diff --git a/postfix/HISTORY b/postfix/HISTORY
index 43198443a..56d7756d9 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -26995,3 +26995,22 @@ Apologies for any names omitted.
form "name = value" instead of the expected "name=value".
Found during code maintenance. Also refined an "empty name"
check. Files: clean_env.c, split_nameval.c.
+
+20230402
+
+ Cleanup: changed the DNS_RR data structure so that it remains
+ ABI-compatible when new fields are added at the end. This
+ avoids crashing programs that are started while Postfix is
+ being updated. However, *this* specific change cannot be
+ ABI-compatible. Files: dns/dns_rr.c.
+
+ Cleanup: added missing Valgrind test support. Files:
+ dns/Makefile.in, util/Makefile.in.
+
+ Documentation: fixed a `whitelist' instance in the postscreen(8)
+ manpage. File: postscreen/postscreen.c.
+
+ Cleanup: support for multiline entities in match lists, for
+ example, inline maps. Added Valgrind support to the namadr_list
+ unit test. Files: util/match_list.c, global/namadr_list.in,
+ util/Makefile.in.
diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html
index b81ba76ca..3511a9cab 100644
--- a/postfix/html/postscreen.8.html
+++ b/postfix/html/postscreen.8.html
@@ -177,8 +177,10 @@ POSTSCREEN(8) POSTSCREEN(8)
the postscreen(8) cache between primary and backup MTAs, which would
introduce a common point of failure.
- postscreen_whitelist_interfaces (static:all)
- Renamed to postscreen_allowlist_interfaces in Postfix 3.6.
+ postscreen_allowlist_interfaces (static:all)
+ A list of local postscreen(8) server IP addresses where a
+ non-allowlisted remote SMTP client can obtain postscreen(8)'s
+ temporary allowlist status.
BEFORE 220 GREETING TESTS
These tests are executed before the remote SMTP client receives the
diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8
index 0687a5e14..556a8652d 100644
--- a/postfix/man/man8/postscreen.8
+++ b/postfix/man/man8/postscreen.8
@@ -198,8 +198,10 @@ this requires configuring primary and backup MX addresses
on the same MTA. Larger sites would have to share the
\fBpostscreen\fR(8) cache between primary and backup MTAs,
which would introduce a common point of failure.
-.IP "\fBpostscreen_whitelist_interfaces (static:all)\fR"
-Renamed to postscreen_allowlist_interfaces in Postfix 3.6.
+.IP "\fBpostscreen_allowlist_interfaces (static:all)\fR"
+A list of local \fBpostscreen\fR(8) server IP addresses where a
+non\-allowlisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary
+allowlist status.
.SH "BEFORE 220 GREETING TESTS"
.na
.nf
diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history
index 602285f0e..9f05f29e3 100644
--- a/postfix/proto/stop.double-history
+++ b/postfix/proto/stop.double-history
@@ -38,3 +38,4 @@ proto proto SASL_README html proto SQLITE_README html
util net_mask_top hc smtpd smtpd c smtpd smtpd_peer c
util inet_prefix_top hc smtpd smtpd c smtpd smtpd_peer c
File smtp smtp h
+ manpage File postscreen postscreen c
diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history
index c248a4c8c..669c2e3f9 100644
--- a/postfix/proto/stop.spell-history
+++ b/postfix/proto/stop.spell-history
@@ -52,3 +52,4 @@ soho
Aleksandr
Stankevic
Gallagher
+Valgrind
diff --git a/postfix/proto/stop.spell-proto-html b/postfix/proto/stop.spell-proto-html
index 6d0cb20c7..191224080 100644
--- a/postfix/proto/stop.spell-proto-html
+++ b/postfix/proto/stop.spell-proto-html
@@ -356,3 +356,4 @@ ffdhe
kDHE
srv
wraptls
+api
diff --git a/postfix/src/dns/Makefile.in b/postfix/src/dns/Makefile.in
index 795f9ba2a..3ebf75f81 100644
--- a/postfix/src/dns/Makefile.in
+++ b/postfix/src/dns/Makefile.in
@@ -100,62 +100,62 @@ dns_rr_eq_sa: $(LIB) $(LIBS)
