diff --git a/postfix/HISTORY b/postfix/HISTORY
index 96e0b946f..ec3762e54 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -21932,10 +21932,10 @@ Apologies for any names omitted.
 
 20150924
 
-	Cleanup (introduced: 20060510): eliminated a harmless
-	warning message "seek error after reading END record: Illegal
-	seek" from the cleanup server after a check_sender_access
-	DISCARD action.  File: cleanup/cleanup.c.
+	Cleanup (introduced: 20060510, exposed 20150912): eliminated
+	a harmless warning message "seek error after reading END
+	record: Illegal seek" from the cleanup server after a
+	check_sender_access DISCARD action.  File: cleanup/cleanup.c.
 
 	Bugfix (introduced: 20090216-24): incorrect postmulti error
 	message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
@@ -21954,7 +21954,7 @@ Apologies for any names omitted.
 
 	Bugfix (introduced: 20031128): xtext_unquote() did not
 	propagate error reports from xtext_unquote_append(), causing
-	the decoder to return partial ouput, instead of rejecting
+	the decoder to return partial output, instead of rejecting
 	malformed input. Fix by Krzysztof Wojta.  File: global/xtext.c.
 
 20151003
@@ -21967,3 +21967,25 @@ Apologies for any names omitted.
 
 	Cleanup: added missing "negative" unit tests. Files:
 	global/xtext.c, global/uxtext.c.
+
+20151004
+
+	Future proofing: use a real VSTRING in the 20150930 header
+	PREPEND fix. File: cleanup/cleanup_message.c.
+
+	Future proofing: make vstring_import() consistent with
+	vstring_alloc(). The alternative would be to remove the
+	function as it is unused and exists only for symmetry with
+	vstring_export(). File: usr/vstring.c.
+
+20151010
+
+	Cleanup: the 20150903 workaround for AIX DNSSEC used the
+	wrong name in #ifdef. File: dns/dns.h.
+
+20151011
+
+	Cleanup: in the PCRE client, turn fatal lookup errors into
+	warnings, and skip the failing pattern as in dict_regexp.c.
+	Also, fixed the error text when running into the matcher's
+	backtracking limit. File: util/dict_pcre.c.
diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README
index 0eb2c3aed..7526e0bc1 100644
--- a/postfix/README_FILES/DATABASE_README
+++ b/postfix/README_FILES/DATABASE_README
@@ -212,7 +212,7 @@ To find out what database types your Postfix system supports, use the "ppooss
         are created with the postmap(1) or postalias(1) command, and private
         databases are maintained by Postfix daemons. The database name as used
         in "hash:table" is the database file name without the ".db" suffix.
-    inline (read-only)
+    iinnlliinnee (read-only)
         A non-shared, in-memory lookup table. Example: "inline:{ key=value,
         { key = text with whitespace or comma }}". Key-value pairs are
         separated by whitespace or comma; whitespace after "{" and before "}"
diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html
index 25bef163a..2d134cd44 100644
--- a/postfix/html/DATABASE_README.html
+++ b/postfix/html/DATABASE_README.html
@@ -313,7 +313,7 @@ private databases are maintained by Postfix daemons. The database
 name as used in "<a href="DATABASE_README.html#types">hash</a>:table" is the database file name without the
 ".db" suffix.  </dd>
 
-<dt> <b></b>inline (read-only) </dt>
+<dt> <b>inline</b> (read-only) </dt>
 
 <dd> A non-shared, in-memory lookup table. Example: "<a href="DATABASE_README.html#types">inline</a>:{
 <i>key=value</i>, { <i>key = text with whitespace or comma</i> }}".
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 911c03c61..4d5fd17f9 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -15597,7 +15597,7 @@ for authentication. The available types are listed with the
 (default: empty)</b></DT><DD>
 
 <p>
-Optional lookup table with the SASL login names that own sender
+Optional lookup table with the SASL login names that own the sender
 (MAIL FROM) addresses.
 </p>
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index a059efcad..b767f2884 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -10522,7 +10522,7 @@ for authentication. The available types are listed with the
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtpd_sender_login_maps (default: empty)
-Optional lookup table with the SASL login names that own sender
+Optional lookup table with the SASL login names that own the sender
 (MAIL FROM) addresses.
 .PP
 Specify zero or more "type:name" lookup tables, separated by
diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html
index 0fb0a9e85..c6525ed4c 100644
--- a/postfix/proto/DATABASE_README.html
+++ b/postfix/proto/DATABASE_README.html
@@ -313,7 +313,7 @@ private databases are maintained by Postfix daemons. The database
 name as used in "hash:table" is the database file name without the
 ".db" suffix.  </dd>
 
-<dt> <b></b>inline (read-only) </dt>
+<dt> <b>inline</b> (read-only) </dt>
 
 <dd> A non-shared, in-memory lookup table. Example: "inline:{
 <i>key=value</i>, { <i>key = text with whitespace or comma</i> }}".
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index e3e519731..53dbdad06 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -6386,7 +6386,7 @@ smtpd_sasl_security_options = noanonymous, noplaintext
 %PARAM smtpd_sender_login_maps 
 
