 @@ -1,14 +1,14 @@
-#	$NetBSD: 3RDPARTY,v 1.1145.2.8 2015/02/05 15:13:12 martin Exp $
+#	$NetBSD: 3RDPARTY,v 1.1145.2.9 2015/03/03 07:11:08 snj Exp $
+#
 # This file contains a list of the software that has been integrated into
 # NetBSD where we are not the primary maintainer.
+#
 # When you make changes to this software, be sure to discuss it with the
 # maintainer and contribute your patches.  Divergence from the official
 # sources is not desirable, and should be avoided as much as possible.
+#
 # When importing, please deal with the RCS IDs in this way:
 #   1. Preserve the RCS IDs in the files by removing the $ signs from
 #      the IDs before you do the import.
 #   2. After the import, add NetBSD RCS IDs to all of the files.
+#
 @@ -1092,28 +1092,28 @@ Maintainer:	Mike Muuss
 Archive Site:
 Home Page:	http://ftp.arl.mil/mike/ping.html
 Mailing List:
 Responsible:	christos
 License:	BSD (3-clause)
 Location:	sbin/ping
 Notes:
 We use err() and friends. We have changes for snprintf, extra
 formatting in man pages, disallowing flood pinging, alignment fixes,
 and more. Vern's ping is gone. We are too different from everyone else
 now to do a new import.
 Package:	Postfix
-Version:	2.11.3
+Version:	3.0
-Current Vers:	2.11.3
+Current Vers:	2.11.4
 Maintainer:	Wietse Venema <wietse@porcupine.org>
 Archive Site:	ftp://postfix.cloud9.net/official/
 Home Page:	http://www.postfix.org/
 Mailing List:	postfix-users@postfix.org
 Responsible:	christos, tron
 License:	IBM Public License. See also src/external/ibm-public/postfix/dist.
 Location:	external/ibm-public/postfix/dist
 Notes:
 HTML documentation should be kept in sync with the README_FILES.
 src/gnu/dist/postfix/conf/postfix-files must be kept in sync with our
 directory layout (the easiest way to check is by running ``postfix
 set-permissions'').

 @@ -19608,13 +19608,36 @@ Apologies for any names omitted.
 20141018
 	Bugfix (introduced: Postfix 2.3): when a Milter inserted a
 	header ABOVE Postfix's own Received: header, Postfix would
 	expose its own Received: header to Milters (violating
 	protocol) and hide the Milter-inserted header from Milters
 	(wtf).  Files: cleanup/cleanup.h, cleanup/cleanup_message.c,
 	cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c.
 	Cleanup: revert the workaround that places headers inserted
 	with PREPEND actions or policy requests BELOW Postfix's own
 	Received: message header. File: smtpd/smtpd.c.
 20141025
 	Bugfix (introduced: Postfix 2.11): core dump when
 	smtp_policy_maps specifies an invalid TLS level. Viktor
 	Dukhovni. File: smtp/smtp_tls_policy.c.
 20150106
 	Robustness: don't segfault due to excessive recursion after
 	a faulty configuration runs into the virtual_alias_recursion_limit.
 	File: global/tok822_tree.c.
 20150115
 	Safety: stop aliasing loops that exponentially increase the
 	address length with each iteration. Back-ported from Postfix
 .0. File: cleanup/cleanup_map1n.c.
 20150117
 	Cleanup: missing " in \%s\" in postconf(1) fatal error
 	messages. Iain Hibbert. File: postconf/postconf_master.c.

 @@ -1,14 +1,14 @@
-/*	$NetBSD: cleanup_map1n.c,v 1.1.1.4 2014/07/06 19:27:49 tron Exp $	*/
+/*	$NetBSD: cleanup_map1n.c,v 1.1.1.4.2.1 2015/03/03 07:11:08 snj Exp $	*/
 /*++
 /* NAME
 /*	cleanup_map1n 3
 /* SUMMARY
 /*	one-to-many address mapping
 /* SYNOPSIS
 /*	#include <cleanup.h>
 /*
 /*	ARGV	*cleanup_map1n_internal(state, addr, maps, propagate)
 /*	CLEANUP_STATE *state;
 /*	const char *addr;
 /*	MAPS	*maps;
 @@ -131,26 +131,35 @@ ARGV   *cleanup_map1n_internal(CLEANUP_S
 	    if (count >= var_virt_recur_limit) {
 		msg_warn("%s: unreasonable %s map nesting for %s -- "
 			 "message not accepted, try again later",
 			 state->queue_id, maps->title, addr);
 		state->errs |= CLEANUP_STAT_DEFER;
 		UPDATE(state->reason, "4.6.0 Alias expansion error");
 		UNEXPAND(argv, addr);
 		RETURN(argv);
+	    }
 	    quote_822_local(state->temp1, argv->argv[arg]);
 	    if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) {
 		saved_lhs = mystrdup(argv->argv[arg]);
 		for (i = 0; i < lookup->argc; i++) {
 		    if (strlen(lookup->argv[i]) > var_line_limit) {
 			msg_warn("%s: unreasonable %s result %.300s... -- "
 				 "message not accepted, try again later",
 			     state->queue_id, maps->title, lookup->argv[i]);
 			state->errs |= CLEANUP_STAT_DEFER;
 			UPDATE(state->reason, "4.6.0 Alias expansion error");
 			UNEXPAND(argv, addr);
 			RETURN(argv);
+		    }
 		    unquote_822_local(state->temp1, lookup->argv[i]);
 		    if (i == 0) {
 			UPDATE(argv->argv[arg], STR(state->temp1));
 		    } else {
 			argv_add(argv, STR(state->temp1), ARGV_END);
 			argv_terminate(argv);
+		    }
 		    /*
 		     * Allow an address to expand into itself once.
 		     */
 		    if (strcasecmp(saved_lhs, STR(state->temp1)) == 0)
 			been_here_fixed(been_here, saved_lhs);

