diff --git a/postfix/HISTORY b/postfix/HISTORY
index d38d3b4be..a16d57d5c 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -27787,3 +27787,26 @@ Apologies for any names omitted.
configurable, and updated the mysql_table(5) and pgsql_table(5)
manpages. Files: global/dict_mysql.c, global/dict_pgsql.c,
proto/mysql_table, proto/pgsql_table.
+
+20230130
+
+ Reproducible build: added LC_ALL=C to the top of the makedefs
+ script.
+
+20240206
+
+ Documentation: in COMPATIBILITY_README, the descriptions
+ of smtpd_relay_restrictions and smtputf8_enable were grouped
+ under the wrong compatibility level value. Reported by Rune
+ Philosof. File: proto/COMPATIBILITY_README.html.
+
+ Compatibility: the RFC 5322 date and time specification
+ recommends (i.e. should) that a single space be used in
+ each place that FWS appears. To avoid a breaking change,
+ Postfix now formats numerical days as two-digit days, i.e.
+ days 1-9 have a leading zero instead of a leading space.
+ Files: util/sys_defs.h global/mail_date.c.
+
+ Documentation: the post-install(1) manpage now lists
+ $config_directory/makedefs.out as one of the installed
+ files. File: postfix-install.
diff --git a/postfix/README_FILES/COMPATIBILITY_README b/postfix/README_FILES/COMPATIBILITY_README
index 55182b7f6..aa9e7f6a7 100644
--- a/postfix/README_FILES/COMPATIBILITY_README
+++ b/postfix/README_FILES/COMPATIBILITY_README
@@ -33,17 +33,17 @@ Logged with compatibility_level < 1:
* Using backwards-compatible default setting chroot=y
-Logged with compatibility_level < 2:
-
* Using backwards-compatible default setting "smtpd_relay_restrictions =
(empty)"
+ * Using backwards-compatible default setting smtputf8_enable=no
+
+Logged with compatibility_level < 2:
+
* Using backwards-compatible default setting mynetworks_style=subnet
* Using backwards-compatible default setting relay_domains=$mydestination
- * Using backwards-compatible default setting smtputf8_enable=no
-
Logged with compatibility_level < 3.6:
* Using backwards-compatible default setting smtpd_tls_fingerprint_digest=md5
@@ -152,6 +152,34 @@ permanent in main.cf:
# p�po�os�st�tc�co�on�nf�f s�sm�mt�tp�pd�d_�_r�re�el�la�ay�y_�_r�re�es�st�tr�ri�ic�ct�ti�io�on�ns�s=�=
# p�po�os�st�tf�fi�ix�x r�re�el�lo�oa�ad�d
+U�Us�si�in�ng�g b�ba�ac�ck�kw�wa�ar�rd�ds�s-�-c�co�om�mp�pa�at�ti�ib�bl�le�e d�de�ef�fa�au�ul�lt�t s�se�et�tt�ti�in�ng�g s�sm�mt�tp�pu�ut�tf�f8�8_�_e�en�na�ab�bl�le�e=�=n�no�o
+
+The smtputf8_enable default value has changed from "no" to "yes". With the new
+"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
+that don't request SMTPUTF8 support, after Postfix is updated from an older
+version. The backwards-compatibility safety net is designed to prevent such
+surprises.
+
+As long as the smtputf8_enable parameter is left at its implicit default value,
+and the compatibility_level setting is less than 1, Postfix logs a warning each
+time an SMTP command uses a non-ASCII address localpart without requesting
+SMTPUTF8 support:
+
+ postfix/smtpd[27560]: using backwards-compatible default setting
+ smtputf8_enable=no to accept non-ASCII sender address
+ "??@example.org" from localhost[127.0.0.1]
+
+ postfix/smtpd[27560]: using backwards-compatible default setting
+ smtputf8_enable=no to accept non-ASCII recipient address
+ "??@example.com" from localhost[127.0.0.1]
+
+If the address should not be rejected, and the client cannot be updated to use
+SMTPUTF8, then the system administrator should make the backwards-compatible
+setting "smtputf8_enable = no" permanent in main.cf:
+
+ # p�po�os�st�tc�co�on�nf�f s�sm�mt�tp�pu�ut�tf�f8�8_�_e�en�na�ab�bl�le�e=�=n�no�o
+ # p�po�os�st�tf�fi�ix�x r�re�el�lo�oa�ad�d
+
U�Us�si�in�ng�g b�ba�ac�ck�kw�wa�ar�rd�ds�s-�-c�co�om�mp�pa�at�ti�ib�bl�le�e d�de�ef�fa�au�ul�lt�t s�se�et�tt�ti�in�ng�g m�my�yn�ne�et�tw�wo�or�rk�ks�s_�_s�st�ty�yl�le�e=�=s�su�ub�bn�ne�et�t
The mynetworks_style default value has changed from "subnet" to "host". This
@@ -223,34 +251,6 @@ Note: quotes are required as indicated above.
