From: Wietse Venema <wietse@porcupine.org>
Date: Tue, 2 May 2017 05:00:00 +0000 (-0500)
Subject: postfix-3.3-20170502
X-Git-Tag: v3.3.0-RC1~26
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5195b24cee635ccedf47da4b102d81ae9bfd83ba;p=thirdparty%2Fpostfix.git

postfix-3.3-20170502
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 3b7a72b5b..f7f806d8e 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -22923,7 +22923,7 @@ Apologies for any names omitted.
 
 20170206
 
-	Bugfix (introduced: Postfix 3.0): when check_mumble_a_access
+	Bugfix (introduced: Postfix 3.0): check_mumble_a_access
 	did not handle [ipaddress], unlike check_mumble_mx_access.
 	When check_mumble_a_access was introduced, some condition
 	was not updated.  Reported by James (postfix_tracker). File:
@@ -22942,3 +22942,30 @@ Apologies for any names omitted.
 	Cleanup: typofixes from klemens. The only change in compiled
 	code is in one identical mysql error message that also
 	appears in the pgsql client.  Files: about 50.
+
+20170221
+
+	Compatibility fix (introduced: Postfix 3.1): some Milter
+	applications do not recognize macros sent as {name} when macros
+	have single-character names. Postfix now sends such macros
+	without {} as it has done historically. Viktor Dukhovni. File:
+	milter/milter.c.
+
+20170228
+
+	Documentation: re-word scary warnings at the top of SASL_README
+	and TLS_README.
+
+20170402
+
+	Bugfix (introduced: Postfix 3.2): restore the SMTP server
+	receive override options at the end of an SMTP session,
+	after the options may have been modified by an smtpd_milter_maps
+	setting of "DISABLE". Problem report by Christian RÃ¶Ãner,
+	root cause analysis by Viktor Dukhovni. File: smtpd/smtpd.c.
+
+20170430
+
+	Safety net: append a null byte to vstring buffers, so that
+	C-style string operations won't scribble past the end. File:
+	vstring.[hc].
diff --git a/postfix/INSTALL b/postfix/INSTALL
index f2a38d314..10e69408c 100644
--- a/postfix/INSTALL
+++ b/postfix/INSTALL
@@ -612,7 +612,7 @@ The following is an extensive list of names and values.
 |_______________________________|_____________________________________________|
 |				|Specifies options for the postfix-install    |
 |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, |
-|				|the only supported option is "-keep-new-     |
+|				|the only supported option is "-keep-build-   |
 |				|mtime".				      |
 |_______________________________|_____________________________________________|
 |				|Specifies non-default compiler options for   |
diff --git a/postfix/README_FILES/INSTALL b/postfix/README_FILES/INSTALL
index c0168593f..14e61caf0 100644
--- a/postfix/README_FILES/INSTALL
+++ b/postfix/README_FILES/INSTALL
@@ -612,7 +612,7 @@ The following is an extensive list of names and values.
 |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 |                               |Specifies options for the postfix-install    |
 |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, |
-|                               |the only supported option is "-keep-new-     |
+|                               |the only supported option is "-keep-build-   |
 |                               |mtime".                                      |
 |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 |                               |Specifies non-default compiler options for   |
diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README
index c4b22a2e6..0c4248038 100644
--- a/postfix/README_FILES/SASL_README
+++ b/postfix/README_FILES/SASL_README
@@ -2,14 +2,6 @@ PPoossttffiixx SSAASSLL HHoowwttoo
 
 -------------------------------------------------------------------------------
 
-WWaarrnniinngg
-
-People who go to the trouble of installing Postfix may have the expectation
-that Postfix is more secure than some other mailers. The Cyrus SASL library
-contains a lot of code. With this, Postfix becomes as secure as other mail
-systems that use the Cyrus SASL library. Dovecot provides an alternative that
-may be worth considering.
-
 HHooww PPoossttffiixx uusseess SSAASSLL aauutthheennttiiccaattiioonn
 
 SMTP servers need to decide whether an SMTP client is authorized to send mail
@@ -30,6 +22,12 @@ configuration files will belong to Postfix, while other configuration files
 belong to the specific SASL implementation that Postfix will use. This document
 covers both the Postfix and non-Postfix configuration.
 
