postfix/postfix-ssl-release-buffers.patch
Peter Varkoly 262723174e Accepting request 686001 from home:varkoly:branches:server:mail
- Update to 3.4.4
  o Incompatible changes
    - The Postfix SMTP server announces CHUNKING (BDAT
      command) by default. In the unlikely case that this breaks some
      important remote SMTP client, disable the feature as follows:
      
      /etc/postfix/main.cf:
          # The logging alternative:
          smtpd_discard_ehlo_keywords = chunking
          # The non-logging alternative:
          smtpd_discard_ehlo_keywords = chunking, silent_discard
    - This introduces a new master.cf service 'postlog'
      with type 'unix-dgram' that is used by the new postlogd(8) daemon.
      Before backing out to an older Postfix version, edit the master.cf
      file and remove the postlog entry.
    - Postfix 3.4 drops support for OpenSSL 1.0.1
    - To avoid performance loss under load, the
      tlsproxy(8) daemon now requires a zero process limit in master.cf
      (this setting is provided with the default master.cf file). By
      default, a tlsproxy(8) process will retire after several hours.
    - To set the tlsproxy process limit to zero:
      postconf -F tlsproxy/unix/process_limit=0
      postfix reload
  o Major changes 
    - Postfix SMTP server support for RFC 3030 CHUNKING
      (the BDAT command) without BINARYMIME, in both smtpd(8) and
      postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
      and smtpd_proxy_filter. See BDAT_README for more.
    - Support for logging to file or stdout, instead of using syslog.
    - Logging to file solves a usability problem for MacOS, and

OBS-URL: https://build.opensuse.org/request/show/686001
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
2019-03-30 17:47:38 +00:00

28 lines
841 B
Diff

--- src/tls/tls_client.c.orig 2019-03-11 14:24:34.492448719 +0100
+++ src/tls/tls_client.c 2019-03-11 14:27:42.824448001 +0100
@@ -397,6 +397,11 @@
SSL_CTX_set_security_level(client_ctx, 0);
#endif
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ /* Keep memory usage as low as possible */
+ SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
/*
* See the verify callback in tls_verify.c
*/
--- src/tls/tls_server.c.orig 2019-03-11 14:26:04.700448375 +0100
+++ src/tls/tls_server.c 2019-03-11 14:27:49.184447977 +0100
@@ -455,6 +455,10 @@
SSL_CTX_set_security_level(sni_ctx, 0);
#endif
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ /* Keep memory usage as low as possible */
+ SSL_CTX_set_mode(server_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
/*
* See the verify callback in tls_verify.c
*/