diff --git a/postfix/HISTORY b/postfix/HISTORY
index e6bf8b484..7dd3a7ddf 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -23842,3 +23842,15 @@ Apologies for any names omitted.
tls_client_init request specifies an unexpected client
identity, and the test for that condition is now moved to
the right place. File: tlsproxy/tlsproxy.c.
+
+20181124
+
+ Documentation: clarified the behavior of whitespace within
+ "{}". Files: proto/DATABASE_README.html, proto/postconf.proto,
+ pipe/pipe.c, postconf/postconf.c,
+
+20181125
+
+ Cleanup: dict_file_to_xxx() takes a list of file names
+ separated by CHARS_COMMA_SP. Shoe-horned into the existing
+ API, make it nicer when there is time. File: util/dict_file.c.
diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README
index 7526e0bc1..97287f32a 100644
--- a/postfix/README_FILES/DATABASE_README
+++ b/postfix/README_FILES/DATABASE_README
@@ -215,9 +215,11 @@ To find out what database types your Postfix system supports, use the "p�po�os�s
i�in�nl�li�in�ne�e (read-only)
A non-shared, in-memory lookup table. Example: "inline:{ key=value,
{ key = text with whitespace or comma }}". Key-value pairs are
- separated by whitespace or comma; whitespace after "{" and before "}"
- is ignored. Inline tables eliminate the need to create a database file
- for just a few fixed elements. See also the static: map type.
+ separated by whitespace or comma; with a key-value pair inside "{}",
+ whitespace is ignored after the opening "{", around the "=" between key
+ and value, and before the closing "}". Inline tables eliminate the need
+ to create a database file for just a few fixed elements. See also the
+ static: map type.
i�in�nt�te�er�rn�na�al�l
A non-shared, in-memory hash table. Its content are lost when a process
terminates.
@@ -289,8 +291,8 @@ To find out what database types your Postfix system supports, use the "p�po�os�s
A table that always returns its name as the lookup result. For example,
"static:foobar" always returns the string "foobar" as lookup result.
Specify "static:{ text with whitespace }" when the result contains
- whitespace; this form ignores whitespace after "{" and before "}". See
- also the inline: map type.
+ whitespace; this form ignores whitespace after the opening "{" and
+ before the closing "}". See also the inline: map type.
t�tc�cp�p
TCP/IP client. The protocol is described in tcp_table(5). The lookup
table name is "tcp:host:port" where "host" specifies a symbolic
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index dfc4353db..928b65fad 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -1,7 +1,10 @@
Wish list:
- With DICT_FLAG_RHS_IS_FILE, RHS is list of files (insert
- newline for robustness).
+ Declumsify code that calls vstream_fread() to read data
+ into VSTRING buffer. This needs vstream_fread_buf(VSTREAM *,
+ VSTRING *, ssize_t) which calls VSTRING_SPACE(), appends
+ data to the buffer, and calls VSTRING_AT_OFFSET(). Current
+ code is error-prone.
With DICT_FLAG_RHS_IS_FILE, should dict_update() open a
file? base64-encode the value?
diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html
index 2d134cd44..dc10dd50e 100644
--- a/postfix/html/DATABASE_README.html
+++ b/postfix/html/DATABASE_README.html
@@ -317,8 +317,10 @@ name as used in "hash:table" is the dat
A non-shared, in-memory lookup table. Example: "inline:{
key=value, { key = text with whitespace or comma }}".
-Key-value pairs are separated by whitespace or comma; whitespace
-after "{" and before "}" is ignored. Inline tables eliminate the
+Key-value pairs are separated by whitespace or comma; with a key-value
+pair inside "{}", whitespace is ignored after the opening "{",
+around the "=" between key and value, and before the closing "}".
+Inline tables eliminate the
need to create a database file for just a few fixed elements. See
also the static: map type.
@@ -436,7 +438,8 @@ server. See socketmap_table(5) for details.
For example, "static:foobar" always returns the string "foobar" as
lookup result. Specify "static:{ text with whitespace }"
when the result contains whitespace; this form ignores whitespace
-after "{" and before "}". See also the inline: map type.
+after the opening "{" and before the closing "}". See also the
+inline: map type.
tcp
diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html
index 51504053d..d58775b0c 100644
--- a/postfix/html/pipe.8.html
+++ b/postfix/html/pipe.8.html
@@ -192,8 +192,8 @@ PIPE(8) PIPE(8)
interpreter.
