Prereq: "3.5.9"
diff -ur --new-file /var/tmp/postfix-3.5.9/src/global/mail_version.h ./src/global/mail_version.h
--- /var/tmp/postfix-3.5.9/src/global/mail_version.h	2021-01-17 10:23:45.000000000 -0500
+++ ./src/global/mail_version.h	2021-04-11 09:47:15.000000000 -0400
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20210117"
-#define MAIL_VERSION_NUMBER	"3.5.9"
+#define MAIL_RELEASE_DATE	"20210411"
+#define MAIL_VERSION_NUMBER	"3.5.10"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -ur --new-file /var/tmp/postfix-3.5.9/HISTORY ./HISTORY
--- /var/tmp/postfix-3.5.9/HISTORY	2021-01-17 09:54:57.000000000 -0500
+++ ./HISTORY	2021-04-11 10:42:12.000000000 -0400
@@ -24905,3 +24905,24 @@
         causing unnecessary dnssec_probe activity. The default is now
         "dane" when smtp_tls_security_level is "dane", otherwise it is
         "may". File: global/mail_params.h.
+
+20210411
+
+	Missing null pointer checks (introduced: Postfix 3.4) after
+	an internal I/O error during the smtp(8) to tlsproxy(8)
+	handshake. Found by Coverity, reported by Jaroslav Skarvada.
+	Based on fix by Viktor Dukhovni. File: tls/tls_proxy_client_scan.c.
+
+	Null pointer bug (introduced: Postfix 3.0) and memory leak
+	(introduced: Postfix 3.4) after an inline: table syntax
+	error in main.cf or master.cf. Found by Coverity, reported
+	by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File:
+	util/dict_inline.c.
+
+	Incomplete null pointer check (introduced: Postfix 2.10)
+	after truncated HaProxy version 1 handshake message. Found
+	by Coverity, reported by Jaroslav Skarvada. Fix by Viktor
+	Dukhovni. File: global/haproxy_srvr.c.
+
+	Missing null pointer check (introduced: Postfix alpha) after
+	null argv[0] value. File: global/mail_task.c.
diff -ur --new-file /var/tmp/postfix-3.5.9/src/global/haproxy_srvr.c ./src/global/haproxy_srvr.c
--- /var/tmp/postfix-3.5.9/src/global/haproxy_srvr.c	2020-03-08 10:50:26.000000000 -0400
+++ ./src/global/haproxy_srvr.c	2021-04-03 19:46:12.000000000 -0400
@@ -201,6 +201,8 @@
     if (msg_verbose)
 	msg_info("haproxy_srvr_parse: proto=%s", STR_OR_NULL(str));
 
+    if (str == 0)
+	return (-1);
 #ifdef AF_INET6
     if (strcasecmp(str, "TCP6") == 0) {
 	if (strchr((char *) proto_info->sa_family_list, AF_INET6) != 0) {
diff -ur --new-file /var/tmp/postfix-3.5.9/src/global/mail_task.c ./src/global/mail_task.c
--- /var/tmp/postfix-3.5.9/src/global/mail_task.c	2019-01-29 17:24:42.000000000 -0500
+++ ./src/global/mail_task.c	2021-04-04 16:18:38.000000000 -0400
@@ -17,8 +17,8 @@
 /*
 /*	The result is overwritten with each call.
 /*
-/*	A null argv0 argument requests that the current
-/*	result is returned.
+/*	A null argv0 argument requests that the current result is
+/*	returned, or "unknown" when no current result exists.
 /* LICENSE
 /* .ad
 /* .fi
@@ -59,6 +59,8 @@
     const char *slash;
     const char *tag;
 
+    if (argv0 == 0 && canon_name == 0)
+	argv0 = "unknown";
     if (argv0) {
 	if (canon_name == 0)
 	    canon_name = vstring_alloc(10);
diff -ur --new-file /var/tmp/postfix-3.5.9/src/tls/tls_proxy_client_scan.c ./src/tls/tls_proxy_client_scan.c
--- /var/tmp/postfix-3.5.9/src/tls/tls_proxy_client_scan.c	2019-02-11 08:32:27.000000000 -0500
+++ ./src/tls/tls_proxy_client_scan.c	2021-04-03 12:13:35.000000000 -0400
@@ -430,7 +430,8 @@
     if (buf)
 	vstring_free(buf);
     if (ret != 1) {
-	tls_proxy_client_certs_free(head);
+	if (head)
+	    tls_proxy_client_certs_free(head);
 	head = 0;
     }
     *(TLS_CERTS **) ptr = head;
@@ -489,7 +490,8 @@
     if (buf)
 	vstring_free(buf);
     if (ret != 1) {
-	tls_proxy_client_pkeys_free(head);
+	if (head)
+	    tls_proxy_client_pkeys_free(head);
 	head = 0;
     }
     *(TLS_PKEYS **) ptr = head;
@@ -538,7 +540,8 @@
 	ret = (ret == 3 ? 1 : -1);
     }
     if (ret != 1) {
-	tls_proxy_client_tlsa_free(head);
+	if (head)
+	    tls_proxy_client_tlsa_free(head);
 	head = 0;
     }
     *(TLS_TLSA **) ptr = head;
diff -ur --new-file /var/tmp/postfix-3.5.9/src/util/dict_inline.c ./src/util/dict_inline.c
--- /var/tmp/postfix-3.5.9/src/util/dict_inline.c	2018-11-05 19:25:30.000000000 -0500
+++ ./src/util/dict_inline.c	2021-04-03 19:46:12.000000000 -0400
@@ -113,9 +113,9 @@
     dict = dict_open3(DICT_TYPE_HT, name, open_flags, dict_flags);
     dict_type_override(dict, DICT_TYPE_INLINE);
     while ((nameval = mystrtokq(&cp, CHARS_COMMA_SP, CHARS_BRACE)) != 0) {
-	if ((nameval[0] != CHARS_BRACE[0]
-	     || (err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP)) == 0)
-	    && (err = split_qnameval(nameval, &vname, &value)) != 0)
+	if (nameval[0] == CHARS_BRACE[0])
+	    err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP);
+	if (err != 0 || (err = split_qnameval(nameval, &vname, &value)) != 0)
 	    break;
 
 	if ((dict->flags & DICT_FLAG_SRC_RHS_IS_FILE) != 0) {