 @@ -1,39 +1,39 @@
-/*	$NetBSD: mail_version.h,v 1.1.1.21.2.1 2015/01/27 08:14:03 martin Exp $	*/
+/*	$NetBSD: mail_version.h,v 1.1.1.21.2.2 2015/03/03 07:11:08 snj Exp $	*/
 #ifndef _MAIL_VERSION_H_INCLUDED_
 #define _MAIL_VERSION_H_INCLUDED_
 /*++
 /* NAME
 /*	mail_version 3h
 /* SUMMARY
 /*	globally configurable parameters
 /* SYNOPSIS
 /*	#include <mail_version.h>
 /* DESCRIPTION
 /* .nf
  /*
   * Version of this program. Official versions are called a.b.c, and
   * snapshots are called a.b-yyyymmdd, where a=major release number, b=minor
   * release number, c=patchlevel, and yyyymmdd is the release date:
   * yyyy=year, mm=month, dd=day.
+  *
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20141019"
+#define MAIL_RELEASE_DATE	"20150208"
-#define MAIL_VERSION_NUMBER	"2.11.3"
+#define MAIL_VERSION_NUMBER	"2.11.4"
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
 #else
 #define MAIL_VERSION_DATE	""
 #endif
 #ifdef NONPROD
 #define MAIL_VERSION_PROD	"-nonprod"
 #else
 #define MAIL_VERSION_PROD	""
 #endif

 @@ -1,14 +1,14 @@
-/*	$NetBSD: tok822_tree.c,v 1.1.1.1 2009/06/23 10:08:48 tron Exp $	*/
+/*	$NetBSD: tok822_tree.c,v 1.1.1.1.28.1 2015/03/03 07:11:08 snj Exp $	*/
 /*++
 /* NAME
 /*	tok822_tree 3
 /* SUMMARY
 /*	assorted token tree operators
 /* SYNOPSIS
 /*	#include <tok822.h>
 /*
 /*	TOK822	*tok822_append(t1, t2)
 /*	TOK822	*t1;
 /*	TOK822	*t2;
 /*
 @@ -251,31 +251,32 @@ TOK822 *tok822_sub_keep_before(TOK822 *t
 TOK822 *tok822_sub_keep_after(TOK822 *t1, TOK822 *t2)
+{
     TOK822 *head = t1->head;
     if ((t1->head = tok822_cut_after(t2)) == 0)
 	t1->tail = 0;
     return (head);
+}
 /* tok822_free_tree - destroy token tree */
 TOK822 *tok822_free_tree(TOK822 *tp)
+{
-    if (tp) {
+    TOK822 *next;
 	if (tp->next)
-	    tok822_free_tree(tp->next);
+    for (/* void */; tp != 0; tp = next) {
 	if (tp->head)
 	    tok822_free_tree(tp->head);
 	next = tp->next;
 	tok822_free(tp);
+    }
     return (0);
+}
 /* tok822_apply - apply action to specified tokens */
 int     tok822_apply(TOK822 *tree, int type, TOK822_ACTION action)
+{
     TOK822 *tp;
     int     result = 0;
     for (tp = tree; tp; tp = tp->next) {