Instead of $mydestination, it may be better to specify an explicit list of
domain names.
-U�Us�si�in�ng�g b�ba�ac�ck�kw�wa�ar�rd�ds�s-�-c�co�om�mp�pa�at�ti�ib�bl�le�e d�de�ef�fa�au�ul�lt�t s�se�et�tt�ti�in�ng�g s�sm�mt�tp�pu�ut�tf�f8�8_�_e�en�na�ab�bl�le�e=�=n�no�o
-
-The smtputf8_enable default value has changed from "no" to "yes". With the new
-"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
-that don't request SMTPUTF8 support, after Postfix is updated from an older
-version. The backwards-compatibility safety net is designed to prevent such
-surprises.
-
-As long as the smtputf8_enable parameter is left at its implicit default value,
-and the compatibility_level setting is less than 1, Postfix logs a warning each
-time an SMTP command uses a non-ASCII address localpart without requesting
-SMTPUTF8 support:
-
- postfix/smtpd[27560]: using backwards-compatible default setting
- smtputf8_enable=no to accept non-ASCII sender address
- "??@example.org" from localhost[127.0.0.1]
-
- postfix/smtpd[27560]: using backwards-compatible default setting
- smtputf8_enable=no to accept non-ASCII recipient address
- "??@example.com" from localhost[127.0.0.1]
-
-If the address should not be rejected, and the client cannot be updated to use
-SMTPUTF8, then the system administrator should make the backwards-compatible
-setting "smtputf8_enable = no" permanent in main.cf:
-
- # p�po�os�st�tc�co�on�nf�f s�sm�mt�tp�pu�ut�tf�f8�8_�_e�en�na�ab�bl�le�e=�=n�no�o
- # p�po�os�st�tf�fi�ix�x r�re�el�lo�oa�ad�d
-
U�Us�si�in�ng�g b�ba�ac�ck�kw�wa�ar�rd�ds�s-�-c�co�om�mp�pa�at�ti�ib�bl�le�e d�de�ef�fa�au�ul�lt�t s�se�et�tt�ti�in�ng�g s�sm�mt�tp�pd�d_�_t�tl�ls�s_�_f�fi�in�ng�ge�er�rp�pr�ri�in�nt�t_�_d�di�ig�ge�es�st�t=�=m�md�d5�5
The smtpd_tls_fingerprint_digest default value has changed from "md5" to
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 60e94df1d..d9610bb91 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -6,8 +6,6 @@ Wish list:
Disable -DSNAPSHOT and -DNONPROD in makedefs.
- postfix-install should mention makedefs.out.
-
Remove .printfck directories, and remove printfck targets
from Makefiles.
@@ -36,16 +34,12 @@ Wish list:
Check out https://github.com/milter-manager/milter-manager/
- Check out https://cutter.osdn.jp/ (C/C++ unit tests).
+ Check out https://github.com/clear-code/cutter
+ (https://cutter.osdn.jp/) for C/C++ unit tests.
- Follow https://github.com/vdukhovni/postfix/commits/rpk
-
- Figure out which mysql_*escape_string*() variant to use and
- handle error results accordingly.
-
- postscreen hints to smtpd to suppress the server greeating
+ postscreen hints to smtpd to suppress the server greeting
after a remote SMTP client has pregreeted. This makes the
- PIPELINING detection more meaingful.
+ PIPELINING detection more meaningful.
Multi-recipient support in sender/recipient_bcc_maps and
always_bcc.
diff --git a/postfix/html/COMPATIBILITY_README.html b/postfix/html/COMPATIBILITY_README.html
index 2b6a58b15..37c37a5ad 100644
--- a/postfix/html/COMPATIBILITY_README.html
+++ b/postfix/html/COMPATIBILITY_README.html
@@ -61,24 +61,24 @@ default setting append_dot_mydomain=yes
Using backwards-compatible default setting
chroot=y
+ Using backwards-compatible
+default setting "smtpd_relay_restrictions = (empty)"
+
+ Using backwards-compatible
+default setting smtputf8_enable=no
+
Logged with compatibility_level < 2:
Logged with compatibility_level < 3.6:
@@ -241,6 +241,48 @@ administrator should make the backwards-compatible setting
+
+
+ The smtputf8_enable default value has changed from "no" to "yes".
