postfix-3.10-20241010

postfix/HISTORY

@@ -28341,3 +28341,56 @@ Apologies for any names omitted.
 
 	Cleanup (no code change): regenerated HTML manpages that
 	weren't updated because of a simplistic make(1) dependency.
+
+20241010
+
+	Cleanup (no code change): reformatted source files that
+	diverged from Postfix style, complicating code maintenance.
+	The only object file change is in tls_dane.o, because
+	OPENSSL_free() has a line number argument. Other object
+	files are unchanged. Files: bounce/bounce_notify_util_tester.c,
+	bounce/bounce_one_service.c, cleanup/cleanup.c,
+	cleanup/cleanup_api.c, cleanup/cleanup_envelope.c,
+	cleanup/cleanup_out_recipient.c, cleanup/cleanup_rewrite.c,
+	dns/dns.h, dns/dns_lookup.c, dns/dns_rr_filter.c, dns/dns_sec.c,
+	global/bounce_log.h, global/cleanup_user.h, global/clnt_stream.h,
+	global/compat_level.c, global/compat_level.h, global/conv_time.c,
+	global/db_common.h, global/dot_lockfile_as.c,
+	global/header_body_checks.c, global/info_log_addr_form.c,
+	global/is_header.c, global/mail_addr_map.c,
+	global/mail_command_server.c, global/mail_conf.c,
+	global/mail_conf_raw.c, global/mail_conf_str.c, global/mail_copy.c,
+	global/mail_params.c, global/mail_proto.h, global/mail_queue.h,
+	global/mail_trigger.c, global/maillog_client.c,
+	global/mkmap_proxy.c, global/own_inet_addr.c,
+	global/quote_821_local.c, global/quote_821_local.h,
+	global/quote_822_local.c, global/quote_822_local.h,
+	global/rec_type.h, global/recdump.c, global/sent.h,
+	global/server_acl.c, global/smtputf8.c, global/smtputf8.h,
+	global/tok822_tree.c, global/user_acl.h,
+	global/valid_mailhost_addr.c, global/xtext.c, local/alias.c,
+	local/command.c, master/master.c, master/master.h,
+	master/master_listen.c, master/master_proto.h,
+	master/master_service.c, master/master_watch.c, milter/milter8.c,
+	milter/test-milter.c, oqmgr/qmgr_active.c, oqmgr/qmgr_entry.c,
+	pipe/pipe.c, postfix/postfix.c, postscreen/postscreen_dnsbl.c,
+	posttls-finger/posttls-finger.c, qmgr/qmgr_active.c,
+	qmgr/qmgr_entry.c, qmqpd/qmqpd_peer.c, smtp/smtp.h,
+	smtp/smtp_addr.c, smtp/smtp_tlsrpt.c, smtp/smtp_unalias.c,
+	smtpd/smtpd_milter.h, smtpd/smtpd_resolve.h, tls/tls_client.c,
+	tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
+	tls/tls_proxy_client_print.c, tls/tls_server.c, util/alldig.c,
+	util/argv_split.c, util/balpar.c, util/byte_mask.c,
+	util/cidr_match.h, util/dict.h, util/dict_cdb.h,
+	util/dict_stream.c, util/dup2_pass_on_exec.c, util/duplex_pipe.c,
+	util/exec_command.c, util/find_inet.c, util/format_tv.c,
+	util/hash_fnv.c, util/host_port.c, util/inet_addr_sizes.c,
+	util/inet_connect.c, util/load_file.h, util/load_lib.h,
+	util/mac_expand.h, util/midna_domain.h, util/mkmap_cdb.c,
+	util/mvect.c, util/myaddrinfo.h, util/name_mask.c,
+	util/open_limit.c, util/parse_utf8_char.h, util/posix_signals.c,
+	util/sane_strtol.c, util/set_eugid.c, util/slmdb.c,
+	util/sock_addr.c, util/strcasecmp.c, util/stream_connect.c,
+	util/stream_recv_fd.c, util/stream_test.c,
+	util/unix_dgram_connect.c, util/unix_dgram_listen.c,
+	util/vbuf.c.

postfix/proto/stop

@@ -1652,3 +1652,4 @@ mailto
 ipaddr
 STS
 hs
+ccformat

postfix/proto/stop.double-history

@@ -133,3 +133,8 @@ proto  proto mysql_table proto pgsql_table proto ldap_table
  Files src tls tls h src tls tls_dh c src tls tls_misc c 
  proto TLSRPT_README html proto postconf proto smtp smtp c 
  proto aliases cleanup cleanup c local local c smtpd smtpd c 
+ bounce bounce_one_service c cleanup cleanup c 
+ dns dns h dns dns_lookup c dns dns_rr_filter c dns dns_sec c 
+ local command c master master c master master h 
+ pipe pipe c postfix postfix c postscreen postscreen_dnsbl c 
+ qmgr qmgr_entry c qmqpd qmqpd_peer c smtp smtp h 

