Prereq: "3.1.2"
diff -cr --new-file /var/tmp/postfix-3.1.2/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-3.1.2/src/global/mail_version.h	2016-08-27 17:51:27.000000000 -0400
--- ./src/global/mail_version.h	2016-10-01 19:26:18.000000000 -0400
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20160828"
! #define MAIL_VERSION_NUMBER	"3.1.2"
  
  #ifdef SNAPSHOT
  #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20161001"
! #define MAIL_VERSION_NUMBER	"3.1.3"
  
  #ifdef SNAPSHOT
  #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-3.1.2/HISTORY ./HISTORY
*** /var/tmp/postfix-3.1.2/HISTORY	2016-08-27 19:50:23.000000000 -0400
--- ./HISTORY	2016-10-01 19:36:45.000000000 -0400
***************
*** 22227,22234 ****
  
  	Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
  	documentation says aes-256-cbc, but the implementation was
! 	using aes-128-cbc (note that Postfix SMTP server and client
! 	processes have a limited life time).
  
  20160828
  
--- 22227,22235 ----
  
  	Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
  	documentation says aes-256-cbc, but the implementation was
! 	using aes-128-cbc (note that Postfix session ticket keys
! 	are rotated after 1/2 hour, to limit the impact of attacks
! 	on session ticket keys).
  
  20160828
  
***************
*** 22236,22238 ****
--- 22237,22260 ----
  	Viktor Dukhovni.  Files: posttls-finger/posttls-finger.c,
  	tls/tls.h, tls/tls_dane.c, tls/tls_verify.c, tls/tls_server.c,
  	tls/tls_client.c.
+ 
+ 20160911
+ 
+ 	Bugfix (introduced: Postfix 3.0): the SMTP daemon did not
+ 	reset a previous session's command counts before rejecting
+ 	a client that exceeds request or concurrency rates. File:
+ 	smtpd/smtpd.c.
+ 
+ 20160917
+ 
+ 	Bugfix (introduced: Postfix 3.0): the unionmap did not
+ 	propagate table lookup errors.  Based on patch by Roel van
+ 	Meer.  Files: util/dict_union.c, util/dict_union_test.*.
+ 
+ 20160925
+ 
+ 	Workaround (problem introduced: Postfix 2.11): to avoid
+ 	false "not found" errors with MySQL map queries that contain
+ 	UTF8-encoded text, specify "option_group = client" in Postfix
+ 	MySQL configuration files.  This will be the default setting
+ 	with Postfix 3.2 and later.
diff -cr --new-file /var/tmp/postfix-3.1.2/README_FILES/MYSQL_README ./README_FILES/MYSQL_README
*** /var/tmp/postfix-3.1.2/README_FILES/MYSQL_README	2015-01-29 17:33:49.000000000 -0500
--- ./README_FILES/MYSQL_README	2016-10-01 19:01:38.000000000 -0400
***************
*** 94,101 ****
--- 94,113 ----
  # Don't forget the leading "AND"!
  additional_conditions = AND status = 'paid'
  
+ # This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+ # and is the default setting as of Postfix 3.2,
+ option_group = client
+ 
  AAddddiittiioonnaall nnootteess
  
+ Postfix 3.2 and later read [[cclliieenntt]] option group settings by default. To
+ disable this, specify no ooppttiioonn__ffiillee and specify "ooppttiioonn__ggrroouupp ==" (i.e. an
+ empty value).
+ 
+ Postfix 3.1 and earlier don't read [[cclliieenntt]] option group settings unless a non-
+ empty ooppttiioonn__ffiillee or ooppttiioonn__ggrroouupp value are specified. To enable this, specify,
+ for example "ooppttiioonn__ggrroouupp == cclliieenntt".
+ 
  The MySQL configuration interface setup allows for multiple mysql databases:
  you can use one for a virtual table, one for an access table, and one for an
  aliases table if you want.
diff -cr --new-file /var/tmp/postfix-3.1.2/RELEASE_NOTES ./RELEASE_NOTES
*** /var/tmp/postfix-3.1.2/RELEASE_NOTES	2016-02-22 18:10:22.000000000 -0500
--- ./RELEASE_NOTES	2016-10-01 19:36:03.000000000 -0400
***************
*** 16,21 ****
--- 16,29 ----
  If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0
  before proceeding.
  
