From 8109ebaddfc4da8bbdb58e85430c7a50aae4b791 Mon Sep 17 00:00:00 2001
From: Wietse Z Venema <wietse@porcupine.org>
Date: Tue, 6 Feb 2024 00:00:00 -0500
Subject: [PATCH] postfix-3.9-20240206

---
 postfix/HISTORY                           | 23 ++++++
 postfix/README_FILES/COMPATIBILITY_README | 64 +++++++--------
 postfix/WISHLIST                          | 14 +---
 postfix/html/COMPATIBILITY_README.html    | 96 +++++++++++------------
 postfix/makedefs                          |  3 +
 postfix/postfix-install                   |  1 +
 postfix/proto/COMPATIBILITY_README.html   | 96 +++++++++++------------
 postfix/proto/stop                        |  1 +
 postfix/proto/stop.spell-history          |  2 +
 postfix/src/global/mail_date.c            |  7 +-
 postfix/src/global/mail_version.h         |  2 +-
 postfix/src/util/sys_defs.h               |  7 ++
 12 files changed, 176 insertions(+), 140 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index d38d3b4be..a16d57d5c 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -27787,3 +27787,26 @@ Apologies for any names omitted.
  	configurable, and updated the mysql_table(5) and pgsql_table(5)
  	manpages. Files: global/dict_mysql.c, global/dict_pgsql.c,
 	proto/mysql_table, proto/pgsql_table.
+
+20230130
+
+	Reproducible build: added LC_ALL=C to the top of the makedefs
+	script.
+
+20240206
+
+	Documentation: in COMPATIBILITY_README, the descriptions
+	of smtpd_relay_restrictions and smtputf8_enable were grouped
+	under the wrong compatibility level value. Reported by Rune
+	Philosof. File: proto/COMPATIBILITY_README.html.
+
+	Compatibility: the RFC 5322 date and time specification
+	recommends (i.e. should) that a single space be used in
+	each place that FWS appears. To avoid a breaking change,
+	Postfix now formats numerical days as two-digit days, i.e.
+	days 1-9 have a leading zero instead of a leading space.
+	Files: util/sys_defs.h global/mail_date.c.
+
+	Documentation: the post-install(1) manpage now lists
+	$config_directory/makedefs.out as one of the installed
+	files. File: postfix-install.
diff --git a/postfix/README_FILES/COMPATIBILITY_README b/postfix/README_FILES/COMPATIBILITY_README
index 55182b7f6..aa9e7f6a7 100644
--- a/postfix/README_FILES/COMPATIBILITY_README
+++ b/postfix/README_FILES/COMPATIBILITY_README
@@ -33,17 +33,17 @@ Logged with compatibility_level < 1:
 
   * Using backwards-compatible default setting chroot=y
 
-Logged with compatibility_level < 2:
-
   * Using backwards-compatible default setting "smtpd_relay_restrictions =
     (empty)"
 
+  * Using backwards-compatible default setting smtputf8_enable=no
+
+Logged with compatibility_level < 2:
+
   * Using backwards-compatible default setting mynetworks_style=subnet
 
   * Using backwards-compatible default setting relay_domains=$mydestination
 
-  * Using backwards-compatible default setting smtputf8_enable=no
-
 Logged with compatibility_level < 3.6:
 
   * Using backwards-compatible default setting smtpd_tls_fingerprint_digest=md5
@@ -152,6 +152,34 @@ permanent in main.cf:
     # ppoossttccoonnff ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss==
     # ppoossttffiixx rreellooaadd
 
+UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo
+
+The smtputf8_enable default value has changed from "no" to "yes". With the new
+"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
+that don't request SMTPUTF8 support, after Postfix is updated from an older
+version. The backwards-compatibility safety net is designed to prevent such
+surprises.
+
+As long as the smtputf8_enable parameter is left at its implicit default value,
+and the compatibility_level setting is less than 1, Postfix logs a warning each
+time an SMTP command uses a non-ASCII address localpart without requesting
+SMTPUTF8 support:
+
+    postfix/smtpd[27560]: using backwards-compatible default setting
+        smtputf8_enable=no to accept non-ASCII sender address
+        "??@example.org" from localhost[127.0.0.1]
+
+    postfix/smtpd[27560]: using backwards-compatible default setting
+        smtputf8_enable=no to accept non-ASCII recipient address
+        "??@example.com" from localhost[127.0.0.1]
+
+If the address should not be rejected, and the client cannot be updated to use
+SMTPUTF8, then the system administrator should make the backwards-compatible
+setting "smtputf8_enable = no" permanent in main.cf:
+
+    # ppoossttccoonnff ssmmttppuuttff88__eennaabbllee==nnoo
+    # ppoossttffiixx rreellooaadd
+
 UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett
 
 The mynetworks_style default value has changed from "subnet" to "host". This
@@ -223,34 +251,6 @@ Note: quotes are required as indicated above.
 Instead of $mydestination, it may be better to specify an explicit list of
 domain names.
 
-UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo
-
-The smtputf8_enable default value has changed from "no" to "yes". With the new
-"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
-that don't request SMTPUTF8 support, after Postfix is updated from an older
-version. The backwards-compatibility safety net is designed to prevent such
-surprises.
-
-As long as the smtputf8_enable parameter is left at its implicit default value,
-and the compatibility_level setting is less than 1, Postfix logs a warning each
-time an SMTP command uses a non-ASCII address localpart without requesting
-SMTPUTF8 support:
-
-    postfix/smtpd[27560]: using backwards-compatible default setting
-        smtputf8_enable=no to accept non-ASCII sender address
-        "??@example.org" from localhost[127.0.0.1]
-
-    postfix/smtpd[27560]: using backwards-compatible default setting
-        smtputf8_enable=no to accept non-ASCII recipient address
-        "??@example.com" from localhost[127.0.0.1]
-
-If the address should not be rejected, and the client cannot be updated to use
-SMTPUTF8, then the system administrator should make the backwards-compatible
-setting "smtputf8_enable = no" permanent in main.cf:
-
-    # ppoossttccoonnff ssmmttppuuttff88__eennaabbllee==nnoo
-    # ppoossttffiixx rreellooaadd
-
 UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppdd__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55
 
 The smtpd_tls_fingerprint_digest default value has changed from "md5" to
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 60e94df1d..d9610bb91 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -6,8 +6,6 @@ Wish list:
 
 	Disable -DSNAPSHOT and -DNONPROD in makedefs.
 
-	postfix-install should mention makedefs.out.
-
 	Remove .printfck directories, and remove printfck targets
 	from Makefiles.
 
@@ -36,16 +34,12 @@ Wish list:
 
 	Check out https://github.com/milter-manager/milter-manager/
 
-	Check out https://cutter.osdn.jp/ (C/C++ unit tests).
+	Check out https://github.com/clear-code/cutter
+	(https://cutter.osdn.jp/) for C/C++ unit tests.
 
-	Follow https://github.com/vdukhovni/postfix/commits/rpk
-
-	Figure out which mysql_*escape_string*() variant to use and
-	handle error results accordingly.
-
-	postscreen hints to smtpd to suppress the server greeating
+	postscreen hints to smtpd to suppress the server greeting
 	after a remote SMTP client has pregreeted. This makes the
-	PIPELINING detection more meaingful.
+	PIPELINING detection more meaningful.
 
 	Multi-recipient support in sender/recipient_bcc_maps and
 	always_bcc.
diff --git a/postfix/html/COMPATIBILITY_README.html b/postfix/html/COMPATIBILITY_README.html
index 2b6a58b15..37c37a5ad 100644
--- a/postfix/html/COMPATIBILITY_README.html
+++ b/postfix/html/COMPATIBILITY_README.html
@@ -61,24 +61,24 @@ default setting append_dot_mydomain=yes </a> </p>
 <li> <p> <a href="#chroot"> Using backwards-compatible default setting
 chroot=y</a> </p>
 
+<li><p> <a href="#relay_restrictions"> Using backwards-compatible
+default setting "smtpd_relay_restrictions = (empty)"</a> </p>
+
+<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
+default setting smtputf8_enable=no</a> </p>
+
 </ul>
 