postfix/src/cleanup/cleanup_api.c

@@ -261,8 +261,8 @@ int     cleanup_flush(CLEANUP_STATE *state)
      * (mail submitted with the Postfix sendmail command, mail forwarded by
      * the local(8) delivery agent, or mail re-queued with "postsuper -r"),
      * send a bounce notification, reset the error flags in case of success,
-     * and request deletion of the incoming queue file and of the
-     * optional DSN SUCCESS records from virtual alias expansion.
+     * and request deletion of the incoming queue file and of the optional
+     * DSN SUCCESS records from virtual alias expansion.
      * 
      * XXX It would make no sense to knowingly report success after we already
      * have bounced all recipients, especially because the information in the

postfix/src/cleanup/cleanup_out_recipient.c

@@ -218,9 +218,9 @@ void    cleanup_out_recipient(CLEANUP_STATE *state,
      * in the expansion because that results in multiple verify(8) updates
      * for one verify(8) request.
      * 
-     * Multiple verify(8) updates for one verify(8) request would overwrite
-     * each other's status, and if the last status update is "undeliverable",
-     * then the whole alias is flagged as undeliverable.
+     * Multiple verify(8) updates for one verify(8) request would overwrite each
+     * other's status, and if the last status update is "undeliverable", then
+     * the whole alias is flagged as undeliverable.
      */
     else {
 	RECIPIENT rcpt;

postfix/src/global/cleanup_user.h

@@ -27,6 +27,7 @@
 #define CLEANUP_FLAG_AUTOUTF8	(1<<9)	/* Autodetect SMTPUTF8 */
 
 #define CLEANUP_FLAG_FILTER_ALL	(CLEANUP_FLAG_FILTER | CLEANUP_FLAG_MILTER)
+
  /*
   * These are normally set when receiving mail from outside.
   */

postfix/src/global/clnt_stream.h

@@ -20,7 +20,7 @@
   * External interface.
   */
 typedef struct CLNT_STREAM CLNT_STREAM;
-typedef int (*CLNT_STREAM_HANDSHAKE_FN)(VSTREAM *);
+typedef int (*CLNT_STREAM_HANDSHAKE_FN) (VSTREAM *);
 
 extern CLNT_STREAM *clnt_stream_create(const char *, const char *, int, int,
 				               CLNT_STREAM_HANDSHAKE_FN);

postfix/src/global/conv_time.c

@@ -73,7 +73,7 @@ int     conv_time(const char *strval, int *timval, int def_unit)
     errno = 0;
     intval = longval = strtol(strval, &end, 10);
     if (*strval == 0 || errno == ERANGE || longval != intval || intval < 0
-	/* || (*end != 0 && end[1] != 0) */)
+	 /* || (*end != 0 && end[1] != 0) */ )
 	return (0);
 
     switch (*end ? *end : def_unit) {

postfix/src/global/db_common.h

@@ -18,7 +18,7 @@
 #include "dict.h"
 #include "string_list.h"
 
-typedef void (*db_quote_callback_t)(DICT *, const char *, VSTRING *);
+typedef void (*db_quote_callback_t) (DICT *, const char *, VSTRING *);
 
 extern int db_common_parse(DICT *, void **, const char *, int);
 extern void *db_common_alloc(DICT *);
@@ -55,4 +55,3 @@ extern void db_common_sql_build_query(VSTRING *query, CFG_PARSER *parser);
 /*--*/
 
 #endif
-

postfix/src/global/info_log_addr_form.c

@@ -72,6 +72,7 @@ static void info_log_addr_form_init(void)
 	INFO_LOG_ADDR_FORM_NAME_INTERNAL, INFO_LOG_ADDR_FORM_VAL_INTERNAL,
 	0, INFO_LOG_ADDR_FORM_VAL_NOT_SET,
     };
+
     info_log_addr_form_form = name_code(info_log_addr_form_table,
 					NAME_CODE_FLAG_NONE,
 					var_info_log_addr_form);

postfix/src/global/is_header.c

@@ -62,7 +62,7 @@ ssize_t is_header_buf(const char *str, ssize_t str_len)
      * XXX Don't run off the end in case some non-standard iscntrl()
      * implementation considers null a non-control character...
      */
-    for (len = 0, state = INIT, cp = CU_CHAR_PTR(str); /* see below */; cp++) {
+    for (len = 0, state = INIT, cp = CU_CHAR_PTR(str); /* see below */ ; cp++) {
 	if (str_len != IS_HEADER_NULL_TERMINATED && str_len-- <= 0)
 	    return (0);
 	switch (c = *cp) {

postfix/src/global/mail_copy.c

@@ -265,8 +265,8 @@ int     mail_copy(const char *sender,
      * while fflush and fsync() succeed. Think of remote file systems such as
      * AFS that copy the file back to the server upon close. Oh well, no
      * point optimizing the error case. XXX On systems that use flock()
-     * locking, we must truncate the file before closing it (and losing
-     * the exclusive lock).
+     * locking, we must truncate the file before closing it (and losing the
+     * exclusive lock).
      */
     read_error = vstream_ferror(src);
     write_error = vstream_fflush(dst);

postfix/src/global/mail_proto.h

@@ -32,8 +32,8 @@
 #define MAIL_PROTO_QMQP		"QMQP"
 
