From d67d2daf3b9029bb70347c1ee418538ac38dbc20 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Wed, 1 Aug 2012 00:00:00 -0500 Subject: [PATCH] postfix-2.6.17 --- postfix/HISTORY | 11 +++++++++++ postfix/src/global/mail_version.h | 4 ++-- postfix/src/local/biff_notify.c | 10 +++++++--- postfix/src/smtpd/smtpd_sasl_proto.c | 6 ++++++ 4 files changed, 26 insertions(+), 5 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index c79f34a96..b65ad789a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15658,3 +15658,14 @@ Apologies for any names omitted. command must wait until its requests have reached the pickup and qmgr servers before closing the UNIX-domain request sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in. + +20120702 + + Bugfix (introduced: 19990127): the BIFF client leaked an + unprivileged UDP socket. Fix by Jaroslav Skarvada. File: + local/biff_notify.c. + +20120730 + + Bugfix (introduced: 20000314): AUTH is not allowed after + MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 130349374..2a3d4c27e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20120520" -#define MAIL_VERSION_NUMBER "2.6.16" +#define MAIL_RELEASE_DATE "20120801" +#define MAIL_VERSION_NUMBER "2.6.17" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/local/biff_notify.c b/postfix/src/local/biff_notify.c index b189ad4b2..ca7dc1645 100644 --- a/postfix/src/local/biff_notify.c +++ b/postfix/src/local/biff_notify.c @@ -43,6 +43,7 @@ /* Utility library. */ #include +#include /* Application-specific. */ @@ -81,9 +82,12 @@ void biff_notify(const char *text, ssize_t len) /* * Open a socket, or re-use an existing one. */ - if (sock < 0 && (sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - msg_warn("socket: %m"); - return; + if (sock < 0) { + if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { + msg_warn("socket: %m"); + return; + } + close_on_exec(sock, CLOSE_ON_EXEC); } /* diff --git a/postfix/src/smtpd/smtpd_sasl_proto.c b/postfix/src/smtpd/smtpd_sasl_proto.c index 1633a80be..e9a75f399 100644 --- a/postfix/src/smtpd/smtpd_sasl_proto.c +++ b/postfix/src/smtpd/smtpd_sasl_proto.c @@ -152,6 +152,12 @@ int smtpd_sasl_auth_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled"); return (-1); } +#define IN_MAIL_TRANSACTION(state) ((state)->sender != 0) + if (IN_MAIL_TRANSACTION(state)) { + state->error_mask |= MAIL_ERROR_PROTOCOL; + smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress"); + return (-1); + } if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) { if (err[0] == '5') { state->error_mask |= MAIL_ERROR_POLICY;