postfix-3.10-20250103

postfix/HISTORY

@@ -28637,3 +28637,66 @@ Apologies for any names omitted.
 	datagram-based spawn(8) service. It was too difficult to
 	enforce that processes terminate as expected after "postfix
 	reload" etc. File: spawn/spawn.c.
+
+20241205
+
+	Portability: include <sys_socket.h> for a SUNOS5 workaround.
+	Gary R. Schmidt. File: util/peekfd.c.
+
+20241210
+
+	Documentation: ESMTP parameters that are supported in Milter
+	requests to change the envelope sender address, or to add
+	an envelope recipient address. File: proto/MILTER_README.html.
+
+20241213
+
+	Bugfix (defect introduced Postfix 3.1 date 20150523): makedefs did
+	not handle Major release version of zero. Michael Tokarev. File:
+	makedefs.
+
+	Portability: changed the closefrom() result type from 'int'
+	to 'void', for compatibility with systems that have a
+	closefrom() implementation that we don't want to use.
+	Michael Tokarev. Files: util/sys_defs.h, util/sys_compat.c.
+
+20241214
+
+	Documentation: updated the postlog(1) manpage text for
+	logging to the standard error stream. File postlog/postlog.c.
+
+20241226
+
+	Bit rot: The Postfix code for logging the TLS group wasn't
+	quite right. Instead of the TLS group name, it logged the
+	underlying public key algorithm name. These names may differ
+	when some of the newer constructs are used. Viktor Dukhovni.
+	File: tls/tls_misc.c.
+
+20241230
+
+	Bugfix (defect introduced: Postfix 3.3, date 20180107) small
+	memory leak in the cleanup daemon when generating a "From:
+	full-name <addr-spec>" message header. The impact is limited
+	because the number of requests is bounded by the "max_use"
+	configuration parameter. Found during code maintenance.
+	File: cleanup/cleanup_message.c.
+
+20250101
+
+	Wietse added -DNO_CLOSEFROM support to make the change
+	20241213 easily testable, and documented it in the makedefs(1)
+	manpage.
+
+20250102
+
+	Added pre-release checks for configuration parameters that
+	are implemented but not documented, and for configuration
+	parameters that are documented but not implemented. Files:
+	mantools/check-postconf-unimplemented,
+	mantools/check-postconf-undocumented.
+
+	Documentation: eliminated an "unused" postconf(5) entry for
+	the lmtp_lhlo_timeout parameter, and added end-of-life info
+	for the obsolete proxy_tls_session_cache_timeout parameter.
+	File: proto/postconf.proto.

postfix/Makefile.in

@@ -117,6 +117,7 @@ manpages:
 # Some checks require a bin/postconf executable.
 pre-release-checks: typo-check double-check missing-proxy-read-maps-check \
 	postlink-check postfix-files-check \
+	postconf-unimplemented-check postconf-undocumented-check \
 	check-table-proto check-see-postconf-d-output \
 	check-snapshot-nonprod
 
@@ -126,6 +127,12 @@ postfix-files-check:
 postlink-check:
 	$(SHLIB_ENV) mantools/check-postlink | diff /dev/null -
 
+postconf-undocumented-check:
+	$(SHLIB_ENV) mantools/check-postconf-undocumented | diff /dev/null -
+
+postconf-unimplemented-check:
+	$(SHLIB_ENV) mantools/check-postconf-unimplemented | diff /dev/null -
+
 missing-proxy-read-maps-check:
 	$(SHLIB_ENV) mantools/missing-proxy-read-maps | diff /dev/null -
 

postfix/README_FILES/MILTER_README

@@ -663,10 +663,24 @@ the CONTENT_INSPECTION_README document for a discussion.
     command information; they have no access to the message header or body, and
     cannot make modifications to the message or to the envelope.
 