  /*
-  * Names of services: these are the names of the UNIX-domain socket or
-  * FIFO that a service listens on.
+  * Names of services: these are the names of the UNIX-domain socket or FIFO
+  * that a service listens on.
   */
 #define MAIL_SERVICE_BOUNCE	"bounce"
 #define MAIL_SERVICE_CLEANUP	"cleanup"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20240930"
+#define MAIL_RELEASE_DATE	"20241010"
 #define MAIL_VERSION_NUMBER	"3.10"
 
 #ifdef SNAPSHOT

postfix/src/global/maillog_client.c

@@ -238,8 +238,8 @@ void    maillog_client_init(const char *progname, int flags)
 
 	    /*
 	     * var_postlog_service == 0, therefore var_maillog_file == 0.
-	     * logger_mode == MAILLOG_CLIENT_MODE_POSTLOG && var_maillog_file ==
-	     * 0, therefore import_service_path != 0.
+	     * logger_mode == MAILLOG_CLIENT_MODE_POSTLOG && var_maillog_file
+	     * == 0, therefore import_service_path != 0.
 	     */
 	    service_path = import_service_path;
 	}

postfix/src/global/own_inet_addr.c

@@ -191,7 +191,7 @@ static void own_inet_addr_init(INET_ADDR_LIST *addr_list,
 
 /* own_inet_addr - is this my own internet address */
 
-int     own_inet_addr(struct sockaddr * addr)
+int     own_inet_addr(struct sockaddr *addr)
 {
     int     i;
 
@@ -253,7 +253,7 @@ static void proxy_inet_addr_init(INET_ADDR_LIST *addr_list)
 
 /* proxy_inet_addr - is this my proxy internet address */
 
-int     proxy_inet_addr(struct sockaddr * addr)
+int     proxy_inet_addr(struct sockaddr *addr)
 {
     int     i;
 

postfix/src/global/quote_821_local.h

@@ -22,6 +22,7 @@
   * External interface.
   */
 extern VSTRING *quote_821_local_flags(VSTRING *, const char *, int);
+
 #define quote_821_local(dst, src) \
 	quote_821_local_flags((dst), (src), QUOTE_FLAG_8BITCLEAN)
 

postfix/src/global/quote_822_local.h

@@ -26,6 +26,7 @@
   */
 extern VSTRING *quote_822_local_flags(VSTRING *, const char *, int);
 extern VSTRING *unquote_822_local(VSTRING *, const char *);
+
 #define quote_822_local(dst, src) \
 	quote_822_local_flags((dst), (src), QUOTE_FLAG_DEFAULT)
 

postfix/src/global/rec_type.h

@@ -177,7 +177,8 @@
   * See also: REC_TYPE_SIZE_FORMAT above.
   */
 #define REC_TYPE_PTR_FORMAT	"%15ld"
-#define REC_TYPE_PTR_PAYL_SIZE	15	/* Payload only, excludes record header. */
+#define REC_TYPE_PTR_PAYL_SIZE	15	/* Payload only, excludes record
+					 * header. */
 
  /*
   * Programmatic interface.

postfix/src/global/tok822_tree.c

@@ -263,7 +263,7 @@ TOK822 *tok822_free_tree(TOK822 *tp)
 {
     TOK822 *next;
 
-    for (/* void */; tp != 0; tp = next) {
+    for ( /* void */ ; tp != 0; tp = next) {
 	if (tp->head)
 	    tok822_free_tree(tp->head);
 	next = tp->next;

postfix/src/global/xtext.c

@@ -134,6 +134,7 @@ VSTRING *xtext_unquote_append(VSTRING *unquoted, const char *quoted)
     VSTRING_TERMINATE(unquoted);
     return (unquoted);
 }
+
 /* xtext_unquote - quoted data to unquoted */
 
 VSTRING *xtext_unquote(VSTRING *unquoted, const char *quoted)

postfix/src/local/alias.c

@@ -129,10 +129,11 @@ int     deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr,
      * 
      * We cannot do duplicate elimination here. Sendmail compatibility requires
      * that we allow multiple deliveries to the same alias, even recursively!
-     * For example, we must deliver to mailbox any messages that are addressed
-     * to the alias of a user that lists that same alias in her own .forward
-     * file. Yuck! This is just an example of some really perverse semantics
-     * that people will expect Postfix to implement just like sendmail.
+     * For example, we must deliver to mailbox any messages that are
+     * addressed to the alias of a user that lists that same alias in her own
+     * .forward file. Yuck! This is just an example of some really perverse
+     * semantics that people will expect Postfix to implement just like
+     * sendmail.
      * 
      * We can recognize one special case: when an alias includes its own name,
      * deliver to the user instead, just like sendmail. Otherwise, we just

postfix/src/master/master.c

@@ -420,8 +420,8 @@ int     main(int argc, char **argv)
 
