postfix-3.1-20150913

postfix/HISTORY

@@ -21876,3 +21876,48 @@ Apologies for any names omitted.
 	TLS session tickets are supported as of OpenSSL 0.9.8h (May
 	2008).  Files: mantools/postlink, proto/TLS_README.html,
 	proto/postconf.proto.
+
+20150831
+
+	Cleanup: obsolete comments in Makefile.init.
+
+20150903
+
+	Workaround: disable DNSSEC support for AIX 7x and earlier.
+	The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
+	defining the "ad" bit.  Viktor Dukhovni.  Files: makedefs,
+	proto/INSTALL.html, dns/dns.h.
+
+20150912
+
+	Future-proofing and code cleanup: exploit GCC and Clang
+	"warn_unused_result" feature to flag missing error checks.
+	Files: util/sys_defs.h, util/attr.h, util/edit_file.h,
+	util/listen.h, util/lstat_as.h, util/mac_expand.h,
+	util/mac_parse.h, util/myaddrinfo.h, util/myflock.h,
+	util/sane_fsops.h, util/sane_socketpair.h, util/stat_as.h,
+	util/base32_code.h, util/base64_code.h, util/hex_code.h,
+	util/timed_wait.h, util/vstream.h, src/util/vstring_vstream.h.
+
+	Cleanup: incomplete error check. Found with WARN_UNUSED_RESULT
+	check. File: util/recv_pass_attr.c.
+
+	Future-proofing: added type mis-match detection for
+	ATTR_TYPE_FUNC function-pointer arguments. File: util/attr.h.
+
+	Cleanup: don't ignore seek-to-end-of-file errors.  File:
+	global/record.c.
+
+	Cleanup: use vstream_fpurge() to purge VSTREAM buffers,
+	instead of calling vstream_fseek() and ignoring ESPIPE
+	errors.  File: smtpstone/qmqp-sink.c.
+
+20150913
+
+	Feature: SMTPD policy service "policy_context" attribute
+	and smtpd_policy_service_policy_context main.cf parameter.
+	Originally, to share the same SMTPD service endpoint among
+	multiple check_policy_service clients. Markus Benning.
+	Files: mantools/postlink, proto/SMTPD_POLICY_README.html,
+	proto/postconf.proto, global/mail_params.h, global/mail_proto.h,
+	smtpd/smtpd.c, smtpd/smtpd_check.c.

postfix/INSTALL

@@ -539,6 +539,9 @@ The following is an extensive list of names and values.
 ||			       |probably should also override DEF_DB_TYPE as  |
 ||			       |described in section 4.6.		      |
 ||_____________________________|______________________________________________|
+||-DNO_DNSSEC		       |Do not build with DNSSEC support, even if the |
+||			       |resolver library appears to support it.       |
+||_____________________________|______________________________________________|
 ||			       |Do not build with Solaris /dev/poll support.  |
 ||-DNO_DEVPOLL		       |By default, /dev/poll support is compiled in  |
 ||			       |on Solaris versions that are known to support |

postfix/Makefile.init

@@ -1,7 +1,8 @@
 # Usage: 
-#	make makefiles [CC=compiler] [OPT=compiler-flags] [DEBUG=debug-flags]
+#	make makefiles [name=value]...
 #
-# The defaults are: CC=gcc, OPT=-O, and DEBUG=-g. Examples:
+# See makedefs for a descripton of available options.
+# Examples:
 #
 #	make makefiles
 #	make makefiles CC="purify cc"

postfix/README_FILES/INSTALL

@@ -539,6 +539,9 @@ The following is an extensive list of names and values.
 ||                             |probably should also override DEF_DB_TYPE as  |
 ||                             |described in section 4.6.                     |
 |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+||-DNO_DNSSEC                  |Do not build with DNSSEC support, even if the |
+||                             |resolver library appears to support it.       |
+|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 ||                             |Do not build with Solaris /dev/poll support.  |
 ||-DNO_DEVPOLL                 |By default, /dev/poll support is compiled in  |
 ||                             |on Solaris versions that are known to support |

postfix/README_FILES/SMTPD_POLICY_README

@@ -76,6 +76,8 @@ a delegated SMTPD access policy request:
     ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
     PPoossttffiixx vveerrssiioonn 33..00 aanndd llaatteerr::
     client_port=1234
+    PPoossttffiixx vveerrssiioonn 33..11 aanndd llaatteerr::
+    policy_context=submission
     [empty line]
 
 Notes:
@@ -145,6 +147,9 @@ Notes:
   * The "stress" attribute is either empty or "yes". See the STRESS_README
     document for further information.
 
+  * The "policy_context" attribute provides a way to pass information that is
+    not available via other attributes (Postfix version 3.1 and later).
+
 The following is specific to SMTPD delegated policy requests:
 
   * Protocol names are ESMTP or SMTP.
@@ -276,6 +281,12 @@ protocol:
     to resend a failed SMTPD policy service request. Available with Postfix 3.0
     and later.
 
