Prereq: "3.5.0" diff -ur --new-file /var/tmp/postfix-3.5.0/src/global/mail_version.h ./src/global/mail_version.h --- /var/tmp/postfix-3.5.0/src/global/mail_version.h 2020-03-15 19:17:50.000000000 -0400 +++ ./src/global/mail_version.h 2020-04-18 10:45:42.000000000 -0400 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200316" -#define MAIL_VERSION_NUMBER "3.5.0" +#define MAIL_RELEASE_DATE "20200418" +#define MAIL_VERSION_NUMBER "3.5.1" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -ur --new-file /var/tmp/postfix-3.5.0/HISTORY ./HISTORY --- /var/tmp/postfix-3.5.0/HISTORY 2020-03-15 19:15:53.000000000 -0400 +++ ./HISTORY 2020-04-18 11:18:40.000000000 -0400 @@ -24663,7 +24663,7 @@ Usability: the Postfix SMTP server now logs a warning when a configuration requests access control by client certificate, - but "smtpd_tls_ask_clientcert = no". Files: proto/postconf.proto, + but "smtpd_tls_ask_ccert = no". Files: proto/postconf.proto, smtpd/smtpd_check.c. 20200316 @@ -24671,3 +24671,12 @@ Removed the issuer_cn and subject_cn matches from check_ccert_access. Files: smtpd/smtpd_check.c, proto/postconf.proto. + +20200416 + + Workaround for broken builds after an incompatible change + in GCC 10. Files: makedefs, Makefile.in. + + Workaround for broken DANE support after an incompatible + change in GLIBC 2.31. This avoids the need for new options + in /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c. diff -ur --new-file /var/tmp/postfix-3.5.0/Makefile.in ./Makefile.in --- /var/tmp/postfix-3.5.0/Makefile.in 2020-03-08 12:44:03.000000000 -0400 +++ ./Makefile.in 2020-04-16 13:07:58.000000000 -0400 @@ -1,7 +1,7 @@ # To test with valgrind: # make -i tests VALGRIND="valgrind --tool=memcheck --log-file=/some/where.%p" SHELL = /bin/sh -WARN = -Wmissing-prototypes -Wformat -Wno-comment +WARN = -Wmissing-prototypes -Wformat -Wno-comment -fcommon OPTS = 'WARN=$(WARN)' DIRS = src/util src/global src/dns src/tls src/xsasl src/master src/milter \ src/postfix src/fsstone src/smtpstone \ diff -ur --new-file /var/tmp/postfix-3.5.0/makedefs ./makedefs --- /var/tmp/postfix-3.5.0/makedefs 2020-03-07 20:22:38.000000000 -0500 +++ ./makedefs 2020-04-16 13:07:58.000000000 -0400 @@ -1136,7 +1136,7 @@ : ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \ ${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ - -Wunused -Wno-missing-braces'} + -Wunused -Wno-missing-braces -fcommon'} # Extract map type names from -DHAS_XXX compiler options. We avoid # problems with tr(1) range syntax by using enumerations instead, diff -ur --new-file /var/tmp/postfix-3.5.0/src/dns/dns.h ./src/dns/dns.h --- /var/tmp/postfix-3.5.0/src/dns/dns.h 2017-12-27 17:29:44.000000000 -0500 +++ ./src/dns/dns.h 2020-04-16 13:07:58.000000000 -0400 @@ -59,6 +59,7 @@ */ #ifdef NO_DNSSEC #undef RES_USE_DNSSEC +#undef RES_TRUSTAD #endif /* @@ -70,6 +71,9 @@ #ifndef RES_USE_EDNS0 #define RES_USE_EDNS0 0 #endif +#ifndef RES_TRUSTAD +#define RES_TRUSTAD 0 +#endif /*- * TLSA: https://tools.ietf.org/html/rfc6698#section-7.1 diff -ur --new-file /var/tmp/postfix-3.5.0/src/dns/dns_lookup.c ./src/dns/dns_lookup.c --- /var/tmp/postfix-3.5.0/src/dns/dns_lookup.c 2019-12-15 11:19:34.000000000 -0500 +++ ./src/dns/dns_lookup.c 2020-04-16 13:07:58.000000000 -0400 @@ -116,6 +116,9 @@ /* Request DNSSEC validation. This flag is silently ignored /* when the system stub resolver API, resolver(3), does not /* implement DNSSEC. +/* Automatically turns on the RES_TRUSTAD flag on systems that +/* support this flag (this behavior will be more configurable +/* in a later release). /* .RE /* .IP lflags /* Flags that control the operation of the dns_lookup*() @@ -458,10 +461,10 @@ /* * Set extra options that aren't exposed to the application. */ -#define XTRA_FLAGS (RES_USE_EDNS0) +#define XTRA_FLAGS (RES_USE_EDNS0 | RES_TRUSTAD) if (flags & RES_USE_DNSSEC) - flags |= RES_USE_EDNS0; + flags |= (RES_USE_EDNS0 | RES_TRUSTAD); /* * Can't append domains: we need the right SOA TTL.