Import Postfix 2.8.13. Changes since version 2.8.12:

- The postscreen_access_list feature failed to ignore case in the first
  character of a command (e.g., permit, reject, etc.). Reported by Francis
  Picabia. (This fix is incorrectly listed in the HISTORY files of earlier
  releases, and will be removed with a future patch.)
- Strip the datalink suffix (e.g., %eth0) from IPv6 addresses returned by
  the system getaddrinfo() routine. Such suffixes break the default
  mynetworks value, the Postfix SMTP server's reverse/forward DNS
  name/address mapping check, and possibly more.
- To eliminate the possibility of collisions with connection cache lookup
  keys, the Postfix LDAP client now computes those lookup keys by joining
  the number-valued connection properties with ASCII null, just like it
  already did with the string-valued connection properties.
- There was a memory leak during one-time TLS library initialization
  (introduced with Postfix 2.5). Reported by Coverity.
- There was a memory leak in the unused oqmgr(8) program (introduced with
  Postfix 2.3). Reported by Coverity.

external/ibm-public/postfix/dist/HISTORY

@@ -16846,3 +16846,33 @@ Apologies for any names omitted.
 
 	Bugfix (introduced: 20000314): AUTH is not allowed after
 	MAIL. Timo Sirainen.  File: smtpd/smtpd_sasl_proto.c.
+
+20121003
+
+	Bugfix: the postscreen_access_list feature was case-sensitive
+	in the first character of permit, reject, etc. Reported by
+	Francis Picabia. File: global/server_acl.c.
+
+20121010
+
+	Bugfix (introduced: Postfix 2.5): memory leak in program
+	initialization. Reported by Coverity. File: tls/tls_misc.c.
+
+	Bugfix (introduced: Postfix 2.3): memory leak in the unused
+	oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.
+
+20121013
+
+	Cleanup: to compute the LDAP connection cache lookup key,
+	join the numeric fields with null, just like string fields.
+	Viktor Dukhovni. File: global/dict_ldap.c.
+
+20121029
+
+	Workaround: strip datalink suffix from IPv6 addresses
+	returned by the system getaddrinfo() routine.  Such suffixes
+	mess up the default mynetworks value, host name/address
+	verification and possibly more. This change obsoletes the
+	20101108 change that removes datalink suffixes in the SMTP
+	and QMQP servers, but we leave that code alone.  File:
+	util/myaddrinfo.c.

external/ibm-public/postfix/dist/src/global/dict_ldap.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: dict_ldap.c,v 1.1.1.4 2012/02/17 08:36:07 tron Exp $	*/
+/*	$NetBSD: dict_ldap.c,v 1.1.1.5 2012/12/18 09:02:07 tron Exp $	*/
 
 /*++
 /* NAME
@@ -932,8 +932,11 @@ static void dict_ldap_conn_find(DICT_LDAP *dict_ldap)
 #endif
     LDAP_CONN *conn;
 
+    /*
+     * Join key fields with null characters.
+     */
 #define ADDSTR(vp, s) vstring_memcat((vp), (s), strlen((s))+1)
-#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu", (unsigned long)(i))
+#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu%c", (unsigned long)(i), 0)
 
     ADDSTR(keybuf, dict_ldap->server_host);
     ADDINT(keybuf, dict_ldap->server_port);

external/ibm-public/postfix/dist/src/global/mail_version.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: mail_version.h,v 1.1.1.15 2012/08/10 12:35:44 tron Exp $	*/
+/*	$NetBSD: mail_version.h,v 1.1.1.16 2012/12/18 09:02:08 tron Exp $	*/
 
 #ifndef _MAIL_VERSION_H_INCLUDED_
 #define _MAIL_VERSION_H_INCLUDED_
@@ -22,8 +22,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20120801"
-#define MAIL_VERSION_NUMBER	"2.8.12"
+#define MAIL_RELEASE_DATE	"20121213"
+#define MAIL_VERSION_NUMBER	"2.8.13"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE

external/ibm-public/postfix/dist/src/oqmgr/qmgr_message.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: qmgr_message.c,v 1.1.1.3 2011/03/02 19:32:23 tron Exp $	*/
+/*	$NetBSD: qmgr_message.c,v 1.1.1.4 2012/12/18 09:02:12 tron Exp $	*/
 
 /*++
 /* NAME
@@ -751,7 +751,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
 	if (rec_type > 0)
 	    msg_warn("%s: ignoring out-of-order DSN original recipient <%.200s>",
 		     message->queue_id, dsn_orcpt);
-	myfree(orig_rcpt);
+	myfree(dsn_orcpt);
     }
     if (orig_rcpt != 0) {
 	if (rec_type > 0)

external/ibm-public/postfix/dist/src/postscreen/postscreen_access.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: postscreen_access.c,v 1.1.1.1 2011/03/02 19:32:26 tron Exp $	*/
+/*	$NetBSD: postscreen_access.c,v 1.1.1.2 2012/12/18 09:02:14 tron Exp $	*/
 
 /*++
 /* NAME
@@ -101,8 +101,8 @@ ARGV   *psc_acl_parse(const char *acl, const char *origin)
     char   *bp = saved_checks;
     char   *name;
 
-#define STREQ(x,y) ((*x) == (*y) && strcasecmp((x), (y)) == 0)
-#define STRNE(x,y) ((*x) != (*y) || strcasecmp((x), (y)) != 0)
+#define STREQ(x,y) (strcasecmp((x), (y)) == 0)
+#define STRNE(x,y) (strcasecmp((x), (y)) != 0)
 
     /*
      * Nested tables are not allowed. Tables are opened before entering the

external/ibm-public/postfix/dist/src/util/myaddrinfo.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: myaddrinfo.c,v 1.1.1.2 2011/03/02 19:32:44 tron Exp $	*/
+/*	$NetBSD: myaddrinfo.c,v 1.1.1.3 2012/12/18 09:02:23 tron Exp $	*/
 
 /*++
 /* NAME
@@ -80,6 +80,7 @@
 /*	into printable form. The result buffers should be large
 /*	enough to hold the printable address or port including the
 /*	null terminator.
+/*	This function strips off the IPv6 datalink suffix.
 /*
 /*	sockaddr_to_hostname() converts a binary network address
 /*	into a hostname or service.  The result buffer should be
@@ -204,6 +205,7 @@
 #include <msg.h>
 #include <inet_proto.h>
 #include <myaddrinfo.h>
+#include <split_at.h>
 
 /* Application-specific. */
 
@@ -609,16 +611,20 @@ int     sockaddr_to_hostaddr(const struct sockaddr * sa, SOCKADDR_SIZE salen,
     }
     return (0);
 #else
+    int     ret;
 
     /*
      * Native getnameinfo(3) version.
      */
-    return (getnameinfo(sa, salen,
-			hostaddr ? hostaddr->buf : (char *) 0,
-			hostaddr ? sizeof(hostaddr->buf) : 0,
-			portnum ? portnum->buf : (char *) 0,
-			portnum ? sizeof(portnum->buf) : 0,
-			NI_NUMERICHOST | NI_NUMERICSERV));
+    ret = getnameinfo(sa, salen,
+		      hostaddr ? hostaddr->buf : (char *) 0,
+		      hostaddr ? sizeof(hostaddr->buf) : 0,
+		      portnum ? portnum->buf : (char *) 0,
+		      portnum ? sizeof(portnum->buf) : 0,
+		      NI_NUMERICHOST | NI_NUMERICSERV);
+    if (hostaddr != 0 && ret == 0 && sa->sa_family == AF_INET6)
+	(void) split_at(hostaddr->buf, '%');
+    return (ret);
 #endif
 }