+  * smtpd_policy_service_policy_context (default: empty): Optional information
+    that is passed in the "policy_context" attribute of an SMTPD policy service
+    request (originally, to share the same SMTPD service endpoint among
+    multiple check_policy_service clients). Available with Postfix 3.1 and
+    later.
+
 Configuration parameters that control the server side of the policy delegation
 protocol:
 

postfix/WISHLIST

@@ -13,6 +13,12 @@ Wish list:
 	Postfix 3.0: In the DNS client, save/restore h_errno in the
 	multi-query functions.
 
+	Specify WARN_UNUSED_RESULT for all library functions that
+	pass, deliver, bounce or defer a delivery request.
+
+	Specify WARN_UNUSED_RESULT for mac_expand(), after making
+	smtp_reply_footer() undoable.
+
 	Type-checking wrappers for htable(3), ctable(3) and other
 	modules that take and return a void* pointer.
 
@@ -22,9 +28,6 @@ Wish list:
 	relevant only for fingerprint-based authentication including
 	DANE, and affects logging, SMTPD policy, and Milters.
 
-	Exploit GCC 3.4+ __attribute__((warn_unused_result)) to
-	warn about unused function result values.
-
 	Generalize the daemon '-S' stand-alone mode, so that it can
 	be used with custom configuration files for request/reply
 	regression testing.

postfix/html/INSTALL.html

@@ -810,6 +810,10 @@ platforms that are known to support this feature. If you override
 this, then you probably should also override DEF_DB_TYPE as described
 in section 4.6.  </td> </tr>
 
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
 support is compiled in on Solaris versions that are known to support

postfix/html/SMTPD_POLICY_README.html

@@ -108,6 +108,8 @@ stress=
 ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
 <b>Postfix version 3.0 and later:</b>
 client_port=1234
+<b>Postfix version 3.1 and later:</b>
+policy_context=submission
 [empty line]
 </pre>
 </blockquote>
@@ -195,6 +197,10 @@ client_port=1234
     <li> <p> The "stress" attribute is either empty or "yes".  See
     the <a href="STRESS_README.html">STRESS_README</a> document for further information. </p>
 
+    <li> <p> The "policy_context" attribute provides a way to pass
+    information that is not available via other attributes (Postfix
+    version 3.1 and later). </p>
+
 </ul>
 
 <p> The following is specific to SMTPD delegated policy requests:
@@ -367,6 +373,12 @@ giving up.  Available with Postfix 3.0 and later.  </p>
 between attempts to resend a failed SMTPD policy service request.
 Available with Postfix 3.0 and later.  </p>
 
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (default: empty):
+Optional information that is passed in the "policy_context" attribute
+of an SMTPD policy service request (originally, to share the same
+SMTPD service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
+Available with Postfix 3.1 and later.  </p>
+
 </ul>
 
 <p> Configuration parameters that control the server side of the

postfix/html/postconf.5.html

@@ -2956,6 +2956,10 @@ returns the server response in an application buffer even if the
 requested record does not exist. If this promise is broken, specify
 "yes" to enable a  workaround for DNS reputation lookups. </p>
 
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
 
 </DD>
 
@@ -14633,6 +14637,21 @@ This feature is available in Postfix 2.1 and later.
 </p>
 
 
+</DD>
+
+<DT><b><a name="smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a>
+clients).  </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+
 </DD>
 
 <DT><b><a name="smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a>

postfix/html/smtpd.8.html

@@ -910,6 +910,14 @@ SMTPD(8)                                                              SMTPD(8)
               The  delay between attempts to resend a failed SMTPD policy ser-
               vice request.
 
+       Available in Postfix version 3.1 and later:
+
+       <b><a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (empty)</b>
+              Optional information that the Postfix SMTP server  specifies  in
+              the  "policy_context"  attribute  of  a  policy  service request
+              (originally, to share the same service endpoint  among  multiple
+              <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
+
 <b>ACCESS CONTROLS</b>
        The  <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
        server access control features.

postfix/makedefs

@@ -45,6 +45,9 @@
 #	Do not build with Solaris /dev/poll support.
 #	By default, /dev/poll support is compiled in on platforms that
 #	are known to support it.
+# .IP \fB-DNO_DNSSEC\fR
+#	Do not build with DNSSEC support, even if the resolver
+#	library appears to support it.
 # .IP \fB-DNO_EPOLL\fR
 #	Do not build with Linux EPOLL support.
 #	By default, EPOLL support is compiled in on platforms that
@@ -387,18 +390,21 @@ case "$SYSTEM.$RELEASE" in
 		;;
        AIX.*)	case "`uname -v`" in
 		6)	SYSTYPE=AIX6
+			CCARGS="$CCARGS -DNO_DNSSEC"
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
 			esac
 			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
 			;;
 		5)	SYSTYPE=AIX5
+			CCARGS="$CCARGS -DNO_DNSSEC"
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
 			esac
 			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
 			;;
 		4)	SYSTYPE=AIX4
+			CCARGS="$CCARGS -DNO_DNSSEC"
 			# How embarrassing...
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
@@ -406,6 +412,7 @@ case "$SYSTEM.$RELEASE" in
 			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
 			;;
 		3)	SYSTYPE=AIX3
+			CCARGS="$CCARGS -DNO_DNSSEC"
 			# How embarrassing...
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w";;

