Prereq: "3.1.4"
diff -cr --new-file /var/tmp/postfix-3.1.4/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-3.1.4/src/global/mail_version.h	2017-01-01 13:01:36.000000000 -0500
--- ./src/global/mail_version.h	2017-06-10 16:28:12.000000000 -0400
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20170101"
! #define MAIL_VERSION_NUMBER	"3.1.4"
  
  #ifdef SNAPSHOT
  #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20170610"
! #define MAIL_VERSION_NUMBER	"3.1.5"
  
  #ifdef SNAPSHOT
  #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-3.1.4/HISTORY ./HISTORY
*** /var/tmp/postfix-3.1.4/HISTORY	2017-01-01 12:49:40.000000000 -0500
--- ./HISTORY	2017-06-10 16:39:07.000000000 -0400
***************
*** 22317,22319 ****
--- 22317,22341 ----
  	senders with "smtpd_reject_unlisted_recipient = yes" or
  	with reject_unlisted_sender.  Stephen R. van den Berg (Mr.
  	procmail).  Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
+ 
+ 20170221
+ 
+ 	Compatibility fix (introduced: Postfix 3.1): some Milter
+ 	applications do not recognize macros sent as {name} when
+ 	macros have single-character names. Postfix now sends such
+ 	macros without {} as it has done historically. Viktor
+ 	Dukhovni. File: milter/milter.c.
+ 
+ 20170430
+ 
+ 	Safety net: append a null byte to vstring buffers, so that
+ 	C-style string operations won't scribble past the end. File:
+ 	vstring.c.
+ 
+ 20170610
+ 
+ 	Workaround (introduced: Postfix 3.0 20140718): prevent MIME
+ 	downgrade of Postfix-generated message/delivery status.
+ 	It's supposed to be 7bit, therefore quoted-printable encoding
+ 	is not expected. Problem reported by Griff. File:
+ 	bounce/bounce_notify_util.c.
diff -cr --new-file /var/tmp/postfix-3.1.4/src/bounce/bounce_notify_util.c ./src/bounce/bounce_notify_util.c
*** /var/tmp/postfix-3.1.4/src/bounce/bounce_notify_util.c	2015-01-26 15:00:13.000000000 -0500
--- ./src/bounce/bounce_notify_util.c	2017-06-10 14:47:25.000000000 -0400
***************
*** 637,643 ****
  		      (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ?
  		      "global-" : "");
      /* Fix 20140709: addresses may be 8bit. */
!     if (NOT_7BIT_MIME(bounce_info))
  	post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s",
  			  bounce_info->mime_encoding);
  
--- 637,645 ----
  		      (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ?
  		      "global-" : "");
      /* Fix 20140709: addresses may be 8bit. */
!     if (NOT_7BIT_MIME(bounce_info)
!     /* BC Fix 20170610: prevent MIME downgrade of message/delivery-status. */
! 	&& (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED))
  	post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s",
  			  bounce_info->mime_encoding);
  
diff -cr --new-file /var/tmp/postfix-3.1.4/src/milter/milter.c ./src/milter/milter.c
*** /var/tmp/postfix-3.1.4/src/milter/milter.c	2016-01-23 19:42:19.000000000 -0500
--- ./src/milter/milter.c	2017-02-21 17:32:57.000000000 -0500
***************
*** 333,350 ****
      VSTRING *canon_buf = vstring_alloc(20);
      const char *value;
      const char *name;
  
      while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) {
  	if (msg_verbose)
  	    msg_info("%s: \"%s\"", myname, name);
  	if (*name != '{')			/* } */
! 	    name = STR(vstring_sprintf(canon_buf, "{%s}", name));
! 	if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) {
  	    if (msg_verbose)
  		msg_info("%s: result \"%s\"", myname, value);
  	    argv_add(argv, name, value, (char *) 0);
  	} else if (milters->macro_defaults != 0
! 	     && (value = htable_find(milters->macro_defaults, name)) != 0) {
  	    if (msg_verbose)
  		msg_info("%s: using default \"%s\"", myname, value);
  	    argv_add(argv, name, value, (char *) 0);
--- 333,353 ----
      VSTRING *canon_buf = vstring_alloc(20);
      const char *value;
      const char *name;
+     const char *cname;
  
