Postfix stable release 2.9.6 and legacy releases 2.8.14, 2.7.13, 2.6.19
- [An on-line version of this announcement will be available at
Postfix stable release 2.9.6, and legacy releases 2.8.14, 2.7.13,
2.6.19 are available. They contain fixes and workarounds that are
also part of Postfix 2.10.
* Thanks to OpenSSL documentation, the Postfix 2.9.0..2.9.5 SMTP
client and server used an incorrect procedure to compute TLS
certificate PUBLIC-KEY fingerprints (these may be used in the
check_ccert_access and in smtp_tls_policy_maps features). Support
for certificate PUBLIC-KEY finger prints was introduced with
Postfix 2.9; there is no known problem with the certificate
fingerprint algorithms available since Postfix 2.2.
Specify "tls_legacy_public_key_fingerprints = yes" temporarily,
pending a migration from configuration files with incorrect
Postfix 2.9.0..2.9.5 certificate PUBLIC-KEY finger prints, to
the correct fingerprints used by Postfix 2.9.6 and later.
See the RELEASE_NOTES file for more details.
All supported releases:
* The postconf(1) master.cf options parser didn't support "clusters"
of daemon command-line option letters.
* The local(8) delivery agent dereferenced a null pointer while
delivering to null command (for example, "|" in a .forward
file). Reported by Gilles Chehade.
* A memory leak fix for tls_misc.c was documented but not included.
You can find the updated Postfix source code at the mirrors listed