Specify "{" and "}" around command arguments that contain white-
- space (Postfix 3.0 and later). Whitespace after "{" and before
- "}" is ignored.
+ space (Postfix 3.0 and later). Whitespace after the opening "{"
+ and before the closing "}" is ignored.
In the command argument vector, the following macros are recog-
nized and replaced with corresponding information from the Post-
diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html
index b81ec8826..e6525618b 100644
--- a/postfix/html/postconf.1.html
+++ b/postfix/html/postconf.1.html
@@ -243,19 +243,20 @@ POSTCONF(1) POSTCONF(1)
A non-shared, in-memory lookup table. Example: "inline:{
key=value, { key = text with whitespace or comma }}".
Key-value pairs are separated by whitespace or comma;
- whitespace after "{" and before "}" is ignored. Inline
- tables eliminate the need to create a database file for
- just a few fixed elements. See also the static: map
- type.
+ with a key-value pair inside "{}", whitespace is ignored
+ after the opening "{", around the "=" between key and
+ value, and before the closing "}". Inline tables elimi-
+ nate the need to create a database file for just a few
+ fixed elements. See also the static: map type.
This feature is available with Postfix 3.0 and later.
internal
- A non-shared, in-memory hash table. Its content are lost
+ A non-shared, in-memory hash table. Its content are lost
when a process terminates.
- lmdb OpenLDAP LMDB database (a memory-mapped, persistent
- file). Available on systems with support for LMDB data-
+ lmdb OpenLDAP LMDB database (a memory-mapped, persistent
+ file). Available on systems with support for LMDB data-
bases. This is described in lmdb_table(5).
This feature is available with Postfix 2.11 and later.
@@ -264,57 +265,57 @@ POSTCONF(1) POSTCONF(1)
LDAP database client. This is described in ldap_table(5).
memcache
- Memcache database client. This is described in mem-
+ Memcache database client. This is described in mem-
cache_table(5).
This feature is available with Postfix 2.9 and later.
mysql (read-only)
MySQL database client. Available on systems with support
- for MySQL databases. This is described in mysql_ta-
+ for MySQL databases. This is described in mysql_ta-
ble(5).
pcre (read-only)
- A lookup table based on Perl Compatible Regular Expres-
+ A lookup table based on Perl Compatible Regular Expres-
sions. The file format is described in pcre_table(5).
pgsql (read-only)
- PostgreSQL database client. This is described in
+ PostgreSQL database client. This is described in
pgsql_table(5).
This feature is available with Postfix 2.1 and later.
pipemap (read-only)
- A lookup table that constructs a pipeline of tables.
- Example: "pipemap:{type_1:name_1, ..., type_n:name_n}".
- Each "pipemap:" query is given to the first table. Each
+ A lookup table that constructs a pipeline of tables.
+ Example: "pipemap:{type_1:name_1, ..., type_n:name_n}".
+ Each "pipemap:" query is given to the first table. Each
lookup result becomes the query for the next table in the
- pipeline, and the last table produces the final result.
- When any table lookup produces no result, the pipeline
- produces no result. The first and last characters of the
+ pipeline, and the last table produces the final result.
+ When any table lookup produces no result, the pipeline
+ produces no result. The first and last characters of the
"pipemap:" table name must be "{" and "}". Within these,
individual maps are separated with comma or whitespace.
This feature is available with Postfix 3.0 and later.
- proxy Postfix proxymap(8) client for shared access to Postfix
+ proxy Postfix proxymap(8) client for shared access to Postfix
databases. The table name syntax is type:name.
This feature is available with Postfix 2.0 and later.
randmap (read-only)
- An in-memory table that performs random selection. Exam-
+ An in-memory table that performs random selection. Exam-
ple: "randmap:{result_1, ..., result_n}". Each table
query returns a random choice from the specified results.
- The first and last characters of the "randmap:" table
- name must be "{" and "}". Within these, individual
+ The first and last characters of the "randmap:" table
+ name must be "{" and "}". Within these, individual
results are separated with comma or whitespace. To give a
specific result more weight, specify it multiple times.
