[asn:204867, ipnet:2001:678:b28::/48, country:DE]; RCVD_VIA_SMTP_AUTH(0.00)[]; FORGED_SENDER_MAILLIST(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MISSING_XM_UA(0.00)[]; DMARC_POLICY_ALLOW(0.00)[ipfire.org,reject]; DKIM_TRACE(0.00)[ipfire.org:+]; RCVD_TLS_LAST(0.00)[]; FROM_NEQ_ENVFROM(0.00)[adolf.belka@ipfire.org,development@lists.ipfire.org]; R_SPF_SOFTFAIL(0.00)[~all:c] |
| Series |
postfix: Update to version 3.10.4
|
|
Commit Message
Adolf Belka
26 Aug 2025, 6:49 p.m. UTC
- Update from version 3.10.2 to 3.10.4
- Update of rootfile not required
- Changelog
3.10.4
Fixes for postscreen(8):
Bugfix (defect introduced: postfix-2.2, date 20050203): after detecting a
lookup table change, and after starting a new postscreen process, the old
postscreen process logged an ENOTSOCK error while attempting to accept a
connection on a socket that it was no longer listening on. This error was
introduced first in the multi_server skeleton code, and was five years later
duplicated in the event_server skeleton that was created for postscreen.
Problem reported by Florian Piekert.
Bugfix (defect introduced: Postfix 2.8, date 20101230): after detecting a cache
table change and before starting a new postscreen process, the old postscreen
process did not close the postscreen_cache_map, and therefore kept an
exclusive lock that could prevent a new postscreen process from starting.
Problem reported by Florian Piekert.
Fixes for tlsproxy(8):
Bugfix (defect introduced: Postfix 3.7): incorrect backwards compatible support
for the legacy configuration parameters tlsproxy_client_level and
tlsproxy_client_policy. This disabled the tlsproxy TLS client role when a
legacy parameter was set (instead of the newer tlsproxy_client_security_level
or tlsproxy_client_policy_maps). Reported by John Doe, diagnosed by Viktor
Dukhovni.
Bugfix (defect introduced: Postfix 3.4): with the TLS client role disabled by
configuration, the tlsproxy daemon dereferenced a null pointer while handling
a tlsproxy client request. Reported by John Doe.
Reducing process churn: Postfix daemons no longer automatically restart after a
btree:, dbm:, hash:, lmdb:, or sdbm: table file modification time change, when
they opened that table for writing.
Portability: deleted an <openssl/engine.h> build dependency, because the feature
is being removed from OpenSSL, and Postfix no longer needs it.
Cleanup: with "tls_required_enable = yes", the Postfix SMTP client will no longer
maintain TLSRPT statistics for messages that contain a "TLS-Required: no"
header. This can prevent TLSRPT notifications for TLSRPT notifications.
Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS client code
logged "Untrusted TLS connection" (wrong) instead of "Trusted TLS connection"
(right), for a new or resumed TLS session, when a server offered a trusted
(valid PKI trust chain) certificate that did not match the expected server name
pattern. Fix by Viktor Dukhovni.
3.10.3
This release fixes defects that were introduced in Postfix 3.10. These were
fixed first in the Postfix 3.11 unstable release.
The defects exist only with the default configuration "tls_required_enable = yes".
Bugfix (defect introduced: Postfix-3.10, date 20250117): include the
current TLS security level in the SMTP connection cache lookup key for
lookups by next-hop destination, to avoid reusing the same SMTP
connection when sending messages with and without a "TLS-Required: no"
header. Likewise, include the current TLS security level in the TLS
session lookup key, to avoid reusing the same TLS session info when
sending messages with and without a "TLS-Required: no" header.
Bugfix (defect introduced: Postfix-3.10, date 20250117): the Postfix SMTP
client attempted to look up TLSA records even with "TLS-Required: no".
This could result in unnecessary failures. Fix by Viktor Dukhovni &
Wietse.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
lfs/postfix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/postfix b/lfs/postfix index 5dd1a3c98..2bc0174d1 100644 --- a/lfs/postfix +++ b/lfs/postfix @@ -26,7 +26,7 @@ include Config SUMMARY = A fast, secure, and flexible mailer -VER = 3.10.2 +VER = 3.10.4 THISAPP = postfix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = postfix -PAK_VER = 48 +PAK_VER = 49 DEPS = @@ -72,7 +72,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b75fec52e837d43e0fa5d6ede3f44ccc62144133a2c433f536c566362b20a6a9b8a8cbf8e11f64d84fa751311cc9451158cda0edc212a0e45a9097530f41cea4 +$(DL_FILE)_BLAKE2 = e0a9b3dbd858e9b2bacb137b886ef35a89220caf91da5bcb90de5fd3df7285645deaff6e58f571cdc75966098cf13190b0315690c270b9f3ed69a21e63d2d3ab install : $(TARGET)