Prereq: "3.2.0" diff -cr --new-file /var/tmp/postfix-3.2.0/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-3.2.0/src/global/mail_version.h 2017-02-28 19:39:43.000000000 -0500 --- ./src/global/mail_version.h 2017-06-10 16:32:26.000000000 -0400 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20170228" ! #define MAIL_VERSION_NUMBER "3.2.0" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20170610" ! #define MAIL_VERSION_NUMBER "3.2.1" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-3.2.0/HISTORY ./HISTORY *** /var/tmp/postfix-3.2.0/HISTORY 2017-02-18 21:08:40.000000000 -0500 --- ./HISTORY 2017-06-10 16:47:26.000000000 -0400 *************** *** 22923,22929 **** 20170206 ! Bugfix (introduced: Postfix 3.0): when check_mumble_a_access did not handle [ipaddress], unlike check_mumble_mx_access. When check_mumble_a_access was introduced, some condition was not updated. Reported by James (postfix_tracker). File: --- 22923,22929 ---- 20170206 ! Bugfix (introduced: Postfix 3.0): check_mumble_a_access did not handle [ipaddress], unlike check_mumble_mx_access. When check_mumble_a_access was introduced, some condition was not updated. Reported by James (postfix_tracker). File: *************** *** 22940,22944 **** 20170218 Cleanup: typofixes from klemens. The only change in compiled ! code is in one identical mysql error message that also ! appears in the pgsql client. Files: about 50. --- 22940,22981 ---- 20170218 Cleanup: typofixes from klemens. The only change in compiled ! code is in one mysql error message that also appears in the ! pgsql client. Files: about 50. ! ! 20170221 ! ! Compatibility fix (introduced: Postfix 3.1): some Milter ! applications do not recognize macros sent as {name} when ! macros have single-character names. Postfix now sends such ! macros without {} as it has done historically. Viktor ! Dukhovni. File: milter/milter.c. ! ! 20170402 ! ! Bugfix (introduced: Postfix 3.2): restore the SMTP server ! receive override options at the end of an SMTP session, ! after the options may have been modified by an smtpd_milter_maps ! setting of "DISABLE". Problem report by Christian Rößner, ! root cause analysis by Viktor Dukhovni. File: smtpd/smtpd.c. ! ! 20170430 ! ! Safety net: append a null byte to vstring buffers, so that ! C-style string operations won't scribble past the end. File: ! vstring.c. ! ! 20170531 ! ! Bugfix (introduced: Postfix 3.2): after the table lookup ! overhaul, the check_sender_access and check_recipient_access ! features ignored the parent_domain_matches_subdomains ! setting. Reported by Henrik Larsson. File: smtpd/smtpd_check.c. ! ! 20170610 ! ! Workaround (introduced: Postfix 3.0 20140718): prevent MIME ! downgrade of Postfix-generated message/delivery status. ! It's supposed to be 7bit, therefore quoted-printable encoding ! is not expected. Problem reported by Griff. File: ! bounce/bounce_notify_util.c. diff -cr --new-file /var/tmp/postfix-3.2.0/INSTALL ./INSTALL *** /var/tmp/postfix-3.2.0/INSTALL 2016-12-17 18:22:25.000000000 -0500 --- ./INSTALL 2017-05-02 19:24:43.000000000 -0400 *************** *** 612,618 **** |_______________________________|_____________________________________________| | |Specifies options for the postfix-install | |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, | ! | |the only supported option is "-keep-new- | | |mtime". | |_______________________________|_____________________________________________| | |Specifies non-default compiler options for | --- 612,618 ---- |_______________________________|_____________________________________________| | |Specifies options for the postfix-install | |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, | ! | |the only supported option is "-keep-build- | | |mtime". | |_______________________________|_____________________________________________| | |Specifies non-default compiler options for | diff -cr --new-file /var/tmp/postfix-3.2.0/README_FILES/INSTALL ./README_FILES/INSTALL *** /var/tmp/postfix-3.2.0/README_FILES/INSTALL 2016-12-17 18:22:24.000000000 -0500 --- ./README_FILES/INSTALL 2017-05-02 19:24:43.000000000 -0400 *************** *** 612,618 **** |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | |Specifies options for the postfix-install | |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, | ! | |the only supported option is "-keep-new- | | |mtime". | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | |Specifies non-default compiler options for | --- 612,618 ---- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | |Specifies options for the postfix-install | |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, | ! | |the only supported option is "-keep-build- | | |mtime". | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | |Specifies non-default compiler options for | diff -cr --new-file /var/tmp/postfix-3.2.0/html/INSTALL.html ./html/INSTALL.html *** /var/tmp/postfix-3.2.0/html/INSTALL.html 2016-12-17 18:22:21.000000000 -0500 --- ./html/INSTALL.html 2017-05-02 19:24:43.000000000 -0400 *************** *** 883,889 **** POSTFIX_INSTALL_OPTS=-option... Specifies options for the postfix-install command, separated by whitespace. Currently, the only supported option is ! "-keep-new-mtime". SHLIB_CFLAGS=flags Specifies non-default compiler options for building Postfix dynamically-linked --- 883,889 ---- POSTFIX_INSTALL_OPTS=-option... Specifies options for the postfix-install command, separated by whitespace. Currently, the only supported option is ! "-keep-build-mtime". SHLIB_CFLAGS=flags Specifies non-default compiler options for building Postfix dynamically-linked diff -cr --new-file /var/tmp/postfix-3.2.0/proto/INSTALL.html ./proto/INSTALL.html *** /var/tmp/postfix-3.2.0/proto/INSTALL.html 2016-12-11 14:03:42.000000000 -0500 --- ./proto/INSTALL.html 2017-03-02 06:38:26.000000000 -0500 *************** *** 883,889 **** POSTFIX_INSTALL_OPTS=-option... Specifies options for the postfix-install command, separated by whitespace. Currently, the only supported option is ! "-keep-new-mtime". SHLIB_CFLAGS=flags Specifies non-default compiler options for building Postfix dynamically-linked --- 883,889 ---- POSTFIX_INSTALL_OPTS=-option... Specifies options for the postfix-install command, separated by whitespace. Currently, the only supported option is ! "-keep-build-mtime". SHLIB_CFLAGS=flags Specifies non-default compiler options for building Postfix dynamically-linked diff -cr --new-file /var/tmp/postfix-3.2.0/src/bounce/bounce_notify_util.c ./src/bounce/bounce_notify_util.c *** /var/tmp/postfix-3.2.0/src/bounce/bounce_notify_util.c 2015-01-26 15:00:13.000000000 -0500 --- ./src/bounce/bounce_notify_util.c 2017-06-10 14:47:25.000000000 -0400 *************** *** 637,643 **** (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ? "global-" : ""); /* Fix 20140709: addresses may be 8bit. */ ! if (NOT_7BIT_MIME(bounce_info)) post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s", bounce_info->mime_encoding); --- 637,645 ---- (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ? "global-" : ""); /* Fix 20140709: addresses may be 8bit. */ ! if (NOT_7BIT_MIME(bounce_info) ! /* BC Fix 20170610: prevent MIME downgrade of message/delivery-status. */ ! && (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED)) post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s", bounce_info->mime_encoding); diff -cr --new-file /var/tmp/postfix-3.2.0/src/milter/milter.c ./src/milter/milter.c *** /var/tmp/postfix-3.2.0/src/milter/milter.c 2016-01-23 19:42:19.000000000 -0500 --- ./src/milter/milter.c 2017-02-21 17:32:57.000000000 -0500 *************** *** 333,350 **** VSTRING *canon_buf = vstring_alloc(20); const char *value; const char *name; while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) { if (msg_verbose) msg_info("%s: \"%s\"", myname, name); if (*name != '{') /* } */ ! name = STR(vstring_sprintf(canon_buf, "{%s}", name)); ! if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) { if (msg_verbose) msg_info("%s: result \"%s\"", myname, value); argv_add(argv, name, value, (char *) 0); } else if (milters->macro_defaults != 0 ! && (value = htable_find(milters->macro_defaults, name)) != 0) { if (msg_verbose) msg_info("%s: using default \"%s\"", myname, value); argv_add(argv, name, value, (char *) 0); --- 333,353 ---- VSTRING *canon_buf = vstring_alloc(20); const char *value; const char *name; + const char *cname; while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) { if (msg_verbose) msg_info("%s: \"%s\"", myname, name); if (*name != '{') /* } */ ! cname = STR(vstring_sprintf(canon_buf, "{%s}", name)); ! else ! cname = name; ! if ((value = milters->mac_lookup(cname, milters->mac_context)) != 0) { if (msg_verbose) msg_info("%s: result \"%s\"", myname, value); argv_add(argv, name, value, (char *) 0); } else if (milters->macro_defaults != 0 ! && (value = htable_find(milters->macro_defaults, cname)) != 0) { if (msg_verbose) msg_info("%s: using default \"%s\"", myname, value); argv_add(argv, name, value, (char *) 0); diff -cr --new-file /var/tmp/postfix-3.2.0/src/smtpd/smtpd.c ./src/smtpd/smtpd.c *** /var/tmp/postfix-3.2.0/src/smtpd/smtpd.c 2017-02-18 20:58:21.000000000 -0500 --- ./src/smtpd/smtpd.c 2017-04-03 17:58:06.000000000 -0400 *************** *** 5396,5401 **** --- 5396,5403 ---- milter_free(state->milters); state->milters = 0; } + smtpd_input_transp_mask = + input_transp_mask(VAR_INPUT_TRANSP, var_input_transp); } diff -cr --new-file /var/tmp/postfix-3.2.0/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c *** /var/tmp/postfix-3.2.0/src/smtpd/smtpd_check.c 2017-02-05 15:55:35.000000000 -0500 --- ./src/smtpd/smtpd_check.c 2017-05-31 17:29:46.000000000 -0400 *************** *** 3174,3179 **** --- 3174,3180 ---- const char *myname = "check_mail_access"; const RESOLVE_REPLY *reply; const char *value; + int lookup_strategy; int status; MAPS *maps; *************** *** 3213,3220 **** * Look up user+foo@domain if the address has an extension, user@domain * otherwise. */ ! #define LOOKUP_STRATEGY (MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN \ ! | MA_FIND_PDMS | MA_FIND_LOCALPART_AT) if ((maps = (MAPS *) htable_find(map_command_table, table)) == 0) { msg_warn("%s: unexpected dictionary: %s", myname, table); --- 3214,3223 ---- * Look up user+foo@domain if the address has an extension, user@domain * otherwise. */ ! lookup_strategy = MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN ! | MA_FIND_LOCALPART_AT ! | (access_parent_style == MATCH_FLAG_PARENT ? ! MA_FIND_PDMS : MA_FIND_PDDMDS); if ((maps = (MAPS *) htable_find(map_command_table, table)) == 0) { msg_warn("%s: unexpected dictionary: %s", myname, table); *************** *** 3225,3231 **** def_acl)); } if ((value = mail_addr_find_strategy(maps, CONST_STR(reply->recipient), ! (char **) 0, LOOKUP_STRATEGY)) != 0) { *found = 1; status = check_table_result(state, table, value, CONST_STR(reply->recipient), --- 3228,3234 ---- def_acl)); } if ((value = mail_addr_find_strategy(maps, CONST_STR(reply->recipient), ! (char **) 0, lookup_strategy)) != 0) { *found = 1; status = check_table_result(state, table, value, CONST_STR(reply->recipient), diff -cr --new-file /var/tmp/postfix-3.2.0/src/util/vstring.c ./src/util/vstring.c *** /var/tmp/postfix-3.2.0/src/util/vstring.c 2016-03-19 20:20:38.000000000 -0400 --- ./src/util/vstring.c 2017-06-10 15:35:51.000000000 -0400 *************** *** 307,316 **** */ if ((bp->flags & VSTRING_FLAG_EXACT) == 0 && bp->len > incr) incr = bp->len; ! if (bp->len > SSIZE_T_MAX - incr) msg_fatal("vstring_extend: length overflow"); new_len = bp->len + incr; ! bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len); bp->len = new_len; bp->ptr = bp->data + used; bp->cnt = bp->len - used; --- 307,317 ---- */ if ((bp->flags & VSTRING_FLAG_EXACT) == 0 && bp->len > incr) incr = bp->len; ! if (bp->len > SSIZE_T_MAX - incr - 1) msg_fatal("vstring_extend: length overflow"); new_len = bp->len + incr; ! bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1); ! bp->data[new_len] = 0; bp->len = new_len; bp->ptr = bp->data + used; bp->cnt = bp->len - used; *************** *** 350,361 **** { VSTRING *vp; ! if (len < 1) msg_panic("vstring_alloc: bad length %ld", (long) len); vp = (VSTRING *) mymalloc(sizeof(*vp)); vp->vbuf.flags = 0; vp->vbuf.len = 0; ! vp->vbuf.data = (unsigned char *) mymalloc(len); vp->vbuf.len = len; VSTRING_RESET(vp); vp->vbuf.data[0] = 0; --- 351,363 ---- { VSTRING *vp; ! if (len < 1 || len > SSIZE_T_MAX - 1) msg_panic("vstring_alloc: bad length %ld", (long) len); vp = (VSTRING *) mymalloc(sizeof(*vp)); vp->vbuf.flags = 0; vp->vbuf.len = 0; ! vp->vbuf.data = (unsigned char *) mymalloc(len + 1); ! vp->vbuf.data[len] = 0; vp->vbuf.len = len; VSTRING_RESET(vp); vp->vbuf.data[0] = 0;