Import Postfix 2.8.12. Changes since version 2.8.11:

- The local(8) delivery agent's BIFF client leaked an unprivileged UDP
  socket. Fix by Jaroslav Skarvada. This bug was introduced 19990127.
- The SMTP server did not reject the AUTH command while a MAIL FROM
  transaction was in progress. Reported by Timo Sirainen.
  This bug was introduced 20000314.
- The unused "pass" trigger client could close the wrong file descriptors.
  This bug was introduced with Postfix 2.8.

external/ibm-public/postfix/dist/HISTORY

@@ -16829,3 +16829,20 @@ Apologies for any names omitted.
 	command must wait until its requests have reached the pickup
 	and qmgr servers before closing the UNIX-domain request
 	sockets.  Files: postqueue/postqueue.c, postqueue/Makefile.in.
+
+20120621
+
+	Bugfix (introduced: Postfix 2.8): the unused "pass" trigger
+	client could close the wrong file descriptors.  File:
+	util/unix_pass_trigger.c.
+
+20120702
+
+	Bugfix (introduced: 19990127): the BIFF client leaked an
+	unprivileged UDP socket. Fix by Jaroslav Skarvada.  File:
+	local/biff_notify.c.
+
+20120730
+
+	Bugfix (introduced: 20000314): AUTH is not allowed after
+	MAIL. Timo Sirainen.  File: smtpd/smtpd_sasl_proto.c.

external/ibm-public/postfix/dist/src/global/mail_version.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: mail_version.h,v 1.1.1.14 2012/06/09 11:27:12 tron Exp $	*/
+/*	$NetBSD: mail_version.h,v 1.1.1.15 2012/08/10 12:35:44 tron Exp $	*/
 
 #ifndef _MAIL_VERSION_H_INCLUDED_
 #define _MAIL_VERSION_H_INCLUDED_
@@ -22,8 +22,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20120520"
-#define MAIL_VERSION_NUMBER	"2.8.11"
+#define MAIL_RELEASE_DATE	"20120801"
+#define MAIL_VERSION_NUMBER	"2.8.12"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE

external/ibm-public/postfix/dist/src/local/biff_notify.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: biff_notify.c,v 1.1.1.1 2009/06/23 10:08:48 tron Exp $	*/
+/*	$NetBSD: biff_notify.c,v 1.1.1.2 2012/08/10 12:35:46 tron Exp $	*/
 
 /*++
 /* NAME
@@ -45,6 +45,7 @@
 /* Utility library. */
 
 #include <msg.h>
+#include <iostuff.h>
 
 /* Application-specific. */
 
@@ -83,9 +84,12 @@ void    biff_notify(const char *text, ssize_t len)
     /*
      * Open a socket, or re-use an existing one.
      */
-    if (sock < 0 && (sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
-	msg_warn("socket: %m");
-	return;
+    if (sock < 0) {
+	if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+	    msg_warn("socket: %m");
+	    return;
+	}
+	close_on_exec(sock, CLOSE_ON_EXEC);
     }
 
     /*

external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_proto.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: smtpd_sasl_proto.c,v 1.1.1.3 2011/05/11 09:11:19 tron Exp $	*/
+/*	$NetBSD: smtpd_sasl_proto.c,v 1.1.1.4 2012/08/10 12:35:55 tron Exp $	*/
 
 /*++
 /* NAME
@@ -154,6 +154,12 @@ int     smtpd_sasl_auth_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled");
 	return (-1);
     }
+#define IN_MAIL_TRANSACTION(state) ((state)->sender != 0)
+    if (IN_MAIL_TRANSACTION(state)) {
+	state->error_mask |= MAIL_ERROR_PROTOCOL;
+	smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
+	return (-1);
+    }
     if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) {
 	if (err[0] == '5') {
 	    state->error_mask |= MAIL_ERROR_POLICY;

external/ibm-public/postfix/dist/src/util/unix_pass_trigger.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: unix_pass_trigger.c,v 1.1.1.1 2011/03/02 19:32:46 tron Exp $	*/
+/*	$NetBSD: unix_pass_trigger.c,v 1.1.1.2 2012/08/10 12:35:59 tron Exp $	*/
 
 /*++
 /* NAME
@@ -65,7 +65,7 @@
 struct unix_pass_trigger {
     int     fd;
     char   *service;
-    int    *pair;
+    int     pair[2];
 };
 
 /* unix_pass_trigger_event - disconnect from peer */
@@ -131,7 +131,8 @@ int     unix_pass_trigger(const char *service, const char *buf, ssize_t len, int
     up = (struct unix_pass_trigger *) mymalloc(sizeof(*up));
     up->fd = fd;
     up->service = mystrdup(service);
-    up->pair = pair;
+    up->pair[0] = pair[0];
+    up->pair[1] = pair[1];
 
     /*
      * Write the request...