This feature is available with Postfix 3.0 and later.
regexp (read-only)
- A lookup table based on regular expressions. The file
+ A lookup table based on regular expressions. The file
format is described in regexp_table(5).
sdbm An indexed file type based on hashing. Available on sys-
@@ -323,9 +324,9 @@ POSTCONF(1) POSTCONF(1)
This feature is available with Postfix 2.2 and later.
socketmap (read-only)
- Sendmail-style socketmap client. The table name is
- inet:host:port:name for a TCP/IP server, or unix:path-
- name:name for a UNIX-domain server. This is described in
+ Sendmail-style socketmap client. The table name is
+ inet:host:port:name for a TCP/IP server, or unix:path-
+ name:name for a UNIX-domain server. This is described in
socketmap_table(5).
This feature is available with Postfix 2.10 and later.
@@ -336,12 +337,12 @@ POSTCONF(1) POSTCONF(1)
This feature is available with Postfix 2.8 and later.
static (read-only)
- A table that always returns its name as lookup result.
+ A table that always returns its name as lookup result.
For example, static:foobar always returns the string foo-
- bar as lookup result. Specify "static:{ text with white-
- space }" when the result contains whitespace; this form
- ignores whitespace after "{" and before "}". See also the
- inline: map.
+ bar as lookup result. Specify "static:{ text with white-
+ space }" when the result contains whitespace; this form
+ ignores whitespace after the opening "{" and before the
+ closing "}". See also the inline: map.
The form "static:{text} is available with Postfix 3.0 and
later.
@@ -350,58 +351,58 @@ POSTCONF(1) POSTCONF(1)
TCP/IP client. The protocol is described in tcp_table(5).
texthash (read-only)
- Produces similar results as hash: files, except that you
- don't need to run the postmap(1) command before you can
- use the file, and that it does not detect changes after
+ Produces similar results as hash: files, except that you
+ don't need to run the postmap(1) command before you can
+ use the file, and that it does not detect changes after
the file is read.
This feature is available with Postfix 2.8 and later.
unionmap (read-only)
- A table that sends each query to multiple lookup tables
- and that concatenates all found results, separated by
+ A table that sends each query to multiple lookup tables
+ and that concatenates all found results, separated by
comma. The table name syntax is the same as for pipemap.
This feature is available with Postfix 3.0 and later.
unix (read-only)
- A limited view of the UNIX authentication database. The
+ A limited view of the UNIX authentication database. The
following tables are implemented:
unix:passwd.byname
- The table is the UNIX password database. The key
- is a login name. The result is a password file
+ The table is the UNIX password database. The key
+ is a login name. The result is a password file
entry in passwd(5) format.
unix:group.byname
The table is the UNIX group database. The key is a
- group name. The result is a group file entry in
+ group name. The result is a group file entry in
group(5) format.
- Other table types may exist depending on how Postfix was built.
+ Other table types may exist depending on how Postfix was built.
- -M Show master.cf file contents instead of main.cf file contents.
+ -M Show master.cf file contents instead of main.cf file contents.
Specify -Mf to fold long lines for human readability.
Specify zero or more arguments, each with a service-name or ser-
- vice-name/service-type pair, where service-name is the first
- field of a master.cf entry and service-type is one of (inet,
+ vice-name/service-type pair, where service-name is the first
+ field of a master.cf entry and service-type is one of (inet,
unix, fifo, or pass).
- If service-name or service-name/service-type is specified, only
- the matching master.cf entries will be output. For example,
- "postconf -Mf smtp" will output all services named "smtp", and
- "postconf -Mf smtp/inet" will output only the smtp service that
- listens on the network. Trailing service type fields that are
+ If service-name or service-name/service-type is specified, only
+ the matching master.cf entries will be output. For example,
+ "postconf -Mf smtp" will output all services named "smtp", and
+ "postconf -Mf smtp/inet" will output only the smtp service that
+ listens on the network. Trailing service type fields that are
omitted will be handled as "*" wildcard fields.
This feature is available with Postfix 2.9 and later. The syntax
- was changed from "name.type" to "name/type", and "*" wildcard
+ was changed from "name.type" to "name/type", and "*" wildcard
support was added with Postfix 2.11.
-n Show only configuration parameters that have explicit name=value
- settings in main.cf. Specify -nf to fold long lines for human
- readability (Postfix 2.9 and later). To show settings that dif-
+ settings in main.cf. Specify -nf to fold long lines for human
+ readability (Postfix 2.9 and later). To show settings that dif-
fer from built-in defaults only, use the following bash syntax:
comm -23 <(postconf -n) <(postconf -d)
Replace "-23" with "-12" to show settings that duplicate
@@ -416,38 +417,38 @@ POSTCONF(1) POSTCONF(1)
This feature is available with Postfix 2.11 and later.