     /*
      * If started from a terminal, get rid of any tty association. This also
-     * means that all errors and warnings must go to the syslog daemon.
-     * Some new world has no terminals and prefers logging to stdout.
+     * means that all errors and warnings must go to the syslog daemon. Some
+     * new world has no terminals and prefers logging to stdout.
      */
     if (master_detach)
 	for (fd = 0; fd < 3; fd++) {

postfix/src/master/master_proto.h

@@ -72,4 +72,3 @@ extern int master_notify(int, unsigned, int);	/* encapsulate status msg */
 /*	111 8th Avenue
 /*	New York, NY 10011, USA
 /*--*/
-

postfix/src/master/master_watch.c

@@ -100,8 +100,8 @@ void    master_str_watch(const MASTER_STR_WATCH *str_watch_table)
 
 	/*
 	 * Initialize the backed up parameter value, or update it if this
-	 * parameter supports updates after initialization. Optionally 
-	 * notify the application that this parameter has changed.
+	 * parameter supports updates after initialization. Optionally notify
+	 * the application that this parameter has changed.
 	 */
 	if (wp->backup[0] == 0) {
 	    if (wp->notify != 0)
@@ -138,8 +138,8 @@ void    master_int_watch(MASTER_INT_WATCH *int_watch_table)
 
 	/*
 	 * Initialize the backed up parameter value, or update if it this
-	 * parameter supports updates after initialization. Optionally 
-	 * notify the application that this parameter has changed.
+	 * parameter supports updates after initialization. Optionally notify
+	 * the application that this parameter has changed.
 	 */
 	if ((wp->flags & MASTER_WATCH_FLAG_ISSET) == 0) {
 	    if (wp->notify != 0)

postfix/src/milter/milter8.c

@@ -1157,7 +1157,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
 	    if (edit_resp == 0)
 		edit_resp = parent->repl_body(parent->chg_context,
 					      MILTER_BODY_END,
-					      /* unused*/ 0,
+					       /* unused */ 0,
 					      (VSTRING *) 0);
 	    body_edit_lockout = 1;
 	    vstring_free(body_line_buf);

postfix/src/milter/test-milter.c

@@ -227,7 +227,7 @@ static int test_reply(SMFICTX *ctx, int code)
     }
 }
 
-static sfsistat test_connect(SMFICTX *ctx, char *name, struct sockaddr * sa)
+static sfsistat test_connect(SMFICTX *ctx, char *name, struct sockaddr *sa)
 {
     const char *print_addr;
     char    buf[BUFSIZ];

postfix/src/oqmgr/qmgr_entry.c

@@ -331,8 +331,7 @@ QMGR_ENTRY *qmgr_entry_create(QMGR_QUEUE *queue, QMGR_MESSAGE *message)
      * 
      * XXX At this point in the code, the busy reference count is still less
      * than the concurrency limit (otherwise this code would not be invoked
-     * in the first place) so we have to make some awkward adjustments
-     * below.
+     * in the first place) so we have to make some awkward adjustments below.
      * 
      * XXX The queue length test below looks at the active queue share of an
      * individual destination. This catches the case where mail for one

postfix/src/posttls-finger/posttls-finger.c

@@ -2147,8 +2147,8 @@ static void parse_match(STATE *state, int argc, char *argv[])
     int     smtp_mode = 1;
 
     /*
-     * DANE match names are configured late, once the TLSA records are in hand.
-     * For now, prepare to fall back to "secure".
+     * DANE match names are configured late, once the TLSA records are in
+     * hand. For now, prepare to fall back to "secure".
      */
     switch (state->level) {
     default:

postfix/src/qmgr/qmgr_entry.c

@@ -392,8 +392,7 @@ QMGR_ENTRY *qmgr_entry_create(QMGR_PEER *peer, QMGR_MESSAGE *message)
      * 
      * XXX At this point in the code, the busy reference count is still less
      * than the concurrency limit (otherwise this code would not be invoked
-     * in the first place) so we have to make some awkward adjustments
-     * below.
+     * in the first place) so we have to make some awkward adjustments below.
      * 
      * XXX The queue length test below looks at the active queue share of an
      * individual destination. This catches the case where mail for one

postfix/src/qmqpd/qmqpd_peer.c

@@ -199,10 +199,10 @@ void    qmqpd_peer_init(QMQPD_STATE *state)
 	    /*
 	     * Following RFC 2821 section 4.1.3, an IPv6 address literal gets
 	     * a prefix of 'IPv6:'. We do this consistently for all IPv6
-	     * addresses that appear in headers or envelopes. The fact
-	     * that valid_mailhost_addr() enforces the form helps of course.
-	     * We use the form without IPV6: prefix when doing access
-	     * control, or when accessing the connection cache.
+	     * addresses that appear in headers or envelopes. The fact that
+	     * valid_mailhost_addr() enforces the form helps of course. We
+	     * use the form without IPV6: prefix when doing access control,
+	     * or when accessing the connection cache.
 	     */
 	    else {
 		state->addr = mystrdup(client_addr.buf);

postfix/src/smtp/smtp.h

@@ -519,8 +519,8 @@ extern HBC_CALL_BACKS smtp_hbc_callbacks[];
 	(session->expire_time = (when))
 
