From 6a47e111d65e7d2fac64118e3cf5e99f236d40ab Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Mon, 3 Jan 2022 00:00:00 -0500
Subject: [PATCH] postfix-3.7-20220103

---
 postfix/HISTORY                   | 9 +++++++++
 postfix/html/postconf.5.html      | 4 ++++
 postfix/html/postqueue.1.html     | 2 +-
 postfix/man/man1/postqueue.1      | 2 +-
 postfix/man/man5/postconf.5       | 4 ++++
 postfix/proto/postconf.proto      | 4 ++++
 postfix/proto/stop                | 2 ++
 postfix/src/global/mail_version.h | 2 +-
 postfix/src/postqueue/postqueue.c | 2 +-
 postfix/src/util/htable.c         | 7 ++++---
 10 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 73ab7d767..68f555870 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -26164,3 +26164,12 @@ Apologies for any names omitted.
 	The fix is cheap, and therefore implemented for all Postfix
 	in-memory hash tables. Problem reported by Pascal Junod.
 	File: util/htable.c.
+
+20210103
+
+	Documentation: CIDR example for mynetworks. Scott Kitterman.
+	File: proto/postconf.proto.
+
+	Updated the hash function to make the distance between
+	colliding inputs seed-dependent, which is really the only
+	property that we needed. File: util/htable.c.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 65171852f..d6e784c5c 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -7644,6 +7644,9 @@ parameter value.  </p>
 "/file/name".  IP version 6 addresses contain the ":" character,
 and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" pattern.  </p>
 
+<p> Note 3: CIDR ranges cannot be specified in hash tables.  Use cidr
+tables if CIDR ranges are used. </p>
+
 <p> Examples:  </p>
 
 <pre>
@@ -7652,6 +7655,7 @@ and would otherwise be confused with a "<a href="DATABASE_README.html">type:tabl
 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
 <a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks
 <a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/network_table
+<a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="cidr_table.5.html">cidr</a>:/etc/postfix/network_table.cidr
 </pre>
 
 
diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html
index 83721034b..123e27612 100644
--- a/postfix/html/postqueue.1.html
+++ b/postfix/html/postqueue.1.html
@@ -196,7 +196,7 @@ POSTQUEUE(1)                                                      POSTQUEUE(1)
               tion logfiles with mail that is queued to those destinations.
 
        <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
-              The  list  of  environment  parameters that a privileged Postfix
+              The  list  of  environment  variables  that a privileged Postfix
               process will  import  from  a  non-Postfix  parent  process,  or
               name=value environment overrides.
 
diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1
index ed0d8139d..c8020c192 100644
--- a/postfix/man/man1/postqueue.1
+++ b/postfix/man/man1/postqueue.1
@@ -202,7 +202,7 @@ The location of all postfix administrative commands.
 Optional list of destinations that are eligible for per\-destination
 logfiles with mail that is queued to those destinations.
 .IP "\fBimport_environment (see 'postconf -d' output)\fR"
-The list of environment parameters that a privileged Postfix
+The list of environment variables that a privileged Postfix
 process will import from a non\-Postfix parent process, or name=value
 environment overrides.
 .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index cf04f37ef..403e96490 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -4771,6 +4771,9 @@ Note 2: IP version 6 address information must be specified inside
 "/file/name".  IP version 6 addresses contain the ":" character,
 and would otherwise be confused with a "type:table" pattern.
 .PP
+Note 3: CIDR ranges cannot be specified in hash tables.  Use cidr
+tables if CIDR ranges are used.
+.PP
 Examples:
 .PP
 .nf
@@ -4781,6 +4784,7 @@ mynetworks = !192.168.0.1, 192.168.0.0/28
 mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
 mynetworks = $config_directory/mynetworks
 mynetworks = hash:/etc/postfix/network_table
+mynetworks = cidr:/etc/postfix/network_table.cidr
 .fi
 .ad
 .ft R
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index c9c5b8218..091cb8cf0 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -3166,6 +3166,9 @@ parameter value.  </p>
 "/file/name".  IP version 6 addresses contain the ":" character,
 and would otherwise be confused with a "type:table" pattern.  </p>
 
+<p> Note 3: CIDR ranges cannot be specified in hash tables.  Use cidr
+tables if CIDR ranges are used. </p>
+
 <p> Examples:  </p>
 
 <pre> 
@@ -3174,6 +3177,7 @@ mynetworks = !192.168.0.1, 192.168.0.0/28
 mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 
 mynetworks = $config_directory/mynetworks
 mynetworks = hash:/etc/postfix/network_table
+mynetworks = cidr:/etc/postfix/network_table.cidr
 </pre>
 
 %PARAM myorigin $myhostname
diff --git a/postfix/proto/stop b/postfix/proto/stop
index af293d34c..1679528a3 100644
--- a/postfix/proto/stop
+++ b/postfix/proto/stop
@@ -1549,3 +1549,5 @@ epilog
 prolog
 proto
 ICMP
+NORANDOMIZE
+wallclock
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 3f46be576..a69e83683 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20220102"
+#define MAIL_RELEASE_DATE	"20220103"
 #define MAIL_VERSION_NUMBER	"3.7"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c
index f4afa632b..09e5bcaf8 100644
--- a/postfix/src/postqueue/postqueue.c
+++ b/postfix/src/postqueue/postqueue.c
@@ -184,7 +184,7 @@
 /*	Optional list of destinations that are eligible for per-destination
 /*	logfiles with mail that is queued to those destinations.
 /* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
-/*	The list of environment parameters that a privileged Postfix
+/*	The list of environment variables that a privileged Postfix
 /*	process will import from a non-Postfix parent process, or name=value
 /*	environment overrides.
 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
diff --git a/postfix/src/util/htable.c b/postfix/src/util/htable.c
index addb51146..2f9dabd3e 100644
--- a/postfix/src/util/htable.c
+++ b/postfix/src/util/htable.c
@@ -235,13 +235,14 @@ static size_t htable_hash(const char *s, size_t size)
     }
 
     /*
-     * Inspired the "Dragon" book by Aho, Sethi and Ullman. Updated to use a
-     * seed, and to maintain 32+ bit state.
+     * Heavily mutilated code based on the "Dragon" book by Aho, Sethi and
+     * Ullman. Updated to use a seed, to maintain 32+ bit state, and to make
+     * the distance between colliding inputs seed-dependent.
      */
     h = seed;
     while (*s) {
 	g = h & 0xf0000000;
-	h = ((h << 4U) | (g >> 28U)) + *(unsigned const char *) s++;
+	h = (h << 4U) ^ (((g >> 28U) + 1) * *(unsigned const char *) s++);
     }
     return (h % size);
 }