From: Wietse Venema <wietse@porcupine.org>
Date: Wed, 1 Aug 2012 05:00:00 +0000 (-0500)
Subject: postfix-2.7.11
X-Git-Tag: v2.7.11^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22ed9f77675bdf105a951990ac14d57f23e59219;p=thirdparty%2Fpostfix.git

postfix-2.7.11
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 85f2a878f..c2f48c27a 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -16071,3 +16071,14 @@ Apologies for any names omitted.
 	command must wait until its requests have reached the pickup
 	and qmgr servers before closing the UNIX-domain request
 	sockets.  Files: postqueue/postqueue.c, postqueue/Makefile.in.
+
+20120702
+
+	Bugfix (introduced: 19990127): the BIFF client leaked an
+	unprivileged UDP socket. Fix by Jaroslav Skarvada.  File:
+	local/biff_notify.c.
+
+20120730
+
+	Bugfix (introduced: 20000314): AUTH is not allowed after
+	MAIL. Timo Sirainen.  File: smtpd/smtpd_sasl_proto.c.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 7ff0c6934..fd88f2ac2 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20120520"
-#define MAIL_VERSION_NUMBER	"2.7.10"
+#define MAIL_RELEASE_DATE	"20120801"
+#define MAIL_VERSION_NUMBER	"2.7.11"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/local/biff_notify.c b/postfix/src/local/biff_notify.c
index b189ad4b2..ca7dc1645 100644
--- a/postfix/src/local/biff_notify.c
+++ b/postfix/src/local/biff_notify.c
@@ -43,6 +43,7 @@
 /* Utility library. */
 
 #include <msg.h>
+#include <iostuff.h>
 
 /* Application-specific. */
 
@@ -81,9 +82,12 @@ void    biff_notify(const char *text, ssize_t len)
     /*
      * Open a socket, or re-use an existing one.
      */
-    if (sock < 0 && (sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
-	msg_warn("socket: %m");
-	return;
+    if (sock < 0) {
+	if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+	    msg_warn("socket: %m");
+	    return;
+	}
+	close_on_exec(sock, CLOSE_ON_EXEC);
     }
 
     /*
diff --git a/postfix/src/smtpd/smtpd_sasl_proto.c b/postfix/src/smtpd/smtpd_sasl_proto.c
index 1633a80be..e9a75f399 100644
--- a/postfix/src/smtpd/smtpd_sasl_proto.c
+++ b/postfix/src/smtpd/smtpd_sasl_proto.c
@@ -152,6 +152,12 @@ int     smtpd_sasl_auth_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled");
 	return (-1);
     }
+#define IN_MAIL_TRANSACTION(state) ((state)->sender != 0)
+    if (IN_MAIL_TRANSACTION(state)) {
+	state->error_mask |= MAIL_ERROR_PROTOCOL;
+	smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
+	return (-1);
+    }
     if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) {
 	if (err[0] == '5') {
 	    state->error_mask |= MAIL_ERROR_POLICY;