+With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
+addresses from clients that don't request SMTPUTF8 support, after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises.
+
+ As long as the smtputf8_enable parameter is left at its implicit
+default value, and the compatibility_level setting is
+less than 1, Postfix logs a warning each time an SMTP command uses a
+non-ASCII address localpart without requesting SMTPUTF8 support:
+
+
+
+postfix/smtpd[27560]: using backwards-compatible default setting
+ smtputf8_enable=no to accept non-ASCII sender address
+ "??@example.org" from localhost[127.0.0.1]
+
+
+
+
+
+postfix/smtpd[27560]: using backwards-compatible default setting
+ smtputf8_enable=no to accept non-ASCII recipient address
+ "??@example.com" from localhost[127.0.0.1]
+
+
+
+ If the address should not be rejected, and the client cannot
+be updated to use SMTPUTF8, then the system administrator should
+make the backwards-compatible setting "smtputf8_enable = no" permanent
+in main.cf:
+
+
+
+# postconf smtputf8_enable=no
+# postfix reload
+
+
+
@@ -352,48 +394,6 @@ administrator should make the backwards-compatible setting
Instead of $mydestination, it may be better to specify an
explicit list of domain names.
-
-
- The smtputf8_enable default value has changed from "no" to "yes".
-With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
-addresses from clients that don't request SMTPUTF8 support, after
-Postfix is updated from an older version. The backwards-compatibility
-safety net is designed to prevent such surprises.
-
- As long as the smtputf8_enable parameter is left at its implicit
-default value, and the compatibility_level setting is
-less than 1, Postfix logs a warning each time an SMTP command uses a
-non-ASCII address localpart without requesting SMTPUTF8 support:
-
-
-
-postfix/smtpd[27560]: using backwards-compatible default setting
- smtputf8_enable=no to accept non-ASCII sender address
- "??@example.org" from localhost[127.0.0.1]
-
-
-
-
-
-postfix/smtpd[27560]: using backwards-compatible default setting
- smtputf8_enable=no to accept non-ASCII recipient address
- "??@example.com" from localhost[127.0.0.1]
-
-
-
- If the address should not be rejected, and the client cannot
-be updated to use SMTPUTF8, then the system administrator should
-make the backwards-compatible setting "smtputf8_enable = no" permanent
-in main.cf:
-
-
-
-# postconf smtputf8_enable=no
-# postfix reload
-
-
-
diff --git a/postfix/makedefs b/postfix/makedefs
index c8cc13d8a..98c826735 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -184,6 +184,9 @@
# New York, NY 10011, USA
#--
+# Override all LC_* settings and LANG for reproducibility.
+LC_ALL=C; export LC_ALL
+
# By now all shells must have functions.
error() {
diff --git a/postfix/postfix-install b/postfix/postfix-install
index f6780e7fd..5c7d844d2 100644
--- a/postfix/postfix-install
+++ b/postfix/postfix-install
@@ -176,6 +176,7 @@
# post-install(1) post-installation procedure
# FILES
# $config_directory/main.cf, Postfix installation configuration.
+# $config_directory/makedefs.out, Postfix 'make makefiles' options.
# $meta_directory/postfix-files, installation control file.
# $config_directory/install.cf, obsolete configuration file.
# LICENSE
diff --git a/postfix/proto/COMPATIBILITY_README.html b/postfix/proto/COMPATIBILITY_README.html
index e4e91e17d..9f8892757 100644
--- a/postfix/proto/COMPATIBILITY_README.html
+++ b/postfix/proto/COMPATIBILITY_README.html
@@ -61,24 +61,24 @@ default setting append_dot_mydomain=yes
Using backwards-compatible default setting
chroot=y
+ Using backwards-compatible
+default setting "smtpd_relay_restrictions = (empty)"
+
+ Using backwards-compatible
+default setting smtputf8_enable=no
+
Logged with compatibility_level < 2:
Logged with compatibility_level < 3.6:
@@ -241,6 +241,48 @@ administrator should make the backwards-compatible setting
+
+
+ The smtputf8_enable default value has changed from "no" to "yes".
+With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
+addresses from clients that don't request SMTPUTF8 support, after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises.