+NOTE: People who go to the trouble of installing Postfix may have the
+expectation that Postfix is more secure than some other mailers. The Cyrus SASL
+library contains a lot of code. With this, Postfix becomes as secure as other
+mail systems that use the Cyrus SASL library. Dovecot provides an alternative
+that may be worth considering.
+
 You can read more about the following topics:
 
   * Configuring SASL authentication in the Postfix SMTP server
diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README
index 8a328b262..15b5e52c3 100644
--- a/postfix/README_FILES/TLS_README
+++ b/postfix/README_FILES/TLS_README
@@ -2,25 +2,17 @@ PPoossttffiixx TTLLSS SSuuppppoorrtt
 
 -------------------------------------------------------------------------------
 
-WWAARRNNIINNGG
-
-By turning on TLS support in Postfix, you not only get the ability to encrypt
-mail and to authenticate remote SMTP clients or servers. You also turn on
-thousands and thousands of lines of OpenSSL library code. Assuming that OpenSSL
-is written as carefully as Wietse's own code, every 1000 lines introduce one
-additional bug into Postfix.
-
 WWhhaatt PPoossttffiixx TTLLSS ssuuppppoorrtt ddooeess ffoorr yyoouu
 
 Transport Layer Security (TLS, formerly called SSL) provides certificate-based
 authentication and encrypted sessions. An encrypted session protects the
 information that is transmitted with SMTP mail or with SASL authentication.
 
-      NOTE: This document describes a TLS user interface that was introduced
-    with Postfix version 2.3. Support for an older user interface is documented
-    in TLS_LEGACY_README, which also describes the differences between Postfix
-    and the third-party patch on which Postfix version 2.2 TLS support was
-    based.
+NOTE: By turning on TLS support in Postfix, you not only get the ability to
+encrypt mail and to authenticate remote SMTP clients or servers. You also turn
+on hundreds of thousands of lines of OpenSSL library code. Assuming that
+OpenSSL is written as carefully as Wietse's own code, every 1000 lines
+introduce one additional bug into Postfix.
 
 Topics covered in this document:
 
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 23db493c9..a6de35407 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -6,6 +6,10 @@ Wish list:
 
 	Disable -DSNAPSHOT and -DNONPROD in makedefs.
 
+	Merge in the code to relax smtp_mx_address_limit if 'strict'
+	enforcement would result in the elimination of one IP address
+	family.
+
 	Convert postalias(1) to store external-form keys, and convert
 	aliases(5) to perform external-first lookup with fallback to
 	internal form, to make it consistent with the rest of Postfix.
@@ -15,6 +19,9 @@ Wish list:
 	In the bounce daemon, set util_utf8_enable if returning an
 	SMTPUTF8 message.
 
+	Merge in the code to check database client configuration
+	files for unknown or duplicate settings.
+
 	Add a header_body_checks extension callback in smtp_proto.c
 	that implements the PASS action.
 
diff --git a/postfix/html/INSTALL.html b/postfix/html/INSTALL.html
index 016ea8221..2ee35cdf9 100644
--- a/postfix/html/INSTALL.html
+++ b/postfix/html/INSTALL.html
@@ -883,7 +883,7 @@ Specify OPT= to turn off optimization. </td> </tr>
 <tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td>
 Specifies options for the <tt>postfix-install</tt> command, separated
 by whitespace. Currently, the only supported option is
-"<tt>-keep-new-mtime</tt>". </td> </tr>
+"<tt>-keep-build-mtime</tt>". </td> </tr>
 
 <tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies
 non-default compiler options for building Postfix dynamically-linked
diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index bc5311fa7..4b1290223 100644
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -15,15 +15,6 @@
 
 <hr>
 
-<h2>Warning</h2>
-
-<p> People who go to the trouble of installing Postfix may have the
-expectation that Postfix is more secure than some other mailers.
-The Cyrus SASL library contains a lot of code. With this, Postfix
-becomes as secure as other mail systems that use the Cyrus SASL
-library.  Dovecot provides an alternative that may be worth
-considering. </p>
-
 <h2><a name="intro">How Postfix uses SASL authentication</a></h2>
 
 <p> SMTP servers need to decide whether an SMTP client is authorized
@@ -47,6 +38,13 @@ configuration files belong to the specific SASL
 implementation that Postfix will use. This document covers both the
 Postfix and non-Postfix configuration.  </p>
 
+<p> NOTE: People who go to the trouble of installing Postfix may
+have the expectation that Postfix is more secure than some other
+mailers.  The Cyrus SASL library contains a lot of code. With this,
+Postfix becomes as secure as other mail systems that use the Cyrus
+SASL library.  Dovecot provides an alternative that may be worth
+considering. </p>
+
 <p> You can read more about the following topics: </p>
 