mv junk $@.o
dns_rr_to_pa_test: dns_rr_to_pa dns_rr_to_pa.in dns_rr_to_pa.ref
- $(SHLIB_ENV) ./dns_rr_to_pa `cat dns_rr_to_pa.in` >dns_rr_to_pa.tmp
+ $(SHLIB_ENV) $(VALGRIND) ./dns_rr_to_pa `cat dns_rr_to_pa.in` >dns_rr_to_pa.tmp
diff dns_rr_to_pa.ref dns_rr_to_pa.tmp
rm -f dns_rr_to_pa.tmp
dns_rr_to_sa_test: dns_rr_to_sa dns_rr_to_sa.in dns_rr_to_sa.ref
- $(SHLIB_ENV) ./dns_rr_to_sa `cat dns_rr_to_sa.in` >dns_rr_to_sa.tmp
+ $(SHLIB_ENV) $(VALGRIND) ./dns_rr_to_sa `cat dns_rr_to_sa.in` >dns_rr_to_sa.tmp
diff dns_rr_to_sa.ref dns_rr_to_sa.tmp
rm -f dns_rr_to_sa.tmp
dns_sa_to_rr_test: dns_sa_to_rr dns_sa_to_rr.in dns_sa_to_rr.ref
- $(SHLIB_ENV) ./dns_sa_to_rr `cat dns_sa_to_rr.in` >dns_sa_to_rr.tmp
+ $(SHLIB_ENV) $(VALGRIND) ./dns_sa_to_rr `cat dns_sa_to_rr.in` >dns_sa_to_rr.tmp
diff dns_sa_to_rr.ref dns_sa_to_rr.tmp
rm -f dns_sa_to_rr.tmp
dns_rr_eq_sa_test: dns_rr_eq_sa dns_rr_eq_sa.in dns_rr_eq_sa.ref
- $(SHLIB_ENV) ./dns_rr_eq_sa `cat dns_rr_eq_sa.in` >dns_rr_eq_sa.tmp
+ $(SHLIB_ENV) $(VALGRIND) ./dns_rr_eq_sa `cat dns_rr_eq_sa.in` >dns_rr_eq_sa.tmp
diff dns_rr_eq_sa.ref dns_rr_eq_sa.tmp
rm -f dns_rr_eq_sa.tmp
no-a-test: no-a.reg test_dns_lookup no-a.ref
- $(SHLIB_ENV) ./test_dns_lookup -f regexp:no-a.reg a,aaaa spike.porcupine.org >test_dns_lookup.tmp 2>&1
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -f regexp:no-a.reg a,aaaa spike.porcupine.org >test_dns_lookup.tmp 2>&1
diff no-a.ref test_dns_lookup.tmp
rm -f test_dns_lookup.tmp
no-aaaa-test: no-aaaa.reg test_dns_lookup no-aaaa.ref
- $(SHLIB_ENV) ./test_dns_lookup -f regexp:no-aaaa.reg a,aaaa spike.porcupine.org >test_dns_lookup.tmp 2>&1
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -f regexp:no-aaaa.reg a,aaaa spike.porcupine.org >test_dns_lookup.tmp 2>&1
diff no-aaaa.ref test_dns_lookup.tmp
rm -f test_dns_lookup.tmp
no-mx-test: no-mx.reg test_dns_lookup no-mx.ref
- set -e; $(SHLIB_ENV) ./test_dns_lookup -f regexp:no-mx.reg mx porcupine.org 2>&1 | sort >test_dns_lookup.tmp || true
+ set -e; $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -f regexp:no-mx.reg mx porcupine.org 2>&1 | sort >test_dns_lookup.tmp || true
diff no-mx.ref test_dns_lookup.tmp
rm -f test_dns_lookup.tmp
error-filter-test: error.reg test_dns_lookup error.ref
- set -e; $(SHLIB_ENV) ./test_dns_lookup -f regexp:error.reg a,aaaa spike.porcupine.org >test_dns_lookup.tmp 2>&1 || true
+ set -e; $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -f regexp:error.reg a,aaaa spike.porcupine.org >test_dns_lookup.tmp 2>&1 || true
diff error.ref test_dns_lookup.tmp
rm -f test_dns_lookup.tmp
nullmx_test: test_dns_lookup nullmx_test.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup mx,a nullmx.porcupine.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup mx,a nullmx.porcupine.org; \
) >nullmx_test.tmp 2>&1 || exit 0
diff nullmx_test.ref nullmx_test.tmp
rm -f nullmx_test.tmp
nxdomain_test: test_dns_lookup nxdomain_test.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup mx,a nxdomain.porcupine.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup mx,a nxdomain.porcupine.org; \
) >nxdomain_test.tmp 2>&1 || exit 0
diff nxdomain_test.ref nxdomain_test.tmp
rm -f nxdomain_test.tmp
mxonly_test: test_dns_lookup mxonly_test.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup mx,a porcupine.org | sort; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup mx,a porcupine.org | sort; \
) >mxonly_test.tmp 2>&1 || exit 0
diff mxonly_test.ref mxonly_test.tmp
rm -f mxonly_test.tmp
@@ -164,8 +164,8 @@ mxonly_test: test_dns_lookup mxonly_test.ref
dnsbl_ttl_127.0.0.1_bind_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_plain.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup a 1.0.0.127.zen.spamhaus.org; \
