--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu
This update is intended to accomplish several improvements:
1. The regression introduced by the libdb security fix is corrected by
upstream. This was tested by me and is in Unstable in 3.2.5-1. This
should be allowed to migrate to testing before this upload for stable.
This issue was specifically requested to be fixed by a SRM.
2. A packaging fix to resolve one cause of postfix faling to start if
inet_interfaces is set to something other than all. This fix has been in
Unstable/Testing since last year with no negative feedback.
3. Fixes a regression from oldstable where dynamic maps were not available to
the sendmail command.
4. Fixes a significant issue in DANE support (new feature for stretch).
5. Other low risk (including documentation) fixes.
There are also a couple of things that are here that won't affect the user
either way:
1. A slight bit of patch cruft due to needing to refresh a patch that
slightly colllided with the fix for the security regression. Ideally it
wouldn't be in the diff, but it didn't seem to clutter things too badly
and it seemed lower risk not to hand edit the patch.
2. Added a postfix 3.1 specific debian watch file for the maintainer's
convenience. This is useful for my work flow and has no user impact or
risk.
As usual, the postfix upstream is very careful and thorough in micro-release
updates and all the upstream changes are good things for our users. I have
the proposed package in production and have not noted any issues.
Thanks for reviewing,
Scott K
diff -Nru postfix-3.1.6/debian/changelog postfix-3.1.8/debian/changelog
--- postfix-3.1.6/debian/changelog 2017-09-27 00:59:24.000000000 -0400
+++ postfix-3.1.8/debian/changelog 2018-01-29 12:31:22.000000000 -0500
@@ -1,3 +1,43 @@
+postfix (3.1.8-0+deb9u1) stretch; urgency=medium
+
+ [Scott Kitterman]
+
+ * Rewrite debian/postfix-instance-generator to avoid use of postmulti to fix
+ failures when inet_interfaces != all. Closes: #882141
+ * Refresh patches
+ * Add postfix 3.1 specific watch file
+
+ [Wietse Venema]
+
+ * 3.1.7
+ - Bugfix (introduced: Postfix 3.1): DANE support. Postfix
+ builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to
+ some sites with "TLSA 2 X X" records associated with an
+ intermediate CA certificate. Problem report and initial
+ fix by Erwan Legrand. File: src/tls/tls_dane.c.
+ - Bugfix (introduced: Postfix 3.0) missing dynamicmaps support
+ in the Postfix sendmail command broke authorized_submit_users
+ with a dynamically-loaded map type. File: sendmail/sendmail.c.
+ * 3.1.8
+ - Bugfix (introduced: Postfix 2.1): don't log warnings
+ that some restriction returns OK, when the access map
+ DISCARD feature is in effect. File: smtpd/smtpd_check.c.
+ - Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
+ Berkeley DB configurations with a relative pathname. File:
+ util/dict_db.c. Closes: #879200
+ - Workaround: reportedly, some res_query(3) implementation
+ can return -1 with h_errno==0. Instead of terminating with
+ a panic, the Postfix DNS client now logs a warning and sets
+ h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
+ - Documentation patches by Sven Neuhaus. Files:
+ proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html.
+ - Cleanup: missing mailbox seek-to-end error check in the
+ local(8) delivery agent. File: local/mailbox.c.
+ - Cleanup: incorrect mailbox seek-to-end error message in the
+ virtual(8) delivery agent. File: virtual/mailbox.c.
+
+ -- Scott Kitterman <sc...@kitterman.com> Mon, 29 Jan 2018 12:31:19 -0500
+
postfix (3.1.6-0+deb9u1) stretch; urgency=medium
[Wietse Venema]
diff -Nru postfix-3.1.6/debian/patches/11_postmap_update.diff postfix-3.1.8/debian/patches/11_postmap_update.diff
--- postfix-3.1.6/debian/patches/11_postmap_update.diff 2017-09-27 00:26:51.000000000 -0400
+++ postfix-3.1.8/debian/patches/11_postmap_update.diff 2018-01-29 12:21:20.000000000 -0500
@@ -1,7 +1,7 @@
Index: postfix/html/postmap.1.html
===================================================================
---- postfix.orig/html/postmap.1.html 2017-09-27 00:26:44.474769942 -0400
-+++ postfix/html/postmap.1.html 2017-09-27 00:26:44.466769942 -0400
+--- postfix.orig/html/postmap.1.html 2018-01-29 12:21:01.200764381 -0500
++++ postfix/html/postmap.1.html 2018-01-29 12:21:01.196764381 -0500
@@ -10,7 +10,7 @@
postmap - Postfix lookup table management
@@ -24,8 +24,8 @@
instead of the default configuration directory.