 <ul>
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index 9efbb519d..c732b4f34 100644
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -18,15 +18,6 @@
 
 <hr>
 
-<h2> WARNING </h2>
-
-<p> By turning on TLS support in Postfix, you not only get the
-ability to encrypt mail and to authenticate remote SMTP clients or servers.
-You also turn on thousands and thousands of lines of OpenSSL library
-code.  Assuming that OpenSSL is written as carefully as Wietse's
-own code, every 1000 lines introduce one additional bug into
-Postfix.  </p>
-
 <h2> What Postfix TLS support does for you </h2>
 
 <p> Transport Layer Security (TLS, formerly called SSL) provides
@@ -34,13 +25,12 @@ certificate-based authentication and encrypted sessions.  An
 encrypted session protects the information that is transmitted with
 SMTP mail or with SASL authentication. </p>
 
-<blockquote> <p> <a name="client_tls_obs"></a> <a
-name="client_tls_harden"></a> NOTE: This document describes a TLS
-user interface that was introduced with Postfix version 2.3. Support
-for an older user interface is documented in <a href="TLS_LEGACY_README.html">TLS_LEGACY_README</a>,
-which also describes the differences between Postfix and the
-third-party patch on which Postfix version 2.2 TLS support was
-based.  </p> </blockquote>
+<p> NOTE: By turning on TLS support in Postfix, you not only get
+the ability to encrypt mail and to authenticate remote SMTP clients
+or servers.  You also turn on hundreds of thousands of lines of
+OpenSSL library code.  Assuming that OpenSSL is written as carefully
+as Wietse's own code, every 1000 lines introduce one additional bug
+into Postfix.  </p>
 
 <p> Topics covered in this document: </p>
 
diff --git a/postfix/html/postmulti.1.html b/postfix/html/postmulti.1.html
index 9c45e67e5..c7c1f1570 100644
--- a/postfix/html/postmulti.1.html
+++ b/postfix/html/postmulti.1.html
@@ -318,14 +318,15 @@ POSTMULTI(1)                                                      POSTMULTI(1)
               The directory with Postfix support programs and daemon programs.
 
        <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
-              The list of environment parameters that a Postfix  process  will
-              import from a non-Postfix parent process.
+              The list of environment parameters  that  a  privileged  Postfix
+              process  will  import  from  a  non-Postfix  parent  process, or
+              name=value environment overrides.
 
        <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
-              An  optional  list of non-default Postfix configuration directo-
-              ries; these directories belong to additional  Postfix  instances
-              that  share  the Postfix executable files and documentation with
-              the default Postfix instance, and  that  are  started,  stopped,
+              An optional list of non-default Postfix  configuration  directo-
+              ries;  these  directories belong to additional Postfix instances
+              that share the Postfix executable files and  documentation  with
+              the  default  Postfix  instance,  and that are started, stopped,
               etc., together with the default Postfix instance.
 
        <b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
@@ -335,40 +336,40 @@ POSTMULTI(1)                                                      POSTMULTI(1)
               The optional instance name of this Postfix instance.
 
        <b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
-              Allow  this  Postfix instance to be started, stopped, etc., by a
+              Allow this Postfix instance to be started, stopped, etc.,  by  a
               multi-instance manager.
 
        <b><a href="postconf.5.html#postmulti_start_commands">postmulti_start_commands</a> (start)</b>
-              The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a>  instance  manager
+              The  <a href="postfix.1.html"><b>postfix</b>(1)</a>  commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
               treats as "start" commands.
 
        <b><a href="postconf.5.html#postmulti_stop_commands">postmulti_stop_commands</a> (see 'postconf -d' output)</b>
-              The  <a href="postfix.1.html"><b>postfix</b>(1)</a>  commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+              The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a>  instance  manager
               treats as "stop" commands.
 
        <b><a href="postconf.5.html#postmulti_control_commands">postmulti_control_commands</a> (reload flush)</b>
-              The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a>  instance  manager
+              The  <a href="postfix.1.html"><b>postfix</b>(1)</a>  commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
               treats as "control" commands, that operate on running instances.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              A prefix that  is  prepended  to  the  process  name  in  syslog
+              A  prefix  that  is  prepended  to  the  process  name in syslog
               records, so that, for example, "smtpd" becomes "prefix/smtpd".
 