postfix/man/man5/postconf.5

@@ -1851,6 +1851,8 @@ promise that res_query() and res_search() invoke res_send(), which
 returns the server response in an application buffer even if the
 requested record does not exist. If this promise is broken, specify
 "yes" to enable a  workaround for DNS reputation lookups.
+.PP
+This feature is available in Postfix 3.1 and later.
 .SH dnsblog_reply_delay (default: 0s)
 A debugging aid to artificially delay DNS responses.
 .PP
@@ -9808,6 +9810,13 @@ The time after which an active SMTPD policy service connection is
 closed.
 .PP
 This feature is available in Postfix 2.1 and later.
+.SH smtpd_policy_service_policy_context (default: empty)
+Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients).
+.PP
+This feature is available in Postfix 3.1 and later.
 .SH smtpd_policy_service_request_limit (default: 0)
 The maximal number of requests per SMTPD policy service connection,
 or zero (no limit). Once a connection reaches this limit, the

postfix/man/man8/smtpd.8

@@ -807,6 +807,13 @@ request before giving up.
 .IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
 The delay between attempts to resend a failed SMTPD policy
 service request.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
+Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients).
 .SH "ACCESS CONTROLS"
 .na
 .nf

postfix/mantools/postlink

@@ -557,6 +557,7 @@ while (<>) {
     s;\bsmtpd_policy_service_default_action\b;<a href="postconf.5.html#smtpd_policy_service_default_action">$&</a>;g;
     s;\bsmtpd_policy_service_try_limit\b;<a href="postconf.5.html#smtpd_policy_service_try_limit">$&</a>;g;
     s;\bsmtpd_policy_service_retry_delay\b;<a href="postconf.5.html#smtpd_policy_service_retry_delay">$&</a>;g;
+    s;\bsmtpd_policy_service_policy_context\b;<a href="postconf.5.html#smtpd_policy_service_policy_context">$&</a>;g;
     s;\bsmtpd_proxy_ehlo\b;<a href="postconf.5.html#smtpd_proxy_ehlo">$&</a>;g;
     s;\bsmtpd_proxy_filter\b;<a href="postconf.5.html#smtpd_proxy_filter">$&</a>;g;
     s;\bsmtpd_proxy_timeout\b;<a href="postconf.5.html#smtpd_proxy_timeout">$&</a>;g;

postfix/proto/INSTALL.html

@@ -810,6 +810,10 @@ platforms that are known to support this feature. If you override
 this, then you probably should also override DEF_DB_TYPE as described
 in section 4.6.  </td> </tr>
 
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
 support is compiled in on Solaris versions that are known to support

postfix/proto/SMTPD_POLICY_README.html

@@ -108,6 +108,8 @@ stress=
 ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
 <b>Postfix version 3.0 and later:</b>
 client_port=1234
+<b>Postfix version 3.1 and later:</b>
+policy_context=submission
 [empty line]
 </pre>
 </blockquote>
@@ -195,6 +197,10 @@ client_port=1234
     <li> <p> The "stress" attribute is either empty or "yes".  See
     the STRESS_README document for further information. </p>
 
+    <li> <p> The "policy_context" attribute provides a way to pass
+    information that is not available via other attributes (Postfix
+    version 3.1 and later). </p>
+
 </ul>
 
 <p> The following is specific to SMTPD delegated policy requests:
@@ -367,6 +373,12 @@ giving up.  Available with Postfix 3.0 and later.  </p>
 between attempts to resend a failed SMTPD policy service request.
 Available with Postfix 3.0 and later.  </p>
 
+<li> <p> smtpd_policy_service_policy_context (default: empty):
+Optional information that is passed in the "policy_context" attribute
+of an SMTPD policy service request (originally, to share the same
+SMTPD service endpoint among multiple check_policy_service clients).
+Available with Postfix 3.1 and later.  </p>
+
 </ul>
 
 <p> Configuration parameters that control the server side of the

postfix/proto/postconf.proto

@@ -16550,3 +16550,18 @@ promise that res_query() and res_search() invoke res_send(), which
 returns the server response in an application buffer even if the
 requested record does not exist. If this promise is broken, specify
 "yes" to enable a  workaround for DNS reputation lookups. </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+%PARAM smtpd_policy_service_policy_context
+
+<p> Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients).  </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>

postfix/src/dns/dns.h

@@ -52,6 +52,13 @@
 	(cp) += 4; \
 }
 
+#endif
+
+/*
+ * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
+ */
+#ifdef DISABLE_DNSSEC
+#undef RES_USE_DNSSEC
 #endif
 