+
+ As long as the smtputf8_enable parameter is left at its implicit
+default value, and the compatibility_level setting is
+less than 1, Postfix logs a warning each time an SMTP command uses a
+non-ASCII address localpart without requesting SMTPUTF8 support:
+
+
+
+postfix/smtpd[27560]: using backwards-compatible default setting
+ smtputf8_enable=no to accept non-ASCII sender address
+ "??@example.org" from localhost[127.0.0.1]
+
+
+
+
+
+postfix/smtpd[27560]: using backwards-compatible default setting
+ smtputf8_enable=no to accept non-ASCII recipient address
+ "??@example.com" from localhost[127.0.0.1]
+
+
+
+ If the address should not be rejected, and the client cannot
+be updated to use SMTPUTF8, then the system administrator should
+make the backwards-compatible setting "smtputf8_enable = no" permanent
+in main.cf:
+
+
+
+# postconf smtputf8_enable=no
+# postfix reload
+
+
+
@@ -352,48 +394,6 @@ administrator should make the backwards-compatible setting
Instead of $mydestination, it may be better to specify an
explicit list of domain names.
-
-
- The smtputf8_enable default value has changed from "no" to "yes".
-With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
-addresses from clients that don't request SMTPUTF8 support, after
-Postfix is updated from an older version. The backwards-compatibility
-safety net is designed to prevent such surprises.
-
- As long as the smtputf8_enable parameter is left at its implicit
-default value, and the compatibility_level setting is
-less than 1, Postfix logs a warning each time an SMTP command uses a
-non-ASCII address localpart without requesting SMTPUTF8 support:
-
-
-
-postfix/smtpd[27560]: using backwards-compatible default setting
- smtputf8_enable=no to accept non-ASCII sender address
- "??@example.org" from localhost[127.0.0.1]
-
-
-
-
-
-postfix/smtpd[27560]: using backwards-compatible default setting
- smtputf8_enable=no to accept non-ASCII recipient address
- "??@example.com" from localhost[127.0.0.1]
-
-
-
- If the address should not be rejected, and the client cannot
-be updated to use SMTPUTF8, then the system administrator should
-make the backwards-compatible setting "smtputf8_enable = no" permanent
-in main.cf:
-
-
-
-# postconf smtputf8_enable=no
-# postfix reload
-
-
-
diff --git a/postfix/proto/stop b/postfix/proto/stop
index ceb654e95..c9b260241 100644
--- a/postfix/proto/stop
+++ b/postfix/proto/stop
@@ -1594,3 +1594,4 @@ lf
EOD
chunking
allowlists
+FWS
diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history
index b688da179..16d0e729f 100644
--- a/postfix/proto/stop.spell-history
+++ b/postfix/proto/stop.spell-history
@@ -68,3 +68,5 @@ Levente
MariaDB
dehtml
NONPROD
+LC
+Philosof
diff --git a/postfix/src/global/mail_date.c b/postfix/src/global/mail_date.c
index 55d890776..e1313629e 100644
--- a/postfix/src/global/mail_date.c
+++ b/postfix/src/global/mail_date.c
@@ -98,8 +98,13 @@ const char *mail_date(time_t when)
* First, format the date and wall-clock time. XXX The %e format (day of
* month, leading zero replaced by blank) isn't in my POSIX book, but
* many vendors seem to support it.
+ *
+ * The RFC 5322 Date and Time Specification recommends (i.e., should) "that
+ * a single space be used in each place that FWS appears". To avoid a
+ * potentially breaking change, we prefer the %d (two-digit day) format,
+ * i.e. days 1-9 now have a leading zero instead of a leading space.
*/
-#ifdef MISSING_STRFTIME_E
+#if defined(MISSING_STRFTIME_E) || defined (TWO_DIGIT_DAY_IN_DATE_TIME)
#define STRFTIME_FMT "%a, %d %b %Y %H:%M:%S "
#else
#define STRFTIME_FMT "%a, %e %b %Y %H:%M:%S "
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 454c98f9f..98c9ccb32 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20240129"
+#define MAIL_RELEASE_DATE "20240206"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h
index 924718531..62749ab57 100644
--- a/postfix/src/util/sys_defs.h
+++ b/postfix/src/util/sys_defs.h
@@ -1331,6 +1331,13 @@ extern int dup2_pass_on_exec(int oldd, int newd);
#undef HAVE_RES_SEND
#endif
+ /*
+ * The RFC 5322 Date and Time Specification recommends single space between
+ * date-time tokens. To avoid breaking change, format all numerical days as
+ * two-digit days (i.e. days 1-9 now have a leading zero instead of space).
+ */
+#define TWO_DIGIT_DAY_IN_DATE_TIME
+
/*
* Check for required but missing definitions.
*/