From d5f04c8f9e67401b57bb330354d5daa2db397fa9 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sun, 25 Nov 2018 00:00:00 -0500 Subject: [PATCH] postfix-3.4-20181125 --- postfix/HISTORY | 12 ++ postfix/README_FILES/DATABASE_README | 12 +- postfix/WISHLIST | 7 +- postfix/html/DATABASE_README.html | 9 +- postfix/html/pipe.8.html | 4 +- postfix/html/postconf.1.html | 195 ++++++++++++++------------- postfix/html/postconf.5.html | 6 +- postfix/man/man1/postconf.1 | 9 +- postfix/man/man5/postconf.5 | 6 +- postfix/man/man8/pipe.8 | 2 +- postfix/proto/DATABASE_README.html | 9 +- postfix/proto/postconf.proto | 6 +- postfix/src/global/mail_version.h | 2 +- postfix/src/pipe/pipe.c | 2 +- postfix/src/postconf/postconf.c | 9 +- postfix/src/tlsproxy/tlsproxy.c | 27 ++-- postfix/src/util/dict_file.c | 75 +++++++---- postfix/src/util/dict_pcre_file.in | 1 + postfix/src/util/dict_pcre_file.map | 3 + postfix/src/util/dict_pcre_file.ref | 4 + 20 files changed, 236 insertions(+), 164 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index e6bf8b484..7dd3a7ddf 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23842,3 +23842,15 @@ Apologies for any names omitted. tls_client_init request specifies an unexpected client identity, and the test for that condition is now moved to the right place. File: tlsproxy/tlsproxy.c. + +20181124 + + Documentation: clarified the behavior of whitespace within + "{}". Files: proto/DATABASE_README.html, proto/postconf.proto, + pipe/pipe.c, postconf/postconf.c, + +20181125 + + Cleanup: dict_file_to_xxx() takes a list of file names + separated by CHARS_COMMA_SP. Shoe-horned into the existing + API, make it nicer when there is time. File: util/dict_file.c. diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README index 7526e0bc1..97287f32a 100644 --- a/postfix/README_FILES/DATABASE_README +++ b/postfix/README_FILES/DATABASE_README @@ -215,9 +215,11 @@ To find out what database types your Postfix system supports, use the "ppooss iinnlliinnee (read-only) A non-shared, in-memory lookup table. Example: "inline:{ key=value, { key = text with whitespace or comma }}". Key-value pairs are - separated by whitespace or comma; whitespace after "{" and before "}" - is ignored. Inline tables eliminate the need to create a database file - for just a few fixed elements. See also the static: map type. + separated by whitespace or comma; with a key-value pair inside "{}", + whitespace is ignored after the opening "{", around the "=" between key + and value, and before the closing "}". Inline tables eliminate the need + to create a database file for just a few fixed elements. See also the + static: map type. iinntteerrnnaall A non-shared, in-memory hash table. Its content are lost when a process terminates. @@ -289,8 +291,8 @@ To find out what database types your Postfix system supports, use the "ppooss A table that always returns its name as the lookup result. For example, "static:foobar" always returns the string "foobar" as lookup result. Specify "static:{ text with whitespace }" when the result contains - whitespace; this form ignores whitespace after "{" and before "}". See - also the inline: map type. + whitespace; this form ignores whitespace after the opening "{" and + before the closing "}". See also the inline: map type. ttccpp TCP/IP client. The protocol is described in tcp_table(5). The lookup table name is "tcp:host:port" where "host" specifies a symbolic diff --git a/postfix/WISHLIST b/postfix/WISHLIST index dfc4353db..928b65fad 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,7 +1,10 @@ Wish list: - With DICT_FLAG_RHS_IS_FILE, RHS is list of files (insert - newline for robustness). + Declumsify code that calls vstream_fread() to read data + into VSTRING buffer. This needs vstream_fread_buf(VSTREAM *, + VSTRING *, ssize_t) which calls VSTRING_SPACE(), appends + data to the buffer, and calls VSTRING_AT_OFFSET(). Current + code is error-prone. With DICT_FLAG_RHS_IS_FILE, should dict_update() open a file? base64-encode the value? diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html index 2d134cd44..dc10dd50e 100644 --- a/postfix/html/DATABASE_README.html +++ b/postfix/html/DATABASE_README.html @@ -317,8 +317,10 @@ name as used in "hash:table" is the dat
A non-shared, in-memory lookup table. Example: "inline:{ key=value, { key = text with whitespace or comma }}". -Key-value pairs are separated by whitespace or comma; whitespace -after "{" and before "}" is ignored. Inline tables eliminate the +Key-value pairs are separated by whitespace or comma; with a key-value +pair inside "{}", whitespace is ignored after the opening "{", +around the "=" between key and value, and before the closing "}". +Inline tables eliminate the need to create a database file for just a few fixed elements. See also the static: map type.