  /*

postfix/src/global/mail_params.h

@@ -2967,6 +2967,10 @@ extern int var_smtpd_policy_try_delay;
 #define DEF_SMTPD_POLICY_DEF_ACTION	"451 4.3.5 Server configuration problem"
 extern char *var_smtpd_policy_def_action;
 
+#define VAR_SMTPD_POLICY_CONTEXT	"smtpd_policy_service_policy_context"
+#define DEF_SMTPD_POLICY_CONTEXT	""
+extern char *var_smtpd_policy_context;
+
 #define CHECK_POLICY_SERVICE		"check_policy_service"
 
  /*

postfix/src/global/mail_proto.h

@@ -161,6 +161,7 @@ extern char *mail_pathname(const char *, const char *);
 #define MAIL_ATTR_STRESS	"stress"
 #define MAIL_ATTR_LOG_IDENT	"log_ident"
 #define MAIL_ATTR_RWR_CONTEXT	"rewrite_context"
+#define MAIL_ATTR_POL_CONTEXT	"policy_context"
 
 #define MAIL_ATTR_RWR_LOCAL	"local"
 #define MAIL_ATTR_RWR_REMOTE	"remote"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20150829"
+#define MAIL_RELEASE_DATE	"20150913"
 #define MAIL_VERSION_NUMBER	"3.1"
 
 #ifdef SNAPSHOT

postfix/src/global/record.c

@@ -177,6 +177,7 @@ int     rec_put_type(VSTREAM *stream, int type, off_t offset)
 
     if (vstream_fseek(stream, offset, SEEK_SET) < 0
 	|| VSTREAM_PUTC(type, stream) != type) {
+	msg_warn("%s: seek or write error", VSTREAM_PATH(stream));
 	return (REC_TYPE_ERROR);
     } else {
 	return (type);
@@ -304,8 +305,12 @@ int     rec_get_raw(VSTREAM *stream, VSTRING *buf, ssize_t maxsize, int flags)
 	    continue;
 	if (type == REC_TYPE_DTXT && (flags & REC_FLAG_SKIP_DTXT) != 0)
 	    continue;
-	if (type == REC_TYPE_END && (flags & REC_FLAG_SEEK_END) != 0)
-	    (void) vstream_fseek(stream, (off_t) 0, SEEK_END);
+	if (type == REC_TYPE_END && (flags & REC_FLAG_SEEK_END) != 0
+	    && vstream_fseek(stream, (off_t) 0, SEEK_END) < 0) {
+	    msg_warn("%s: seek error after reading END record: %m",
+		     VSTREAM_PATH(stream));
+	    return (REC_TYPE_ERROR);
+	}
 	break;
     }
     return (type);

postfix/src/smtpd/smtpd.c

@@ -757,6 +757,13 @@
 /* .IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
 /*	The delay between attempts to resend a failed SMTPD policy
 /*	service request.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
+/*	Optional information that the Postfix SMTP server specifies in
+/*	the "policy_context" attribute of a policy service request (originally,
+/*	to share the same service endpoint among multiple check_policy_service
+/*	clients).
 /* ACCESS CONTROLS
 /* .ad
 /* .fi
@@ -1272,6 +1279,7 @@ int     var_smtpd_policy_req_limit;
 int     var_smtpd_policy_try_limit;
 int     var_smtpd_policy_try_delay;
 char   *var_smtpd_policy_def_action;
+char   *var_smtpd_policy_context;
 int     var_smtpd_policy_idle;
 int     var_smtpd_policy_ttl;
 char   *var_xclient_hosts;
@@ -5774,6 +5782,7 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log, 0, 0,
 	VAR_SMTPD_UPROXY_PROTO, DEF_SMTPD_UPROXY_PROTO, &var_smtpd_uproxy_proto, 0, 0,
 	VAR_SMTPD_POLICY_DEF_ACTION, DEF_SMTPD_POLICY_DEF_ACTION, &var_smtpd_policy_def_action, 1, 0,
+	VAR_SMTPD_POLICY_CONTEXT, DEF_SMTPD_POLICY_CONTEXT, &var_smtpd_policy_context, 0, 0,
 	VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
 	0,
     };

postfix/src/smtpd/smtpd_check.c

@@ -462,6 +462,7 @@ double  smtpd_space_multf = 1.5;
 typedef struct {
     ATTR_CLNT *client;			/* client handle */
     char   *def_action;			/* default action */
+    char   *policy_context;		/* context of policy request */
 } SMTPD_POLICY_CLNT;
 
  /*
@@ -483,6 +484,7 @@ static ATTR_OVER_INT int_table[] = {
 };
 static ATTR_OVER_STR str_table[] = {
     21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
+    21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
     0,
 };
 
@@ -498,6 +500,7 @@ static ATTR_OVER_STR str_table[] = {
 #define smtpd_policy_try_limit_offset	1
 