+ Workaround - UTF8 support in Postfix MySQL queries
+ --------------------------------------------------
+ 
+ Someone reported false "not found" errors with MySQL map queries
+ that contain UTF8-encoded text. To avoid such errors, specify
+ "option_group = client" in Postfix MySQL configuration files.  This
+ will be the default setting with Postfix 3.2 and later.
+ 
  Major changes - address verification safety
  -------------------------------------------
  
diff -cr --new-file /var/tmp/postfix-3.1.2/html/MYSQL_README.html ./html/MYSQL_README.html
*** /var/tmp/postfix-3.1.2/html/MYSQL_README.html	2015-01-29 17:33:47.000000000 -0500
--- ./html/MYSQL_README.html	2016-10-01 19:01:38.000000000 -0400
***************
*** 130,139 ****
--- 130,152 ----
  where_field = alias
  # Don't forget the leading "AND"!
  additional_conditions = AND status = 'paid'
+ 
+ # This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+ # and is the default setting as of Postfix 3.2,
+ option_group = client
  </pre>
  
  <h2>Additional notes</h2>
  
+ <p> Postfix 3.2 and later read <b>[client]</b> option group settings
+ by default. To disable this, specify no <b>option_file</b> and
+ specify "<b>option_group =</b>" (i.e. an empty value).  </p>
+ 
+ <p> Postfix 3.1 and earlier don't read <b>[client]</b> option group
+ settings unless a non-empty <b>option_file</b> or <b>option_group</b>
+ value are specified. To enable this, specify, for example
+ "<b>option_group = client</b>".  </p>
+ 
  <p> The MySQL configuration interface setup allows for multiple
  mysql databases: you can use one for a virtual table, one for an
  access table, and one for an aliases table if you want. </p>
diff -cr --new-file /var/tmp/postfix-3.1.2/html/mysql_table.5.html ./html/mysql_table.5.html
*** /var/tmp/postfix-3.1.2/html/mysql_table.5.html	2016-02-13 19:58:00.000000000 -0500
--- ./html/mysql_table.5.html	2016-10-01 19:01:39.000000000 -0400
***************
*** 232,237 ****
--- 232,242 ----
         <b>option_group</b>
                Read options from the given group.
  
+               Postfix 3.1 and earlier don't read <b>[client]</b>  option  group  set-
+               tings  unless  a non-empty <b>option_file</b> or <b>option_group</b> value are
+               specified. To enable this, specify, for example, "<b>option_group =</b>
+               <b>client</b>".
+ 
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_cert_file</b>
***************
*** 240,276 ****
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_key_file</b>
!               File containing the private key corresponding to  <b>tls_cert_file</b>.
  
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_CAfile</b>
!               File  containing  certificates for all of the X509 Certification
!               Authorities the client will recognize.   Takes  precedence  over
                <b>tls_CApath</b>.
  
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_CApath</b>
!               Directory  containing  X509 Certification Authority certificates
                in separate individual files.
  
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_verify_cert (default: no)</b>
!               Verify that the server's name matches the  common  name  in  the
                certificate.
  
                This parameter is available with Postfix 2.11 and later.
  
  <b>OBSOLETE QUERY INTERFACE</b>
!        This  section  describes  an interface that is deprecated as of Postfix
!        2.2. It is replaced by  the  more  general  <b>query</b>  interface  described
!        above.   If  the  <b>query</b>  parameter  is  defined,  the legacy parameters
!        described here ignored.  Please migrate to the  new  interface  as  the
         legacy interface may be removed in a future release.
  
!        The  following  parameters  can  be  used  to fill in a SELECT template
         statement of the form:
  
             SELECT [<b>select_field</b>]
--- 245,281 ----
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_key_file</b>
!               File  containing the private key corresponding to <b>tls_cert_file</b>.
  