- $(SHLIB_ENV) ./test_dns_lookup a 1.0.0.127.bl.spamcop.net; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup a 1.0.0.127.zen.spamhaus.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup a 1.0.0.127.bl.spamcop.net; \
) 2>&1 | $(DNSBL_NEXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.1_bind_plain.tmp
diff dnsbl_ttl_127.0.0.1_bind_plain.ref dnsbl_ttl_127.0.0.1_bind_plain.tmp
rm -f dnsbl_ttl_127.0.0.1_bind_plain.tmp
@@ -174,8 +174,8 @@ dnsbl_ttl_127.0.0.1_bind_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_pl
dnsbl_ttl_127.0.0.1_priv_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_plain.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup -p a 1.0.0.127.zen.spamhaus.org; \
- $(SHLIB_ENV) ./test_dns_lookup -p a 1.0.0.127.bl.spamcop.net; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -p a 1.0.0.127.zen.spamhaus.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -p a 1.0.0.127.bl.spamcop.net; \
) 2>&1 | $(DNSBL_NEXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.1_priv_plain.tmp
diff dnsbl_ttl_127.0.0.1_bind_plain.ref dnsbl_ttl_127.0.0.1_priv_plain.tmp
rm -f dnsbl_ttl_127.0.0.1_priv_plain.tmp
@@ -184,8 +184,8 @@ dnsbl_ttl_127.0.0.1_priv_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_pl
dnsbl_ttl_127.0.0.1_bind_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_ncache.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup -n a 1.0.0.127.zen.spamhaus.org; \
- $(SHLIB_ENV) ./test_dns_lookup -n a 1.0.0.127.bl.spamcop.net; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -n a 1.0.0.127.zen.spamhaus.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -n a 1.0.0.127.bl.spamcop.net; \
) 2>&1 | $(DNSBL_NEXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.1_bind_ncache.tmp
diff dnsbl_ttl_127.0.0.1_bind_ncache.ref dnsbl_ttl_127.0.0.1_bind_ncache.tmp
rm -f dnsbl_ttl_127.0.0.1_bind_ncache.tmp
@@ -194,8 +194,8 @@ dnsbl_ttl_127.0.0.1_bind_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_n
dnsbl_ttl_127.0.0.1_priv_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_ncache.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup -n -p a 1.0.0.127.zen.spamhaus.org; \
- $(SHLIB_ENV) ./test_dns_lookup -n -p a 1.0.0.127.bl.spamcop.net; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -n -p a 1.0.0.127.zen.spamhaus.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -n -p a 1.0.0.127.bl.spamcop.net; \
) 2>&1 | $(DNSBL_NEXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.1_priv_ncache.tmp
diff dnsbl_ttl_127.0.0.1_bind_ncache.ref dnsbl_ttl_127.0.0.1_priv_ncache.tmp
rm -f dnsbl_ttl_127.0.0.1_priv_ncache.tmp
@@ -204,8 +204,8 @@ dnsbl_ttl_127.0.0.1_priv_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_n
dnsbl_ttl_127.0.0.2_bind_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_plain.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup a 2.0.0.127.zen.spamhaus.org; \
- $(SHLIB_ENV) ./test_dns_lookup a 2.0.0.127.bl.spamcop.net; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup a 2.0.0.127.zen.spamhaus.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup a 2.0.0.127.bl.spamcop.net; \
) 2>&1 | $(DNSBL_EXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.2_bind_plain.tmp
diff dnsbl_ttl_127.0.0.2_bind_plain.ref dnsbl_ttl_127.0.0.2_bind_plain.tmp
rm -f dnsbl_ttl_127.0.0.2_bind_plain.tmp
@@ -214,8 +214,8 @@ dnsbl_ttl_127.0.0.2_bind_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_pl
dnsbl_ttl_127.0.0.2_priv_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_plain.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup -p a 2.0.0.127.zen.spamhaus.org; \
