Prereq: "3.2.4" diff -cr --new-file /var/tmp/postfix-3.2.4/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-3.2.4/src/global/mail_version.h 2017-10-28 10:12:12.000000000 -0400 --- ./src/global/mail_version.h 2018-01-27 08:09:29.000000000 -0500 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20171028" ! #define MAIL_VERSION_NUMBER "3.2.4" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20180127" ! #define MAIL_VERSION_NUMBER "3.2.5" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-3.2.4/HISTORY ./HISTORY *** /var/tmp/postfix-3.2.4/HISTORY 2017-10-28 08:30:16.000000000 -0400 --- ./HISTORY 2018-01-27 20:15:58.000000000 -0500 *************** *** 23028,23030 **** --- 23028,23072 ---- Bugfix (introduced: Postfix 3.0) missing dynamicmaps support in the Postfix sendmail command broke authorized_submit_users with a dynamically-loaded map type. File: sendmail/sendmail.c. + + 20171116 + + Bugfix (introduced: Postfix 2.1): don't log warnings + that some restriction returns OK, when the access map + DISCARD feature is in effect. File: smtpd/smtpd_check.c. + + 20171215 + + Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke + Berkeley DB configurations with a relative pathname. File: + util/dict_db.c. + + 20171218 + + Workaround: reportedly, some res_query(3) implementation + can return -1 with h_errno==0. Instead of terminating with + a panic, the Postfix DNS client now logs a warning and sets + h_errno to TRY_AGAIN. File: dns/dns_lookup.c. + + 20171226 + + Documentation patches by Sven Neuhaus. Files: + proto/FORWARD_SECRECY_README.html, proto/MILTER_README.html, + proto/SMTPD_ACCESS_README.html. + + 20180106 + + Cleanup: missing mailbox seek-to-end error check in the + local(8) delivery agent. File: local/mailbox.c. + + Cleanup: incorrect mailbox seek-to-end error message in the + virtual(8) delivery agent. File: virtual/mailbox.c. + + 20180127 + + Licence: in addition to the historical IBM Public License + 1.0, this software is now also distributed with the more + recent Eclipse Public License 2.0. Recipients can choose + to take the software under the license of their choice. + Those who are more comfortable with the IPL can continue + with that license. File: LICENSE. diff -cr --new-file /var/tmp/postfix-3.2.4/LICENSE ./LICENSE *** /var/tmp/postfix-3.2.4/LICENSE 1999-07-15 17:05:48.000000000 -0400 --- ./LICENSE 2018-01-21 18:17:42.000000000 -0500 *************** *** 1,3 **** --- 1,290 ---- + LICENSE - SECURE MAILER + + This software is dual-licensed under both the Eclipse Public License + version 2.0 and the IBM Public License version 1.0, for those who + are more comfortable continuing with that license. Recipients can + choose to take the software under the license of their choice. + + The remainder of this text contains a copy of each license. + + Eclipse Public License - v 2.0 + + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE + PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION + OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + + 1. DEFINITIONS + + "Contribution" means: + + a) in the case of the initial Contributor, the initial content + Distributed under this Agreement, and + + b) in the case of each subsequent Contributor: + i) changes to the Program, and + ii) additions to the Program; + where such changes and/or additions to the Program originate from + and are Distributed by that particular Contributor. A Contribution + "originates" from a Contributor if it was added to the Program by + such Contributor itself or anyone acting on such Contributor's behalf. + Contributions do not include changes or additions to the Program that + are not Modified Works. + + "Contributor" means any person or entity that Distributes the Program. + + "Licensed Patents" mean patent claims licensable by a Contributor which + are necessarily infringed by the use or sale of its Contribution alone + or when combined with the Program. + + "Program" means the Contributions Distributed in accordance with this + Agreement. + + "Recipient" means anyone who receives the Program under this Agreement + or any Secondary License (as applicable), including Contributors. + + "Derivative Works" shall mean any work, whether in Source Code or other + form, that is based on (or derived from) the Program and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. + + "Modified Works" shall mean any work in Source Code or other form that + results from an addition to, deletion from, or modification of the + contents of the Program, including, for purposes of clarity any new file + in Source Code form that contains any contents of the Program. Modified + Works shall not include works that contain only declarations, + interfaces, types, classes, structures, or files of the Program solely + in each case in order to link to, bind by name, or subclass the Program + or Modified Works thereof. + + "Distribute" means the acts of a) distributing or b) making available + in any manner that enables the transfer of a copy. + + "Source Code" means the form of a Program preferred for making + modifications, including but not limited to software source code, + documentation source, and configuration files. + + "Secondary License" means either the GNU General Public License, + Version 