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_CAfile</b>
!               File containing certificates for all of the  X509  Certification
!               Authorities  the  client  will recognize.  Takes precedence over
                <b>tls_CApath</b>.
  
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_CApath</b>
!               Directory containing X509 Certification  Authority  certificates
                in separate individual files.
  
                This parameter is available with Postfix 2.11 and later.
  
         <b>tls_verify_cert (default: no)</b>
!               Verify  that  the  server's  name matches the common name in the
                certificate.
  
                This parameter is available with Postfix 2.11 and later.
  
  <b>OBSOLETE QUERY INTERFACE</b>
!        This section describes an interface that is deprecated  as  of  Postfix
!        2.2.  It  is  replaced  by  the  more general <b>query</b> interface described
!        above.  If the  <b>query</b>  parameter  is  defined,  the  legacy  parameters
!        described  here  ignored.   Please  migrate to the new interface as the
         legacy interface may be removed in a future release.
  
!        The following parameters can be used  to  fill  in  a  SELECT  template
         statement of the form:
  
             SELECT [<b>select_field</b>]
***************
*** 279,285 ****
                   [<b>additional_conditions</b>]
  
         The specifier %s is replaced by the search string, and is escaped so if
!        it  contains single quotes or other odd characters, it will not cause a
         parse error, or worse, a security problem.
  
         <b>select_field</b>
--- 284,290 ----
                   [<b>additional_conditions</b>]
  
         The specifier %s is replaced by the search string, and is escaped so if
!        it contains single quotes or other odd characters, it will not cause  a
         parse error, or worse, a security problem.
  
         <b>select_field</b>
diff -cr --new-file /var/tmp/postfix-3.1.2/man/man5/mysql_table.5 ./man/man5/mysql_table.5
*** /var/tmp/postfix-3.1.2/man/man5/mysql_table.5	2016-02-13 19:57:59.000000000 -0500
--- ./man/man5/mysql_table.5	2016-10-01 19:01:39.000000000 -0400
***************
*** 264,269 ****
--- 264,274 ----
  .IP "\fBoption_group\fR"
  Read options from the given group.
  .sp
+ Postfix 3.1 and earlier don't read \fB[client]\fR option
+ group settings unless a non\-empty \fBoption_file\fR or
+ \fBoption_group\fR value are specified. To enable this,
+ specify, for example, "\fBoption_group = client\fR".
+ .sp
  This parameter is available with Postfix 2.11 and later.
  .IP "\fBtls_cert_file\fR"
  File containing client's X509 certificate.
diff -cr --new-file /var/tmp/postfix-3.1.2/proto/MYSQL_README.html ./proto/MYSQL_README.html
*** /var/tmp/postfix-3.1.2/proto/MYSQL_README.html	2015-01-29 17:33:24.000000000 -0500
--- ./proto/MYSQL_README.html	2016-10-01 18:36:50.000000000 -0400
***************
*** 130,139 ****
--- 130,152 ----
  where_field = alias
  # Don't forget the leading "AND"!
  additional_conditions = AND status = 'paid'
+ 
+ # This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+ # and is the default setting as of Postfix 3.2,
+ option_group = client
  </pre>
  