-  * Postfix 2.6 ignores the optional ESMTP parameters in requests to replace
-    the sender (SMFIR_CHGFROM) or to append a recipient (SMFIR_ADDRCPT_PAR).
-    Postfix logs a warning message when a Milter application supplies such
-    ESMTP parameters:
+  * Postfix 3.3 and later support the ESMTP parameters RET and ENVID in
+    requests to replace the envelope sender (SMFIR_CHGFROM). Postfix logs a
+    warning message when a Milter application supplies other ESMTP parameters:
+
+    warning: queue-id: cleanup_chg_from: ignoring bad ESMTP
+        parameter "whatever" in SMFI_CHGFROM request
+
+  * Postfix 3.0 and later support the ESMTP parameters NOTIFY and ORCPT in
+    requests to add an envelope recipient. Postfix logs a warning message when
+    a Milter application supplies other ESMTP parameters:
+
+    warning: queue-id: cleanup_add_rcpt: ignoring ESMTP argument
+        from Milter or header/body_checks: "whatever"
+
+  * Postfix 2.6 and later ignore optional ESMTP parameters in requests to
+    replace the sender (SMFIR_CHGFROM) or to append a recipient
+    (SMFIR_ADDRCPT_PAR). Postfix logs a warning message when a Milter
+    application supplies such ESMTP parameters:
 
     warning: queue-id: cleanup_chg_from: ignoring ESMTP arguments "whatever"
     warning: queue-id: cleanup_add_rcpt: ignoring ESMTP arguments "whatever"

postfix/WISHLIST

@@ -10,11 +10,20 @@ Wish list:
 
 	Add a mail_version chek to each pluggable database client.
 
+	Unify conf/postfix-wrapper and proto/postfix-wrapper (make
+	one a dependency of the other). They have diverged.
+
+	Should the SMTP client log the queue ID with the TLS status?
+
 	relay_recipient_maps empty should default to 'no valid
 	recipients'. Subject to compatibility level.
 
 	Make a reason available for messages placed on 'hold'.
 
+	In pipe_command() and spawn_command(), the child process
+	should call initgroups() to corrrectly the access rights
+	of interactive shell users.
+
 	relay_recipient_maps empty should default to 'no valid
 	recipients'. Subject to compatibility level.
 

postfix/html/MILTER_README.html

@@ -973,7 +973,27 @@ only to the SMTP command information; they have no access to the
 message header or body, and cannot make modifications to the message
 or to the envelope. </p>
 
-<li> <p> Postfix 2.6 ignores the optional ESMTP parameters in
+<li> <p> Postfix 3.3 and later support the ESMTP parameters RET and
+ENVID in requests to replace the envelope sender (SMFIR_CHGFROM).
+Postfix logs a warning message when a Milter application supplies
+other ESMTP parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_chg_from: ignoring bad ESMTP
+    parameter "<i>whatever</i>" in SMFI_CHGFROM request
+</pre>
+
+<li> <p> Postfix 3.0 and later support the ESMTP parameters NOTIFY
+and ORCPT in requests to add an envelope recipient. Postfix logs a
+warning message when a Milter application supplies other ESMTP
+parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_add_rcpt: ignoring ESMTP argument
+    from Milter or header/body_checks: "<i>whatever</i>"
+</pre>
+
+<li> <p> Postfix 2.6 and later ignore optional ESMTP parameters in
 requests to replace the sender (SMFIR_CHGFROM) or to append a
 recipient (SMFIR_ADDRCPT_PAR). Postfix logs a warning message when
 a Milter application supplies such ESMTP parameters: </p>

postfix/html/makedefs.1.html

@@ -47,6 +47,9 @@ MAKEDEFS(1)                                                        MAKEDEFS(1)
               non-default  <i>include</i>  directory.   The  following directives are
               special:
 
+              <b>-DNO_CLOSEFROM</b>
+                     Do not use the system closefom() implementation.
+
               <b>-DNO_DB</b>
                      Do not build with Berkeley DB support.
 

postfix/html/postconf.5.html

@@ -21430,7 +21430,7 @@ cache information. Since the cache is shared with <a href="smtpd.8.html">smtpd(8
 by <a href="tlsmgr.8.html">tlsmgr(8)</a>, there is only one expiration time for the SMTP server cache
 shared by all three services, namely <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p>
 
-<p> This feature is available in Postfix 2.8 and later. </p>
+<p> This feature is available in Postfix 2.8-2.10. </p>
 
 
 </DD>

postfix/html/postlog.1.html

@@ -21,9 +21,9 @@ POSTLOG(1)                                                          POSTLOG(1)
        record.  If  no <i>text</i> is specified on the command line, <a href="postlog.1.html"><b>postlog</b>(1)</a> reads
        from standard input and logs each input line as one record.
 
-       By default, logging is sent to  <b>syslogd</b>(8)  or  <a href="postlogd.8.html"><b>postlogd</b>(8)</a>;  when  the
-       standard error stream is connected to a terminal, logging is sent there
-       as well.
+       Logging is sent to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard error
+       stream  (with  Postfix  &lt;  3.8, <a href="postlog.1.html"><b>postlog</b>(1)</a> writes to the standard error
+       stream only if that stream is connected to a terminal).
 