 @@ -1,14 +1,14 @@
-/*	$NetBSD: postconf_master.c,v 1.3 2014/07/06 19:45:50 tron Exp $	*/
+/*	$NetBSD: postconf_master.c,v 1.3.2.1 2015/03/03 07:11:08 snj Exp $	*/
 /*++
 /* NAME
 /*	postconf_master 3
 /* SUMMARY
 /*	support for master.cf
 /* SYNOPSIS
 /*	#include <postconf.h>
 /*
 /*	const char pcf_daemon_options_expecting_value[];
 /*
 /*	void	pcf_read_master(fail_on_open)
 /*	int	fail_on_open;
 @@ -265,41 +265,41 @@ static void pcf_check_master_entry(ARGV
     cp = argv->argv[PCF_MASTER_FLD_TYPE];
     for (cpp = pcf_valid_master_types; /* see below */ ; cpp++) {
 	if (*cpp == 0)
 	    pcf_fix_fatal("invalid " PCF_MASTER_NAME_TYPE " field \"%s\" in \"%s\"",
 			  cp, raw_text);
 	if (strcmp(*cpp, cp) == 0)
 	    break;
+    }
     for (field = PCF_MASTER_FLD_PRIVATE; field <= PCF_MASTER_FLD_CHROOT; field++) {
 	cp = argv->argv[field];
 	if (cp[1] != 0 || strchr(pcf_valid_bool_types, *cp) == 0)
-	    pcf_fix_fatal("invalid %s field \%s\" in \"%s\"",
+	    pcf_fix_fatal("invalid %s field \"%s\" in \"%s\"",
 			  pcf_str_field_pattern(field), cp, raw_text);
+    }
     cp = argv->argv[PCF_MASTER_FLD_WAKEUP];
     len = strlen(cp);
     if (len > 0 && cp[len - 1] == '?')
 	len--;
     if (!(cp[0] == '-' && len == 1) && strspn(cp, "0123456789") != len)
-	pcf_fix_fatal("invalid " PCF_MASTER_NAME_WAKEUP " field \%s\" in \"%s\"",
+	pcf_fix_fatal("invalid " PCF_MASTER_NAME_WAKEUP " field \"%s\" in \"%s\"",
 		      cp, raw_text);
     cp = argv->argv[PCF_MASTER_FLD_MAXPROC];
     if (strcmp("-", cp) != 0 && cp[strspn(cp, "0123456789")] != 0)
-	pcf_fix_fatal("invalid " PCF_MASTER_NAME_MAXPROC " field \%s\" in \"%s\"",
+	pcf_fix_fatal("invalid " PCF_MASTER_NAME_MAXPROC " field \"%s\" in \"%s\"",
 		      cp, raw_text);
+}
 /* pcf_free_master_entry - destroy parsed entry */
 void    pcf_free_master_entry(PCF_MASTER_ENT *masterp)
+{
     /* XX Fixme: allocation/deallocation asymmetry. */
     myfree(masterp->name_space);
     argv_free(masterp->argv);
     if (masterp->valid_names)
 	htable_free(masterp->valid_names, myfree);
     if (masterp->all_params)

 @@ -1,14 +1,14 @@
-/*	$NetBSD: smtp_tls_policy.c,v 1.1.1.1 2014/07/06 19:27:56 tron Exp $	*/
+/*	$NetBSD: smtp_tls_policy.c,v 1.1.1.1.4.1 2015/03/03 07:11:08 snj Exp $	*/
 /*++
 /* NAME
 /*	smtp_tls_policy 3
 /* SUMMARY
 /*	SMTP_TLS_POLICY structure management
 /* SYNOPSIS
 /*	#include "smtp.h"
 /*
 /*	void    smtp_tls_list_init()
 /*
 /*	int	smtp_tls_policy_cache_query(why, tls, iter)
 /*	DSN_BUF	*why;
 @@ -508,29 +508,31 @@ static void *policy_create(const char *u
 	 * With the current implementation, a combined per-site (NONE+MAY)
 	 * consistently overrides global policy with NONE, and global policy
 	 * can override only a per-site MAY wildcard. That is, specific
 	 * policies consistently override wildcard policies, and
 	 * (non-wildcard) per-site policies consistently override global
 	 * policies.
 	 */
 	if (site_level == TLS_LEV_MAY && tls->level > TLS_LEV_MAY)
 	    site_level = tls->level;
+    }
     switch (site_level) {
     default:
 	tls->level = site_level;
 	/* FALLTHROUGH */
     case TLS_LEV_NOTFOUND:
 	break;
     case TLS_LEV_INVALID:
 	tls->level = site_level;
 	return ((void *) tls);
+    }
     /*
      * DANE initialization may change the security level to something else,
      * so do this early, so that we use the right level below.  Note that
      * "dane-only" changes to "dane" once we obtain the requisite TLSA
      * records.
      */
     if (tls->level == TLS_LEV_DANE || tls->level == TLS_LEV_DANE_ONLY)
 	dane_init(tls, iter);
     if (tls->level == TLS_LEV_INVALID)
 	return ((void *) tls);