 <p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 2: </p>
 
 <ul>
 
-<li><p> <a href="#relay_restrictions"> Using backwards-compatible
-default setting "smtpd_relay_restrictions = (empty)"</a> </p>
-
 <li> <p> <a href="#mynetworks_style"> Using backwards-compatible
 default setting mynetworks_style=subnet </a> </p>
 
 <li> <p> <a href="#relay_domains"> Using backwards-compatible default
 setting relay_domains=$mydestination </a> </p>
 
-<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
-default setting smtputf8_enable=no</a> </p>
-
 </ul>
 
 <p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 3.6: </p>
@@ -241,6 +241,48 @@ administrator should make the backwards-compatible setting
 </pre>
 </blockquote>
 
+<h2> <a name="smtputf8_enable"> Using backwards-compatible default
+setting smtputf8_enable=no</a> </h2>
+
+<p> The <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> default value has changed from "no" to "yes".
+With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
+addresses from clients that don't request SMTPUTF8 support, after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> parameter is left at its implicit
+default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is
+less than 1, Postfix logs a warning each time an SMTP command uses a
+non-ASCII address localpart without requesting SMTPUTF8 support: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[27560]: using backwards-compatible default setting
+    <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII sender address
+    "??@example.org" from localhost[127.0.0.1]
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+postfix/smtpd[27560]: using backwards-compatible default setting
+    <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII recipient address
+    "??@example.com" from localhost[127.0.0.1]
+</pre>
+</blockquote>
+
+<p> If the address should not be rejected, and the client cannot
+be updated to use SMTPUTF8, then the system administrator should
+make the backwards-compatible setting "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = no" permanent
+in <a href="postconf.5.html">main.cf</a>:
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
 <h2> <a name="mynetworks_style"> Using backwards-compatible default
 setting mynetworks_style=subnet</a> </h2>
 
@@ -352,48 +394,6 @@ administrator should make the backwards-compatible setting
 <p> Instead of $<a href="postconf.5.html#mydestination">mydestination</a>, it may be better to specify an
 explicit list of domain names. </p>
 
-<h2> <a name="smtputf8_enable"> Using backwards-compatible default
-setting smtputf8_enable=no</a> </h2>
-
-<p> The <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> default value has changed from "no" to "yes".
-With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
-addresses from clients that don't request SMTPUTF8 support, after
-Postfix is updated from an older version. The backwards-compatibility
-safety net is designed to prevent such surprises. </p>
-
-<p> As long as the <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> parameter is left at its implicit
-default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is
-less than 1, Postfix logs a warning each time an SMTP command uses a
-non-ASCII address localpart without requesting SMTPUTF8 support: </p>
-
-<blockquote>
-<pre>
-postfix/smtpd[27560]: using backwards-compatible default setting
-    <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII sender address
-    "??@example.org" from localhost[127.0.0.1]
-</pre>
-</blockquote>
-
-<blockquote>
-<pre>
-postfix/smtpd[27560]: using backwards-compatible default setting
-    <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII recipient address
-    "??@example.com" from localhost[127.0.0.1]
-</pre>
-</blockquote>
-
-<p> If the address should not be rejected, and the client cannot
-be updated to use SMTPUTF8, then the system administrator should
-make the backwards-compatible setting "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = no" permanent
-in <a href="postconf.5.html">main.cf</a>:
-
-<blockquote>
-<pre>
-# <b>postconf <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no</b>
-# <b>postfix reload</b>
-</pre>
-</blockquote>
-
 <h2> <a name="smtpd_digest"> Using backwards-compatible
 default setting smtpd_tls_fingerprint_digest=md5</a> </h2>
 
diff --git a/postfix/makedefs b/postfix/makedefs
index c8cc13d8a..98c826735 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -184,6 +184,9 @@
 #	New York, NY 10011, USA
 #--
 
+# Override all LC_* settings and LANG for reproducibility.
+LC_ALL=C; export LC_ALL
+
 # By now all shells must have functions.
 
