diff mbox series

postfix: Update to version 3.10.6

Message ID 20251202115747.50373-8-adolf.belka@ipfire.org
State Staged
Commit d71ff6588b6c2b30ea2cc33a9443fe092874d0fa
Headers
Series postfix: Update to version 3.10.6 |

Commit Message

Adolf Belka 2 Dec 2025, 11:57 a.m. UTC 
- Update from version 3.10.4 to 3.10.6
- No change to rootfile
- Changelog
    3.10.6
      Bugfix (defect introduced: Postfix 3.10, date: 20250117). Symptom: warning messages
	that smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt".
	Root cause: Support for "TLS-Required: no" broke client-side TLS wrappermode
	support, by downgrading a connection to TLS security level 'may'.
	The fix changes the downgrade level for wrappermode connections to 'encrypt'.
	Rationale: by design, TLS can be optional only for connections that use
	STARTTLS. The downgrade to unauthenticated 'encrypt' allows a sender to avoid
	an email delivery problem. Problem reported by Joshua Tyler Cochran.
      New logging: the Postfix SMTP client will log a warning when an MX hostname does
	not match STS policy MX patterns, with "smtp_tls_enforce_sts_mx_patterns = yes"
	in Postfix, and with TLSRPT support enabled in a TLS policy plugin. It will log
	a successful match only when verbose logging is enabled.
      Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP client null pointer
	crash when an STS policy plugin sends no policy_string or no mx_pattern
	attributes. This can happen only during tests with a fake STS plugin.
      Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault when a duplicate
	parameter name is given to "postconf -X" or "postconf -#'.
      Documentation: removed incorrect text from the parameter description for
	smtp_cname_overrides_servername. File: proto/postconf.proto.
    3.10.5
      Workaround for an interface mis-match between the Postfix SMTP client and MTA-STS
	policy plugins.
	      The existing behavior is to connect to any MX host listed in DNS, and
		to match the server certificate against any STS policy MX host pattern.
	      The corrected behavior is to connect to an MX host only if its name
		matches any STS policy MX host pattern, and to match the server
		certificate against the MX hostname.
        The corrected behavior must be enabled in two places: in Postfix with a new
	parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes") and in an
	MTA-STS plugin by enabling TLSRPT support, so that the plugin forwards STS
	policy attributes to Postfix. This works even if Postfix TLSRPT support is
	disabled at build time or at runtime.
      TLSRPT Workaround: when a TLSRPT policy-type value is "no-policy-found", pretend
	that the TLSRPT policy domain value is equal to the recipient domain. This
	ignores that different policy types (TLSA, STS) use different policy domains.
	But this is what Microsoft does, and therefore, what other tools expect.
      Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP client's connection
	reuse logic did not distinguish between sessions that require SMTPUTF8
	support, and sessions that do not. The solution is 1) to store sessions with
	different SMTPUTF8 requirements under distinct connection cache storage keys,
	and 2) to not cache a connection when SMTPUTF8 is required but the server does
	not support that feature.
      Bugfix (defect introduced: Postfix 3.0, date 20140731): the smtpd 'disconnect'
	command statistics did not count commands with "bad syntax" and
	"bad UTF-8 syntax" errors.
      Bugfix: the August 2025 patch broke DBM library support which is still needed on
	Solaris; and the same change could result in warnings with
	"database X is older than source file Y".
      Postfix 3.11 forward compatibility: to avoid ugly warnings when Postfix 3.11 is
	rolled back to an older version, allow a preliminary 'size' record in maildrop
	queue files created with Postfix 3.11 or later.
      Bugfix (defect introduced: Postfix 3.8, date 20220128): non-reproducible build,
	because the 'postconf -e' output order for new main.cf entries was no longer
	deterministic. Problem reported by Oleksandr Natalenko, diagnosis by Eray Aslan.
      To make builds predictable, add missing meta_directory and shlib_directory
	settings to the stock main.cf file. Problem diagnosed by Eray Aslan.
      Bugfix (defect introduced: Postfix 3.9, date 20230517): posttls-finger(1) logged
	an incorrectly-formatted port number. Viktor Dukhovni.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/postfix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/lfs/postfix b/lfs/postfix
index 2bc0174d1..a7ff99c4f 100644
--- a/lfs/postfix
+++ b/lfs/postfix
@@ -26,7 +26,7 @@  include Config
 
 SUMMARY    = A fast, secure, and flexible mailer
 
-VER        = 3.10.4
+VER        = 3.10.6
 
 THISAPP    = postfix-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = postfix
-PAK_VER    = 49
+PAK_VER    = 50
 
 DEPS       =
 
@@ -72,7 +72,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = e0a9b3dbd858e9b2bacb137b886ef35a89220caf91da5bcb90de5fd3df7285645deaff6e58f571cdc75966098cf13190b0315690c270b9f3ed69a21e63d2d3ab
+$(DL_FILE)_BLAKE2 = ca9f371f15af45c72ee97830d5bfb08b4ef2020409e55b1a99ef20681dfaec86fa7f7f799caa7b6e5757da0ea9ccbd5ac51104244b2e315f3cedb414b3e46451
 
 install : $(TARGET)