Index: postfix/man/man1/postmap.1
===================================================================
---- postfix.orig/man/man1/postmap.1 2017-09-27 00:26:44.474769942 -0400
-+++ postfix/man/man1/postmap.1 2017-09-27 00:26:44.466769942 -0400
+--- postfix.orig/man/man1/postmap.1 2018-01-29 12:21:01.200764381 -0500
++++ postfix/man/man1/postmap.1 2018-01-29 12:21:01.196764381 -0500
@@ -9,7 +9,7 @@
.na
.nf
@@ -46,8 +46,8 @@
truncate an existing database. By default, \fBpostmap\fR(1) creates
Index: postfix/src/postmap/postmap.c
===================================================================
---- postfix.orig/src/postmap/postmap.c 2017-09-27 00:26:44.474769942 -0400
-+++ postfix/src/postmap/postmap.c 2017-09-27 00:26:44.466769942 -0400
+--- postfix.orig/src/postmap/postmap.c 2018-01-29 12:21:01.200764381 -0500
++++ postfix/src/postmap/postmap.c 2018-01-29 12:21:01.196764381 -0500
@@ -77,6 +77,8 @@
/* syntax checks anyway.
/* .sp
@@ -165,8 +165,8 @@
usage(argv[0]);
Index: postfix/src/util/dict.h
===================================================================
---- postfix.orig/src/util/dict.h 2017-09-27 00:26:44.474769942 -0400
-+++ postfix/src/util/dict.h 2017-09-27 00:26:44.466769942 -0400
+--- postfix.orig/src/util/dict.h 2018-01-29 12:21:01.200764381 -0500
++++ postfix/src/util/dict.h 2018-01-29 12:21:01.200764381 -0500
@@ -123,6 +123,7 @@
#define DICT_FLAG_NO_UNAUTH (1<<13) /* disallow unauthenticated data */
#define DICT_FLAG_FOLD_FIX (1<<14) /* case-fold key with fixed-case map */
@@ -177,12 +177,12 @@
#define DICT_FLAG_BULK_UPDATE (1<<17) /* optimize for bulk updates */
Index: postfix/src/util/dict_db.c
===================================================================
---- postfix.orig/src/util/dict_db.c 2017-09-27 00:26:44.474769942 -0400
-+++ postfix/src/util/dict_db.c 2017-09-27 00:26:44.466769942 -0400
-@@ -735,6 +735,12 @@
- msg_panic("db_create null result");
+--- postfix.orig/src/util/dict_db.c 2018-01-29 12:21:01.200764381 -0500
++++ postfix/src/util/dict_db.c 2018-01-29 12:21:14.692764924 -0500
+@@ -738,6 +738,12 @@
if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
+ db_base_buf = vstring_alloc(100);
+ if (dict_flags & DICT_FLAG_UPGRADE) {
+ if (msg_verbose)
+ msg_info("upgrading database %s",db_path);
@@ -191,4 +191,4 @@
+ }
#if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \
(DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
- if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0)
+ if ((errno = db->open(db, 0, sane_basename(db_base_buf, db_path),
diff -Nru postfix-3.1.6/debian/postfix-instance-generator postfix-3.1.8/debian/postfix-instance-generator
--- postfix-3.1.6/debian/postfix-instance-generator 2017-09-27 00:55:57.000000000 -0400
+++ postfix-3.1.8/debian/postfix-instance-generator 2018-01-29 12:13:28.000000000 -0500
@@ -7,12 +7,9 @@
mkdir -p "$WANTDIR"
-if [ -f /etc/postfix/main.cf ]; then
- for NAME in $(postmulti -l -a | awk '{ print $1}'); do
- ln -s "$SERVICEFILE" "$WANTDIR/postfix@$NAME.service"
- done
-else
- ln -s "$SERVICEFILE" "$WANTDIR/postfix@-.service"
-fi
+ln -s "$SERVICEFILE" "$WANTDIR/postfix@-.service"
+for DIR in $(postconf -h multi_instance_directories); do
+ ln -s "$SERVICEFILE" "$WANTDIR/postfix@$(postconf -hc $DIR multi_instance_name).service"
+done
exit 0
diff -Nru postfix-3.1.6/debian/watch postfix-3.1.8/debian/watch
--- postfix-3.1.6/debian/watch 1969-12-31 19:00:00.000000000 -0500
+++ postfix-3.1.8/debian/watch 2018-01-29 12:13:28.000000000 -0500
@@ -0,0 +1,3 @@
+version=3
+
+opts=pasv ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-([\d+\.]+)\.tar\.gz
diff -Nru postfix-3.1.6/HISTORY postfix-3.1.8/HISTORY
--- postfix-3.1.6/HISTORY 2017-06-13 13:31:40.000000000 -0400
+++ postfix-3.1.8/HISTORY 2018-01-27 21:49:38.000000000 -0500
@@ -22352,3 +22352,49 @@
by other users. This fix does not change Postfix behavior
for Berkeley DB < 3, but reduces file create performance
for Berkeley DB 3 .. 4.6. File: util/dict_db.c.