 #define smtpd_policy_def_action_offset	0
+#define smtpd_policy_context_offset	1
 
 /* policy_client_register - register policy service endpoint */
 
@@ -527,6 +530,7 @@ static void policy_client_register(const char *name)
 	int     smtpd_policy_req_limit = var_smtpd_policy_req_limit;
 	int     smtpd_policy_try_limit = var_smtpd_policy_try_limit;
 	const char *smtpd_policy_def_action = var_smtpd_policy_def_action;
+	const char *smtpd_policy_context = var_smtpd_policy_context;
 
 	link_override_table_to_variable(time_table, smtpd_policy_tmout);
 	link_override_table_to_variable(time_table, smtpd_policy_idle);
@@ -535,6 +539,7 @@ static void policy_client_register(const char *name)
 	link_override_table_to_variable(int_table, smtpd_policy_req_limit);
 	link_override_table_to_variable(int_table, smtpd_policy_try_limit);
 	link_override_table_to_variable(str_table, smtpd_policy_def_action);
+	link_override_table_to_variable(str_table, smtpd_policy_context);
 
 	if (*name == parens[0]) {
 	    cp = saved_name = mystrdup(name);
@@ -553,11 +558,12 @@ static void policy_client_register(const char *name)
 	if (msg_verbose)
 	    msg_info("%s: name=\"%s\" default_action=\"%s\" max_idle=%d "
 		     "max_ttl=%d request_limit=%d retry_delay=%d "
-		     "timeout=%d try_limit=%d",
+		     "timeout=%d try_limit=%d policy_context=\"%s\"",
 		     myname, policy_name, smtpd_policy_def_action,
 		     smtpd_policy_idle, smtpd_policy_ttl,
 		     smtpd_policy_req_limit, smtpd_policy_try_delay,
-		     smtpd_policy_tmout, smtpd_policy_try_limit);
+		     smtpd_policy_tmout, smtpd_policy_try_limit,
+		     smtpd_policy_context);
 
 	/*
 	 * Create the client.
@@ -574,6 +580,7 @@ static void policy_client_register(const char *name)
 			  ATTR_CLNT_CTL_TRY_DELAY, smtpd_policy_try_delay,
 			  ATTR_CLNT_CTL_END);
 	policy_client->def_action = mystrdup(smtpd_policy_def_action);
+	policy_client->policy_context = mystrdup(smtpd_policy_context);
 	htable_enter(policy_clnt_table, name, (void *) policy_client);
 	if (saved_name)
 	    myfree(saved_name);
@@ -3950,6 +3957,8 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
 			  SEND_ATTR_INT(MAIL_ATTR_CRYPTO_KEYSIZE,
 		       IF_ENCRYPTED(state->tls_context->cipher_usebits, 0)),
 #endif
+			  SEND_ATTR_STR(MAIL_ATTR_POL_CONTEXT,
+					policy_clnt->policy_context),
 			  ATTR_TYPE_END,
 			  ATTR_FLAG_MISSING,	/* Reply attributes. */
 			  RECV_ATTR_STR(MAIL_ATTR_ACTION, action),
@@ -5447,6 +5456,7 @@ char   *var_relay_ccerts = "";
 char   *var_mynetworks = "";
 char   *var_notify_classes = "";
 char   *var_smtpd_policy_def_action = "";
+char   *var_smtpd_policy_context = "";
 
  /*
   * String-valued configuration parameters.

postfix/src/smtpstone/qmqp-sink.c

@@ -135,7 +135,7 @@ static void read_data(int unused_event, void *context)
 	    send_reply(state);
 	    return;
 	}
-	vstream_fseek(state->stream, 0L, 0);
+	vstream_fpurge(state->stream, VSTREAM_PURGE_BOTH);
     }
 
     /*

postfix/src/util/attr.h

@@ -25,6 +25,14 @@
 #include <nvtable.h>
 #include <check_arg.h>
 
+ /*
+  * Delegation for better data abstraction.
+  */
+typedef int (*ATTR_SCAN_MASTER_FN) (VSTREAM *, int,...);
+typedef int (*ATTR_SCAN_SLAVE_FN) (ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
+typedef int (*ATTR_PRINT_MASTER_FN) (VSTREAM *, int,...);
+typedef int (*ATTR_PRINT_SLAVE_FN) (ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
+
  /*
   * Attribute types. See attr_scan(3) for documentation.
   */
@@ -58,7 +66,7 @@
 #define SEND_ATTR_NV(val)		ATTR_TYPE_NV, CHECK_CPTR(ATTR, NVTABLE, (val))
 #define SEND_ATTR_LONG(name, val)	ATTR_TYPE_LONG, CHECK_CPTR(ATTR, char, (name)), CHECK_VAL(ATTR, long, (val))
 #define SEND_ATTR_DATA(name, len, val)	ATTR_TYPE_DATA, CHECK_CPTR(ATTR, char, (name)), CHECK_VAL(ATTR, ssize_t, (len)), CHECK_CPTR(ATTR, void, (val))
-#define SEND_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, (func), CHECK_CPTR(ATTR, void, (val))
+#define SEND_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, CHECK_VAL(ATTR, ATTR_PRINT_SLAVE_FN, (func)), CHECK_CPTR(ATTR, void, (val))
 