- $(SHLIB_ENV) ./test_dns_lookup -p a 2.0.0.127.bl.spamcop.net; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -p a 2.0.0.127.zen.spamhaus.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -p a 2.0.0.127.bl.spamcop.net; \
) 2>&1 | $(DNSBL_EXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.2_priv_plain.tmp
diff dnsbl_ttl_127.0.0.2_bind_plain.ref dnsbl_ttl_127.0.0.2_priv_plain.tmp
rm -f dnsbl_ttl_127.0.0.2_priv_plain.tmp
@@ -224,8 +224,8 @@ dnsbl_ttl_127.0.0.2_priv_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_pl
dnsbl_ttl_127.0.0.2_bind_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_plain.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup -n a 2.0.0.127.zen.spamhaus.org; \
- $(SHLIB_ENV) ./test_dns_lookup -n a 2.0.0.127.bl.spamcop.net; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -n a 2.0.0.127.zen.spamhaus.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -n a 2.0.0.127.bl.spamcop.net; \
) 2>&1 | $(DNSBL_EXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.2_bind_ncache.tmp
diff dnsbl_ttl_127.0.0.2_bind_plain.ref dnsbl_ttl_127.0.0.2_bind_ncache.tmp
rm -f dnsbl_ttl_127.0.0.2_bind_ncache.tmp
@@ -234,8 +234,8 @@ dnsbl_ttl_127.0.0.2_bind_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_p
dnsbl_ttl_127.0.0.2_priv_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_plain.ref
(set -e; \
- $(SHLIB_ENV) ./test_dns_lookup -n -p a 2.0.0.127.zen.spamhaus.org; \
- $(SHLIB_ENV) ./test_dns_lookup -n -p a 2.0.0.127.bl.spamcop.net; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -n -p a 2.0.0.127.zen.spamhaus.org; \
+ $(SHLIB_ENV) $(VALGRIND) ./test_dns_lookup -n -p a 2.0.0.127.bl.spamcop.net; \
) 2>&1 | $(DNSBL_EXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.2_priv_ncache.tmp
diff dnsbl_ttl_127.0.0.2_bind_plain.ref dnsbl_ttl_127.0.0.2_priv_ncache.tmp
rm -f dnsbl_ttl_127.0.0.2_priv_ncache.tmp
diff --git a/postfix/src/dns/dns.h b/postfix/src/dns/dns.h
index acc1fb029..2b77015cb 100644
--- a/postfix/src/dns/dns.h
+++ b/postfix/src/dns/dns.h
@@ -163,7 +163,8 @@ typedef struct DNS_RR {
unsigned short port; /* T_SRV related, defined in rfc2782 */
struct DNS_RR *next; /* linkage */
size_t data_len; /* actual data size */
- char data[1]; /* actually a bunch of data */
+ char *data; /* a bunch of data */
+ /* Add new fields at the end, for ABI forward compatibility. */
} DNS_RR;
/*
diff --git a/postfix/src/dns/dns_rr.c b/postfix/src/dns/dns_rr.c
index 803263599..44918b10c 100644
--- a/postfix/src/dns/dns_rr.c
+++ b/postfix/src/dns/dns_rr.c
@@ -160,7 +160,7 @@ DNS_RR *dns_rr_create(const char *qname, const char *rname,
{
DNS_RR *rr;
- rr = (DNS_RR *) mymalloc(sizeof(*rr) + data_len - 1);
+ rr = (DNS_RR *) mymalloc(sizeof(*rr));
rr->qname = mystrdup(qname);
rr->rname = mystrdup(rname);
rr->type = type;
@@ -170,8 +170,12 @@ DNS_RR *dns_rr_create(const char *qname, const char *rname,
rr->pref = pref;
rr->weight = weight;
rr->port = port;
- if (data && data_len > 0)
+ if (data_len != 0) {
+ rr->data = mymalloc(data_len);
memcpy(rr->data, data, data_len);
+ } else {
+ rr->data = 0;
+ }
rr->data_len = data_len;
rr->next = 0;
return (rr);
@@ -186,6 +190,8 @@ void dns_rr_free(DNS_RR *rr)
dns_rr_free(rr->next);
myfree(rr->qname);
myfree(rr->rname);
+ if (rr->data)
+ myfree(rr->data);
myfree((void *) rr);
}
}
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 6285c99f8..8a382c396 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20230331"
+#define MAIL_RELEASE_DATE "20230402"
#define MAIL_VERSION_NUMBER "3.8"
#ifdef SNAPSHOT
diff --git a/postfix/src/global/namadr_list.in b/postfix/src/global/namadr_list.in
index 454238737..a21516b6d 100644
--- a/postfix/src/global/namadr_list.in