        The following options are implemented:
 

postfix/makedefs

@@ -46,6 +46,8 @@
 #	\fIinclude\fR directory.
 #	The following directives are special:
 # .RS
+# .IP \fB-DNO_CLOSEFROM\fR
+#	Do not use the system closefom() implementation.
 # .IP \fB-DNO_DB\fR
 #	Do not build with Berkeley DB support.
 # .IP \fB-DNO_DEVPOLL\fR
@@ -240,8 +242,6 @@ case $# in
  # Officially supported usage.
  0) SYSTEM=`(uname -s) 2>/dev/null`
     RELEASE=`(uname -r) 2>/dev/null`
-    # No ${x%%y} support in Solaris 11 /bin/sh
-    RELEASE_MAJOR=`expr "$RELEASE" : '\([0-9]*\)'` || exit 1
     VERSION=`(uname -v) 2>/dev/null`
     case "$VERSION" in
      dcosx*) SYSTEM=$VERSION;;
@@ -251,6 +251,9 @@ case $# in
  *) echo usage: $0 [system release] 1>&2; exit 1;;
 esac
 
+# No ${x%%y} support in Solaris 11 /bin/sh
+RELEASE_MAJOR=`echo "$RELEASE" | sed 's/[^0-9].*//'` || exit 1
+
 case "$SYSTEM.$RELEASE" in
    SCO_SV.3.2)	SYSTYPE=SCO5
 		# Use the native compiler by default

postfix/man/man1/makedefs.1

@@ -49,6 +49,8 @@ Specifies non\-default compiler arguments, for example, a non\-default
 \fIinclude\fR directory.
 The following directives are special:
 .RS
+.IP \fB\-DNO_CLOSEFROM\fR
+Do not use the system closefom() implementation.
 .IP \fB\-DNO_DB\fR
 Do not build with Berkeley DB support.
 .IP \fB\-DNO_DEVPOLL\fR

postfix/man/man1/postlog.1

@@ -23,10 +23,10 @@ line as one record. If no \fItext\fR is specified on the command
 line, \fBpostlog\fR(1) reads from standard input and logs each input
 line as one record.
 
-By default, logging is sent to \fBsyslogd\fR(8) or
-\fBpostlogd\fR(8); when the
-standard error stream is connected to a terminal, logging
-is sent there as well.
+Logging is sent to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), and
+to the standard error stream (with Postfix < 3.8, \fBpostlog\fR(1)
+writes to the standard error stream only if that stream is
+connected to a terminal).
 
 The following options are implemented:
 .IP "\fB\-c \fIconfig_dir\fR"

postfix/man/man5/postconf.5

@@ -14855,7 +14855,7 @@ cache information. Since the cache is shared with \fBsmtpd\fR(8) and managed
 by \fBtlsmgr\fR(8), there is only one expiration time for the SMTP server cache
 shared by all three services, namely smtpd_tls_session_cache_timeout.
 .PP
-This feature is available in Postfix 2.8 and later.
+This feature is available in Postfix 2.8\-2.10.
 .SH tlsproxy_use_tls (default: $smtpd_use_tls)
 Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
 but do not require that clients use TLS encryption. See smtpd_use_tls

