Prereq: "2.11.4" diff -ur --new-file /var/tmp/postfix-2.11.4/src/global/mail_version.h ./src/global/mail_version.h --- /var/tmp/postfix-2.11.4/src/global/mail_version.h 2015-02-08 18:17:36.000000000 -0500 +++ ./src/global/mail_version.h 2015-04-12 17:34:37.000000000 -0400 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20150208" -#define MAIL_VERSION_NUMBER "2.11.4" +#define MAIL_RELEASE_DATE "20150412" +#define MAIL_VERSION_NUMBER "2.11.5" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -ur --new-file /var/tmp/postfix-2.11.4/HISTORY ./HISTORY --- /var/tmp/postfix-2.11.4/HISTORY 2015-02-08 18:12:22.000000000 -0500 +++ ./HISTORY 2015-04-12 18:40:44.000000000 -0400 @@ -17919,7 +17919,7 @@ 20120824 - Feature: support for "sendmail -R hdrs|full". Jan Kundrát. + Feature: support for "sendmail -R hdrs|full". Jan Kundr?t. File: sendmail/sendmail.c. 20120902 @@ -19641,3 +19641,26 @@ Cleanup: missing " in \%s\" in postconf(1) fatal error messages. Iain Hibbert. File: postconf/postconf_master.c. + +20150324 + + Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps + ignored the relayhost setting in the case of a DUNNO lookup + result. It would use the recipient domain instead. Viktor + Dukhovni. Wietse took the pieces of code that enforce the + precedence of a sender-dependent relayhost, the global + relayhost, and the recipient domain, and put that code + together in once place so that it is easier to maintain. + File: trivial-rewrite/resolve.c. + +20150330 + + Bitrot: prepare for future changes in OpenSSL API. Viktor + Dukhovni. File: tls_dane.c. + +20150408 + + Portability: FreeBSD10 support. Files: makedefs, util/sys_defs.h. + + Incompatibility: specifying "make makefiles" with "CC=command" + will no longer override the default WARN setting. diff -ur --new-file /var/tmp/postfix-2.11.4/makedefs ./makedefs --- /var/tmp/postfix-2.11.4/makedefs 2014-10-19 18:10:54.000000000 -0400 +++ ./makedefs 2015-04-08 21:34:37.000000000 -0400 @@ -158,6 +158,9 @@ ;; FreeBSD.9*) SYSTYPE=FREEBSD9 ;; + FreeBSD.10*) SYSTYPE=FREEBSD10 + : ${CC=cc} + ;; DragonFly.*) SYSTYPE=DRAGONFLY ;; OpenBSD.2*) SYSTYPE=OPENBSD2 @@ -470,7 +473,6 @@ Darwin.*) SYSTYPE=MACOSX # Use the native compiler by default : ${CC=cc} - CCARGS="$CCARGS \$(WARN)" # Darwin > 1.3 uses awk and flat_namespace case $RELEASE in 1.[0-3]) AWK=gawk;; @@ -624,7 +626,7 @@ # een burned once by a compiler that lies about what warnings it # produces, not taking that chance again. -: ${CC='gcc $(WARN)'} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \ +: ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \ ${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ -Wunused -Wno-missing-braces'} @@ -647,7 +649,7 @@ ARFL = $ARFL RANLIB = $RANLIB SYSLIBS = $AUXLIBS $SYSLIBS -CC = $CC $CCARGS +CC = $CC $CCARGS \$(WARN) OPT = $OPT DEBUG = $DEBUG AWK = $AWK diff -ur --new-file /var/tmp/postfix-2.11.4/src/tls/tls_dane.c ./src/tls/tls_dane.c --- /var/tmp/postfix-2.11.4/src/tls/tls_dane.c 2014-01-09 10:00:36.000000000 -0500 +++ ./src/tls/tls_dane.c 2015-04-01 08:49:46.000000000 -0400 @@ -383,7 +383,7 @@ && ((md = EVP_get_digestbyname(dane_mdalg)) == 0 || (mdlen = EVP_MD_size(md)) <= 0 || mdlen > EVP_MAX_MD_SIZE)) { - msg_warn("Unimplemented digest algoritm in %s: %s%s%s", + msg_warn("Unimplemented digest algorithm in %s: %s%s%s", VAR_TLS_DANE_DIGESTS, mdalg, value ? "=" : "", value ? value : ""); return (0); @@ -1452,7 +1452,7 @@ static int add_akid(X509 *cert, AUTHORITY_KEYID *akid) { - ASN1_STRING *id; + ASN1_OCTET_STRING *id; unsigned char c = 0; int nid = NID_authority_key_identifier; int ret = 0; @@ -1464,13 +1464,13 @@ * exempt from any potential (off by default for now in OpenSSL) * self-signature checks! */ - id = (ASN1_STRING *) ((akid && akid->keyid) ? akid->keyid : 0); - if (id && M_ASN1_STRING_length(id) == 1 && *M_ASN1_STRING_data(id) == c) + id = ((akid && akid->keyid) ? akid->keyid : 0); + if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_data(id) == c) c = 1; if ((akid = AUTHORITY_KEYID_new()) != 0 && (akid->keyid = ASN1_OCTET_STRING_new()) != 0 - && M_ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1) + && ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1) && X509_add1_ext_i2d(cert, nid, akid, 0, X509V3_ADD_DEFAULT) > 0) ret = 1; if (akid) diff -ur --new-file /var/tmp/postfix-2.11.4/src/trivial-rewrite/resolve.c ./src/trivial-rewrite/resolve.c --- /var/tmp/postfix-2.11.4/src/trivial-rewrite/resolve.c 2013-05-07 14:41:03.000000000 -0400 +++ ./src/trivial-rewrite/resolve.c 2015-04-08 21:48:51.000000000 -0400 @@ -549,15 +549,20 @@ if (*relay == 0) { msg_warn("%s: ignoring null lookup result for %s", rp->snd_relay_maps_name, sender_key); - relay = "DUNNO"; - } - vstring_strcpy(nexthop, strcasecmp(relay, "DUNNO") == 0 ? - rcpt_domain : relay); + relay = 0; + } else if (strcasecmp(relay, "DUNNO") == 0) + relay = 0; } else if (rp->snd_relay_info && rp->snd_relay_info->error != 0) { msg_warn("%s lookup failure", rp->snd_relay_maps_name); *flags |= RESOLVE_FLAG_FAIL; FREE_MEMORY_AND_RETURN; + } else { + relay = 0; + } + /* Enforce all the relayhost precedences in one place. */ + if (relay != 0) { + vstring_strcpy(nexthop, relay); } else if (*RES_PARAM_VALUE(rp->relayhost)) vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost)); else diff -ur --new-file /var/tmp/postfix-2.11.4/src/util/sys_defs.h ./src/util/sys_defs.h --- /var/tmp/postfix-2.11.4/src/util/sys_defs.h 2013-09-29 16:51:55.000000000 -0400 +++ ./src/util/sys_defs.h 2015-04-08 20:16:04.000000000 -0400 @@ -25,7 +25,7 @@ */ #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \ - || defined(FREEBSD8) || defined(FREEBSD9) \ + || defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ || defined(OPENBSD5) \