- -P Show master.cf service parameter settings (by default all ser-
- vices and all parameters), formatted as "service/type/parame-
+ -P Show master.cf service parameter settings (by default all ser-
+ vices and all parameters), formatted as "service/type/parame-
ter=value", one per line. Specify -Pf to fold long lines.
- Specify one or more "service/type/parameter" instances on the
- postconf(1) command line to limit the output to parameters of
- interest. Trailing parameter name or service type fields that
+ Specify one or more "service/type/parameter" instances on the
+ postconf(1) command line to limit the output to parameters of
+ interest. Trailing parameter name or service type fields that
are omitted will be handled as "*" wildcard fields.
This feature is available with Postfix 2.11 and later.
-t [template_file]
- Display the templates for text that appears at the beginning of
- delivery status notification (DSN) messages, without expanding
+ Display the templates for text that appears at the beginning of
+ delivery status notification (DSN) messages, without expanding
$name expressions.
- To override the bounce_template_file parameter setting, specify
- a template file name at the end of the "postconf -t" command
- line. Specify an empty file name to display built-in templates
+ To override the bounce_template_file parameter setting, specify
+ a template file name at the end of the "postconf -t" command
+ line. Specify an empty file name to display built-in templates
(in shell language: "").
This feature is available with Postfix 2.3 and later.
-T mode
- If Postfix is compiled without TLS support, the -T option pro-
- duces no output. Otherwise, if an invalid mode is specified,
- the -T option reports an error and exits with a non-zero status
+ If Postfix is compiled without TLS support, the -T option pro-
+ duces no output. Otherwise, if an invalid mode is specified,
+ the -T option reports an error and exits with a non-zero status
code. The valid modes are:
compile-version
Output the OpenSSL version that Postfix was compiled with
- (i.e. the OpenSSL version in a header file). The output
+ (i.e. the OpenSSL version in a header file). The output
format is the same as with the command "openssl version".
run-version
@@ -455,59 +456,59 @@ POSTCONF(1) POSTCONF(1)
runtime (i.e. the OpenSSL version in a shared library).
public-key-algorithms
- Output the lower-case names of the supported public-key
+ Output the lower-case names of the supported public-key
algorithms, one per-line.
This feature is available with Postfix 3.1 and later.
- -v Enable verbose logging for debugging purposes. Multiple -v
+ -v Enable verbose logging for debugging purposes. Multiple -v
options make the software increasingly verbose.
- -x Expand $name in main.cf or master.cf parameter values. The
+ -x Expand $name in main.cf or master.cf parameter values. The
expansion is recursive.
This feature is available with Postfix 2.10 and later.
- -X Edit the main.cf configuration file, and remove the parameters
+ -X Edit the main.cf configuration file, and remove the parameters
named on the postconf(1) command line. Specify a list of param-
eter names, not "name=value" pairs.
- With -M, edit the master.cf configuration file, and remove one
- or more service entries as specified with "service/type" on the
+ With -M, edit the master.cf configuration file, and remove one
+ or more service entries as specified with "service/type" on the
postconf(1) command line.
- With -P, edit the master.cf configuration file, and remove one
+ With -P, edit the master.cf configuration file, and remove one
or more service parameter settings (-o parameter=value settings)
- as specified with "service/type/parameter" on the postconf(1)
+ as specified with "service/type/parameter" on the postconf(1)
command line.
In all cases the file is copied to a temporary file then renamed
into place. Specify quotes to protect special characters on the
postconf(1) command line.
- There is no postconf(1) command to perform the reverse opera-
- tion.
-
- This feature is available with Postfix 2.10 and later. Support
- for -M and -P was added with Postfix 2.11.
-
- -# Edit the main.cf configuration file, and comment out the parame-
- ters named on the postconf(1) command line, so that those param-
- eters revert to their default values. Specify a list of parame-
- ter names, not "name=value" pairs.
-
- With -M, edit the master.cf configuration file, and comment out
- one or more service entries as specified with "service/type" on
- the postconf(1) command line.
-
- In all cases the file is copied to a temporary file then renamed
- into place. Specify quotes to protect special characters on the
- postconf(1) command line.
-
There is no postconf(1) command to perform the reverse opera-
tion.
- This feature is available with Postfix 2.6 and later. Support
+ This feature is available with Postfix 2.10 and later. Support
+ for -M and -P was added with Postfix 2.11.