postfix/mantools/check-postconf-undocumented

@@ -0,0 +1,99 @@
+#!/bin/sh
+
+# Reports parameters that exist in postconf(1) output, but that are not
+# documented in the postconf(5) manpage.
+
+LANG=C; export LANG
+LC_ALL=C; export LC_ALL
+
+bin/postconf mail_version >/dev/null || exit 1
+
+trap 'rm -f want.tmp have.tmp stoplist.tmp 2>/dev/null' 0 1 2 3 15
+
+# Extract parameters from the postconf(5) manpage.
+
+awk '/^%PARAM/ { print $2 }' proto/postconf.proto | sort > have.tmp || exit 1
+
+# Build a stoplist for postconf(1) output.
+
+# Eliminate unwanted dynamic parameter names for delivery agents. These
+# names are prefixed by their master.cf service name (they must instead
+# be documented with fake names that have the "transport_" prefix; that
+# is implemented later in this script).
+
+for xport in error lmtp local relay retry smtp virtual
+do
+   cat <<EOF
+${xport}_delivery_slot_cost
+${xport}_delivery_slot_discount
+${xport}_delivery_slot_loan
+${xport}_destination_concurrency_failed_cohort_limit
+${xport}_destination_concurrency_limit
+${xport}_destination_concurrency_negative_feedback
+${xport}_destination_concurrency_positive_feedback
+${xport}_destination_rate_delay
+${xport}_destination_recipient_limit
+${xport}_extra_recipient_limit
+${xport}_initial_destination_concurrency
+${xport}_minimum_delivery_slots
+${xport}_recipient_limit
+${xport}_recipient_refill_delay
+${xport}_recipient_refill_limit
+${xport}_transport_rate_delay
+EOF
+done >stoplist.tmp
+
+# Eliminate other unwanted per-service parameters.
+
+#cat >>stoplist.tmp <<EOF
+#EOF
+
+# Eliminate unwanted auto-generated parameters that make no sense.
+
+cat >>stoplist.tmp <<'EOF'
+lmtp_tlsrpt_enable
+lmtp_tlsrpt_skip_reused_handshakes
+lmtp_tlsrpt_socket_name
+EOF
+
+# Build the list of parameter names that must have an entry in the
+# postconf(5) manpage.
+
+(
+# First, extract parameters from postconf(1) output, using the stock
+# configurations.
+
+bin/postconf -dHc conf | grep -F -vx -f stoplist.tmp
+
+# Next, require that all dynamically-generated parameter names for delivery
+# agents are documented as transport_mumble.
+
+cat <<EOF
+transport_delivery_slot_cost
+transport_delivery_slot_discount
+transport_delivery_slot_loan
+transport_destination_concurrency_failed_cohort_limit
+transport_destination_concurrency_limit
+transport_destination_concurrency_negative_feedback
+transport_destination_concurrency_positive_feedback
+transport_destination_rate_delay
+transport_destination_recipient_limit
+transport_extra_recipient_limit
+transport_initial_destination_concurrency
+transport_minimum_delivery_slots
+transport_recipient_limit
+transport_recipient_refill_delay
+transport_recipient_refill_limit
+transport_transport_rate_delay
+EOF
+
+# Require that other per-service parameters are documented.
+
+cat <<EOF
+transport_time_limit
+EOF
+) | sort >want.tmp || exit 1
+
+# Report parameter names that have an implementation but no documentation.
+
+comm -23 want.tmp have.tmp

postfix/mantools/check-postconf-unimplemented

@@ -0,0 +1,84 @@
+#!/bin/sh
+
+# Reports parameters that are documented in the postconf(5 mapage),
+# but not implemented according to postconf(1) output.
+
+LANG=C; export LANG
+LC_ALL=C; export LC_ALL
+
+bin/postconf mail_version >/dev/null || exit 1
+
+trap 'rm -f have.tmp want.tmp stoplist.tmp 2>/dev/null' 0 1 2 3 15
+
+# Extract the implemented parameter names from postconf(1) output, using
+# the stock configurations.
+
+bin/postconf -dHc conf | sort >have.tmp || exit 1
+
+# Build a stoplist for postconf(5) output.
+
+# Eliminate dynamic parameter names for delivery agents. These are
+# documented as transport_mumble.
+
+cat <<EOF >stoplist.tmp
+transport_delivery_slot_cost
+transport_delivery_slot_discount
+transport_delivery_slot_loan
+transport_destination_concurrency_failed_cohort_limit
+transport_destination_concurrency_limit
+transport_destination_concurrency_negative_feedback
+transport_destination_concurrency_positive_feedback
+transport_destination_rate_delay
+transport_destination_recipient_limit
+transport_extra_recipient_limit
+transport_initial_destination_concurrency
+transport_minimum_delivery_slots
+transport_recipient_limit
+transport_recipient_refill_delay
+transport_recipient_refill_limit
+transport_transport_rate_delay
+EOF
+
+# Eliminate other per-service transport_mumble parameters.
+
+cat <<EOF >>stoplist.tmp
+transport_time_limit
+EOF
+
+# Eliminate obsolete parameters. These are no longer implemented, but
+# still documented.
+
+cat >>stoplist.tmp <<'EOF'
+authorized_verp_clients
+enable_errors_to
+extract_recipient_limit
+fallback_relay
+lmtp_cache_connection
+lmtp_per_record_deadline
+postscreen_blacklist_action
+postscreen_dnsbl_ttl
+postscreen_dnsbl_whitelist_threshold
+postscreen_whitelist_interfaces
+sender_based_routing
+smtp_per_record_deadline
+smtp_skip_4xx_greeting
+smtp_tls_cipherlist
+smtpd_per_record_deadline
+smtpd_sasl_application_name
+smtpd_tls_cipherlist
+tls_dane_digest_agility
+tls_dane_trust_anchor_digest_enable
+tlsproxy_client_level
+tlsproxy_client_policy
+tlsproxy_tls_session_cache_timeout
+virtual_maps
+EOF
+
+# Extract parameters from the postconf(5) manpage.
+
+awk '/^%PARAM/ { print $2 }' proto/postconf.proto | 
+	grep -F -vx -f stoplist.tmp | sort > want.tmp || exit 1
+
+# Report names from the postconf(5) manpage that have no implementation.
+
+comm -23 want.tmp have.tmp