@@ -436,7 +438,8 @@ server. See socketmap_table(5) for details. For example, "static:foobar" always returns the string "foobar" as lookup result. Specify "static:{ text with whitespace }" when the result contains whitespace; this form ignores whitespace -after "{" and before "}". See also the inline: map type. +after the opening "{" and before the closing "}". See also the +inline: map type.
tcp
diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index 51504053d..d58775b0c 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -192,8 +192,8 @@ PIPE(8) PIPE(8) interpreter. Specify "{" and "}" around command arguments that contain white- - space (Postfix 3.0 and later). Whitespace after "{" and before - "}" is ignored. + space (Postfix 3.0 and later). Whitespace after the opening "{" + and before the closing "}" is ignored. In the command argument vector, the following macros are recog- nized and replaced with corresponding information from the Post- diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html index b81ec8826..e6525618b 100644 --- a/postfix/html/postconf.1.html +++ b/postfix/html/postconf.1.html @@ -243,19 +243,20 @@ POSTCONF(1) POSTCONF(1) A non-shared, in-memory lookup table. Example: "inline:{ key=value, { key = text with whitespace or comma }}". Key-value pairs are separated by whitespace or comma; - whitespace after "{" and before "}" is ignored. Inline - tables eliminate the need to create a database file for - just a few fixed elements. See also the static: map - type. + with a key-value pair inside "{}", whitespace is ignored + after the opening "{", around the "=" between key and + value, and before the closing "}". Inline tables elimi- + nate the need to create a database file for just a few + fixed elements. See also the static: map type. This feature is available with Postfix 3.0 and later. internal - A non-shared, in-memory hash table. Its content are lost + A non-shared, in-memory hash table. Its content are lost when a process terminates. - lmdb OpenLDAP LMDB database (a memory-mapped, persistent - file). Available on systems with support for LMDB data- + lmdb OpenLDAP LMDB database (a memory-mapped, persistent + file). Available on systems with support for LMDB data- bases. This is described in lmdb_table(5). This feature is available with Postfix 2.11 and later. @@ -264,57 +265,57 @@ POSTCONF(1) POSTCONF(1) LDAP database client. This is described in ldap_table(5). memcache - Memcache database client. This is described in mem- + Memcache database client. This is described in mem- cache_table(5). This feature is available with Postfix 2.9 and later. mysql (read-only) MySQL database client. Available on systems with support - for MySQL databases. This is described in mysql_ta- + for MySQL databases. This is described in mysql_ta- ble(5). pcre (read-only) - A lookup table based on Perl Compatible Regular Expres- + A lookup table based on Perl Compatible Regular Expres- sions. The file format is described in pcre_table(5). pgsql (read-only) - PostgreSQL database client. This is described in + PostgreSQL database client. This is described in pgsql_table(5). This feature is available with Postfix 2.1 and later. pipemap (read-only) - A lookup table that constructs a pipeline of tables. - Example: "pipemap:{type_1:name_1, ..., type_n:name_n}". - Each "pipemap:" query is given to the first table. Each + A lookup table that constructs a pipeline of tables. + Example: "pipemap:{type_1:name_1, ..., type_n:name_n}". + Each "pipemap:" query is given to the first table. Each lookup result becomes the query for the next table in the - pipeline, and the last table produces the final result. - When any table lookup produces no result, the pipeline - produces no result. The first and last characters of the + pipeline, and the last table produces the final result. + When any table lookup produces no result, the pipeline + produces no result. The first and last characters of the "pipemap:" table name must be "{" and "}". Within these, individual maps are separated with comma or whitespace. This feature is available with Postfix 3.0 and later. - proxy Postfix proxymap(8) client for shared access to Postfix + proxy Postfix proxymap(8) client for shared access to Postfix databases. The table name syntax is type:name. This feature is available with Postfix 2.0 and later. randmap (read-only) - An in-memory table that performs random selection. Exam- + An in-memory table that performs random selection. Exam- ple: "randmap:{result_1, ..., result_n}". Each table query returns a random choice from the specified results. - The first and last characters of the "randmap:" table - name must be "{" and "}". Within these, individual + The first and last characters of the "randmap:" table + name must be "{" and "}". Within these, individual results are separated with comma or whitespace. To give a specific result more weight, specify it multiple times. This feature is available with Postfix 3.0 and later. regexp (read-only) - A lookup table based on regular expressions. The file + A lookup table based on regular expressions. The file format is described in regexp_table(5). sdbm An indexed file type based on hashing. Available on sys- @@ -323,9 +324,9 @@ POSTCONF(1) POSTCONF(1) This feature is available with Postfix 2.2 and later. socketmap (read-only) - Sendmail-style socketmap client. The table name is - inet:host:port:name for a TCP/IP server, or unix:path- - name:name for a UNIX-domain