 <p>
-Optional lookup table with the SASL login names that own sender
+Optional lookup table with the SASL login names that own the sender
 (MAIL FROM) addresses.
 </p>
 
diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c
index d10cb395a..b945cdc11 100644
--- a/postfix/src/cleanup/cleanup_message.c
+++ b/postfix/src/cleanup/cleanup_message.c
@@ -390,11 +390,18 @@ static const char *cleanup_act(CLEANUP_STATE *state, char *context,
 		msg_warn("bad PREPEND header text \"%s\" in %s map -- "
 			 "need \"headername: headervalue\"",
 			 optional_text, map_class);
-	    } else {
-		VSTRING *temp;		/* XXX Impedance mismatch. */
+	    }
+
+	    /*
+	     * By design, cleanup_out_header() may modify content. Play safe
+	     * and prepare for future developments.
+	     */
+	    else {
+		VSTRING *temp;
 
 		cleanup_act_log(state, "prepend", context, buf, optional_text);
-		temp = vstring_import(mystrdup(optional_text));
+		temp = vstring_strcpy(vstring_alloc(strlen(optional_text)),
+						    optional_text);
 		cleanup_out_header(state, temp);
 		vstring_free(temp);
 	    }
diff --git a/postfix/src/dns/dns.h b/postfix/src/dns/dns.h
index e2b8701ac..c65ac732e 100644
--- a/postfix/src/dns/dns.h
+++ b/postfix/src/dns/dns.h
@@ -57,7 +57,7 @@
 /*
  * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
  */
-#ifdef DISABLE_DNSSEC
+#ifdef NO_DNSSEC
 #undef RES_USE_DNSSEC
 #endif
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 3d70d32dc..0a84fd808 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20151003"
+#define MAIL_RELEASE_DATE	"20151011"
 #define MAIL_VERSION_NUMBER	"3.1"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/util/dict_pcre.c b/postfix/src/util/dict_pcre.c
index 57b07fd9f..fe388c2a2 100644
--- a/postfix/src/util/dict_pcre.c
+++ b/postfix/src/util/dict_pcre.c
@@ -223,35 +223,42 @@ static void dict_pcre_exec_error(const char *mapname, int lineno, int errval)
 	return;
     case PCRE_ERROR_NULL:
     case PCRE_ERROR_BADOPTION:
-	msg_fatal("pcre map %s, line %d: bad args to re_exec",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: bad args to re_exec",
+		 mapname, lineno);
+	return;
     case PCRE_ERROR_BADMAGIC:
     case PCRE_ERROR_UNKNOWN_NODE:
-	msg_fatal("pcre map %s, line %d: corrupt compiled regexp",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: corrupt compiled regexp",
+		 mapname, lineno);
+	return;
 #ifdef PCRE_ERROR_NOMEMORY
     case PCRE_ERROR_NOMEMORY:
-	msg_fatal("pcre map %s, line %d: out of memory",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: out of memory",
+		 mapname, lineno);
+	return;
 #endif
 #ifdef PCRE_ERROR_MATCHLIMIT
     case PCRE_ERROR_MATCHLIMIT:
-	msg_fatal("pcre map %s, line %d: matched text exceeds buffer limit",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: backtracking limit exceeded",
+		 mapname, lineno);
+	return;
 #endif
 #ifdef PCRE_ERROR_BADUTF8
     case PCRE_ERROR_BADUTF8:
-	msg_fatal("pcre map %s, line %d: bad UTF-8 sequence in search string",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: bad UTF-8 sequence in search string",
+		 mapname, lineno);
+	return;
 #endif
 #ifdef PCRE_ERROR_BADUTF8_OFFSET
     case PCRE_ERROR_BADUTF8_OFFSET:
-	msg_fatal("pcre map %s, line %d: bad UTF-8 start offset in search string",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: bad UTF-8 start offset in search string",
+		 mapname, lineno);
+	return;
 #endif
     default:
-	msg_fatal("pcre map %s, line %d: unknown re_exec error: %d",
-		  mapname, lineno, errval);
+	msg_warn("pcre map %s, line %d: unknown re_exec error: %d",
+		 mapname, lineno, errval);
+	return;
     }
 }
 
diff --git a/postfix/src/util/vstring.c b/postfix/src/util/vstring.c
index 84c92989a..acbb848f1 100644
--- a/postfix/src/util/vstring.c
+++ b/postfix/src/util/vstring.c
@@ -565,9 +565,14 @@ VSTRING *vstring_import(char *str)
 
     vp = (VSTRING *) mymalloc(sizeof(*vp));
     len = strlen(str);
+    vp->vbuf.flags = 0;
+    vp->vbuf.len = 0;
     vp->vbuf.data = (unsigned char *) str;
     vp->vbuf.len = len + 1;
     VSTRING_AT_OFFSET(vp, len);
+    vp->vbuf.get_ready = vstring_buf_get_ready;
+    vp->vbuf.put_ready = vstring_buf_put_ready;
+    vp->vbuf.space = vstring_buf_space;
     vp->maxlen = 0;
     return (vp);
 }