+++ b/postfix/src/global/namadr_list.in
@@ -1,42 +1,52 @@
-./namadr_list 168.100.3.0/28 dummy 168.100.3.2
-./namadr_list '!168.100.3.2 168.100.3.0/28' dummy 168.100.3.2
-./namadr_list '!168.100.3.2 168.100.3.0/28' dummy 168.100.3.3
-./namadr_list 168.100.3.0/28 dummy 168.100.3.16
-./namadr_list 168.100.3.0/98 dummy 168.100.3.16
-./namadr_list 168.100.589.0/28 dummy 168.100.3.16
-./namadr_list 168.100.3.0/28 dummy 168.100.989.16
-./namadr_list 2001:240:5c7:0:2d0:b7ff:fe88:2ca7 dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
-./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
-./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
-./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]/64' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
-./namadr_list '[2001:240:5c7::]/64' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
-./namadr_list '[2001:240:5c7::]/64' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca8
-./namadr_list '[2001:24:5c7:0:2d0:b7ff:fe88:2ca8]' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca8
-./namadr_list '[2001:24:5c7:0:2d0:b7ff:fe88:2ca8]' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca7
-./namadr_list 168.100.3.2 dummy 168.100.3.2
-./namadr_list 168.100.3.2 dummy 168.100.3.3
-./namadr_list '[168.100.3.2]' dummy 168.100.3.2
-./namadr_list '[168.100.3.2]' dummy 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 168.100.3.0/28 dummy 168.100.3.2
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '!168.100.3.2 168.100.3.0/28' dummy 168.100.3.2
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '!168.100.3.2 168.100.3.0/28' dummy 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 168.100.3.0/28 dummy 168.100.3.16
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 168.100.3.0/98 dummy 168.100.3.16
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 168.100.589.0/28 dummy 168.100.3.16
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 168.100.3.0/28 dummy 168.100.989.16
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 2001:240:5c7:0:2d0:b7ff:fe88:2ca7 dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]/64' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[2001:240:5c7::]/64' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[2001:240:5c7::]/64' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca8
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[2001:24:5c7:0:2d0:b7ff:fe88:2ca8]' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca8
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[2001:24:5c7:0:2d0:b7ff:fe88:2ca8]' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca7
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 168.100.3.2 dummy 168.100.3.2
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 168.100.3.2 dummy 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[168.100.3.2]' dummy 168.100.3.2
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[168.100.3.2]' dummy 168.100.3.3
echo foo !bar baz >junk; mv junk /tmp
-./namadr_list !/tmp/junk dummy 168.100.3.3
-./namadr_list !/tmp/junk foo 168.100.3.3
-./namadr_list !/tmp/junk bar 168.100.3.3
-./namadr_list !/tmp/junk baz 168.100.3.3
-./namadr_list /tmp/junk dummy 168.100.3.3
-./namadr_list /tmp/junk foo 168.100.3.3
-./namadr_list /tmp/junk bar 168.100.3.3
-./namadr_list /tmp/junk baz 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list !/tmp/junk dummy 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list !/tmp/junk foo 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list !/tmp/junk bar 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list !/tmp/junk baz 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk dummy 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk foo 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk bar 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk baz 168.100.3.3