+
+ -# Edit the main.cf configuration file, and comment out the parame-
+ ters named on the postconf(1) command line, so that those param-
+ eters revert to their default values. Specify a list of parame-
+ ter names, not "name=value" pairs.
+
+ With -M, edit the master.cf configuration file, and comment out
+ one or more service entries as specified with "service/type" on
+ the postconf(1) command line.
+
+ In all cases the file is copied to a temporary file then renamed
+ into place. Specify quotes to protect special characters on the
+ postconf(1) command line.
+
+ There is no postconf(1) command to perform the reverse opera-
+ tion.
+
+ This feature is available with Postfix 2.6 and later. Support
for -M was added with Postfix 2.11.
DIAGNOSTICS
@@ -518,18 +519,18 @@ POSTCONF(1) POSTCONF(1)
Directory with Postfix configuration files.
CONFIGURATION PARAMETERS
- The following main.cf parameters are especially relevant to this pro-
+ The following main.cf parameters are especially relevant to this pro-
gram.
- The text below provides only a parameter summary. See postconf(5) for
+ The text below provides only a parameter summary. See postconf(5) for
more details including examples.
config_directory (see 'postconf -d' output)
- The default location of the Postfix main.cf and master.cf con-
+ The default location of the Postfix main.cf and master.cf con-
figuration files.
bounce_template_file (empty)
- Pathname of a configuration file with bounce message templates.
+ Pathname of a configuration file with bounce message templates.
FILES
/etc/postfix/main.cf, Postfix configuration parameters
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index ff32ae574..99ce58967 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -3308,7 +3308,8 @@ time keeping on System-V-ish systems.
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.
@@ -3885,7 +3886,8 @@ environment. Examples of relevant parameters:
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index 4976f5010..1fb951fdc 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -274,8 +274,10 @@ with support for Berkeley DB databases.
A non\-shared, in\-memory lookup table. Example: "\fBinline:{
\fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace
or comma\fB }}\fR". Key\-value pairs are separated by
-whitespace or comma; whitespace after "\fB{\fR" and before "\fB}\fR"
-is ignored. Inline tables eliminate the need to create a
+whitespace or comma; with a key\-value pair inside "\fB{}\fR",
+whitespace is ignored after the opening "\fB{\fR", around
+the "\fB=\fR" between key and value, and before the closing
+"\fB}\fR". Inline tables eliminate the need to create a
database file for just a few fixed elements. See also the
\fIstatic:\fR map type.
@@ -359,7 +361,8 @@ A table that always returns its name as lookup result. For
example, \fBstatic:foobar\fR always returns the string
\fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext
with whitespace\fB }\fR" when the result contains whitespace;
-this form ignores whitespace after "\fB{\fR" and before
+this form ignores whitespace after the opening "\fB{\fR"
+and before the closing
"\fB}\fR". See also the \fIinline:\fR map.
The form "\fBstatic:{\fItext\fB}\fR is available with Postfix
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 13e6b2b3c..1b5951a27 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2071,7 +2071,8 @@ time keeping on System\-V\-ish systems.
.PP
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.
@@ -2409,7 +2410,8 @@ Needed to make "\fBpostfix \-c\fR" work.
.PP
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.
diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8
index d6564b71e..9a83d42c1 100644
--- a/postfix/man/man8/pipe.8
+++ b/postfix/man/man8/pipe.8
@@ -201,7 +201,7 @@ shell meta characters by a shell command interpreter.
.sp
Specify "{" and "}" around command arguments that contain
whitespace (Postfix 3.0 and later). Whitespace
-after "{" and before "}" is ignored.
+after the opening "{" and before the closing "}" is ignored.
.sp
In the command argument vector, the following macros are recognized
and replaced with corresponding information from the Postfix queue
diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html
index c6525ed4c..828772e78 100644
--- a/postfix/proto/DATABASE_README.html
+++ b/postfix/proto/DATABASE_README.html
@@ -317,8 +317,10 @@ name as used in "hash:table" is the database file name without the
A non-shared, in-memory lookup table. Example: "inline:{
key=value, { key = text with whitespace or comma }}".
-Key-value pairs are separated by whitespace or comma; whitespace
-after "{" and before "}" is ignored. Inline tables eliminate the
+Key-value pairs are separated by whitespace or comma; with a key-value
+pair inside "{}", whitespace is ignored after the opening "{",
+around the "=" between key and value, and before the closing "}".
+Inline tables eliminate the
need to create a database file for just a few fixed elements. See
also the static: map type.