        Available in Postfix 3.0 and later:
 
        <b><a href="postconf.5.html#meta_directory">meta_directory</a> (see 'postconf -d' output)</b>
-              The  location of non-executable files that are shared among mul-
-              tiple Postfix instances, such as postfix-files,  dynamicmaps.cf,
-              and  the  multi-instance  template  files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">mas-
+              The location of non-executable files that are shared among  mul-
+              tiple  Postfix instances, such as postfix-files, dynamicmaps.cf,
+              and the multi-instance template  files  <a href="postconf.5.html">main.cf</a>.proto  and  <a href="master.5.html">mas-
               ter.cf</a>.proto.
 
        <b><a href="postconf.5.html#shlib_directory">shlib_directory</a> (see 'postconf -d' output)</b>
-              The location of Postfix dynamically-linked  libraries  (libpost-
-              fix-*.so),  and the default location of Postfix database plugins
-              (postfix-*.so) that have  a  relative  pathname  in  the  dynam-
+              The  location  of Postfix dynamically-linked libraries (libpost-
+              fix-*.so), and the default location of Postfix database  plugins
+              (postfix-*.so)  that  have  a  relative  pathname  in the dynam-
               icmaps.cf file.
 
 <b>FILES</b>
diff --git a/postfix/man/man1/postmulti.1 b/postfix/man/man1/postmulti.1
index 485ca3224..4a35947ff 100644
--- a/postfix/man/man1/postmulti.1
+++ b/postfix/man/man1/postmulti.1
@@ -342,8 +342,9 @@ configuration files.
 .IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
 The directory with Postfix support programs and daemon programs.
 .IP "\fBimport_environment (see 'postconf -d' output)\fR"
-The list of environment parameters that a Postfix process will
-import from a non\-Postfix parent process.
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .IP "\fBmulti_instance_directories (empty)\fR"
 An optional list of non\-default Postfix configuration directories;
 these directories belong to additional Postfix instances that share
diff --git a/postfix/proto/INSTALL.html b/postfix/proto/INSTALL.html
index f72133920..984528cbe 100644
--- a/postfix/proto/INSTALL.html
+++ b/postfix/proto/INSTALL.html
@@ -883,7 +883,7 @@ Specify OPT= to turn off optimization. </td> </tr>
 <tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td>
 Specifies options for the <tt>postfix-install</tt> command, separated
 by whitespace. Currently, the only supported option is
-"<tt>-keep-new-mtime</tt>". </td> </tr>
+"<tt>-keep-build-mtime</tt>". </td> </tr>
 
 <tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies
 non-default compiler options for building Postfix dynamically-linked
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index 00e2ab143..89b1cf401 100644
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -15,15 +15,6 @@
 
 <hr>
 
-<h2>Warning</h2>
-
-<p> People who go to the trouble of installing Postfix may have the
-expectation that Postfix is more secure than some other mailers.
-The Cyrus SASL library contains a lot of code. With this, Postfix
-becomes as secure as other mail systems that use the Cyrus SASL
-library.  Dovecot provides an alternative that may be worth
-considering. </p>
-
 <h2><a name="intro">How Postfix uses SASL authentication</a></h2>
 
 <p> SMTP servers need to decide whether an SMTP client is authorized
@@ -47,6 +38,13 @@ configuration files belong to the specific SASL
 implementation that Postfix will use. This document covers both the
 Postfix and non-Postfix configuration.  </p>
 
+<p> NOTE: People who go to the trouble of installing Postfix may
+have the expectation that Postfix is more secure than some other
+mailers.  The Cyrus SASL library contains a lot of code. With this,
+Postfix becomes as secure as other mail systems that use the Cyrus
+SASL library.  Dovecot provides an alternative that may be worth
+considering. </p>
+
 <p> You can read more about the following topics: </p>
 
 <ul>
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index 9da081c72..8d291ea2d 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -18,15 +18,6 @@
 
 <hr>
 
-<h2> WARNING </h2>
-
-<p> By turning on TLS support in Postfix, you not only get the
-ability to encrypt mail and to authenticate remote SMTP clients or servers.
-You also turn on thousands and thousands of lines of OpenSSL library
-code.  Assuming that OpenSSL is written as carefully as Wietse's
-own code, every 1000 lines introduce one additional bug into
-Postfix.  </p>
-
 <h2> What Postfix TLS support does for you </h2>
 
 <p> Transport Layer Security (TLS, formerly called SSL) provides
@@ -34,13 +25,12 @@ certificate-based authentication and encrypted sessions.  An
 encrypted session protects the information that is transmitted with
 SMTP mail or with SASL authentication. </p>
 