rm -f junk
-./namadr_list 'be.be' x.x.x 127.0.0.1
-./namadr_list 'be/be' x.x.x 127.0.0.1
-./namadr_list '[be:be]' x.x.x 127.0.0.1
-./namadr_list '[be:be]' x.x.x ::1
-env foo=x ./namadr_list environ:junk foo 168.100.3.3
-env foo=x ./namadr_list environ:junk bar 168.100.3.3
-env foo=x ./namadr_list !environ:junk foo 168.100.3.3
-env foo=x ./namadr_list !environ:junk bar 168.100.3.3
-env foo=x ./namadr_list !!environ:junk foo 168.100.3.3
-env foo=x ./namadr_list !!environ:junk bar 168.100.3.3
-./namadr_list fail:1 bar 168.100.3.3
-./namadr_list !fail:1 bar 168.100.3.3
-./namadr_list /tmp/nosuchfile bar 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 'be.be' x.x.x 127.0.0.1
+${SHLIB_ENV} ${VALGRIND} ./namadr_list 'be/be' x.x.x 127.0.0.1
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[be:be]' x.x.x 127.0.0.1
+${SHLIB_ENV} ${VALGRIND} ./namadr_list '[be:be]' x.x.x ::1
+foo=x ${SHLIB_ENV} ${VALGRIND} ./namadr_list environ:junk foo 168.100.3.3
+foo=x ${SHLIB_ENV} ${VALGRIND} ./namadr_list environ:junk bar 168.100.3.3
+foo=x ${SHLIB_ENV} ${VALGRIND} ./namadr_list !environ:junk foo 168.100.3.3
+foo=x ${SHLIB_ENV} ${VALGRIND} ./namadr_list !environ:junk bar 168.100.3.3
+foo=x ${SHLIB_ENV} ${VALGRIND} ./namadr_list !!environ:junk foo 168.100.3.3
+foo=x ${SHLIB_ENV} ${VALGRIND} ./namadr_list !!environ:junk bar 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list fail:1 bar 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list !fail:1 bar 168.100.3.3
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/nosuchfile bar 168.100.3.3
+echo foo baz '#text'>junk; mv junk /tmp
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk foo 1.2.3.4
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk fool 1.2.3.4
+echo 'foo inline:{
+ { bar = yes}
+ } baz' >junk; mv junk /tmp
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk foo 1.2.3.4
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk bar 1.2.3.4
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk baz 1.2.3.4
+${SHLIB_ENV} ${VALGRIND} ./namadr_list /tmp/junk fool 1.2.3.4
diff --git a/postfix/src/global/namadr_list.ref b/postfix/src/global/namadr_list.ref
index e38b88348..77ab9bdc9 100644
--- a/postfix/src/global/namadr_list.ref
+++ b/postfix/src/global/namadr_list.ref
@@ -51,3 +51,11 @@ bar/168.100.3.3: ERROR
./namadr_list: warning: non-existent:/tmp/nosuchfile is unavailable. open file /tmp/nosuchfile: No such file or directory
./namadr_list: warning: command line: non-existent:/tmp/nosuchfile: table lookup problem
bar/168.100.3.3: ERROR
+./namadr_list: warning: command line: comment at end of line is not supported: #text
+foo/1.2.3.4: YES
+./namadr_list: warning: command line: comment at end of line is not supported: #text
+fool/1.2.3.4: NO
+foo/1.2.3.4: YES
+bar/1.2.3.4: YES
+baz/1.2.3.4: YES
+fool/1.2.3.4: NO
diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c
index 8dbdc8d70..192c2e90c 100644
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@@ -172,8 +172,10 @@
/* on the same MTA. Larger sites would have to share the
/* \fBpostscreen\fR(8) cache between primary and backup MTAs,
/* which would introduce a common point of failure.
-/* .IP "\fBpostscreen_whitelist_interfaces (static:all)\fR"
-/* Renamed to postscreen_allowlist_interfaces in Postfix 3.6.
+/* .IP "\fBpostscreen_allowlist_interfaces (static:all)\fR"
+/* A list of local \fBpostscreen\fR(8) server IP addresses where a
+/* non-allowlisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary
+/* allowlist status.