@@ -436,7 +438,8 @@ server. See socketmap_table(5) for details.
For example, "static:foobar" always returns the string "foobar" as
lookup result. Specify "static:{ text with whitespace }"
when the result contains whitespace; this form ignores whitespace
-after "{" and before "}". See also the inline: map type.
+after the opening "{" and before the closing "}". See also the
+inline: map type.
tcp
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 16d793463..c2b5294b7 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1447,7 +1447,8 @@ time keeping on System-V-ish systems.
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.
@@ -1918,7 +1919,8 @@ environment. Examples of relevant parameters:
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index b20946ead..592785ce5 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20181123"
+#define MAIL_RELEASE_DATE "20181125"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT
diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c
index 5eb5f21b2..7167d9511 100644
--- a/postfix/src/pipe/pipe.c
+++ b/postfix/src/pipe/pipe.c
@@ -191,7 +191,7 @@
/* .sp
/* Specify "{" and "}" around command arguments that contain
/* whitespace (Postfix 3.0 and later). Whitespace
-/* after "{" and before "}" is ignored.
+/* after the opening "{" and before the closing "}" is ignored.
/* .sp
/* In the command argument vector, the following macros are recognized
/* and replaced with corresponding information from the Postfix queue
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index dd8614ab2..026639ec1 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -268,8 +268,10 @@
/* A non-shared, in-memory lookup table. Example: "\fBinline:{
/* \fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace
/* or comma\fB }}\fR". Key-value pairs are separated by
-/* whitespace or comma; whitespace after "\fB{\fR" and before "\fB}\fR"
-/* is ignored. Inline tables eliminate the need to create a
+/* whitespace or comma; with a key-value pair inside "\fB{}\fR",
+/* whitespace is ignored after the opening "\fB{\fR", around
+/* the "\fB=\fR" between key and value, and before the closing
+/* "\fB}\fR". Inline tables eliminate the need to create a
/* database file for just a few fixed elements. See also the
/* \fIstatic:\fR map type.
/*
@@ -353,7 +355,8 @@
/* example, \fBstatic:foobar\fR always returns the string
/* \fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext
/* with whitespace\fB }\fR" when the result contains whitespace;
-/* this form ignores whitespace after "\fB{\fR" and before
+/* this form ignores whitespace after the opening "\fB{\fR"
+/* and before the closing
/* "\fB}\fR". See also the \fIinline:\fR map.
/*
/* The form "\fBstatic:{\fItext\fB}\fR is available with Postfix
diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c
index cf93c6c44..64e88ff11 100644
--- a/postfix/src/tlsproxy/tlsproxy.c
+++ b/postfix/src/tlsproxy/tlsproxy.c
@@ -1026,10 +1026,10 @@ static int tlsp_client_init(TLS_APPL_STATE **client_appl_state,
/*
* Use one TLS_APPL_STATE object for all requests that specify the same
* TLS_CLIENT_INIT_PROPS. Each TLS_APPL_STATE owns an SSL_CTX, which is
- * expensive.
+ * expensive to create.
*
* First, compute the TLS_APPL_STATE cache lookup key. Save a copy of the
- * key that corresponds to the pre-jail internal call, which uses the
+ * key that corresponds to the pre-jail internal request, which uses the
* tlsproxy_client_* settings.
*/
buf = vstring_alloc(100);
@@ -1042,9 +1042,9 @@ static int tlsp_client_init(TLS_APPL_STATE **client_appl_state,
/*
* Log a warning if a post-jail request differs from the tlsproxy_client_*
- * settings AND the request specifies file or directory arguments. Those
- * are problematic after chroot (pathname resolution) and after dropping
- * privileges (key files must be root read-only).
+ * settings AND the request specifies file/directory pathname arguments.
+ * Those are problematic after chroot (pathname resolution) and after
+ * dropping privileges (key files must be root read-only).
*
* We can eliminate this complication by adding code that opens a cert/key
* lookup table at pre-jail time, and by reading cert/key info on-the-fly
@@ -1410,17 +1410,20 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
* for the minority of sites that want to use TLS connection caching with
* multiple TLS client identities. To alert the operator, tlsproxy will
* log a warning when a TLS_CLIENT_INIT message specifies a different
- * configuration with cert or key pathnames. The workaround is to have
- * one tlsproxy process per TLS client identity.
+ * configuration than the tlsproxy pre-jail client configuration, and
+ * that different configuration specifies file/directory pathname
+ * arguments. The workaround is to have one tlsproxy process per TLS
+ * client identity.