+
+20171009
+
+ Bugfix (introduced: Postfix 3.1): DANE support. Postfix
+ builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to
+ some sites with "TLSA 2 X X" records associated with an
+ intermediate CA certificate. Problem report and initial
+ fix by Erwan Legrand. File: src/tls/tls_dane.c.
+
+20171024
+
+ Bugfix (introduced: Postfix 3.0) missing dynamicmaps support
+ in the Postfix sendmail command broke authorized_submit_users
+ with a dynamically-loaded map type. File: sendmail/sendmail.c.
+
+20171116
+
+ Bugfix (introduced: Postfix 2.1): don't log warnings
+ that some restriction returns OK, when the access map
+ DISCARD feature is in effect. File: smtpd/smtpd_check.c.
+
+20171215
+
+ Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
+ Berkeley DB configurations with a relative pathname. File:
+ util/dict_db.c.
+
+20171218
+
+ Workaround: reportedly, some res_query(3) implementation
+ can return -1 with h_errno==0. Instead of terminating with
+ a panic, the Postfix DNS client now logs a warning and sets
+ h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
+
+20171226
+
+ Documentation patches by Sven Neuhaus. Files:
+ proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html.
+
+20180106
+
+ Cleanup: missing mailbox seek-to-end error check in the
+ local(8) delivery agent. File: local/mailbox.c.
+
+ Cleanup: incorrect mailbox seek-to-end error message in the
+ virtual(8) delivery agent. File: virtual/mailbox.c.
diff -Nru postfix-3.1.6/html/FORWARD_SECRECY_README.html postfix-3.1.8/html/FORWARD_SECRECY_README.html
--- postfix-3.1.6/html/FORWARD_SECRECY_README.html 2015-07-21 18:46:51.000000000 -0400
+++ postfix-3.1.8/html/FORWARD_SECRECY_README.html 2017-12-26 10:51:40.000000000 -0500
@@ -322,9 +322,9 @@
<pre>
# cd /etc/postfix
# umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
# chmod 644 dh512.pem dh1024.pem dh2048.pem
</pre>
</blockquote>
diff -Nru postfix-3.1.6/html/SMTPD_ACCESS_README.html postfix-3.1.8/html/SMTPD_ACCESS_README.html
--- postfix-3.1.6/html/SMTPD_ACCESS_README.html 2014-10-01 13:25:10.000000000 -0400
+++ postfix-3.1.8/html/SMTPD_ACCESS_README.html 2017-12-26 10:51:40.000000000 -0500
@@ -251,7 +251,7 @@
relay policy</td>
<td rowspan="2"> Reject RCPT TO information </td> </tr>
-<tr> <td> < 2.10</td> <td> Not available </td>
+<tr> <td> < 2.10</td> <td> Not available </td>
</tr>
<tr> <td rowspan="2"> <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> </td> <td> ≥
@@ -259,7 +259,7 @@
relay policy</td>
<td rowspan="2"> Reject RCPT TO information </td> </tr>
-<tr> <td> < 2.10</td> <td> Required </td> </tr>
+<tr> <td> < 2.10</td> <td> Required </td> </tr>
<tr> <td> <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> </td> <td> ≥ 2.0 </td> <td>
Optional </td> <td>
diff -Nru postfix-3.1.6/proto/FORWARD_SECRECY_README.html postfix-3.1.8/proto/FORWARD_SECRECY_README.html
--- postfix-3.1.6/proto/FORWARD_SECRECY_README.html 2015-07-21 18:46:51.000000000 -0400
+++ postfix-3.1.8/proto/FORWARD_SECRECY_README.html 2017-12-26 10:49:33.000000000 -0500
@@ -322,9 +322,9 @@
<pre>
# cd /etc/postfix
# umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
# chmod 644 dh512.pem dh1024.pem dh2048.pem
</pre>
</blockquote>
diff -Nru postfix-3.1.6/proto/SMTPD_ACCESS_README.html postfix-3.1.8/proto/SMTPD_ACCESS_README.html
--- postfix-3.1.6/proto/SMTPD_ACCESS_README.html 2014-10-01 13:24:18.000000000 -0400
+++ postfix-3.1.8/proto/SMTPD_ACCESS_README.html 2017-12-26 10:49:33.000000000 -0500