  /*
-  * Encapsulate the following so that we don't expose details of
-  * connection management and error handling to the SMTP protocol engine.
+  * Encapsulate the following so that we don't expose details of connection
+  * management and error handling to the SMTP protocol engine.
   */
 #ifdef USE_SASL_AUTH
 #define HAVE_SASL_CREDENTIALS \

postfix/src/smtpd/smtpd_milter.h

@@ -24,4 +24,3 @@ extern const char *smtpd_milter_eval(const char *, void *);
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
-

postfix/src/smtpd/smtpd_resolve.h

@@ -17,7 +17,7 @@
   * External interface.
   */
 extern void smtpd_resolve_init(int);
-extern const RESOLVE_REPLY *smtpd_resolve_addr(const char*, const char *);
+extern const RESOLVE_REPLY *smtpd_resolve_addr(const char *, const char *);
 
 /* LICENSE
 /* .ad

postfix/src/tls/tls_client.c

@@ -844,9 +844,9 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
     }
 
     /*
-     * Enable support for client->server raw public keys, provided we actually
-     * have keys to send.  They'll only be used if the server also enables
-     * client RPKs.
+     * Enable support for client->server raw public keys, provided we
+     * actually have keys to send.  They'll only be used if the server also
+     * enables client RPKs.
      * 
      * XXX: When the server requests client auth, the TLS 1.2 protocol does not
      * provide an unambiguous mechanism for the client to not send an RPK (as
@@ -854,10 +854,10 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
      * enable client RPK also with no keys in hand.
      * 
      * A very unlikely scenario is that the server allows clients to not send
-     * keys, but only accepts keys for a set of algorithms we don't have.  Then
-     * we still can't send a key, but have agreed to RPK.  OpenSSL will attempt
-     * to send an empty RPK even with TLS 1.2 (and will accept such a message),
-     * but other implementations may be more strict.
+     * keys, but only accepts keys for a set of algorithms we don't have.
+     * Then we still can't send a key, but have agreed to RPK.  OpenSSL will
+     * attempt to send an empty RPK even with TLS 1.2 (and will accept such a
+     * message), but other implementations may be more strict.
      * 
      * We could limit client RPK support to connections that support only TLS
      * 1.3 and up, but that's practical only decades in the future, and the
@@ -870,8 +870,8 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
     /*
      * With OpenSSL 1.0.2 and later the client EECDH curve list becomes
      * configurable with the preferred curve negotiated via the supported
-     * curves extension.  With OpenSSL 3.0 and TLS 1.3, the same applies
-     * to the FFDHE groups which become part of a unified "groups" list.
+     * curves extension.  With OpenSSL 3.0 and TLS 1.3, the same applies to
+     * the FFDHE groups which become part of a unified "groups" list.
      */
     tls_auto_groups(client_ctx, var_tls_eecdh_auto, var_tls_ffdhe_auto);
 

postfix/src/tls/tls_dane.c

@@ -459,7 +459,6 @@ void    tls_dane_add_fpt_digests(TLS_DANE *dane, int pkey_only,
 	    msg_warn("malformed fingerprint value: %.384s", values->argv[i]);
 	    continue;
 	}
-
 #define USTR_LEN(raw) (unsigned char *) STR(raw), VSTRING_LEN(raw)
 
 	/*
@@ -488,7 +487,6 @@ void    tls_dane_add_fpt_digests(TLS_DANE *dane, int pkey_only,
 		tlsa_info("fingerprint", "digest as private-use TLSA record",
 			  3, 0, 255, USTR_LEN(raw));
 	}
-
 	/* The public key match is unconditional */
 	dane->tlsa = tlsa_prepend(dane->tlsa, 3, 1, 255, USTR_LEN(raw));
 	if (log_mask & (TLS_LOG_VERBOSE | TLS_LOG_DANE))
@@ -820,10 +818,11 @@ int     tls_dane_enable(TLS_SESS_STATE *TLScontext)
 				tp->mtype, tp->data, tp->length);
 	if (ret > 0) {
 	    ++usable;
+
 	    /*
 	     * Disable use of RFC7250 raw public keys if any TLSA record
-	     * depends on X.509 certificates.  Only DANE-EE(3) SPKI(1) records
-	     * can get by with just a public key.
+	     * depends on X.509 certificates.  Only DANE-EE(3) SPKI(1)
+	     * records can get by with just a public key.
 	     */
 	    if (tp->usage != DNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE
 		|| tp->selector != DNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO)

