From a419793471d53e32d19e7effd6934a345aea4cdb Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 12 Apr 2015 00:00:00 -0500
Subject: [PATCH] postfix-2.11.5

---
 postfix/HISTORY                       | 25 ++++++++++++++++++++++++-
 postfix/makedefs                      |  8 +++++---
 postfix/src/global/mail_version.h     |  4 ++--
 postfix/src/tls/tls_dane.c            | 10 +++++-----
 postfix/src/trivial-rewrite/resolve.c | 13 +++++++++----
 postfix/src/util/sys_defs.h           |  2 +-
 6 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index fd448c4ff..8f709e4f1 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -17919,7 +17919,7 @@ Apologies for any names omitted.
 
 20120824
 
-	Feature: support for "sendmail -R hdrs|full". Jan Kundrát.
+	Feature: support for "sendmail -R hdrs|full". Jan Kundr?t.
 	File: sendmail/sendmail.c.
 
 20120902
@@ -19641,3 +19641,26 @@ Apologies for any names omitted.
 
 	Cleanup: missing " in \%s\" in postconf(1) fatal error
 	messages. Iain Hibbert. File: postconf/postconf_master.c.
+
+20150324
+
+	Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
+	ignored the relayhost setting in the case of a DUNNO lookup
+	result.  It would use the recipient domain instead.  Viktor
+	Dukhovni. Wietse took the pieces of code that enforce the
+	precedence of a sender-dependent relayhost, the global
+	relayhost, and the recipient domain, and put that code
+	together in once place so that it is easier to maintain.
+	File: trivial-rewrite/resolve.c.
+
+20150330
+
+	Bitrot: prepare for future changes in OpenSSL API. Viktor
+	Dukhovni. File: tls_dane.c.
+
+20150408
+
+	Portability: FreeBSD10 support. Files: makedefs, util/sys_defs.h.
+
+	Incompatibility: specifying "make makefiles" with "CC=command"
+	will no longer override the default WARN setting.
diff --git a/postfix/makedefs b/postfix/makedefs
index d68fa6cc5..a704ddad9 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -158,6 +158,9 @@ case "$SYSTEM.$RELEASE" in
 		;;
   FreeBSD.9*)	SYSTYPE=FREEBSD9
 		;;
+  FreeBSD.10*)	SYSTYPE=FREEBSD10
+		: ${CC=cc}
+		;;
  DragonFly.*)	SYSTYPE=DRAGONFLY
 		;;
   OpenBSD.2*)	SYSTYPE=OPENBSD2
@@ -470,7 +473,6 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
     Darwin.*)   SYSTYPE=MACOSX
 		# Use the native compiler by default
 		: ${CC=cc}
-		CCARGS="$CCARGS \$(WARN)"
 		# Darwin > 1.3 uses awk and flat_namespace
 		case $RELEASE in
 		 1.[0-3]) AWK=gawk;;
@@ -624,7 +626,7 @@ esac
 # een burned once by a compiler that lies about what warnings it
 # produces, not taking that chance again.
 
-: ${CC='gcc $(WARN)'} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \
+: ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \
 ${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \
 	-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
 	-Wunused -Wno-missing-braces'}
@@ -647,7 +649,7 @@ AR	= $AR
 ARFL	= $ARFL
 RANLIB	= $RANLIB
 SYSLIBS	= $AUXLIBS $SYSLIBS
-CC	= $CC $CCARGS
+CC	= $CC $CCARGS \$(WARN)
 OPT	= $OPT
 DEBUG	= $DEBUG
 AWK	= $AWK
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 28261e1f2..19c1a0531 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20150208"
-#define MAIL_VERSION_NUMBER	"2.11.4"
+#define MAIL_RELEASE_DATE	"20150412"
+#define MAIL_VERSION_NUMBER	"2.11.5"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c
index 9013bc50f..ccd006d52 100644
--- a/postfix/src/tls/tls_dane.c
+++ b/postfix/src/tls/tls_dane.c
@@ -383,7 +383,7 @@ static dane_digest *add_digest(char *mdalg, int pref)
 	&& ((md = EVP_get_digestbyname(dane_mdalg)) == 0
 	    || (mdlen = EVP_MD_size(md)) <= 0
 	    || mdlen > EVP_MAX_MD_SIZE)) {
-	msg_warn("Unimplemented digest algoritm in %s: %s%s%s",
+	msg_warn("Unimplemented digest algorithm in %s: %s%s%s",
 		 VAR_TLS_DANE_DIGESTS, mdalg,
 		 value ? "=" : "", value ? value : "");
 	return (0);
@@ -1452,7 +1452,7 @@ static int set_serial(X509 *cert, AUTHORITY_KEYID *akid, X509 *subject)
 
 static int add_akid(X509 *cert, AUTHORITY_KEYID *akid)
 {
-    ASN1_STRING *id;
+    ASN1_OCTET_STRING *id;
     unsigned char c = 0;
     int     nid = NID_authority_key_identifier;
     int     ret = 0;
@@ -1464,13 +1464,13 @@ static int add_akid(X509 *cert, AUTHORITY_KEYID *akid)
      * exempt from any potential (off by default for now in OpenSSL)
      * self-signature checks!
      */
-    id = (ASN1_STRING *) ((akid && akid->keyid) ? akid->keyid : 0);
-    if (id && M_ASN1_STRING_length(id) == 1 && *M_ASN1_STRING_data(id) == c)
+    id = ((akid && akid->keyid) ? akid->keyid : 0);
+    if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_data(id) == c)
 	c = 1;
 
     if ((akid = AUTHORITY_KEYID_new()) != 0
 	&& (akid->keyid = ASN1_OCTET_STRING_new()) != 0
-	&& M_ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1)
+	&& ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1)
 	&& X509_add1_ext_i2d(cert, nid, akid, 0, X509V3_ADD_DEFAULT) > 0)
 	ret = 1;
     if (akid)
diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c
index d9a709e30..84d1d63af 100644
--- a/postfix/src/trivial-rewrite/resolve.c
+++ b/postfix/src/trivial-rewrite/resolve.c
@@ -549,15 +549,20 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr,
 		if (*relay == 0) {
 		    msg_warn("%s: ignoring null lookup result for %s",
 			     rp->snd_relay_maps_name, sender_key);
-		    relay = "DUNNO";
-		}
-		vstring_strcpy(nexthop, strcasecmp(relay, "DUNNO") == 0 ?
-			       rcpt_domain : relay);
+		    relay = 0;
+		} else if (strcasecmp(relay, "DUNNO") == 0)
+		    relay = 0;
 	    } else if (rp->snd_relay_info
 		       && rp->snd_relay_info->error != 0) {
 		msg_warn("%s lookup failure", rp->snd_relay_maps_name);
 		*flags |= RESOLVE_FLAG_FAIL;
 		FREE_MEMORY_AND_RETURN;
+	    } else {
+		relay = 0;
+	    }
+	    /* Enforce all the relayhost precedences in one place. */
+	    if (relay != 0) {
+		vstring_strcpy(nexthop, relay);
 	    } else if (*RES_PARAM_VALUE(rp->relayhost))
 		vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost));
 	    else
diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h
index 6edde1e56..661988577 100644
--- a/postfix/src/util/sys_defs.h
+++ b/postfix/src/util/sys_defs.h
@@ -25,7 +25,7 @@
   */
 #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
     || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
-    || defined(FREEBSD8) || defined(FREEBSD9) \
+    || defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \
     || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
     || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
     || defined(OPENBSD5) \