server. This is described in + Sendmail-style socketmap client. The table name is + inet:host:port:name for a TCP/IP server, or unix:path- + name:name for a UNIX-domain server. This is described in socketmap_table(5). This feature is available with Postfix 2.10 and later. @@ -336,12 +337,12 @@ POSTCONF(1) POSTCONF(1) This feature is available with Postfix 2.8 and later. static (read-only) - A table that always returns its name as lookup result. + A table that always returns its name as lookup result. For example, static:foobar always returns the string foo- - bar as lookup result. Specify "static:{ text with white- - space }" when the result contains whitespace; this form - ignores whitespace after "{" and before "}". See also the - inline: map. + bar as lookup result. Specify "static:{ text with white- + space }" when the result contains whitespace; this form + ignores whitespace after the opening "{" and before the + closing "}". See also the inline: map. The form "static:{text} is available with Postfix 3.0 and later. @@ -350,58 +351,58 @@ POSTCONF(1) POSTCONF(1) TCP/IP client. The protocol is described in tcp_table(5). texthash (read-only) - Produces similar results as hash: files, except that you - don't need to run the postmap(1) command before you can - use the file, and that it does not detect changes after + Produces similar results as hash: files, except that you + don't need to run the postmap(1) command before you can + use the file, and that it does not detect changes after the file is read. This feature is available with Postfix 2.8 and later. unionmap (read-only) - A table that sends each query to multiple lookup tables - and that concatenates all found results, separated by + A table that sends each query to multiple lookup tables + and that concatenates all found results, separated by comma. The table name syntax is the same as for pipemap. This feature is available with Postfix 3.0 and later. unix (read-only) - A limited view of the UNIX authentication database. The + A limited view of the UNIX authentication database. The following tables are implemented: unix:passwd.byname - The table is the UNIX password database. The key - is a login name. The result is a password file + The table is the UNIX password database. The key + is a login name. The result is a password file entry in passwd(5) format. unix:group.byname The table is the UNIX group database. The key is a - group name. The result is a group file entry in + group name. The result is a group file entry in group(5) format. - Other table types may exist depending on how Postfix was built. + Other table types may exist depending on how Postfix was built. - -M Show master.cf file contents instead of main.cf file contents. + -M Show master.cf file contents instead of main.cf file contents. Specify -Mf to fold long lines for human readability. Specify zero or more arguments, each with a service-name or ser- - vice-name/service-type pair, where service-name is the first - field of a master.cf entry and service-type is one of (inet, + vice-name/service-type pair, where service-name is the first + field of a master.cf entry and service-type is one of (inet, unix, fifo, or pass). - If service-name or service-name/service-type is specified, only - the matching master.cf entries will be output. For example, - "postconf -Mf smtp" will output all services named "smtp", and - "postconf -Mf smtp/inet" will output only the smtp service that - listens on the network. Trailing service type fields that are + If service-name or service-name/service-type is specified, only + the matching master.cf entries will be output. For example, + "postconf -Mf smtp" will output all services named "smtp", and + "postconf -Mf smtp/inet" will output only the smtp service that + listens on the network. Trailing service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.9 and later. The syntax - was changed from "name.type" to "name/type", and "*" wildcard + was changed from "name.type" to "name/type", and "*" wildcard support was added with Postfix 2.11. -n Show only configuration parameters that have explicit name=value - settings in main.cf. Specify -nf to fold long lines for human - readability (Postfix 2.9 and later). To show settings that dif- + settings in main.cf. Specify -nf to fold long lines for human + readability (Postfix 2.9 and later). To show settings that dif- fer from built-in defaults only, use the following bash syntax: comm -23 <(postconf -n) <(postconf -d) Replace "-23" with "-12" to show settings that duplicate @@ -416,38 +417,38 @@ POSTCONF(1) POSTCONF(1) This feature is available with Postfix 2.11 and later. - -P Show master.cf service parameter settings (by default all ser- - vices and all parameters), formatted as "service/type/parame- + -P Show master.cf service parameter settings (by default all ser- + vices and all parameters), formatted as "service/type/parame- ter=value", one per line. Specify -Pf to fold long lines. - Specify one or more "service/type/parameter" instances on the - postconf(1) command line to limit the output to parameters of - interest. Trailing parameter name or service type fields that + Specify one or more "service/type/parameter" instances on the + postconf(1) command line to limit the output to parameters of + interest. Trailing parameter name or service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.11 and later. -t [template_file] - Display the templates for text that appears at the beginning