2.0, or any later versions of that license, including any + exceptions or additional permissions as identified by the initial + Contributor. + + 2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare Derivative Works of, publicly display, + publicly perform, Distribute and sublicense the Contribution of such + Contributor, if any, and such Derivative Works. + + b) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, offer to sell, + import and otherwise transfer the Contribution of such Contributor, + if any, in Source Code or other form. This patent license shall + apply to the combination of the Contribution and the Program if, at + the time the Contribution is added by the Contributor, such addition + of the Contribution causes such combination to be covered by the + Licensed Patents. The patent license shall not apply to any other + combinations which include the Contribution. No hardware per se is + licensed hereunder. + + c) Recipient understands that although each Contributor grants the + licenses to its Contributions set forth herein, no assurances are + provided by any Contributor that the Program does not infringe the + patent or other intellectual property rights of any other entity. + Each Contributor disclaims any liability to Recipient for claims + brought by any other entity based on infringement of intellectual + property rights or otherwise. As a condition to exercising the + rights and licenses granted hereunder, each Recipient hereby + assumes sole responsibility to secure any other intellectual + property rights needed, if any. For example, if a third party + patent license is required to allow Recipient to Distribute the + Program, it is Recipient's responsibility to acquire that license + before distributing the Program. + + d) Each Contributor represents that to its knowledge it has + sufficient copyright rights in its Contribution, if any, to grant + the copyright license set forth in this Agreement. + + e) Notwithstanding the terms of any Secondary License, no + Contributor makes additional grants to any Recipient (other than + those set forth in this Agreement) as a result of such Recipient's + receipt of the Program under the terms of a Secondary License + (if permitted under the terms of Section 3). + + 3. REQUIREMENTS + + 3.1 If a Contributor Distributes the Program in any form, then: + + a) the Program must also be made available as Source Code, in + accordance with section 3.2, and the Contributor must accompany + the Program with a statement that the Source Code for the Program + is available under this Agreement, and informs Recipients how to + obtain it in a reasonable manner on or through a medium customarily + used for software exchange; and + + b) the Contributor may Distribute the Program under a license + different than this Agreement, provided that such license: + i) effectively disclaims on behalf of all other Contributors all + warranties and conditions, express and implied, including + warranties or conditions of title and non-infringement, and + implied warranties or conditions of merchantability and fitness + for a particular purpose; + + ii) effectively excludes on behalf of all other Contributors all + liability for damages, including direct, indirect, special, + incidental and consequential damages, such as lost profits; + + iii) does not attempt to limit or alter the recipients' rights + in the Source Code under section 3.2; and + + iv) requires any subsequent distribution of the Program by any + party to be under a license that satisfies the requirements + of this section 3. + + 3.2 When the Program is Distributed as Source Code: + + a) it must be made available under this Agreement, or if the + Program (i) is combined with other material in a separate file or + files made available under a Secondary License, and (ii) the initial + Contributor attached to the Source Code the notice described in + Exhibit A of this Agreement, then the Program may be made available + under the terms of such Secondary Licenses, and + + b) a copy of this Agreement must be included with each copy of + the Program. + + 3.3 Contributors may not remove or alter any copyright, patent, + trademark, attribution notices, disclaimers of warranty, or limitations + of liability ("notices") contained within the Program from any copy of + the Program which they Distribute, provided that Contributors may add + their own appropriate notices. + + 4. COMMERCIAL DISTRIBUTION + + Commercial distributors of software may accept certain responsibilities + with respect to end users, business partners and the like. While this + license is intended to facilitate the commercial use of the Program, + the Contributor who includes the Program in a commercial product + offering should do so in a manner which does not create potential + liability for other Contributors. Therefore, if a Contributor includes + the Program in a commercial product offering, such Contributor + ("Commercial Contributor") hereby agrees to defend and indemnify every + other Contributor ("Indemnified Contributor") against any losses, + damages and costs (collectively "Losses") arising from claims, lawsuits + and other legal actions brought by a third party against the Indemnified + Contributor to the extent caused by the acts or omissions of such + Commercial Contributor in connection with its distribution of the Program + in a commercial product offering. The obligations in this section do not + apply to any claims or Losses relating to any actual or alleged + intellectual property infringement. In order to qualify, an Indemnified + Contributor must: a) promptly notify the Commercial Contributor in + writing of such claim, and b) allow the Commercial Contributor to control, + and cooperate with the Commercial Contributor in, the defense and any + related settlement negotiations. The Indemnified Contributor may + participate in any such claim at its own expense. + + For example, a Contributor might include the Program in a commercial + product offering, Product X. That Contributor is then a Commercial + Contributor. If that Commercial Contributor then makes performance + claims, or offers warranties related to Product X, those performance + claims and warranties are such Commercial Contributor's responsibility + alone. Under this section, the Commercial Contributor would have to + defend claims against the other Contributors related to those performance + claims and warranties, and if a court requires any other Contributor to + pay any damages as a result, the Commercial Contributor must pay + those damages. + + 5. NO WARRANTY + + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT + PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" + BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR + IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF + TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR + PURPOSE. Each Recipient is solely responsible for determining the + appropriateness of using and distributing the Program and assumes all + risks associated with its exercise of rights under this Agreement, + including but not limited to the risks and costs of program errors, + compliance with applicable laws, damage to or loss of data, programs + or equipment, and unavailability or interruption of operations. + + 6. DISCLAIMER OF LIABILITY + + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT + PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS + SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST + PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE + EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGES. + + 7. GENERAL + + If any provision of this Agreement is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this Agreement, and without further + action by the parties hereto, such provision shall be reformed to the + minimum extent necessary to make such provision valid and enforceable. + + If Recipient institutes patent litigation against any entity + (including a cross-claim or counterclaim in a lawsuit) alleging that the + Program itself (excluding combinations of the Program with other software + or hardware) infringes such Recipient's patent(s), then such Recipient's + rights granted under Section 2(b) shall terminate as of the date such + litigation is filed. + + All Recipient's rights under this Agreement shall terminate if it + fails to comply with any of the material terms or conditions of this + Agreement and does not cure such failure in a reasonable period of + time after becoming aware of such noncompliance. If all Recipient's + rights under this Agreement terminate, Recipient agrees to cease use + and distribution of the Program as soon as reasonably practicable. + However, Recipient's obligations under this Agreement and any licenses + granted by Recipient relating to the Program shall continue and survive. + + Everyone is permitted to copy and distribute copies of this Agreement, + but in order to avoid inconsistency the Agreement is copyrighted and + may only be modified in the following manner. The Agreement Steward + reserves the right to publish new versions (including revisions) of + this Agreement from time to time. No one other than the Agreement + Steward has the right to modify this Agreement. The Eclipse Foundation + is the initial Agreement Steward. The Eclipse Foundation may assign the + responsibility to serve as the Agreement Steward to a suitable separate + entity. Each new version of the Agreement will be given a distinguishing + version number. The Program (including Contributions) may always be + Distributed subject to the version of the Agreement under which it was + received. In addition, after a new version of the Agreement is published, + Contributor may elect to Distribute the Program (including its + Contributions) under the new version. + + Except as expressly stated in Sections 2(a) and 2(b) above, Recipient + receives no rights or licenses to the intellectual property of any + Contributor under this Agreement, whether expressly, by implication, + estoppel or otherwise. All rights in the Program not expressly granted + under this Agreement are reserved. Nothing in this Agreement is intended + to be enforceable by any entity that is not a Contributor or Recipient. + No third-party beneficiary rights are created under this Agreement. + + Exhibit A - Form of Secondary Licenses Notice + + "This Source Code may also be made available under the following + Secondary