 #define RECV_ATTR_INT(name, val)	ATTR_TYPE_INT, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, int, (val))
 #define RECV_ATTR_STR(name, val)	ATTR_TYPE_STR, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, VSTRING, (val))
@@ -66,7 +74,7 @@
 #define RECV_ATTR_NV(val)		ATTR_TYPE_NV, CHECK_PTR(ATTR, NVTABLE, (val))
 #define RECV_ATTR_LONG(name, val)	ATTR_TYPE_LONG, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, long, (val))
 #define RECV_ATTR_DATA(name, val)	ATTR_TYPE_DATA, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, VSTRING, (val))
-#define RECV_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, (func), CHECK_PTR(ATTR, void, (val))
+#define RECV_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, CHECK_VAL(ATTR, ATTR_SCAN_SLAVE_FN, (func)), CHECK_PTR(ATTR, void, (val))
 
 CHECK_VAL_HELPER_DCL(ATTR, ssize_t);
 CHECK_VAL_HELPER_DCL(ATTR, long);
@@ -81,6 +89,8 @@ CHECK_CPTR_HELPER_DCL(ATTR, void);
 CHECK_CPTR_HELPER_DCL(ATTR, char);
 CHECK_CPTR_HELPER_DCL(ATTR, NVTABLE);
 CHECK_CPTR_HELPER_DCL(ATTR, HTABLE);
+CHECK_VAL_HELPER_DCL(ATTR, ATTR_PRINT_SLAVE_FN);
+CHECK_VAL_HELPER_DCL(ATTR, ATTR_SCAN_SLAVE_FN);
 
  /*
   * Flags that control processing. See attr_scan(3) for documentation.
@@ -93,14 +103,6 @@ CHECK_CPTR_HELPER_DCL(ATTR, HTABLE);
 #define ATTR_FLAG_STRICT	(ATTR_FLAG_MISSING | ATTR_FLAG_EXTRA)
 #define ATTR_FLAG_ALL		(07)
 
- /*
-  * Delegation for better data abstraction.
-  */
-typedef int (*ATTR_SCAN_MASTER_FN) (VSTREAM *, int,...);
-typedef int (*ATTR_SCAN_SLAVE_FN) (ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
-typedef int (*ATTR_PRINT_MASTER_FN) (VSTREAM *, int,...);
-typedef int (*ATTR_PRINT_SLAVE_FN) (ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
-
  /*
   * Default to null-terminated, as opposed to base64-encoded.
   */
@@ -118,8 +120,8 @@ extern int attr_vprint64(VSTREAM *, int, va_list);
  /*
   * attr_scan64.c.
   */
-extern int attr_scan64(VSTREAM *, int,...);
-extern int attr_vscan64(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan64(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan64(VSTREAM *, int, va_list);
 
  /*
   * attr_print0.c.
@@ -130,8 +132,8 @@ extern int attr_vprint0(VSTREAM *, int, va_list);
  /*
   * attr_scan0.c.
   */
-extern int attr_scan0(VSTREAM *, int,...);
-extern int attr_vscan0(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan0(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan0(VSTREAM *, int, va_list);
 
  /*
   * attr_scan_plain.c.
@@ -142,8 +144,8 @@ extern int attr_vprint_plain(VSTREAM *, int, va_list);
  /*
   * attr_print_plain.c.
   */
-extern int attr_scan_plain(VSTREAM *, int,...);
-extern int attr_vscan_plain(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan_plain(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan_plain(VSTREAM *, int, va_list);
 
 
  /*

postfix/src/util/base32_code.h

@@ -20,7 +20,7 @@
   * External interface.
   */
 extern VSTRING *base32_encode(VSTRING *, const char *, ssize_t);
-extern VSTRING *base32_decode(VSTRING *, const char *, ssize_t);
+extern VSTRING *WARN_UNUSED_RESULT base32_decode(VSTRING *, const char *, ssize_t);
 
 /* LICENSE
 /* .ad

postfix/src/util/base64_code.h

@@ -20,7 +20,7 @@
   * External interface.
   */
 extern VSTRING *base64_encode_opt(VSTRING *, const char *, ssize_t, int);
-extern VSTRING *base64_decode_opt(VSTRING *, const char *, ssize_t, int);
+extern VSTRING *WARN_UNUSED_RESULT base64_decode_opt(VSTRING *, const char *, ssize_t, int);
 
 #define BASE64_FLAG_NONE	0
 #define BASE64_FLAG_APPEND	(1<<0)

postfix/src/util/edit_file.h

@@ -31,7 +31,7 @@ typedef struct {
 #define EDIT_FILE_SUFFIX ".tmp"
 
 extern EDIT_FILE *edit_file_open(const char *, int, mode_t);
-extern int edit_file_close(EDIT_FILE *);
+extern int WARN_UNUSED_RESULT edit_file_close(EDIT_FILE *);
 extern void edit_file_cleanup(EDIT_FILE *);
 