postfix/src/tls/tls_dh.c

@@ -325,16 +325,16 @@ static int setup_auto_groups(SSL_CTX *ctx, const char *origin,
 	tls_print_errors();
 	return (AG_STAT_NO_RETRY);
     }
-
     if (!names)
 	names = vstring_alloc(sizeof DEF_TLS_EECDH_AUTO +
 			      sizeof DEF_TLS_FFDHE_AUTO);
     VSTRING_RESET(names);
+
     /*
      * OpenSSL does not tolerate duplicate groups in the requested list.
      * Deduplicate case-insensitively, just in case OpenSSL some day supports
-     * case-insensitive group lookup.  Deduplicate only verified extant groups
-     * we're going to ask OpenSSL to use.
+     * case-insensitive group lookup.  Deduplicate only verified extant
+     * groups we're going to ask OpenSSL to use.
      * 
      * OpenSSL 3.3 supports "?<name>" as a syntax for optionally ignoring
      * unsupported groups, so we could skip checking against the throw-away
@@ -358,11 +358,12 @@ static int setup_auto_groups(SSL_CTX *ctx, const char *origin,
 	SETUP_AG_RETURN(AG_STAT_NO_GROUP);
     }
     for (; group != 0; group = mystrtok(&groups, GROUPS_SEP)) {
+
 	/*
 	 * Validate the group name by trying it as the group for a throw-away
-	 * SSL context. This way, we can ask for new groups that may not yet be
-	 * supported by the underlying OpenSSL runtime.  Unsupported groups are
-	 * silently ignored.
+	 * SSL context. This way, we can ask for new groups that may not yet
+	 * be supported by the underlying OpenSSL runtime.  Unsupported
+	 * groups are silently ignored.
 	 */
 	ERR_set_mark();
 	if (SSL_CTX_set1_curves_list(tmpctx, group) > 0 &&
@@ -412,7 +413,7 @@ void    tls_auto_groups(SSL_CTX *ctx, const char *eecdh, const char *ffdhe)
      * group selection is mere performance tuning and not security critical.
      * All the groups supported for negotiation should be strong enough.
      */
-    for (origin = "configured"; /* void */ ; /* void */) {
+    for (origin = "configured"; /* void */ ; /* void */ ) {
 	switch (setup_auto_groups(ctx, origin, eecdh, ffdhe)) {
 	case AG_STAT_OK:
 	    return;

postfix/src/tls/tls_misc.c

@@ -1080,11 +1080,11 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
     }
 
     /*
-     * On the client side, a TLS 1.3 KEM has no server key, just ciphertext to
-     * decapsulate, but, as of OpenSSL 3.0, the client can still obtain the
-     * negotiated group name directly.  We nevertheless still try to get the
-     * group details from the peer key first, which works with OpenSSL 1.1.1
-     * and retains the original output format for the (EC)DH groups.
+     * On the client side, a TLS 1.3 KEM has no server key, just ciphertext
+     * to decapsulate, but, as of OpenSSL 3.0, the client can still obtain
+     * the negotiated group name directly.  We nevertheless still try to get
+     * the group details from the peer key first, which works with OpenSSL
+     * 1.1.1 and retains the original output format for the (EC)DH groups.
      */
     if (!kex_name)
 	kex_name = TLS_GROUP_NAME(ssl);

postfix/src/tls/tls_server.c

@@ -168,10 +168,12 @@
 static const char server_session_id_context[] = "Postfix/TLS";
 
 #ifndef OPENSSL_NO_TLSEXT
+
  /*
   * We retain the cipher handle for the lifetime of the process.
   */
 static const EVP_CIPHER *tkt_cipher;
+
 #endif
 
 #define GET_SID(s, v, lptr)	((v) = SSL_SESSION_get_id((s), (lptr)))
@@ -691,10 +693,10 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
     tls_tmp_dh(sni_ctx, 1);
 
     /*
-     * Enable EECDH if available, errors are not fatal, we just keep going with
-     * any remaining key-exchange algorithms.  With OpenSSL 3.0 and TLS 1.3,
-     * the same applies to the FFDHE groups which become part of a unified
-     * "groups" list.
+     * Enable EECDH if available, errors are not fatal, we just keep going
+     * with any remaining key-exchange algorithms.  With OpenSSL 3.0 and TLS
+     * 1.3, the same applies to the FFDHE groups which become part of a
+     * unified "groups" list.
      */
     tls_auto_groups(server_ctx, var_tls_eecdh_auto, var_tls_ffdhe_auto);
     tls_auto_groups(sni_ctx, var_tls_eecdh_auto, var_tls_ffdhe_auto);
@@ -874,7 +876,8 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props)
     }
 
     /*
-     * When encryption is mandatory use the 80-bit plus OpenSSL security level.
+     * When encryption is mandatory use the 80-bit plus OpenSSL security
+     * level.
      */
     if (props->requirecert)
 	SSL_set_security_level(TLScontext->con, 1);

postfix/src/util/byte_mask.c

@@ -291,7 +291,7 @@ int     main(int argc, char **argv)
 	vstream_printf("%s -> 0x%x -> %s\n",
 		       STR(in_buf), demo_mask,
 		       demo_str ? demo_str : "(null)");
-	demo_mask <<=1;
+	demo_mask <<= 1;
 	demo_str = str_byte_mask_opt(out_buf, "mask", demo_table,
 				     demo_mask, out_feature_mask);
 	vstream_printf("0x%x -> %s\n",

postfix/src/util/cidr_match.h

@@ -29,9 +29,9 @@
   * strings should be.
   */
 #ifdef HAS_IPV6
-# define CIDR_MATCH_ABYTES	MAI_V6ADDR_BYTES
+#define CIDR_MATCH_ABYTES	MAI_V6ADDR_BYTES
 #else
-# define CIDR_MATCH_ABYTES	MAI_V4ADDR_BYTES
+#define CIDR_MATCH_ABYTES	MAI_V4ADDR_BYTES
 #endif
 