-<blockquote> <p> <a name="client_tls_obs"></a> <a
-name="client_tls_harden"></a> NOTE: This document describes a TLS
-user interface that was introduced with Postfix version 2.3. Support
-for an older user interface is documented in TLS_LEGACY_README,
-which also describes the differences between Postfix and the
-third-party patch on which Postfix version 2.2 TLS support was
-based.  </p> </blockquote>
+<p> NOTE: By turning on TLS support in Postfix, you not only get
+the ability to encrypt mail and to authenticate remote SMTP clients
+or servers.  You also turn on hundreds of thousands of lines of
+OpenSSL library code.  Assuming that OpenSSL is written as carefully
+as Wietse's own code, every 1000 lines introduce one additional bug
+into Postfix.  </p>
 
 <p> Topics covered in this document: </p>
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index c33aa351e..8b99fb8c6 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20170218"
+#define MAIL_RELEASE_DATE	"20170502"
 #define MAIL_VERSION_NUMBER	"3.3"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/milter/milter.c b/postfix/src/milter/milter.c
index 64836d463..ac2baaf77 100644
--- a/postfix/src/milter/milter.c
+++ b/postfix/src/milter/milter.c
@@ -333,18 +333,21 @@ static ARGV *milter_macro_lookup(MILTERS *milters, const char *macro_names)
     VSTRING *canon_buf = vstring_alloc(20);
     const char *value;
     const char *name;
+    const char *cname;
 
     while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) {
 	if (msg_verbose)
 	    msg_info("%s: \"%s\"", myname, name);
 	if (*name != '{')			/* } */
-	    name = STR(vstring_sprintf(canon_buf, "{%s}", name));
-	if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) {
+	    cname = STR(vstring_sprintf(canon_buf, "{%s}", name));
+	else
+	    cname = name;
+	if ((value = milters->mac_lookup(cname, milters->mac_context)) != 0) {
 	    if (msg_verbose)
 		msg_info("%s: result \"%s\"", myname, value);
 	    argv_add(argv, name, value, (char *) 0);
 	} else if (milters->macro_defaults != 0
-	     && (value = htable_find(milters->macro_defaults, name)) != 0) {
+	    && (value = htable_find(milters->macro_defaults, cname)) != 0) {
 	    if (msg_verbose)
 		msg_info("%s: using default \"%s\"", myname, value);
 	    argv_add(argv, name, value, (char *) 0);
diff --git a/postfix/src/postmulti/postmulti.c b/postfix/src/postmulti/postmulti.c
index f8fef2df8..a6b132e4e 100644
--- a/postfix/src/postmulti/postmulti.c
+++ b/postfix/src/postmulti/postmulti.c
@@ -326,8 +326,9 @@
 /* .IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
 /*	The directory with Postfix support programs and daemon programs.
 /* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
-/*	The list of environment parameters that a Postfix process will
-/*	import from a non-Postfix parent process.
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* .IP "\fBmulti_instance_directories (empty)\fR"
 /*	An optional list of non-default Postfix configuration directories;
 /*	these directories belong to additional Postfix instances that share
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 986264b22..40d49f623 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -5396,6 +5396,8 @@ static void teardown_milters(SMTPD_STATE *state)
 	milter_free(state->milters);
 	state->milters = 0;
     }
+    smtpd_input_transp_mask =
+	input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
 }
 
 
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index 6414fc833..32cefbc07 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -541,7 +541,8 @@ tests: all valid_hostname_test mac_expand_test dict_test unescape_test \
 	dict_static_test dict_inline_test midna_domain_test casefold_test \
 	dict_utf8_test strcasecmp_utf8_test vbuf_print_test dict_regexp_test \
 	dict_union_test dict_pipe_test miss_endif_cidr_test \
-	miss_endif_pcre_test miss_endif_regexp_test split_qnameval_test
+	miss_endif_pcre_test miss_endif_regexp_test split_qnameval_test \
+	vstring_test
 
 root_tests:
 
@@ -834,6 +835,11 @@ dict_pipe_test: dict_open dict_pipe_test.in dict_pipe_test.ref
 	diff dict_pipe_test.ref dict_pipe_test.tmp
 	rm -f dict_pipe_test.tmp
 