of - delivery status notification (DSN) messages, without expanding + Display the templates for text that appears at the beginning of + delivery status notification (DSN) messages, without expanding $name expressions. - To override the bounce_template_file parameter setting, specify - a template file name at the end of the "postconf -t" command - line. Specify an empty file name to display built-in templates + To override the bounce_template_file parameter setting, specify + a template file name at the end of the "postconf -t" command + line. Specify an empty file name to display built-in templates (in shell language: ""). This feature is available with Postfix 2.3 and later. -T mode - If Postfix is compiled without TLS support, the -T option pro- - duces no output. Otherwise, if an invalid mode is specified, - the -T option reports an error and exits with a non-zero status + If Postfix is compiled without TLS support, the -T option pro- + duces no output. Otherwise, if an invalid mode is specified, + the -T option reports an error and exits with a non-zero status code. The valid modes are: compile-version Output the OpenSSL version that Postfix was compiled with - (i.e. the OpenSSL version in a header file). The output + (i.e. the OpenSSL version in a header file). The output format is the same as with the command "openssl version". run-version @@ -455,59 +456,59 @@ POSTCONF(1) POSTCONF(1) runtime (i.e. the OpenSSL version in a shared library). public-key-algorithms - Output the lower-case names of the supported public-key + Output the lower-case names of the supported public-key algorithms, one per-line. This feature is available with Postfix 3.1 and later. - -v Enable verbose logging for debugging purposes. Multiple -v + -v Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose. - -x Expand $name in main.cf or master.cf parameter values. The + -x Expand $name in main.cf or master.cf parameter values. The expansion is recursive. This feature is available with Postfix 2.10 and later. - -X Edit the main.cf configuration file, and remove the parameters + -X Edit the main.cf configuration file, and remove the parameters named on the postconf(1) command line. Specify a list of param- eter names, not "name=value" pairs. - With -M, edit the master.cf configuration file, and remove one - or more service entries as specified with "service/type" on the + With -M, edit the master.cf configuration file, and remove one + or more service entries as specified with "service/type" on the postconf(1) command line. - With -P, edit the master.cf configuration file, and remove one + With -P, edit the master.cf configuration file, and remove one or more service parameter settings (-o parameter=value settings) - as specified with "service/type/parameter" on the postconf(1) + as specified with "service/type/parameter" on the postconf(1) command line. In all cases the file is copied to a temporary file then renamed into place. Specify quotes to protect special characters on the postconf(1) command line. - There is no postconf(1) command to perform the reverse opera- - tion. - - This feature is available with Postfix 2.10 and later. Support - for -M and -P was added with Postfix 2.11. - - -# Edit the main.cf configuration file, and comment out the parame- - ters named on the postconf(1) command line, so that those param- - eters revert to their default values. Specify a list of parame- - ter names, not "name=value" pairs. - - With -M, edit the master.cf configuration file, and comment out - one or more service entries as specified with "service/type" on - the postconf(1) command line. - - In all cases the file is copied to a temporary file then renamed - into place. Specify quotes to protect special characters on the - postconf(1) command line. - There is no postconf(1) command to perform the reverse opera- tion. - This feature is available with Postfix 2.6 and later. Support + This feature is available with Postfix 2.10 and later. Support + for -M and -P was added with Postfix 2.11. + + -# Edit the main.cf configuration file, and comment out the parame- + ters named on the postconf(1) command line, so that those param- + eters revert to their default values. Specify a list of parame- + ter names, not "name=value" pairs. + + With -M, edit the master.cf configuration file, and comment out + one or more service entries as specified with "service/type" on + the postconf(1) command line. + + In all cases the file is copied to a temporary file then renamed + into place. Specify quotes to protect special characters on the + postconf(1) command line. + + There is no postconf(1) command to perform the reverse opera- + tion. + + This feature is available with Postfix 2.6 and later. Support for -M was added with Postfix 2.11. DIAGNOSTICS @@ -518,18 +519,18 @@ POSTCONF(1) POSTCONF(1) Directory with Postfix configuration files. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- + The following main.cf parameters are especially relevant to this pro- gram. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. bounce_template_file (empty) - Pathname of a configuration file with bounce message templates. + Pathname of a configuration file with bounce message templates. FILES /etc/postfix/main.cf, Postfix configuration parameters diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index ff32ae574..99ce58967 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -3308,7 +3308,8 @@ time keeping on System-V-ish systems.

Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace -or comma in parameter values (whitespace after "{" and before "}" +or comma in parameter values (whitespace after the opening "{" and +before the closing "}" is ignored). The form name=value is supported with Postfix version 2.1 and later; the use of {} is supported with Postfix 3.0 and later.

@@ -3885,7 +3886,8 @@ environment. Examples of relevant parameters:

Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace -or comma in parameter values (whitespace after "{" and before "}" +or comma in parameter values (whitespace after the opening "{" and +before the closing "}" is ignored). The form name=value is supported with Postfix version 2.1 and later; the use of {} is supported with Postfix 3.0 and later.

diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1 index 4976f5010..1fb951fdc 100644 --- a/postfix/man/man1/postconf.1 +++ b/postfix/man/man1/postconf.1 @@ -274,8 +274,10 @@ with support for Berkeley DB databases. A non\-shared, in\-memory lookup table. Example: "\fBinline:{ \fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace or comma\fB }}\fR". Key\-value pairs are separated by -whitespace or comma; whitespace after "\fB{\fR" and before "\fB}\fR" -is ignored. Inline tables eliminate the need to create a +whitespace or comma; with a key\-value pair inside "\fB{}\fR", +whitespace is ignored after the opening "\fB{\fR", around +the "\fB=\fR" between key and value, and before the closing +"\fB}\fR". Inline tables eliminate the need to create a database file for just a few fixed elements. See also the \fIstatic:\fR map type. @@ -359,7 +361,8 @@ A table that always returns its name as lookup result. For example, \fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext with whitespace\fB }\fR" when the result contains whitespace; -this form ignores whitespace after "\fB{\fR" and before +this form ignores whitespace after the opening "\fB{\fR" +and before the closing "\fB}\fR". See also the \fIinline:\fR map. The form "\fBstatic:{\fItext\fB}\fR is available with Postfix diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 13e6b2b3c..1b5951a27 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2071,7 +2071,8 @@ time keeping on System\-V\-ish systems. .PP Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace -or comma in parameter values (whitespace after "{" and before "}" +or comma in parameter values (whitespace after the opening "{" and +before the closing "}" is ignored). The form name=value is supported with Postfix version 2.1 and later; the use of {} is supported with Postfix 3.0 and later. @@ -2409,7 +2410,8 @@ Needed to make "\fBpostfix \-c\fR" work. .PP Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace -or comma in parameter values (whitespace after "{" and before "}" +or comma in parameter values (whitespace after the opening "{" and +before the closing "}" is ignored). The form name=value is supported with Postfix version 2.1 and later; the use of {} is supported with Postfix 3.0 and later. diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index d6564b71e..9a83d42c1 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -201,7 +201,7 @@ shell meta characters by a shell command interpreter. .sp Specify "{" and "}" around command arguments that contain whitespace (Postfix 3.0 and later). Whitespace -after "{" and before "}" is ignored. +after the opening "{" and before the closing "}" is ignored. .sp In the command argument vector, the following macros are recognized and replaced with corresponding information from the Postfix queue diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html index c6525ed4c..828772e78 100644 --- a/postfix/proto/DATABASE_README.html +++ b/postfix/proto/DATABASE_README.html @@ -317,8 +317,10 @@ name as used in "hash:table" is the database file name without the
A non-shared, in-memory lookup table. Example: "inline:{ key=value, { key = text with whitespace or comma }}". -Key-value pairs are separated by whitespace or comma; whitespace -after "{" and before "}" is ignored. Inline tables eliminate the +Key-value pairs are separated by whitespace or comma; with a key-value +pair inside "{}", whitespace is ignored after the opening "{", +around the "=" between key and value, and before the closing "}". +Inline tables eliminate the need to create a database file for just a few fixed elements. See also the static: map type.