  /*

postfix/src/util/dup2_pass_on_exec.c

@@ -49,14 +49,14 @@ int     main(int unused_argc, char **unused_argv)
     DO((res = fcntl(3, F_GETFD, 0)));
     if (res & 1)
 	printf(
-"Yes, a newly dup2()ed file-descriptor has the close-on-exec \
+	       "Yes, a newly dup2()ed file-descriptor has the close-on-exec \
 flag cloned.\n\
 THIS VIOLATES Posix1003.1 section 6.2.1.2 or 6.5.2.2!\n\
 You should #define DUP2_DUPS_CLOSE_ON_EXEC in sys_defs.h \
 for your OS.\n");
     else
 	printf(
-"No, a newly dup2()ed file-descriptor has the close-on-exec \
+	       "No, a newly dup2()ed file-descriptor has the close-on-exec \
 flag cleared.\n\
 This complies with Posix1003.1 section 6.2.1.2 and 6.5.2.2!\n");
 

postfix/src/util/duplex_pipe.c

@@ -46,4 +46,3 @@ int     duplex_pipe(int *fds)
     return (sane_socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
 #endif
 }
-

postfix/src/util/exec_command.c

@@ -67,9 +67,9 @@ ABCDEFGHIJKLMNOPQRSTUVWXYZ" SPACE_TAB;
 	&& command[strspn(command, SPACE_TAB)] != 0) {
 
 	/*
-	 * No shell meta characters found, so we can try to avoid the overhead
-	 * of running a shell. Just split the command on whitespace and exec
-	 * the result directly.
+	 * No shell meta characters found, so we can try to avoid the
+	 * overhead of running a shell. Just split the command on whitespace
+	 * and exec the result directly.
 	 */
 	argv = argv_split(command, SPACE_TAB);
 	(void) execvp(argv->argv[0], argv->argv);

postfix/src/util/find_inet.c

@@ -192,7 +192,8 @@ struct test_case test_cases[] = {
     },
 };
 
-int main(int argc, char **argv) {
+int     main(int argc, char **argv)
+{
     struct test_case *tp;
     struct association *ap;
     int     pass = 0;

postfix/src/util/inet_connect.c

@@ -108,7 +108,6 @@ int     inet_connect(const char *addr, int block_mode, int timeout)
 	errno = EADDRNOTAVAIL;			/* for up-stream "%m" */
 	return (-1);
     }
-
     proto_info = inet_proto_info();
     for (sock = -1, found = 0, res = res0; res != 0; res = res->ai_next) {
 

postfix/src/util/load_file.h

@@ -14,7 +14,7 @@
  /*
   * External interface.
   */
-typedef void (*LOAD_FILE_FN)(VSTREAM *, void *);
+typedef void (*LOAD_FILE_FN) (VSTREAM *, void *);
 
 extern void load_file(const char *, LOAD_FILE_FN, void *);
 

postfix/src/util/load_lib.h

@@ -17,7 +17,7 @@
 /* NULL name terminates list */
 typedef struct LIB_FN {
     const char *name;
-    void  (*fptr)(void);
+    void    (*fptr) (void);
 } LIB_FN;
 
 typedef struct LIB_DP {

postfix/src/util/mac_expand.h

@@ -57,7 +57,7 @@ extern MAC_EXP_OP_RES mac_exp_op_res_bool[2];
 #define MAC_EXP_MODE_USE	(1)
 
 typedef const char *(*MAC_EXP_LOOKUP_FN) (const char *, int, void *);
-typedef MAC_EXP_OP_RES (*MAC_EXPAND_RELOP_FN) (const char *, int, const char *);
+typedef MAC_EXP_OP_RES(*MAC_EXPAND_RELOP_FN) (const char *, int, const char *);
 
 extern int mac_expand(VSTRING *, const char *, int, const char *, MAC_EXP_LOOKUP_FN, void *);
 void    mac_expand_add_relop(int *, const char *, MAC_EXPAND_RELOP_FN);

postfix/src/util/midna_domain.h

@@ -22,6 +22,7 @@ extern void midna_domain_pre_chroot(void);
 
 extern int midna_domain_cache_size;
 extern int midna_domain_transitional;
+
 /* LICENSE
 /* .ad
 /* .fi

postfix/src/util/mkmap_cdb.c

@@ -56,6 +56,7 @@
 MKMAP  *mkmap_cdb_open(const char *unused_path)
 {
     MKMAP  *mkmap = (MKMAP *) mymalloc(sizeof(*mkmap));
+
     mkmap->open = dict_cdb_open;
     mkmap->after_open = 0;
     mkmap->after_close = 0;