*
* The general solution for single-identity or multi-identity clients is to
* stop loading certs and keys from individual files. Instead, have a
* cert/key map, indexed by client identity, read-only by root. After
- * opening the map at pre-jail time, tlsproxy can read certs/keys
- * on-the-fly at post-jail time. This is the approach that was already
- * proposed for server-side SNI support, and it could be reused here. It
- * would also end the proliferation of RSA cert/key parameters, DSA
- * cert/key parameters, EC cert/key parameters, and so on.
+ * opening the map as root at pre-jail time, tlsproxy can read certs/keys
+ * on-the-fly as an unprivileged process at post-jail time. This is the
+ * approach that was already proposed for server-side SNI support, and it
+ * could be reused here. It would also end the proliferation of RSA
+ * cert/key parameters, DSA cert/key parameters, EC cert/key parameters,
+ * and so on.
*
* Horror: In order to create the same pre-jail TLS client context as the
* one used in the Postfix SMTP client, we have to duplicate intricate
diff --git a/postfix/src/util/dict_file.c b/postfix/src/util/dict_file.c
index 2b679c560..809af9f65 100644
--- a/postfix/src/util/dict_file.c
+++ b/postfix/src/util/dict_file.c
@@ -8,11 +8,11 @@
/*
/* VSTRING *dict_file_to_buf(
/* DICT *dict,
-/* const char *pathname)
+/* const char *pathnames)
/*
/* VSTRING *dict_file_to_b64(
/* DICT *dict,
-/* const char *pathname)
+/* const char *pathnames)
/*
/* VSTRING *dict_file_from_b64(
/* DICT *dict,
@@ -24,11 +24,15 @@
/* void dict_file_purge_buffers(
/* DICT *dict)
/* DESCRIPTION
-/* dict_file_to_buf() reads the content of the specified file.
+/* dict_file_to_buf() reads the content of the specified
+/* files, with names separated by CHARS_COMMA_SP, while inserting
+/* a gratuitous newline character between files.
/* It returns a pointer to a buffer which is owned by the DICT,
/* or a null pointer in case of error.
/*
-/* dict_file_to_b64() reads the content of the specified file,
+/* dict_file_to_b64() reads the content of the specified
+/* files, with names separated by CHARS_COMMA_SP, while inserting
+/* a gratuitous newline character between files,
/* and converts the result to base64.
/* It returns a pointer to a buffer which is owned by the DICT,
/* or a null pointer in case of error.
@@ -81,50 +85,71 @@
#define STR(x) vstring_str(x)
#define LEN(x) VSTRING_LEN(x)
-/* dict_file_to_buf - read a file into a buffer */
+/* dict_file_to_buf - read files into a buffer */
-VSTRING *dict_file_to_buf(DICT *dict, const char *pathname)
+VSTRING *dict_file_to_buf(DICT *dict, const char *pathnames)
{
struct stat st;
- VSTREAM *fp;
+ VSTREAM *fp = 0;
+ ARGV *argv;
+ char **cpp;
/* dict_file_to_buf() postcondition: dict->file_buf exists. */
if (dict->file_buf == 0)
dict->file_buf = vstring_alloc(100);
- if ((fp = vstream_fopen(pathname, O_RDONLY, 0)) == 0
- || fstat(vstream_fileno(fp), &st) < 0) {
- vstring_sprintf(dict->file_buf, "open %s: %m", pathname);
- if (fp)
- vstream_fclose(fp);
- return (0);
+#define DICT_FILE_ERR_RETURN do { \
+ argv_free(argv); \
+ if (fp) vstream_fclose(fp); \
+ return (0); \
+ } while (0);
+
+ argv = argv_split(pathnames, CHARS_COMMA_SP);
+ if (argv->argc == 0) {
+ vstring_sprintf(dict->file_buf, "empty pathname list: >>%s<<'",
+ pathnames);
+ DICT_FILE_ERR_RETURN;
}