Licenses when the conditions for such availability set forth + in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), + version(s), and exceptions or additional permissions here}." + + Simply including a copy of this Agreement, including this Exhibit A + is not sufficient to license the Source Code under Secondary Licenses. + + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to + look for such a notice. + + You may add additional accurate notices of copyright ownership. + IBM PUBLIC LICENSE VERSION 1.0 - SECURE MAILER THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS IBM PUBLIC diff -cr --new-file /var/tmp/postfix-3.2.4/RELEASE_NOTES ./RELEASE_NOTES *** /var/tmp/postfix-3.2.4/RELEASE_NOTES 2017-02-12 11:17:41.000000000 -0500 --- ./RELEASE_NOTES 2018-01-27 20:09:29.000000000 -0500 *************** *** 16,21 **** --- 16,31 ---- If you upgrade from Postfix 3.0 or earlier, read RELEASE_NOTES-3.1 before proceeding. + License change with Postfix 3.2.5 + --------------------------------- + + Starting with Postfix 3.2.5, this software is distributed with a + dual license: in addition to the historical IBM Public License 1.0, + it is now also distributed with the more recent Eclipse Public + License 2.0. Recipients can choose to take the software under the + license of their choice. Those who are more comfortable with the + IPL can continue with that license. + Invisible changes ----------------- diff -cr --new-file /var/tmp/postfix-3.2.4/html/FORWARD_SECRECY_README.html ./html/FORWARD_SECRECY_README.html *** /var/tmp/postfix-3.2.4/html/FORWARD_SECRECY_README.html 2016-12-23 20:31:49.000000000 -0500 --- ./html/FORWARD_SECRECY_README.html 2017-12-26 10:48:52.000000000 -0500 *************** *** 341,349 **** 
  # cd /etc/postfix
  # umask 022
! # openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
! # openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
! # openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
  # chmod 644 dh512.pem dh1024.pem dh2048.pem
--- 341,349 ---- 
  # cd /etc/postfix
  # umask 022
! # openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
! # openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
! # openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
  # chmod 644 dh512.pem dh1024.pem dh2048.pem
diff -cr --new-file /var/tmp/postfix-3.2.4/html/MILTER_README.html ./html/MILTER_README.html *** /var/tmp/postfix-3.2.4/html/MILTER_README.html 2016-10-23 21:27:22.000000000 -0400 --- ./html/MILTER_README.html 2017-12-26 10:48:52.000000000 -0500 *************** *** 785,791 ****

  • Some Milter applications use the "{if_addr}" macro to recognize local mail; this macro does not exist in Postfix. ! Workaround: use the "{daemon_addr}" (Postfix &ge 3.2) or "{client_addr}" macro instead.

  • Some Milter applications log a warning that looks like --- 785,791 ----

  • Some Milter applications use the "{if_addr}" macro to recognize local mail; this macro does not exist in Postfix. ! Workaround: use the "{daemon_addr}" (Postfix ≥ 3.2) or "{client_addr}" macro instead.

  • Some Milter applications log a warning that looks like diff -cr --new-file /var/tmp/postfix-3.2.4/html/SMTPD_ACCESS_README.html ./html/SMTPD_ACCESS_README.html *** /var/tmp/postfix-3.2.4/html/SMTPD_ACCESS_README.html 2014-10-01 13:25:10.000000000 -0400 --- ./html/SMTPD_ACCESS_README.html 2017-12-26 10:48:52.000000000 -0500 *************** *** 251,257 **** relay policy Reject RCPT TO information ! < 2.10 Not available smtpd_recipient_restrictions ≥ --- 251,257 ---- relay policy Reject RCPT TO information ! < 2.10 Not available smtpd_recipient_restrictions ≥ *************** *** 259,265 **** relay policy Reject RCPT TO information ! < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional --- 259,265 ---- relay policy Reject RCPT TO information ! < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional diff -cr --new-file /var/tmp/postfix-3.2.4/proto/FORWARD_SECRECY_README.html ./proto/FORWARD_SECRECY_README.html *** /var/tmp/postfix-3.2.4/proto/FORWARD_SECRECY_README.html 2016-12-23 19:59:04.000000000 -0500 --- ./proto/FORWARD_SECRECY_README.html 2017-12-26 10:48:34.000000000 -0500 *************** *** 341,349 **** 

      # cd /etc/postfix
  # umask 022
! # openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
! # openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
! # openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
  # chmod 644 dh512.pem dh1024.pem dh2048.pem
    --- 341,349 ---- 
      # cd /etc/postfix
  # umask 022
! # openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
! # openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
! # openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
  # chmod 644 dh512.pem dh1024.pem dh2048.pem
    diff -cr --new-file /var/tmp/postfix-3.2.4/proto/MILTER_README.html ./proto/MILTER_README.html *** /var/tmp/postfix-3.2.4/proto/MILTER_README.html 2016-10-23 21:27:00.000000000 -0400 --- ./proto/MILTER_README.html 2017-12-26 10:48:34.000000000 -0500 *************** *** 785,791 ****

  • Some Milter applications use the "{if_addr}" macro to recognize local mail; this macro does not exist in Postfix. ! Workaround: use the "{daemon_addr}" (Postfix &ge 3.2) or "{client_addr}" macro instead.