 /* LICENSE

postfix/src/util/hex_code.h

@@ -20,7 +20,7 @@
   * External interface.
   */
 extern VSTRING *hex_encode(VSTRING *, const char *, ssize_t);
-extern VSTRING *hex_decode(VSTRING *, const char *, ssize_t);
+extern VSTRING *WARN_UNUSED_RESULT hex_decode(VSTRING *, const char *, ssize_t);
 
 /* LICENSE
 /* .ad

postfix/src/util/host_port.h

@@ -13,7 +13,8 @@
 
  /* External interface. */
 
-extern const char *host_port(char *, char **, char *, char **, char *);
+extern const char *WARN_UNUSED_RESULT host_port(char *, char **, char *,
+						        char **, char *);
 
 /* LICENSE
 /* .ad

postfix/src/util/listen.h

@@ -29,7 +29,7 @@ extern int inet_accept(int);
 extern int unix_accept(int);
 extern int stream_accept(int);
 
-extern int recv_pass_attr(int, HTABLE **, int, ssize_t);
+extern int WARN_UNUSED_RESULT recv_pass_attr(int, HTABLE **, int, ssize_t);
 extern int pass_accept(int);
 extern int pass_accept_attr(int, HTABLE **);
 

postfix/src/util/lstat_as.h

@@ -14,7 +14,7 @@
 
  /* External interface. */
 
-extern int lstat_as(const char *, struct stat *, uid_t, gid_t);
+extern int WARN_UNUSED_RESULT lstat_as(const char *, struct stat *, uid_t, gid_t);
 
 /* LICENSE
 /* .ad

postfix/src/util/mac_parse.h

@@ -30,7 +30,7 @@
 
 typedef int (*MAC_PARSE_FN) (int, VSTRING *, void *);
 
-extern int mac_parse(const char *, MAC_PARSE_FN, void *);
+extern int WARN_UNUSED_RESULT mac_parse(const char *, MAC_PARSE_FN, void *);
 
 /* LICENSE
 /* .ad

postfix/src/util/myaddrinfo.h

@@ -154,14 +154,14 @@ typedef struct {
     char    buf[MAI_SERVPORT_STRSIZE];
 } MAI_SERVPORT_STR;
 
-extern int hostname_to_sockaddr_pf(const char *, int, const char *, int,
-				           struct addrinfo **);
-extern int hostaddr_to_sockaddr(const char *, const char *, int,
-				        struct addrinfo **);
-extern int sockaddr_to_hostaddr(const struct sockaddr *, SOCKADDR_SIZE,
-		               MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
-extern int sockaddr_to_hostname(const struct sockaddr *, SOCKADDR_SIZE,
-		               MAI_HOSTNAME_STR *, MAI_SERVNAME_STR *, int);
+extern int WARN_UNUSED_RESULT hostname_to_sockaddr_pf(const char *,
+			        int, const char *, int, struct addrinfo **);
+extern int WARN_UNUSED_RESULT hostaddr_to_sockaddr(const char *,
+			             const char *, int, struct addrinfo **);
+extern int WARN_UNUSED_RESULT sockaddr_to_hostaddr(const struct sockaddr *,
+	        SOCKADDR_SIZE, MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
+extern int WARN_UNUSED_RESULT sockaddr_to_hostname(const struct sockaddr *,
+	        SOCKADDR_SIZE, MAI_HOSTNAME_STR *, MAI_SERVNAME_STR *, int);
 extern void myaddrinfo_control(int,...);
 
 #define MAI_CTL_END	0		/* list terminator */

postfix/src/util/myflock.h

@@ -14,7 +14,7 @@
  /*
   * External interface.
   */
-extern int myflock(int, int, int);
+extern int WARN_UNUSED_RESULT myflock(int, int, int);
 
  /*
   * Lock styles.

postfix/src/util/recv_pass_attr.c

@@ -13,7 +13,7 @@
 /*	ssize_t	bufsize;
 /* DESCRIPTION
 /*	recv_pass_attr() receives named attributes over the specified
-/*	The result value is zero for success, -1 for error.
+/*	descriptor. The result value is zero for success, -1 for error.
 /*
 /*	Arguments:
 /* .IP fd
@@ -21,7 +21,7 @@
 /* .IP attr
 /*	Pointer to attribute list pointer. The target is set to
 /*	zero on error or when the received attribute list is empty,
-/*	ohterwise it is assigned a pointer to non-empty attribute
+/*	otherwise it is assigned a pointer to non-empty attribute
 /*	list.
 /* .IP timeout
 /*	The deadline for receiving all attributes.
@@ -70,10 +70,10 @@ int     recv_pass_attr(int fd, HTABLE **attr, int timeout, ssize_t bufsize)
 		    CA_VSTREAM_CTL_TIMEOUT(timeout),
 		    CA_VSTREAM_CTL_START_DEADLINE,
 		    CA_VSTREAM_CTL_END);
-    (void) attr_scan(fp, ATTR_FLAG_NONE,
+    stream_err = (attr_scan(fp, ATTR_FLAG_NONE,
 			    ATTR_TYPE_HASH, *attr = htable_create(1),
-		     ATTR_TYPE_END);
-    stream_err = (vstream_feof(fp) || vstream_ferror(fp));
+			    ATTR_TYPE_END) < 0
+		  || vstream_feof(fp) || vstream_ferror(fp));
     vstream_fdclose(fp);
 