postfix/proto/MILTER_README.html

@@ -973,7 +973,27 @@ only to the SMTP command information; they have no access to the
 message header or body, and cannot make modifications to the message
 or to the envelope. </p>
 
-<li> <p> Postfix 2.6 ignores the optional ESMTP parameters in
+<li> <p> Postfix 3.3 and later support the ESMTP parameters RET and
+ENVID in requests to replace the envelope sender (SMFIR_CHGFROM).
+Postfix logs a warning message when a Milter application supplies
+other ESMTP parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_chg_from: ignoring bad ESMTP
+    parameter "<i>whatever</i>" in SMFI_CHGFROM request
+</pre>
+
+<li> <p> Postfix 3.0 and later support the ESMTP parameters NOTIFY
+and ORCPT in requests to add an envelope recipient. Postfix logs a
+warning message when a Milter application supplies other ESMTP
+parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_add_rcpt: ignoring ESMTP argument
+    from Milter or header/body_checks: "<i>whatever</i>"
+</pre>
+
+<li> <p> Postfix 2.6 and later ignore optional ESMTP parameters in
 requests to replace the sender (SMFIR_CHGFROM) or to append a
 recipient (SMFIR_ADDRCPT_PAR). Postfix logs a warning message when
 a Milter application supplies such ESMTP parameters: </p>

postfix/proto/postconf.proto

@@ -2302,20 +2302,6 @@ one-letter suffix that specifies the time unit).  Time units: s
 (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).  </p>
 
-%PARAM lmtp_lhlo_timeout 300s
-
-<p> The Postfix LMTP client time limit for receiving the LMTP
-greeting banner.  When the remote LMTP server drops the connection
-without sending a
-greeting banner, or when it sends no greeting banner within the
-deadline, the LMTP client tries the next address on the mail
-exchanger list.  </p>
-
-<p> Specify a non-zero time value (an integral value plus an optional
-one-letter suffix that specifies the time unit).  Time units: s
-(seconds), m (minutes), h (hours), d (days), w (weeks).
-The default time unit is s (seconds).  </p>
-
 %PARAM lmtp_mail_timeout 300s
 
 <p>
@@ -16090,7 +16076,7 @@ cache information. Since the cache is shared with smtpd(8) and managed
 by tlsmgr(8), there is only one expiration time for the SMTP server cache
 shared by all three services, namely smtpd_tls_session_cache_timeout. </p>
 
-<p> This feature is available in Postfix 2.8 and later. </p>
+<p> This feature is available in Postfix 2.8-2.10. </p>
 
 %PARAM tlsproxy_use_tls $smtpd_use_tls
 

postfix/proto/stop

@@ -1655,3 +1655,5 @@ hs
 ccformat
 xxsql
 MEMCACHE
+ORCPT
+RET

postfix/proto/stop.double-history

@@ -146,3 +146,4 @@ proto  proto socketmap_table qmqpd qmqpd c tls tls_misc c
  a dependency for html html File html Makefile in 
  master dgram_server c master mail_server h postlogd postlogd c 
  reload etc File spawn spawn c 
+ logging to the standard error stream File postlog postlog c 

postfix/proto/stop.spell-history

@@ -95,3 +95,4 @@ mandoc
 v'expr
 roff
 diffs
+CLOSEFROM

postfix/src/cleanup/cleanup_message.c

@@ -789,7 +789,7 @@ static void cleanup_header_done_callback(void *context)
 		}
 		if (token) {
 		    tok822_externalize(state->temp2, token, TOK822_STR_NONE);
-		    tok822_free(token);
+		    tok822_free_tree(token);
 		    vstring_strcat(state->temp2, " ");
 		}
 		vstring_sprintf_append(state->temp2, "<%s>",