  • Some Milter applications log a warning that looks like --- 785,791 ----

  • Some Milter applications use the "{if_addr}" macro to recognize local mail; this macro does not exist in Postfix. ! Workaround: use the "{daemon_addr}" (Postfix ≥ 3.2) or "{client_addr}" macro instead.

  • Some Milter applications log a warning that looks like diff -cr --new-file /var/tmp/postfix-3.2.4/proto/SMTPD_ACCESS_README.html ./proto/SMTPD_ACCESS_README.html *** /var/tmp/postfix-3.2.4/proto/SMTPD_ACCESS_README.html 2014-10-01 13:24:18.000000000 -0400 --- ./proto/SMTPD_ACCESS_README.html 2017-12-26 10:48:34.000000000 -0500 *************** *** 251,257 **** relay policy Reject RCPT TO information ! < 2.10 Not available smtpd_recipient_restrictions ≥ --- 251,257 ---- relay policy Reject RCPT TO information ! < 2.10 Not available smtpd_recipient_restrictions ≥ *************** *** 259,265 **** relay policy Reject RCPT TO information ! < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional --- 259,265 ---- relay policy Reject RCPT TO information ! < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional diff -cr --new-file /var/tmp/postfix-3.2.4/src/dns/dns_lookup.c ./src/dns/dns_lookup.c *** /var/tmp/postfix-3.2.4/src/dns/dns_lookup.c 2016-02-23 11:21:41.000000000 -0500 --- ./src/dns/dns_lookup.c 2017-12-20 20:53:15.000000000 -0500 *************** *** 397,402 **** --- 397,410 ---- /* Prepare for returning a null-padded server reply. */ memset(answer, 0, anslen); len = res_query(name, class, type, answer, anslen); + /* Begin API creep workaround. */ + if (len < 0 && h_errno == 0) { + SET_H_ERRNO(TRY_AGAIN); + msg_warn("res_query(\"%s\", %d, %d, %p, %d) returns %d with h_errno==0" + " -- setting h_errno=TRY_AGAIN", + name, class, type, answer, anslen, len); + } + /* End API creep workaround. */ if (len > 0) { SET_H_ERRNO(0); } else if (keep_notfound && NOT_FOUND_H_ERRNO(h_errno)) { diff -cr --new-file /var/tmp/postfix-3.2.4/src/local/mailbox.c ./src/local/mailbox.c *** /var/tmp/postfix-3.2.4/src/local/mailbox.c 2015-01-11 15:30:20.000000000 -0500 --- ./src/local/mailbox.c 2018-01-21 16:49:21.000000000 -0500 *************** *** 97,103 **** int deliver_status; int copy_flags; VSTRING *biff; ! long end; struct stat st; uid_t spool_uid; gid_t spool_gid; --- 97,103 ---- int deliver_status; int copy_flags; VSTRING *biff; ! off_t end; struct stat st; uid_t spool_uid; gid_t spool_gid; *************** *** 202,208 **** msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch", VAR_STRICT_MBOX_OWNER); } else { ! end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, copy_flags, "\n", why); } --- 202,209 ---- msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch", VAR_STRICT_MBOX_OWNER); } else { ! if ((end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END)) < 0) ! msg_fatal("seek mailbox file %s: %m", mailbox); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, copy_flags, "\n", why); } diff -cr --new-file /var/tmp/postfix-3.2.4/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c *** /var/tmp/postfix-3.2.4/src/smtpd/smtpd_check.c 2017-05-31 17:29:46.000000000 -0400 --- ./src/smtpd/smtpd_check.c 2017-12-20 20:27:51.000000000 -0500 *************** *** 4044,4050 **** static void forbid_whitelist(SMTPD_STATE *state, const char *name, int status, const char *target) { ! if (status == SMTPD_CHECK_OK) { msg_warn("restriction %s returns OK for %s", name, target); msg_warn("this is not allowed for security reasons"); msg_warn("use DUNNO instead of OK if you want to make an exception"); --- 4044,4050 ---- static void forbid_whitelist(SMTPD_STATE *state, const char *name, int status, const char *target) { ! if (state->discard == 0 && status == SMTPD_CHECK_OK) { msg_warn("restriction %s returns OK for %s", name, target); msg_warn("this is not allowed for security reasons"); msg_warn("use DUNNO instead of OK if you want to make an exception"); diff -cr --new-file /var/tmp/postfix-3.2.4/src/util/dict_db.c ./src/util/dict_db.c *** /var/tmp/postfix-3.2.4/src/util/dict_db.c 2017-06-13 12:12:21.000000000 -0400 --- ./src/util/dict_db.c 2017-12-20 20:35:53.000000000 -0500 *************** *** 615,620 **** --- 615,621 ---- struct stat st; DB *db = 0; char *db_path = 0; + VSTRING *db_base_buf = 0; int lock_fd = -1; int dbfd; *************** *** 671,676 **** --- 672,678 ---- #define FREE_RETURN(e) do { \ DICT *_dict = (e); if (db) DICT_DB_CLOSE(db); \ if (lock_fd >= 0) (void) close(lock_fd); \ + if (db_base_buf) vstring_free(db_base_buf); \ if (db_path) myfree(db_path); return (_dict); \ } while (0) *************** *** 735,752 **** msg_panic("db_create null result"); if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0) msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM); #if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \ (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0) ! if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4) ! if ((errno = db->open(db, db_path, 0, type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #else #error "Unsupported Berkeley DB version" #endif if ((errno = db->fd(db, &dbfd)) != 0) msg_fatal("get database file descriptor: %m"); #endif --- 737,758 ---- msg_panic("db_create null result"); if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0) msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM); + db_base_buf = vstring_alloc(100); #if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \ (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0) ! if ((errno = db->open(db, 0, sane_basename(db_base_buf, db_path), ! 0, type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4) ! if ((errno = db->open(db, sane_basename(db_base_buf, db_path), 0, ! type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #else #error "Unsupported Berkeley DB version" #endif + vstring_free(db_base_buf); if ((errno = db->fd(db, &dbfd)) != 0) msg_fatal("get database file descriptor: %m"); #endif diff -cr --new-file /var/tmp/postfix-3.2.4/src/virtual/mailbox.c ./src/virtual/mailbox.c *** /var/tmp/postfix-3.2.4/src/virtual/mailbox.c 2017-01-09 18:07:43.000000000 -0500 --- ./src/virtual/mailbox.c 2018-01-21 16:59:17.000000000 -0500 *************** *** 132,138 **** VAR_STRICT_MBOX_OWNER); } else { if (vstream_fseek(mp->fp, (off_t) 0, SEEK_END) < 0) ! msg_fatal("%s: seek queue file %s: %m", myname, VSTREAM_PATH(mp->fp)); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, copy_flags, "\n", why); --- 132,138 ---- VAR_STRICT_MBOX_OWNER); } else { if (vstream_fseek(mp->fp, (off_t) 0, SEEK_END) < 0) ! msg_fatal("%s: seek mailbox file %s: %m", myname, VSTREAM_PATH(mp->fp)); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, copy_flags, "\n", why);