@@ -251,7 +251,7 @@
relay policy</td>
<td rowspan="2"> Reject RCPT TO information </td> </tr>
-<tr> <td> < 2.10</td> <td> Not available </td>
+<tr> <td> < 2.10</td> <td> Not available </td>
</tr>
<tr> <td rowspan="2"> smtpd_recipient_restrictions </td> <td> ≥
@@ -259,7 +259,7 @@
relay policy</td>
<td rowspan="2"> Reject RCPT TO information </td> </tr>
-<tr> <td> < 2.10</td> <td> Required </td> </tr>
+<tr> <td> < 2.10</td> <td> Required </td> </tr>
<tr> <td> smtpd_data_restrictions </td> <td> ≥ 2.0 </td> <td>
Optional </td> <td>
diff -Nru postfix-3.1.6/src/dns/dns_lookup.c postfix-3.1.8/src/dns/dns_lookup.c
--- postfix-3.1.6/src/dns/dns_lookup.c 2015-07-12 10:10:57.000000000 -0400
+++ postfix-3.1.8/src/dns/dns_lookup.c 2017-12-20 20:50:28.000000000 -0500
@@ -397,6 +397,14 @@
/* Prepare for returning a null-padded server reply. */
memset(answer, 0, anslen);
len = res_query(name, class, type, answer, anslen);
+ /* Begin API creep workaround. */
+ if (len < 0 && h_errno == 0) {
+ SET_H_ERRNO(TRY_AGAIN);
+ msg_warn("res_query(\"%s\", %d, %d, %p, %d) returns %d with h_errno==0"
+ " -- setting h_errno=TRY_AGAIN",
+ name, class, type, answer, anslen, len);
+ }
+ /* End API creep workaround. */
if (len > 0) {
SET_H_ERRNO(0);
} else if (keep_notfound && NOT_FOUND_H_ERRNO(h_errno)) {
diff -Nru postfix-3.1.6/src/global/mail_version.h postfix-3.1.8/src/global/mail_version.h
--- postfix-3.1.6/src/global/mail_version.h 2017-06-13 13:36:23.000000000 -0400
+++ postfix-3.1.8/src/global/mail_version.h 2018-01-27 08:01:13.000000000 -0500
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20170613"
-#define MAIL_VERSION_NUMBER "3.1.6"
+#define MAIL_RELEASE_DATE "20180127"
+#define MAIL_VERSION_NUMBER "3.1.8"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -Nru postfix-3.1.6/src/local/mailbox.c postfix-3.1.8/src/local/mailbox.c
--- postfix-3.1.6/src/local/mailbox.c 2015-01-11 15:30:20.000000000 -0500
+++ postfix-3.1.8/src/local/mailbox.c 2018-01-21 17:10:13.000000000 -0500
@@ -97,7 +97,7 @@
int deliver_status;
int copy_flags;
VSTRING *biff;
- long end;
+ off_t end;
struct stat st;
uid_t spool_uid;
gid_t spool_gid;
@@ -202,7 +202,8 @@
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else {
- end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
+ if ((end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END)) < 0)
+ msg_fatal("seek mailbox file %s: %m", mailbox);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
copy_flags, "\n", why);
}
diff -Nru postfix-3.1.6/src/sendmail/sendmail.c postfix-3.1.8/src/sendmail/sendmail.c
--- postfix-3.1.6/src/sendmail/sendmail.c 2016-02-14 09:26:22.000000000 -0500
+++ postfix-3.1.8/src/sendmail/sendmail.c 2017-10-26 17:53:06.000000000 -0400
@@ -472,6 +472,7 @@
#include <deliver_request.h>
#include <mime_state.h>
#include <header_opts.h>
+#include <mail_dict.h>
#include <user_acl.h>
#include <dsn_mask.h>
@@ -1082,6 +1083,8 @@
msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
get_mail_conf_str_table(str_table);
+ mail_dict_init();
+
if (chdir(var_queue_dir))
msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);
diff -Nru postfix-3.1.6/src/smtpd/smtpd_check.c postfix-3.1.8/src/smtpd/smtpd_check.c
--- postfix-3.1.6/src/smtpd/smtpd_check.c 2017-01-01 12:48:24.000000000 -0500
+++ postfix-3.1.8/src/smtpd/smtpd_check.c 2017-12-20 20:27:37.000000000 -0500
@@ -4053,7 +4053,7 @@
static void forbid_whitelist(SMTPD_STATE *state, const char *name,