+vstring_test: dict_open vstring vstring_test.ref
+	 $(SHLIB_ENV) ./vstring one two three >vstring_test.tmp 2>&1
+	diff vstring_test.ref vstring_test.tmp
+	rm -f vstring_test.tmp
+
 depend: $(MAKES)
 	(sed '1,/^# do not edit/!d' Makefile.in; \
 	set -e; for i in [a-z][a-z0-9]*.c; do \
diff --git a/postfix/src/util/vstring.c b/postfix/src/util/vstring.c
index 6e090a2ec..c13767279 100644
--- a/postfix/src/util/vstring.c
+++ b/postfix/src/util/vstring.c
@@ -304,13 +304,17 @@ static void vstring_extend(VBUF *bp, ssize_t incr)
      * 
      * The length overflow tests here and in vstring_alloc() should protect us
      * against all length overflow problems within vstring library routines.
+     * 
+     * Safety net: add a gratuitous null terminator so that C-style string
+     * operations won't scribble past the end.
      */
     if ((bp->flags & VSTRING_FLAG_EXACT) == 0 && bp->len > incr)
 	incr = bp->len;
-    if (bp->len > SSIZE_T_MAX - incr)
+    if (bp->len > SSIZE_T_MAX - incr - 1)
 	msg_fatal("vstring_extend: length overflow");
     new_len = bp->len + incr;
-    bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len);
+    bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1);
+    bp->data[new_len] = 0;
     bp->len = new_len;
     bp->ptr = bp->data + used;
     bp->cnt = bp->len - used;
@@ -350,12 +354,17 @@ VSTRING *vstring_alloc(ssize_t len)
 {
     VSTRING *vp;
 
-    if (len < 1)
+    /*
+     * Safety net: add a gratuitous null terminator so that C-style string
+     * operations won't scribble past the end.
+     */
+    if (len < 1 || len > SSIZE_T_MAX - 1)
 	msg_panic("vstring_alloc: bad length %ld", (long) len);
     vp = (VSTRING *) mymalloc(sizeof(*vp));
     vp->vbuf.flags = 0;
     vp->vbuf.len = 0;
-    vp->vbuf.data = (unsigned char *) mymalloc(len);
+    vp->vbuf.data = (unsigned char *) mymalloc(len + 1);
+    vp->vbuf.data[len] = 0;
     vp->vbuf.len = len;
     VSTRING_RESET(vp);
     vp->vbuf.data[0] = 0;
@@ -666,7 +675,18 @@ VSTRING *vstring_sprintf_prepend(VSTRING *vp, const char *format,...)
 int     main(int argc, char **argv)
 {
     VSTRING *vp = vstring_alloc(1);
+    int     n;
+
+    /*
+     * Report the location of the gratuitous null terminator.
+     */
+    for (n = 1; n <= 5; n++) {
+	VSTRING_ADDCH(vp, 'x');
+	printf("payload/buffer size %d/%ld, strlen() %ld\n",
+	       n, (long) (vp)->vbuf.len, (long) strlen(vstring_str(vp)));
+    }
 
+    VSTRING_RESET(vp);
     while (argc-- > 0) {
 	vstring_strcat(vp, *argv++);
 	vstring_strcat(vp, ".");
diff --git a/postfix/src/util/vstring.h b/postfix/src/util/vstring.h
index 605e1ff15..f71ad77f2 100644
--- a/postfix/src/util/vstring.h
+++ b/postfix/src/util/vstring.h
@@ -72,8 +72,6 @@ CHECK_VAL_HELPER_DCL(VSTRING_CTL, ssize_t);
 #define VSTRING_LEN(vp)		((ssize_t) ((vp)->vbuf.ptr - (vp)->vbuf.data))
 #define vstring_end(vp)		((char *) (vp)->vbuf.ptr)
 #define VSTRING_TERMINATE(vp)	do { \
-				    if ((vp)->vbuf.cnt <= 0) \
-					VSTRING_SPACE((vp),1); \
 				    *(vp)->vbuf.ptr = 0; \
 				} while (0)
 #define VSTRING_RESET(vp)	do { \
diff --git a/postfix/src/util/vstring_test.ref b/postfix/src/util/vstring_test.ref
new file mode 100644
index 000000000..54c54cf48
--- /dev/null
+++ b/postfix/src/util/vstring_test.ref
@@ -0,0 +1,6 @@
+payload/buffer size 1/1, strlen() 1
+payload/buffer size 2/2, strlen() 2
+payload/buffer size 3/4, strlen() 4
+payload/buffer size 4/4, strlen() 4
+payload/buffer size 5/8, strlen() 8
+argv concatenated: ./vstring.one.two.three.