@@ -436,7 +438,8 @@ server. See socketmap_table(5) for details. For example, "static:foobar" always returns the string "foobar" as lookup result. Specify "static:{ text with whitespace }" when the result contains whitespace; this form ignores whitespace -after "{" and before "}". See also the inline: map type. +after the opening "{" and before the closing "}". See also the +inline: map type.
tcp
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 16d793463..c2b5294b7 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -1447,7 +1447,8 @@ time keeping on System-V-ish systems.

Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace -or comma in parameter values (whitespace after "{" and before "}" +or comma in parameter values (whitespace after the opening "{" and +before the closing "}" is ignored). The form name=value is supported with Postfix version 2.1 and later; the use of {} is supported with Postfix 3.0 and later.

@@ -1918,7 +1919,8 @@ environment. Examples of relevant parameters:

Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace -or comma in parameter values (whitespace after "{" and before "}" +or comma in parameter values (whitespace after the opening "{" and +before the closing "}" is ignored). The form name=value is supported with Postfix version 2.1 and later; the use of {} is supported with Postfix 3.0 and later.

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b20946ead..592785ce5 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20181123" +#define MAIL_RELEASE_DATE "20181125" #define MAIL_VERSION_NUMBER "3.4" #ifdef SNAPSHOT diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index 5eb5f21b2..7167d9511 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -191,7 +191,7 @@ /* .sp /* Specify "{" and "}" around command arguments that contain /* whitespace (Postfix 3.0 and later). Whitespace -/* after "{" and before "}" is ignored. +/* after the opening "{" and before the closing "}" is ignored. /* .sp /* In the command argument vector, the following macros are recognized /* and replaced with corresponding information from the Postfix queue diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c index dd8614ab2..026639ec1 100644 --- a/postfix/src/postconf/postconf.c +++ b/postfix/src/postconf/postconf.c @@ -268,8 +268,10 @@ /* A non-shared, in-memory lookup table. Example: "\fBinline:{ /* \fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace /* or comma\fB }}\fR". Key-value pairs are separated by -/* whitespace or comma; whitespace after "\fB{\fR" and before "\fB}\fR" -/* is ignored. Inline tables eliminate the need to create a +/* whitespace or comma; with a key-value pair inside "\fB{}\fR", +/* whitespace is ignored after the opening "\fB{\fR", around +/* the "\fB=\fR" between key and value, and before the closing +/* "\fB}\fR". Inline tables eliminate the need to create a /* database file for just a few fixed elements. See also the /* \fIstatic:\fR map type. /* @@ -353,7 +355,8 @@ /* example, \fBstatic:foobar\fR always returns the string /* \fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext /* with whitespace\fB }\fR" when the result contains whitespace; -/* this form ignores whitespace after "\fB{\fR" and before +/* this form ignores whitespace after the opening "\fB{\fR" +/* and before the closing /* "\fB}\fR". See also the \fIinline:\fR map. /* /* The form "\fBstatic:{\fItext\fB}\fR is available with Postfix diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index cf93c6c44..64e88ff11 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -1026,10 +1026,10 @@ static int tlsp_client_init(TLS_APPL_STATE **client_appl_state, /* * Use one TLS_APPL_STATE object for all requests that specify the same * TLS_CLIENT_INIT_PROPS. Each TLS_APPL_STATE owns an SSL_CTX, which is - * expensive. + * expensive to create. * * First, compute the TLS_APPL_STATE cache lookup key. Save a copy of the - * key that corresponds to the pre-jail internal call, which uses the + * key that corresponds to the pre-jail internal request, which uses the * tlsproxy_client_* settings. */ buf = vstring_alloc(100); @@ -1042,9 +1042,9 @@ static int tlsp_client_init(TLS_APPL_STATE **client_appl_state, /* * Log a warning if a post-jail request differs from the tlsproxy_client_* - * settings AND the request specifies file or directory arguments. Those - * are problematic after chroot (pathname resolution) and after dropping - * privileges (key files must be root read-only). + * settings AND the request specifies file/directory pathname arguments. + * Those are problematic after chroot (pathname resolution) and after + * dropping privileges (key files must be root read-only). * * We can eliminate this complication by adding code that opens a cert/key * lookup table at pre-jail time, and by reading cert/key info on-the-fly @@ -1410,17 +1410,20 @@ static void pre_jail_init(char *unused_name, char **unused_argv) * for the minority of sites that want to use TLS connection caching with * multiple TLS client identities. To alert the operator, tlsproxy will * log a warning when a TLS_CLIENT_INIT message specifies a different - * configuration with cert or key pathnames. The workaround is to have - * one tlsproxy process per TLS client identity. + * configuration than the tlsproxy pre-jail client configuration, and + * that different configuration specifies file/directory pathname + * arguments. The workaround is to have one tlsproxy process per TLS + * client identity. * * The general solution for single-identity or multi-identity clients is to * stop loading certs and keys from individual files. Instead, have a * cert/key map, indexed by client identity, read-only by root. After - * opening the map at pre-jail time, tlsproxy can read certs/keys - * on-the-fly at post-jail time. This is the approach that was already - * proposed for server-side SNI support, and it could be reused here. It - * would also end the proliferation of RSA cert/key parameters, DSA - * cert/key parameters, EC cert/key parameters, and so on. + * opening the map as root at pre-jail time, tlsproxy can read certs/keys + * on-the-fly as an unprivileged process at post-jail time. This is the + * approach that was already proposed for server-side SNI support, and it + * could be reused here. It would also end the proliferation of RSA + * cert/key parameters, DSA cert/key parameters, EC cert/key parameters, + * and so on. * * Horror: In order to create the same pre-jail TLS client context as the * one used in the Postfix SMTP client, we have to duplicate intricate diff --git a/postfix/src/util/dict_file.c b/postfix/src/util/dict_file.c index 2b679c560..809af9f65 100644 --- a/postfix/src/util/dict_file.c +++ b/postfix/src/util/dict_file.c @@ -8,11 +8,11 @@ /* /* VSTRING *dict_file_to_buf( /* DICT *dict, -/* const char *pathname) +/* const char *pathnames) /* /* VSTRING *dict_file_to_b64( /* DICT *dict, -/* const char *pathname) +/* const char *pathnames) /* /* VSTRING *dict_file_from_b64( /* DICT *dict, @@ -24,11 +24,15 @@ /* void dict_file_purge_buffers( /* DICT *dict) /* DESCRIPTION -/* dict_file_to_buf() reads the content of the specified file. +/* dict_file_to_buf() reads the content of the specified +/* files, with names separated by CHARS_COMMA_SP, while inserting +/* a gratuitous newline character between files. /* It returns a pointer to a buffer which is owned by the DICT, /* or a null pointer in case of error. /* -/* dict_file_to_b64() reads the content of the specified file, +/* dict_file_to_b64() reads the content of the specified +/* files, with names separated by CHARS_COMMA_SP, while inserting +/* a gratuitous newline character between files, /* and converts the result to base64. /* It returns a pointer to a buffer which is owned by the DICT, /* or a null pointer in case of error. @@ -81,50 +85,71 @@ #define STR(x) vstring_str(x) #define LEN(x) VSTRING_LEN(x) -/* dict_file_to_buf - read a file into a buffer */ +/* dict_file_to_buf - read files into a buffer */ -VSTRING *dict_file_to_buf(DICT *dict, const char *pathname) +VSTRING *dict_file_to_buf(DICT *dict, const char *pathnames) { struct stat