int status, const char *target)
{
- if (status == SMTPD_CHECK_OK) {
+ if (state->discard == 0 && status == SMTPD_CHECK_OK) {
msg_warn("restriction %s returns OK for %s", name, target);
msg_warn("this is not allowed for security reasons");
msg_warn("use DUNNO instead of OK if you want to make an exception");
diff -Nru postfix-3.1.6/src/tls/tls_dane.c postfix-3.1.8/src/tls/tls_dane.c
--- postfix-3.1.6/src/tls/tls_dane.c 2016-08-27 16:27:50.000000000 -0400
+++ postfix-3.1.8/src/tls/tls_dane.c 2017-10-09 11:02:57.000000000 -0400
@@ -1511,7 +1511,7 @@
/* set_issuer - set issuer DN to match akid if specified */
-static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid)
+static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj)
{
X509_NAME *name = akid_issuer_name(akid);
@@ -1521,7 +1521,7 @@
*/
if (name)
return (X509_set_issuer_name(cert, name));
- return (X509_set_issuer_name(cert, X509_get_subject_name(cert)));
+ return (X509_set_issuer_name(cert, subj));
}
/* grow_chain - add certificate to trusted or untrusted chain */
@@ -1583,7 +1583,7 @@
*/
if (!X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
- || !set_issuer_name(cert, akid)
+ || !set_issuer_name(cert, akid, name)
|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
|| !X509_set_subject_name(cert, name)
diff -Nru postfix-3.1.6/src/util/dict_db.c postfix-3.1.8/src/util/dict_db.c
--- postfix-3.1.6/src/util/dict_db.c 2017-06-13 12:15:32.000000000 -0400
+++ postfix-3.1.8/src/util/dict_db.c 2017-12-20 20:34:39.000000000 -0500
@@ -615,6 +615,7 @@
struct stat st;
DB *db = 0;
char *db_path = 0;
+ VSTRING *db_base_buf = 0;
int lock_fd = -1;
int dbfd;
@@ -671,6 +672,7 @@
#define FREE_RETURN(e) do { \
DICT *_dict = (e); if (db) DICT_DB_CLOSE(db); \
if (lock_fd >= 0) (void) close(lock_fd); \
+ if (db_base_buf) vstring_free(db_base_buf); \
if (db_path) myfree(db_path); return (_dict); \
} while (0)
@@ -735,18 +737,22 @@
msg_panic("db_create null result");
if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
+ db_base_buf = vstring_alloc(100);
#if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \
(DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
- if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0)
+ if ((errno = db->open(db, 0, sane_basename(db_base_buf, db_path),
+ 0, type, db_flags, 0644)) != 0)
FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags,
"open database %s: %m", db_path));
#elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4)
- if ((errno = db->open(db, db_path, 0, type, db_flags, 0644)) != 0)
+ if ((errno = db->open(db, sane_basename(db_base_buf, db_path), 0,
+ type, db_flags, 0644)) != 0)
FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags,
"open database %s: %m", db_path));
#else
#error "Unsupported Berkeley DB version"
#endif
+ vstring_free(db_base_buf);
if ((errno = db->fd(db, &dbfd)) != 0)
msg_fatal("get database file descriptor: %m");
#endif
diff -Nru postfix-3.1.6/src/virtual/mailbox.c postfix-3.1.8/src/virtual/mailbox.c
--- postfix-3.1.6/src/virtual/mailbox.c 2016-08-22 17:24:31.000000000 -0400
+++ postfix-3.1.8/src/virtual/mailbox.c 2018-01-21 17:09:08.000000000 -0500
@@ -132,7 +132,7 @@
VAR_STRICT_MBOX_OWNER);
} else {
if (vstream_fseek(mp->fp, (off_t) 0, SEEK_END) < 0)
- msg_fatal("%s: seek queue file %s: %m",
+ msg_fatal("%s: seek mailbox file %s: %m",
myname, VSTREAM_PATH(mp->fp));
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
copy_flags, "\n", why);
--- End Message ---
