- update to 3.3-20170910
20170827
Safety: in vstream_buf_space(), add a sanity check to reject negative request sizes, instead of letting the program fail later. File: util/vstream.c Bugfix: in tests that enable the VSTRING_FLAG_EXACT flag, vstring_buf_put_ready() could fail to extend the buffer, causing infinite recursion in VBUF_PUT(). File: util/vstring.c.
20170830
Bugfix: in vbuf_print(), save the parser-produced format string before calling msg_panic(), so that the panic message will not display its own format string. File: util/vbuf_print.c.
20170831
Portability (introduced Postfix 1.0): possible cause for panic in postqueue when listing the deferred queue. This assigned the result from unsigned integer subtraction to a signed integer, followed by a safety check to ensure that the result was non-negative. This assignment relied on undefined behavior, meaning that a compiler may eliminate the safety check, causing the program to fail later. File: postqueue/showq_compat.c.
20170910
Safety: restore sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). These checks were lost with the Postfix 3.2.2 rewrite of the vbuf_print formatter. File: vbuf_print.c.