     /*

postfix/src/util/sane_fsops.h

@@ -13,8 +13,8 @@
 
  /* External interface. */
 
-extern int sane_rename(const char *, const char *);
-extern int sane_link(const char *, const char *);
+extern int WARN_UNUSED_RESULT sane_rename(const char *, const char *);
+extern int WARN_UNUSED_RESULT sane_link(const char *, const char *);
 
 /* LICENSE
 /* .ad

postfix/src/util/sane_socketpair.h

@@ -13,7 +13,7 @@
 
  /* External interface. */
 
-extern int sane_socketpair(int, int, int, int *);
+extern int WARN_UNUSED_RESULT sane_socketpair(int, int, int, int *);
 
 /* LICENSE
 /* .ad

postfix/src/util/stat_as.h

@@ -14,7 +14,7 @@
 
  /* External interface. */
 
-extern int stat_as(const char *, struct stat *, uid_t, gid_t);
+extern int WARN_UNUSED_RESULT stat_as(const char *, struct stat *, uid_t, gid_t);
 
 /* LICENSE
 /* .ad

postfix/src/util/stringops.h

@@ -45,10 +45,10 @@ extern int alldig(const char *);
 extern int allprint(const char *);
 extern int allspace(const char *);
 extern int allascii_len(const char *, ssize_t);
-extern const char *split_nameval(char *, char **, char **);
+extern const char *WARN_UNUSED_RESULT split_nameval(char *, char **, char **);
 extern int valid_utf8_string(const char *, ssize_t);
 extern size_t balpar(const char *, const char *);
-extern char *extpar(char **, const char *, int);
+extern char *WARN_UNUSED_RESULT extpar(char **, const char *, int);
 extern int strcasecmp_utf8x(int, const char *, const char *);
 extern int strncasecmp_utf8x(int, const char *, const char *, ssize_t);
 

postfix/src/util/sys_defs.h

@@ -1645,6 +1645,28 @@ typedef int pid_t;
 #define EXPECTED(x)	(x)
 #define UNEXPECTED(x)	(x)
 #endif
+#endif
+
+ /*
+  * Warn about ignored function result values that must never be ignored.
+  * Typically, this is for error results from "read" functions that normally
+  * write to output parameters (for example, stat- or scanf-like functions)
+  * or from functions that have other useful side effects (for example,
+  * fseek- or rename-like functions).
+  * 
+  * DO NOT use this for functions that write to a stream; it is entirely
+  * legitimate to detect write errors with fflush() or fclose() only. On the
+  * other hand most (but not all) functions that read from a stream must
+  * never ignore result values.
+  * 
+  * XXX Prepending "(void)" won't shut up GCC. Clang behaves as expected.
+  */
+#if ((__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || __GNUC__ > 3)
+#define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+#elif defined(__clang__) && __has_attribute(warn_unused_result)
+#define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+#else
+#define WARN_UNUSED_RESULT
 #endif
 
  /*

postfix/src/util/timed_wait.h

@@ -14,7 +14,7 @@
  /*
   * External interface.
   */
-extern int timed_waitpid(pid_t, WAIT_STATUS_T *, int, int);
+extern int WARN_UNUSED_RESULT timed_waitpid(pid_t, WAIT_STATUS_T *, int, int);
 
 /* LICENSE
 /* .ad

postfix/src/util/vstream.h

@@ -93,7 +93,7 @@ extern VSTREAM vstream_fstd[];		/* pre-defined streams */
 
 extern VSTREAM *vstream_fopen(const char *, int, mode_t);
 extern int vstream_fclose(VSTREAM *);
-extern off_t vstream_fseek(VSTREAM *, off_t, int);
+extern off_t WARN_UNUSED_RESULT vstream_fseek(VSTREAM *, off_t, int);
 extern off_t vstream_ftell(VSTREAM *);
 extern int vstream_fpurge(VSTREAM *, int);
 extern int vstream_fflush(VSTREAM *);

postfix/src/util/vstring_vstream.h

@@ -19,12 +19,12 @@
  /*
   * External interface.
   */
-extern int vstring_get(VSTRING *, VSTREAM *);
-extern int vstring_get_nonl(VSTRING *, VSTREAM *);
-extern int vstring_get_null(VSTRING *, VSTREAM *);
-extern int vstring_get_bound(VSTRING *, VSTREAM *, ssize_t);
-extern int vstring_get_nonl_bound(VSTRING *, VSTREAM *, ssize_t);
-extern int vstring_get_null_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_nonl(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_null(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_nonl_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_null_bound(VSTRING *, VSTREAM *, ssize_t);
 
  /*
   * Backwards compatibility for code that still uses the vstring_fgets()