  <h2>Additional notes</h2>
  
+ <p> Postfix 3.2 and later read <b>[client]</b> option group settings
+ by default. To disable this, specify no <b>option_file</b> and
+ specify "<b>option_group =</b>" (i.e. an empty value).  </p>
+ 
+ <p> Postfix 3.1 and earlier don't read <b>[client]</b> option group
+ settings unless a non-empty <b>option_file</b> or <b>option_group</b>
+ value are specified. To enable this, specify, for example
+ "<b>option_group = client</b>".  </p>
+ 
  <p> The MySQL configuration interface setup allows for multiple
  mysql databases: you can use one for a virtual table, one for an
  access table, and one for an aliases table if you want. </p>
diff -cr --new-file /var/tmp/postfix-3.1.2/proto/mysql_table ./proto/mysql_table
*** /var/tmp/postfix-3.1.2/proto/mysql_table	2016-02-12 15:25:01.000000000 -0500
--- ./proto/mysql_table	2016-10-01 19:01:14.000000000 -0400
***************
*** 252,257 ****
--- 252,262 ----
  # .IP "\fBoption_group\fR"
  #	Read options from the given group.
  # .sp
+ #	Postfix 3.1 and earlier don't read \fB[client]\fR option
+ #	group settings unless a non-empty \fBoption_file\fR or
+ #	\fBoption_group\fR value are specified. To enable this,
+ #	specify, for example, "\fBoption_group = client\fR".
+ # .sp
  #	This parameter is available with Postfix 2.11 and later.
  # .IP "\fBtls_cert_file\fR"
  #	File containing client's X509 certificate.
diff -cr --new-file /var/tmp/postfix-3.1.2/src/smtpd/smtpd.c ./src/smtpd/smtpd.c
*** /var/tmp/postfix-3.1.2/src/smtpd/smtpd.c	2016-01-23 19:55:14.000000000 -0500
--- ./src/smtpd/smtpd.c	2016-09-11 09:43:12.000000000 -0400
***************
*** 4848,4853 ****
--- 4848,4862 ----
      case 0:
  
  	/*
+ 	 * Reset the per-command counters.
+ 	 */
+ 	for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
+ 	    cmdp->success_count = cmdp->total_count = 0;
+ 	    if (cmdp->name == 0)
+ 		break;
+ 	}
+ 
+ 	/*
  	 * In TLS wrapper mode, turn on TLS using code that is shared with
  	 * the STARTTLS command. This code does not return when the handshake
  	 * fails.
***************
*** 5019,5033 ****
  #endif
  
  	/*
- 	 * Reset the per-command counters.
- 	 */
- 	for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
- 	    cmdp->success_count = cmdp->total_count = 0;
- 	    if (cmdp->name == 0)
- 		break;
- 	}
- 
- 	/*
  	 * The command read/execute loop.
  	 */
  	for (;;) {
--- 5028,5033 ----
diff -cr --new-file /var/tmp/postfix-3.1.2/src/util/dict_union.c ./src/util/dict_union.c
*** /var/tmp/postfix-3.1.2/src/util/dict_union.c	2014-10-20 19:53:04.000000000 -0400
--- ./src/util/dict_union.c	2016-09-17 08:07:15.000000000 -0400
***************
*** 81,91 ****
      for (cpp = dict_union->map_union->argv; (dict_type_name = *cpp) != 0; cpp++) {
  	if ((map = dict_handle(dict_type_name)) == 0)
  	    msg_panic("%s: dictionary \"%s\" not found", myname, dict_type_name);
! 	if ((result = dict_get(map, query)) == 0)
! 	    continue;
! 	if (VSTRING_LEN(dict_union->re_buf) > 0)
! 	    VSTRING_ADDCH(dict_union->re_buf, ',');
! 	vstring_strcat(dict_union->re_buf, result);
      }
      DICT_ERR_VAL_RETURN(dict, DICT_ERR_NONE,
  			VSTRING_LEN(dict_union->re_buf) > 0 ?
--- 81,93 ----
      for (cpp = dict_union->map_union->argv; (dict_type_name = *cpp) != 0; cpp++) {
  	if ((map = dict_handle(dict_type_name)) == 0)
  	    msg_panic("%s: dictionary \"%s\" not found", myname, dict_type_name);
! 	if ((result = dict_get(map, query)) != 0) {
! 	    if (VSTRING_LEN(dict_union->re_buf) > 0)
! 		VSTRING_ADDCH(dict_union->re_buf, ',');
! 	    vstring_strcat(dict_union->re_buf, result);
! 	} else if (map->error != 0) {
! 	    DICT_ERR_VAL_RETURN(dict, map->error, 0);
! 	}
      }
      DICT_ERR_VAL_RETURN(dict, DICT_ERR_NONE,
  			VSTRING_LEN(dict_union->re_buf) > 0 ?