      while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) {
  	if (msg_verbose)
  	    msg_info("%s: \"%s\"", myname, name);
  	if (*name != '{')			/* } */
! 	    cname = STR(vstring_sprintf(canon_buf, "{%s}", name));
! 	else
! 	    cname = name;
! 	if ((value = milters->mac_lookup(cname, milters->mac_context)) != 0) {
  	    if (msg_verbose)
  		msg_info("%s: result \"%s\"", myname, value);
  	    argv_add(argv, name, value, (char *) 0);
  	} else if (milters->macro_defaults != 0
! 	    && (value = htable_find(milters->macro_defaults, cname)) != 0) {
  	    if (msg_verbose)
  		msg_info("%s: using default \"%s\"", myname, value);
  	    argv_add(argv, name, value, (char *) 0);
diff -cr --new-file /var/tmp/postfix-3.1.4/src/util/vstring.c ./src/util/vstring.c
*** /var/tmp/postfix-3.1.4/src/util/vstring.c	2016-02-14 09:26:22.000000000 -0500
--- ./src/util/vstring.c	2017-06-10 17:05:51.000000000 -0400
***************
*** 280,285 ****
--- 280,289 ----
  #include "vbuf_print.h"
  #include "vstring.h"
  
+ #ifndef SSIZE_T_MAX
+ #define SSIZE_T_MAX __MAXINT__(ssize_t)
+ #endif
+ 
  /* vstring_extend - variable-length string buffer extension policy */
  
  static void vstring_extend(VBUF *bp, ssize_t incr)
***************
*** 299,308 ****
       * (The tests are redundant as long as mymalloc() and myrealloc() reject
       * negative length parameters).
       */
!     new_len = bp->len + (bp->len > incr ? bp->len : incr);
!     if (new_len <= bp->len)
  	msg_fatal("vstring_extend: length overflow");
!     bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len);
      bp->len = new_len;
      bp->ptr = bp->data + used;
      bp->cnt = bp->len - used;
--- 303,315 ----
       * (The tests are redundant as long as mymalloc() and myrealloc() reject
       * negative length parameters).
       */
!     if (bp->len > incr)
! 	incr = bp->len;
!     if (bp->len > SSIZE_T_MAX - incr - 1)
  	msg_fatal("vstring_extend: length overflow");
!     new_len = bp->len + incr;
!     bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1);
!     bp->data[new_len] = 0;
      bp->len = new_len;
      bp->ptr = bp->data + used;
      bp->cnt = bp->len - used;
***************
*** 342,353 ****
  {
      VSTRING *vp;
  
!     if (len < 1)
  	msg_panic("vstring_alloc: bad length %ld", (long) len);
      vp = (VSTRING *) mymalloc(sizeof(*vp));
      vp->vbuf.flags = 0;
      vp->vbuf.len = 0;
!     vp->vbuf.data = (unsigned char *) mymalloc(len);
      vp->vbuf.len = len;
      VSTRING_RESET(vp);
      vp->vbuf.data[0] = 0;
--- 349,361 ----
  {
      VSTRING *vp;
  
!     if (len < 1 || len > SSIZE_T_MAX - 1)
  	msg_panic("vstring_alloc: bad length %ld", (long) len);
      vp = (VSTRING *) mymalloc(sizeof(*vp));
      vp->vbuf.flags = 0;
      vp->vbuf.len = 0;
!     vp->vbuf.data = (unsigned char *) mymalloc(len + 1);
!     vp->vbuf.data[len] = 0;
      vp->vbuf.len = len;
      VSTRING_RESET(vp);
      vp->vbuf.data[0] = 0;