st; - VSTREAM *fp; + VSTREAM *fp = 0; + ARGV *argv; + char **cpp; /* dict_file_to_buf() postcondition: dict->file_buf exists. */ if (dict->file_buf == 0) dict->file_buf = vstring_alloc(100); - if ((fp = vstream_fopen(pathname, O_RDONLY, 0)) == 0 - || fstat(vstream_fileno(fp), &st) < 0) { - vstring_sprintf(dict->file_buf, "open %s: %m", pathname); - if (fp) - vstream_fclose(fp); - return (0); +#define DICT_FILE_ERR_RETURN do { \ + argv_free(argv); \ + if (fp) vstream_fclose(fp); \ + return (0); \ + } while (0); + + argv = argv_split(pathnames, CHARS_COMMA_SP); + if (argv->argc == 0) { + vstring_sprintf(dict->file_buf, "empty pathname list: >>%s<<'", + pathnames); + DICT_FILE_ERR_RETURN; } VSTRING_RESET(dict->file_buf); - VSTRING_SPACE(dict->file_buf, st.st_size); - if (vstream_fread(fp, STR(dict->file_buf), st.st_size) != st.st_size) { - vstring_sprintf(dict->file_buf, "read %s: %m", pathname); - vstream_fclose(fp); - return (0); + for (cpp = argv->argv; *cpp; cpp++) { + if ((fp = vstream_fopen(*cpp, O_RDONLY, 0)) == 0 + || fstat(vstream_fileno(fp), &st) < 0) { + vstring_sprintf(dict->file_buf, "open %s: %m", *cpp); + DICT_FILE_ERR_RETURN; + } + if (st.st_size > SSIZE_T_MAX - LEN(dict->file_buf)) { + vstring_sprintf(dict->file_buf, "file too large: %s", pathnames); + DICT_FILE_ERR_RETURN; + } + VSTRING_SPACE(dict->file_buf, st.st_size); + if (vstream_fread(fp, STR(dict->file_buf) + LEN(dict->file_buf), + st.st_size) != st.st_size) { + vstring_sprintf(dict->file_buf, "read %s: %m", *cpp); + DICT_FILE_ERR_RETURN; + } + (void) vstream_fclose(fp); + VSTRING_AT_OFFSET(dict->file_buf, LEN(dict->file_buf) + st.st_size); + if (cpp[1] != 0) + VSTRING_ADDCH(dict->file_buf, '\n'); } - (void) vstream_fclose(fp); - VSTRING_AT_OFFSET(dict->file_buf, st.st_size); + argv_free(argv); VSTRING_TERMINATE(dict->file_buf); return (dict->file_buf); } -/* dict_file_to_b64 - read a file into a base64-encoded buffer */ +/* dict_file_to_b64 - read files into a base64-encoded buffer */ -VSTRING *dict_file_to_b64(DICT *dict, const char *pathname) +VSTRING *dict_file_to_b64(DICT *dict, const char *pathnames) { ssize_t helper; - if (dict_file_to_buf(dict, pathname) == 0) + if (dict_file_to_buf(dict, pathnames) == 0) return (0); if (dict->file_b64 == 0) dict->file_b64 = vstring_alloc(100); - helper = (VSTRING_LEN(dict->file_buf) + 2) / 3; + helper = (LEN(dict->file_buf) + 2) / 3; if (helper > SSIZE_T_MAX / 4) { - vstring_sprintf(dict->file_buf, "file too large: %s", pathname); + vstring_sprintf(dict->file_buf, "file too large: %s", pathnames); return (0); } VSTRING_RESET(dict->file_b64); diff --git a/postfix/src/util/dict_pcre_file.in b/postfix/src/util/dict_pcre_file.in index fef4146ea..28c0bd5bd 100644 --- a/postfix/src/util/dict_pcre_file.in +++ b/postfix/src/util/dict_pcre_file.in @@ -1,3 +1,4 @@ get file1 get file2 get file3 +get files12 diff --git a/postfix/src/util/dict_pcre_file.map b/postfix/src/util/dict_pcre_file.map index 1633759c8..4fd12e60e 100644 --- a/postfix/src/util/dict_pcre_file.map +++ b/postfix/src/util/dict_pcre_file.map @@ -1,3 +1,6 @@ /file1/ dict_pcre_file1 /file2/ dict_pcre_file2 /file3/ dict_pcre_file3 +/files12/ dict_pcre_file1, dict_pcre_file2 +/files13/ dict_pcre_file1, dict_pcre_file3 +/file-comma/ , diff --git a/postfix/src/util/dict_pcre_file.ref b/postfix/src/util/dict_pcre_file.ref index 8e58457af..727306d91 100644 --- a/postfix/src/util/dict_pcre_file.ref +++ b/postfix/src/util/dict_pcre_file.ref @@ -1,4 +1,6 @@ ./dict_open: warning: pcre map dict_pcre_file.map, line 3: open dict_pcre_file3: No such file or directory: skipping this rule +./dict_open: warning: pcre map dict_pcre_file.map, line 5: open dict_pcre_file3: No such file or directory: skipping this rule +./dict_open: warning: pcre map dict_pcre_file.map, line 6: empty pathname list: >>,<<': skipping this rule owner=untrusted (uid=USER) > get file1 file1=dGhpcy1pcy1maWxlMQo= @@ -6,3 +8,5 @@ file1=dGhpcy1pcy1maWxlMQo= file2=dGhpcy1pcy1maWxlMgo= > get file3 file3: not found +> get files12 +files12=dGhpcy1pcy1maWxlMQoKdGhpcy1pcy1maWxlMgo=