Prereq: "3.2.3" diff -cr --new-file /var/tmp/postfix-3.2.3/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-3.2.3/src/global/mail_version.h 2017-09-24 08:21:50.000000000 -0400 --- ./src/global/mail_version.h 2017-10-28 10:12:12.000000000 -0400 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20170924" ! #define MAIL_VERSION_NUMBER "3.2.3" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20171028" ! #define MAIL_VERSION_NUMBER "3.2.4" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-3.2.3/HISTORY ./HISTORY *** /var/tmp/postfix-3.2.3/HISTORY 2017-09-24 08:30:07.000000000 -0400 --- ./HISTORY 2017-10-28 08:30:16.000000000 -0400 *************** *** 23004,23010 **** Safety: restore sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). ! These checks were lost with the Postfix 3.2.2 rewrite of the vbuf_print formatter. File: vbuf_print.c. 20170923 --- 23004,23010 ---- Safety: restore sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). ! These checks were lost with the Postfix 3.2 rewrite of the vbuf_print formatter. File: vbuf_print.c. 20170923 *************** *** 23012,23016 **** Bugfix (introduced: Postfix 3.2): panic in the postqueue command after output write error while listing the queue. This change restores a write error check that was lost with ! the Postfix 3.2.2 rewrite of the vbuf_print formatter. Problem reported by Andreas Schulze. File: util/vbuf_print.c. --- 23012,23030 ---- Bugfix (introduced: Postfix 3.2): panic in the postqueue command after output write error while listing the queue. This change restores a write error check that was lost with ! the Postfix 3.2 rewrite of the vbuf_print formatter. Problem reported by Andreas Schulze. File: util/vbuf_print.c. + + 20171009 + + Bugfix (introduced: Postfix 3.1): DANE support. Postfix + builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to + some sites with "TLSA 2 X X" records associated with an + intermediate CA certificate. Problem report and initial + fix by Erwan Legrand. File: src/tls/tls_dane.c. + + 20171024 + + Bugfix (introduced: Postfix 3.0) missing dynamicmaps support + in the Postfix sendmail command broke authorized_submit_users + with a dynamically-loaded map type. File: sendmail/sendmail.c. diff -cr --new-file /var/tmp/postfix-3.2.3/src/sendmail/Makefile.in ./src/sendmail/Makefile.in *** /var/tmp/postfix-3.2.3/src/sendmail/Makefile.in 2017-02-05 18:36:30.000000000 -0500 --- ./src/sendmail/Makefile.in 2017-10-24 10:42:16.000000000 -0400 *************** *** 73,78 **** --- 73,79 ---- sendmail.o: ../../include/htable.h sendmail.o: ../../include/iostuff.h sendmail.o: ../../include/mail_conf.h + sendmail.o: ../../include/mail_dict.h sendmail.o: ../../include/mail_flush.h sendmail.o: ../../include/mail_params.h sendmail.o: ../../include/mail_parm_split.h diff -cr --new-file /var/tmp/postfix-3.2.3/src/sendmail/sendmail.c ./src/sendmail/sendmail.c *** /var/tmp/postfix-3.2.3/src/sendmail/sendmail.c 2017-02-05 19:05:04.000000000 -0500 --- ./src/sendmail/sendmail.c 2017-10-24 10:35:52.000000000 -0400 *************** *** 495,500 **** --- 495,501 ---- #include #include #include + #include #include #include #include *************** *** 1114,1119 **** --- 1115,1122 ---- msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY); get_mail_conf_str_table(str_table); + mail_dict_init(); + if (chdir(var_queue_dir)) msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir); diff -cr --new-file /var/tmp/postfix-3.2.3/src/tls/tls_dane.c ./src/tls/tls_dane.c *** /var/tmp/postfix-3.2.3/src/tls/tls_dane.c 2017-02-18 20:58:21.000000000 -0500 --- ./src/tls/tls_dane.c 2017-10-09 11:06:02.000000000 -0400 *************** *** 1450,1456 **** /* set_issuer - set issuer DN to match akid if specified */ ! static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid) { X509_NAME *name = akid_issuer_name(akid); --- 1450,1456 ---- /* set_issuer - set issuer DN to match akid if specified */ ! static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj) { X509_NAME *name = akid_issuer_name(akid); *************** *** 1460,1466 **** */ if (name) return (X509_set_issuer_name(cert, name)); ! return (X509_set_issuer_name(cert, X509_get_subject_name(cert))); } /* grow_chain - add certificate to trusted or untrusted chain */ --- 1460,1466 ---- */ if (name) return (X509_set_issuer_name(cert, name)); ! return (X509_set_issuer_name(cert, subj)); } /* grow_chain - add certificate to trusted or untrusted chain */ *************** *** 1522,1528 **** */ if (!X509_set_version(cert, 2) || !set_serial(cert, akid, subject) ! || !set_issuer_name(cert, akid) || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) || !X509_set_subject_name(cert, name) --- 1522,1528 ---- */ if (!X509_set_version(cert, 2) || !set_serial(cert, akid, subject) ! || !set_issuer_name(cert, akid, name) || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) || !X509_set_subject_name(cert, name) *************** *** 1798,1803 **** --- 1798,1807 ---- #include #include + #if OPENSSL_VERSION_NUMBER < 0x10002000L + #define SSL_get0_param(s) ((s)->param) + #endif + static int verify_chain(SSL *ssl, x509_stack_t *chain, TLS_SESS_STATE *tctx) { int ret;