postfix/src/util/myaddrinfo.h

@@ -109,12 +109,12 @@ extern char *gai_strerror(int);
   * they suggest that space for the null terminator is not included.
   */
 #ifdef HAS_IPV6
-# define MAI_HOSTADDR_STRSIZE	INET6_ADDRSTRLEN
+#define MAI_HOSTADDR_STRSIZE	INET6_ADDRSTRLEN
 #else
-# ifndef INET_ADDRSTRLEN
-#  define INET_ADDRSTRLEN	16
-# endif
-# define MAI_HOSTADDR_STRSIZE	INET_ADDRSTRLEN
+#ifndef INET_ADDRSTRLEN
+#define INET_ADDRSTRLEN	16
+#endif
+#define MAI_HOSTADDR_STRSIZE	INET_ADDRSTRLEN
 #endif
 
 #define MAI_HOSTNAME_STRSIZE	1025

postfix/src/util/name_mask.c

@@ -316,7 +316,7 @@ const char *str_name_mask_opt(VSTRING *buf, const char *context,
 /* long_name_mask_delim_opt - compute mask corresponding to list of names */
 
 long    long_name_mask_delim_opt(const char *context,
-				         const LONG_NAME_MASK * table,
+				         const LONG_NAME_MASK *table,
 			               const char *names, const char *delim,
 				         int flags)
 {
@@ -378,7 +378,7 @@ long    long_name_mask_delim_opt(const char *context,
 /* str_long_name_mask_opt - mask to string */
 
 const char *str_long_name_mask_opt(VSTRING *buf, const char *context,
-				           const LONG_NAME_MASK * table,
+				           const LONG_NAME_MASK *table,
 				           long mask, int flags)
 {
     const char *myname = "name_mask";

postfix/src/util/open_limit.c

@@ -58,6 +58,7 @@ int     open_limit(int limit)
 {
 #ifdef RLIMIT_NOFILE
     struct rlimit rl;
+
 #endif
 
     if (limit < 0) {
@@ -97,4 +98,3 @@ int     open_limit(int limit)
     return (getdtablesize());
 #endif
 }
-

postfix/src/util/posix_signals.c

@@ -91,7 +91,7 @@ static int sighandle(int signum)
     actions[signum].sa_handler(signum);
 }
 
-int     sigaction(int sig, struct sigaction *act, struct sigaction *oact)
+int     sigaction(int sig, struct sigaction * act, struct sigaction * oact)
 {
     static int initialized = 0;
 

postfix/src/util/slmdb.c

@@ -281,8 +281,8 @@
   * closest thing that C has to exception handling). The application is then
   * expected to repeat the bulk transaction from scratch.
   * 
-  * When any code aborts a bulk transaction, it must reset slmdb->txn to null
-  * to avoid a use-after-free problem in slmdb_close().
+  * When any code aborts a bulk transaction, it must reset slmdb->txn to null to
+  * avoid a use-after-free problem in slmdb_close().
   */
 
  /*

postfix/src/util/strcasecmp.c

@@ -33,6 +33,7 @@
 
 #if defined(LIBC_SCCS) && !defined(lint)
 static char sccsid[] = "@(#)strcasecmp.c	8.1 (Berkeley) 6/4/93";
+
 #endif					/* LIBC_SCCS and not lint */
 
 #include <sys_defs.h>

postfix/src/util/stream_test.c

@@ -103,9 +103,11 @@ int     main(int argc, char **argv)
 	msg_fatal("close server fd");
     return (0);
 }
+
 #else
 int     main(int argc, char **argv)
 {
     return (0);
 }
+
 #endif

postfix/src/util/unix_dgram_connect.c

@@ -60,6 +60,7 @@
 int     unix_dgram_connect(const char *path, int block_mode)
 {
     const char myname[] = "unix_dgram_connect";
+
 #undef sun
     struct sockaddr_un sun;
     ssize_t path_len;

postfix/src/util/unix_dgram_listen.c

@@ -55,6 +55,7 @@
 int     unix_dgram_listen(const char *path, int block_mode)
 {
     const char myname[] = "unix_dgram_listen";
+
 #undef sun
     struct sockaddr_un sun;
     ssize_t path_len;
@@ -78,9 +79,9 @@ int     unix_dgram_listen(const char *path, int block_mode)
     if ((sock = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
 	msg_fatal("%s: socket: %m", myname);
     if (unlink(path) < 0 && errno != ENOENT)
-        msg_fatal( "remove %s: %m", path);
-    if (bind(sock, (struct sockaddr *) & sun, sizeof(sun)) < 0) 
-        msg_fatal( "bind: %s: %m", path);
+	msg_fatal("remove %s: %m", path);
+    if (bind(sock, (struct sockaddr *) &sun, sizeof(sun)) < 0)
+	msg_fatal("bind: %s: %m", path);
 #ifdef FCHMOD_UNIX_SOCKETS
     if (fchmod(sock, 0666) < 0)
 	msg_fatal("fchmod socket %s: %m", path);