Prereq: "3.1.6" diff -cr --new-file /var/tmp/postfix-3.1.6/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-3.1.6/src/global/mail_version.h 2017-06-13 13:36:23.000000000 -0400 --- ./src/global/mail_version.h 2017-10-28 10:13:59.000000000 -0400 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20170613" ! #define MAIL_VERSION_NUMBER "3.1.6" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20171028" ! #define MAIL_VERSION_NUMBER "3.1.7" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-3.1.6/HISTORY ./HISTORY *** /var/tmp/postfix-3.1.6/HISTORY 2017-06-13 13:31:40.000000000 -0400 --- ./HISTORY 2017-10-28 08:30:06.000000000 -0400 *************** *** 22352,22354 **** --- 22352,22368 ---- by other users. This fix does not change Postfix behavior for Berkeley DB < 3, but reduces file create performance for Berkeley DB 3 .. 4.6. File: util/dict_db.c. + + 20171009 + + Bugfix (introduced: Postfix 3.1): DANE support. Postfix + builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to + some sites with "TLSA 2 X X" records associated with an + intermediate CA certificate. Problem report and initial + fix by Erwan Legrand. File: src/tls/tls_dane.c. + + 20171024 + + Bugfix (introduced: Postfix 3.0) missing dynamicmaps support + in the Postfix sendmail command broke authorized_submit_users + with a dynamically-loaded map type. File: sendmail/sendmail.c. diff -cr --new-file /var/tmp/postfix-3.1.6/src/sendmail/sendmail.c ./src/sendmail/sendmail.c *** /var/tmp/postfix-3.1.6/src/sendmail/sendmail.c 2016-02-14 09:26:22.000000000 -0500 --- ./src/sendmail/sendmail.c 2017-10-26 17:53:06.000000000 -0400 *************** *** 472,477 **** --- 472,478 ---- #include #include #include + #include #include #include *************** *** 1082,1087 **** --- 1083,1090 ---- msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY); get_mail_conf_str_table(str_table); + mail_dict_init(); + if (chdir(var_queue_dir)) msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir); diff -cr --new-file /var/tmp/postfix-3.1.6/src/tls/tls_dane.c ./src/tls/tls_dane.c *** /var/tmp/postfix-3.1.6/src/tls/tls_dane.c 2016-08-27 16:27:50.000000000 -0400 --- ./src/tls/tls_dane.c 2017-10-09 11:02:57.000000000 -0400 *************** *** 1511,1517 **** /* set_issuer - set issuer DN to match akid if specified */ ! static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid) { X509_NAME *name = akid_issuer_name(akid); --- 1511,1517 ---- /* set_issuer - set issuer DN to match akid if specified */ ! static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj) { X509_NAME *name = akid_issuer_name(akid); *************** *** 1521,1527 **** */ if (name) return (X509_set_issuer_name(cert, name)); ! return (X509_set_issuer_name(cert, X509_get_subject_name(cert))); } /* grow_chain - add certificate to trusted or untrusted chain */ --- 1521,1527 ---- */ if (name) return (X509_set_issuer_name(cert, name)); ! return (X509_set_issuer_name(cert, subj)); } /* grow_chain - add certificate to trusted or untrusted chain */ *************** *** 1583,1589 **** */ if (!X509_set_version(cert, 2) || !set_serial(cert, akid, subject) ! || !set_issuer_name(cert, akid) || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) || !X509_set_subject_name(cert, name) --- 1583,1589 ---- */ if (!X509_set_version(cert, 2) || !set_serial(cert, akid, subject) ! || !set_issuer_name(cert, akid, name) || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) || !X509_set_subject_name(cert, name)