VSTRING_RESET(dict->file_buf);
- VSTRING_SPACE(dict->file_buf, st.st_size);
- if (vstream_fread(fp, STR(dict->file_buf), st.st_size) != st.st_size) {
- vstring_sprintf(dict->file_buf, "read %s: %m", pathname);
- vstream_fclose(fp);
- return (0);
+ for (cpp = argv->argv; *cpp; cpp++) {
+ if ((fp = vstream_fopen(*cpp, O_RDONLY, 0)) == 0
+ || fstat(vstream_fileno(fp), &st) < 0) {
+ vstring_sprintf(dict->file_buf, "open %s: %m", *cpp);
+ DICT_FILE_ERR_RETURN;
+ }
+ if (st.st_size > SSIZE_T_MAX - LEN(dict->file_buf)) {
+ vstring_sprintf(dict->file_buf, "file too large: %s", pathnames);
+ DICT_FILE_ERR_RETURN;
+ }
+ VSTRING_SPACE(dict->file_buf, st.st_size);
+ if (vstream_fread(fp, STR(dict->file_buf) + LEN(dict->file_buf),
+ st.st_size) != st.st_size) {
+ vstring_sprintf(dict->file_buf, "read %s: %m", *cpp);
+ DICT_FILE_ERR_RETURN;
+ }
+ (void) vstream_fclose(fp);
+ VSTRING_AT_OFFSET(dict->file_buf, LEN(dict->file_buf) + st.st_size);
+ if (cpp[1] != 0)
+ VSTRING_ADDCH(dict->file_buf, '\n');
}
- (void) vstream_fclose(fp);
- VSTRING_AT_OFFSET(dict->file_buf, st.st_size);
+ argv_free(argv);
VSTRING_TERMINATE(dict->file_buf);
return (dict->file_buf);
}
-/* dict_file_to_b64 - read a file into a base64-encoded buffer */
+/* dict_file_to_b64 - read files into a base64-encoded buffer */
-VSTRING *dict_file_to_b64(DICT *dict, const char *pathname)
+VSTRING *dict_file_to_b64(DICT *dict, const char *pathnames)
{
ssize_t helper;
- if (dict_file_to_buf(dict, pathname) == 0)
+ if (dict_file_to_buf(dict, pathnames) == 0)
return (0);
if (dict->file_b64 == 0)
dict->file_b64 = vstring_alloc(100);
- helper = (VSTRING_LEN(dict->file_buf) + 2) / 3;
+ helper = (LEN(dict->file_buf) + 2) / 3;
if (helper > SSIZE_T_MAX / 4) {
- vstring_sprintf(dict->file_buf, "file too large: %s", pathname);
+ vstring_sprintf(dict->file_buf, "file too large: %s", pathnames);
return (0);
}
VSTRING_RESET(dict->file_b64);
diff --git a/postfix/src/util/dict_pcre_file.in b/postfix/src/util/dict_pcre_file.in
index fef4146ea..28c0bd5bd 100644
--- a/postfix/src/util/dict_pcre_file.in
+++ b/postfix/src/util/dict_pcre_file.in
@@ -1,3 +1,4 @@
get file1
get file2
get file3
+get files12
diff --git a/postfix/src/util/dict_pcre_file.map b/postfix/src/util/dict_pcre_file.map
index 1633759c8..4fd12e60e 100644
--- a/postfix/src/util/dict_pcre_file.map
+++ b/postfix/src/util/dict_pcre_file.map
@@ -1,3 +1,6 @@
/file1/ dict_pcre_file1
/file2/ dict_pcre_file2
/file3/ dict_pcre_file3
+/files12/ dict_pcre_file1, dict_pcre_file2
+/files13/ dict_pcre_file1, dict_pcre_file3
+/file-comma/ ,
diff --git a/postfix/src/util/dict_pcre_file.ref b/postfix/src/util/dict_pcre_file.ref
index 8e58457af..727306d91 100644
--- a/postfix/src/util/dict_pcre_file.ref
+++ b/postfix/src/util/dict_pcre_file.ref
@@ -1,4 +1,6 @@
./dict_open: warning: pcre map dict_pcre_file.map, line 3: open dict_pcre_file3: No such file or directory: skipping this rule
+./dict_open: warning: pcre map dict_pcre_file.map, line 5: open dict_pcre_file3: No such file or directory: skipping this rule
+./dict_open: warning: pcre map dict_pcre_file.map, line 6: empty pathname list: >>,<<': skipping this rule
owner=untrusted (uid=USER)
> get file1
file1=dGhpcy1pcy1maWxlMQo=
@@ -6,3 +8,5 @@ file1=dGhpcy1pcy1maWxlMQo=
file2=dGhpcy1pcy1maWxlMgo=
> get file3
file3: not found
+> get files12
+files12=dGhpcy1pcy1maWxlMQoKdGhpcy1pcy1maWxlMgo=