/* BEFORE 220 GREETING TESTS
/* .ad
/* .fi
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index 410a893ae..3ff785875 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -641,7 +641,7 @@ mac_expand_test: mac_expand mac_expand.in mac_expand.ref
unescape_test: unescape unescape.in unescape.ref
$(SHLIB_ENV) ${VALGRIND} ./unescape unescape.tmp
diff -b unescape.ref unescape.tmp
-# $(SHLIB_ENV) ${VALGRIND} ./unescape unescape.tmp
+# $(SHLIB_ENV) ${VALGRIND} ./unescape unescape.tmp
# diff unescape.in unescape.tmp
rm -f unescape.tmp
@@ -672,12 +672,12 @@ base64_code_test: base64_code
$(SHLIB_ENV) ${VALGRIND} ./base64_code
attr_scan64_test: attr_print64 attr_scan64 attr_scan64.ref
- ($(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_print64 2>&3 | (sleep 1; $(HTABLE_FIX) $(SHLIB_ENV) ./attr_scan64)) >attr_scan64.tmp 2>&1 3>&1
+ ($(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_print64 2>&3 | (sleep 1; $(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_scan64)) >attr_scan64.tmp 2>&1 3>&1
diff attr_scan64.ref attr_scan64.tmp
rm -f attr_scan64.tmp
attr_scan0_test: attr_print0 attr_scan0 attr_scan0.ref
- ($(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_print0 2>&3 | (sleep 1; $(HTABLE_FIX) $(SHLIB_ENV) ./attr_scan0)) >attr_scan0.tmp 2>&1 3>&1
+ ($(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_print0 2>&3 | (sleep 1; $(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_scan0)) >attr_scan0.tmp 2>&1 3>&1
diff attr_scan0.ref attr_scan0.tmp
rm -f attr_scan0.tmp
@@ -765,7 +765,7 @@ host_port_test: host_port host_port.in host_port.ref
rm -f host_port.tmp
attr_scan_plain_test: attr_print_plain attr_scan_plain attr_scan_plain.ref
- ($(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_print_plain 2>&3 | (sleep 1; $(HTABLE_FIX) $(SHLIB_ENV) ./attr_scan_plain)) >attr_scan_plain.tmp 2>&1 3>&1
+ ($(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_print_plain 2>&3 | (sleep 1; $(HTABLE_FIX) $(SHLIB_ENV) ${VALGRIND} ./attr_scan_plain)) >attr_scan_plain.tmp 2>&1 3>&1
diff attr_scan_plain.ref attr_scan_plain.tmp
rm -f attr_scan_plain.tmp
@@ -1337,11 +1337,16 @@ cidr_match.o: sys_defs.h
cidr_match.o: vbuf.h
cidr_match.o: vstring.h
clean_env.o: argv.h
+clean_env.o: check_arg.h
clean_env.o: clean_env.c
clean_env.o: clean_env.h
clean_env.o: msg.h
+clean_env.o: mymalloc.h
clean_env.o: safe.h
+clean_env.o: stringops.h
clean_env.o: sys_defs.h
+clean_env.o: vbuf.h
+clean_env.o: vstring.h
close_on_exec.o: close_on_exec.c
close_on_exec.o: iostuff.h
close_on_exec.o: msg.h
@@ -2203,12 +2208,12 @@ match_list.o: match_list.h
match_list.o: msg.h
match_list.o: myflock.h
match_list.o: mymalloc.h
+match_list.o: readlline.h
match_list.o: stringops.h
match_list.o: sys_defs.h
match_list.o: vbuf.h
match_list.o: vstream.h
match_list.o: vstring.h
-match_list.o: vstring_vstream.h
match_ops.o: argv.h
match_ops.o: check_arg.h
match_ops.o: cidr_match.h
diff --git a/postfix/src/util/match_list.c b/postfix/src/util/match_list.c
index 520485dd0..924c6b4a8 100644
--- a/postfix/src/util/match_list.c
+++ b/postfix/src/util/match_list.c
@@ -101,7 +101,7 @@
#include
#include
#include
-#include
+#include
#include
#include
#include
@@ -167,10 +167,9 @@ static ARGV *match_list_parse(MATCH_LIST *match_list, ARGV *pat_list,
"open file %s: %m", item));
argv_add(pat_list, STR(buf), (char *) 0);
} else {
- while (vstring_fgets(buf, fp))
- if (vstring_str(buf)[0] != '#')
- pat_list = match_list_parse(match_list, pat_list,
- vstring_str(buf), match);
+ while (readlline(buf, fp, (int *) 0))
+ pat_list = match_list_parse(match_list, pat_list,
+ vstring_str(buf), match);
if (vstream_fclose(fp))
msg_fatal("%s: read file %s: %m", myname, item);
}