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20241202"
+#define MAIL_RELEASE_DATE	"20250103"
 #define MAIL_VERSION_NUMBER	"3.10"
 
 #ifdef SNAPSHOT

postfix/src/postlog/postlog.c

@@ -17,10 +17,10 @@
 /*	line, \fBpostlog\fR(1) reads from standard input and logs each input
 /*	line as one record.
 /*
-/*	By default, logging is sent to \fBsyslogd\fR(8) or
-/*	\fBpostlogd\fR(8); when the
-/*	standard error stream is connected to a terminal, logging
-/*	is sent there as well.
+/*	Logging is sent to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), and
+/*	to the standard error stream (with Postfix < 3.8, \fBpostlog\fR(1)
+/*	writes to the standard error stream only if that stream is
+/*	connected to a terminal).
 /*
 /*	The following options are implemented:
 /* .IP "\fB-c \fIconfig_dir\fR"

postfix/src/tls/tls_misc.c

@@ -1051,7 +1051,15 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
     if (SSL_version(ssl) < TLS1_3_VERSION)
 	return;
 
-    if (tls_get_peer_dh_pubkey(ssl, &dh_pkey)) {
+    /*
+     * On the client side, a TLS 1.3 KEM has no server key, just ciphertext
+     * to decapsulate, but, as of OpenSSL 3.0, the client can still obtain
+     * the negotiated group name directly.
+     */
+    if (!kex_name)
+	kex_name = TLS_GROUP_NAME(ssl);
+
+    if (kex_name == NULL && tls_get_peer_dh_pubkey(ssl, &dh_pkey)) {
 	switch (nid = EVP_PKEY_id(dh_pkey)) {
 	default:
 	    kex_name = OBJ_nid2sn(EVP_PKEY_type(nid));
@@ -1079,16 +1087,6 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
 	EVP_PKEY_free(dh_pkey);
     }
 
-    /*
-     * On the client side, a TLS 1.3 KEM has no server key, just ciphertext
-     * to decapsulate, but, as of OpenSSL 3.0, the client can still obtain
-     * the negotiated group name directly.  We nevertheless still try to get
-     * the group details from the peer key first, which works with OpenSSL
-     * 1.1.1 and retains the original output format for the (EC)DH groups.
-     */
-    if (!kex_name)
-	kex_name = TLS_GROUP_NAME(ssl);
-
     /*
      * On the client end, the certificate may be present, but not used, so we
      * check via SSL_get_signature_nid().  This means that local signature

postfix/src/util/peekfd.c

@@ -39,6 +39,9 @@
 
 #include <sys_defs.h>
 #include <sys/ioctl.h>
+#ifdef SUNOS5
+#include <sys/socket.h>			/* shutdown(2) */
+#endif
 #ifdef FIONREAD_IN_SYS_FILIO_H
 #include <sys/filio.h>
 #endif

postfix/src/util/sys_compat.c

@@ -286,7 +286,7 @@ int     dup2_pass_on_exec(int oldd, int newd)
 
 /* closefrom() - closes all file descriptors from the given one up */
 
-int     closefrom(int lowfd)
+void    closefrom(int lowfd)
 {
     int     fd_limit = open_limit(0);
     int     fd;
@@ -298,14 +298,12 @@ int     closefrom(int lowfd)
      */
     if (lowfd < 0) {
 	errno = EBADF;
-	return (-1);
+	return;
     }
     if (fd_limit > 500)
 	fd_limit = 500;
     for (fd = lowfd; fd < fd_limit; fd++)
 	(void) close(fd);
-
-    return (0);
 }
 
 #endif

postfix/src/util/sys_defs.h

@@ -1466,6 +1466,10 @@ typedef int WAIT_STATUS_T;
 #undef HAVE_POSIX_GETPW_R
 #endif
 
+#ifdef NO_CLOSEFROM
+#undef HAS_CLOSEFROM
+#endif
+
 #ifdef NO_DB
 #undef HAS_DB
 #endif
@@ -1526,7 +1530,7 @@ extern int setsid(void);
 #endif
 
 #ifndef HAS_CLOSEFROM
-extern int closefrom(int);
+extern void closefrom(int);
 
 #endif