Prereq: "2.5.12" diff -cr --new-file /var/tmp/postfix-2.5.12/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-2.5.12/src/global/mail_version.h Tue Mar 1 14:24:55 2011 --- ./src/global/mail_version.h Tue Apr 19 20:24:58 2011 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20110303" ! #define MAIL_VERSION_NUMBER "2.5.12" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20110509" ! #define MAIL_VERSION_NUMBER "2.5.13" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-2.5.12/HISTORY ./HISTORY *** /var/tmp/postfix-2.5.12/HISTORY Sun Feb 27 16:04:55 2011 --- ./HISTORY Tue Apr 19 19:10:03 2011 *************** *** 14678,14680 **** --- 14678,14687 ---- Portability: FreeBSD closefrom() support time window. Sahil Tandon. File: util/sys_defs.h. + + 20110414 + + Bugfix (introduced with Postfix SASL patch 20000314): don't + reuse a server SASL handle after authentication failure. + Problem reported by Thomas Jarosch of Intra2net AG. File: + smtpd/smtpd_proto.c. diff -cr --new-file /var/tmp/postfix-2.5.12/src/smtpd/smtpd_sasl_proto.c ./src/smtpd/smtpd_sasl_proto.c *** /var/tmp/postfix-2.5.12/src/smtpd/smtpd_sasl_proto.c Wed Oct 3 17:37:45 2007 --- ./src/smtpd/smtpd_sasl_proto.c Tue Apr 19 18:33:55 2011 *************** *** 184,189 **** --- 184,210 ---- return (-1); } + /* Don't reuse the SASL handle after authentication failure. */ + #ifndef SMTPD_FLAG_AUTH_USED + #define SMTPD_FLAG_AUTH_USED (1<<15) + #endif + #ifndef XSASL_TYPE_CYRUS + #define XSASL_TYPE_CYRUS "cyrus" + #endif + if (state->flags & SMTPD_FLAG_AUTH_USED) { + smtpd_sasl_disconnect(state); + #ifdef USE_TLS + if (state->tls_context != 0) + smtpd_sasl_connect(state, VAR_SMTPD_SASL_TLS_OPTS, + var_smtpd_sasl_tls_opts); + else + #endif + smtpd_sasl_connect(state, VAR_SMTPD_SASL_OPTS, + var_smtpd_sasl_opts); + } else if (strcmp(var_smtpd_sasl_type, XSASL_TYPE_CYRUS) == 0) { + state->flags |= SMTPD_FLAG_AUTH_USED; + } + /* * All authentication failures shall be logged. The 5xx reply code from * the SASL authentication routine triggers tar-pit delays, which help to