Microversion release update for postfix 2.9.3-2

[TEST CASE] Install updated packages and evaluate normal postfix functionality is still working (will vary based on local configuration).

[REGRESSION POTENTIAL] Very small. MRE was granted for postfix based on upstream's demonstrated track record for being very careful. Fixes have had extensive testing upstream, in Debian, and in Quantal.

There is a packaging change included as well to fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675247 since this will cause upgrade issues.

Here are the upstream changes:

20120401

 Bitrot: shut up useless warnings about Cyrus SASL call-back
 function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
 xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.

20120422

 Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
 known TLS protocol list so that protocols can be turned off
 selectively to work around implementation bugs. Based on
 a patch by Victor Duchovni. Files: proto/TLS_README.html,
 proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
 tls/tls_server.c.

20120425

 Workaround: bugs in 10-year old gcc versions break compilation
 with #ifdef inside a macro invocation (NOT: definition).
 This synchronizes the Postfix 2.9 TLS implementation with
 Postfix 2.10 to simplify code maintenance. Files: tls/tls.h,
 tls/tls_client.c, tls/tls_server.c.

20120426

 Bugfix (introduced Postfix 2.9): the postconf command flagged
 parameters defined in master.cf as "unused" when they were
 used only in main.cf. Problem reported by Michael Tokarev.
 Files: postconf/postconf_user.c.

20120516

 Workaround: apparently, FreeBSD 8.3 kqueue notifications
 sometimes break when a dnsblog(8) process loses an accept()
 race on a shared socket, resulting in repeated "connect to
 private/dnsblog service: Connection refused" warnings. This
 condition is unique to dnsblog(8). The postscreen(8) daemon
 closes a postscreen-to-dnsblog connection as soon as it
 receives a dnsblog(8) reply, resulting in hundreds or
 thousands of connection requests per second. All other
 multi-server daemons such as anvil(8) or proxymap(8) have
 connection lifetimes ranging from 5s to 1000s depending on
 server load. The workaround is for dnsblog to use the
 single_server driver instead of the multi_server driver.
 This one-line code change eliminates the accept() race
 without any Postfix performance impact. Problem reported
 by Sahil Tandon. File: dnsblog/dnsblog.c.

20120517

 Workaround: to avoid crashes when the OpenSSL library is
 updated without "postfix reload", the Postfix TLS session
 cache ID now includes the OpenSSL library version number.
 Note: this problem cannot be fixed in tlsmgr(8). Code by
 Victor Duchovni. Files: tls/tls_server.c, tls_client.c.

20120520

 Bugfix (introduced Postfix 2.4): the event_drain() function
 was comparing bitmasks incorrectly causing the program to
 always wait for the full time limit. This error affected
 the unused postkick command, but only after s/fifo/unix/
 in master.cf. File: util/events.c.

 Cleanup: laptop users have always been able to avoid
 unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
 (this is currently not supported on Solaris systems).
 However, to make this work reliably, the "postqueue -f"
 command must wait until its requests have reached the pickup
 and qmgr servers before closing the UNIX-domain request
 sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.