 error() {
diff --git a/postfix/postfix-install b/postfix/postfix-install
index f6780e7fd..5c7d844d2 100644
--- a/postfix/postfix-install
+++ b/postfix/postfix-install
@@ -176,6 +176,7 @@
 #	post-install(1) post-installation procedure
 # FILES
 #	$config_directory/main.cf, Postfix installation configuration.
+#	$config_directory/makedefs.out, Postfix 'make makefiles' options.
 #	$meta_directory/postfix-files, installation control file.
 #	$config_directory/install.cf, obsolete configuration file.
 # LICENSE
diff --git a/postfix/proto/COMPATIBILITY_README.html b/postfix/proto/COMPATIBILITY_README.html
index e4e91e17d..9f8892757 100644
--- a/postfix/proto/COMPATIBILITY_README.html
+++ b/postfix/proto/COMPATIBILITY_README.html
@@ -61,24 +61,24 @@ default setting append_dot_mydomain=yes </a> </p>
 <li> <p> <a href="#chroot"> Using backwards-compatible default setting
 chroot=y</a> </p>
 
+<li><p> <a href="#relay_restrictions"> Using backwards-compatible
+default setting "smtpd_relay_restrictions = (empty)"</a> </p>
+
+<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
+default setting smtputf8_enable=no</a> </p>
+
 </ul>
 
 <p> Logged with compatibility_level &lt; 2: </p>
 
 <ul>
 
-<li><p> <a href="#relay_restrictions"> Using backwards-compatible
-default setting "smtpd_relay_restrictions = (empty)"</a> </p>
-
 <li> <p> <a href="#mynetworks_style"> Using backwards-compatible
 default setting mynetworks_style=subnet </a> </p>
 
 <li> <p> <a href="#relay_domains"> Using backwards-compatible default
 setting relay_domains=$mydestination </a> </p>
 
-<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
-default setting smtputf8_enable=no</a> </p>
-
 </ul>
 
 <p> Logged with compatibility_level &lt; 3.6: </p>
@@ -241,6 +241,48 @@ administrator should make the backwards-compatible setting
 </pre>
 </blockquote>
 
+<h2> <a name="smtputf8_enable"> Using backwards-compatible default
+setting smtputf8_enable=no</a> </h2>
+
+<p> The smtputf8_enable default value has changed from "no" to "yes".
+With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
+addresses from clients that don't request SMTPUTF8 support, after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the smtputf8_enable parameter is left at its implicit
+default value, and the compatibility_level setting is
+less than 1, Postfix logs a warning each time an SMTP command uses a
+non-ASCII address localpart without requesting SMTPUTF8 support: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[27560]: using backwards-compatible default setting
+    smtputf8_enable=no to accept non-ASCII sender address
+    "??@example.org" from localhost[127.0.0.1]
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+postfix/smtpd[27560]: using backwards-compatible default setting
+    smtputf8_enable=no to accept non-ASCII recipient address
+    "??@example.com" from localhost[127.0.0.1]
+</pre>
+</blockquote>
+
+<p> If the address should not be rejected, and the client cannot
+be updated to use SMTPUTF8, then the system administrator should
+make the backwards-compatible setting "smtputf8_enable = no" permanent
+in main.cf:
+
+<blockquote>
+<pre>
+# <b>postconf smtputf8_enable=no</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
 <h2> <a name="mynetworks_style"> Using backwards-compatible default
 setting mynetworks_style=subnet</a> </h2>
 
@@ -352,48 +394,6 @@ administrator should make the backwards-compatible setting
 <p> Instead of $mydestination, it may be better to specify an
 explicit list of domain names. </p>
 
-<h2> <a name="smtputf8_enable"> Using backwards-compatible default
-setting smtputf8_enable=no</a> </h2>
-
-<p> The smtputf8_enable default value has changed from "no" to "yes".
-With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
-addresses from clients that don't request SMTPUTF8 support, after
-Postfix is updated from an older version. The backwards-compatibility
-safety net is designed to prevent such surprises. </p>
-
-<p> As long as the smtputf8_enable parameter is left at its implicit
-default value, and the compatibility_level setting is
-less than 1, Postfix logs a warning each time an SMTP command uses a
-non-ASCII address localpart without requesting SMTPUTF8 support: </p>
-
-<blockquote>
-<pre>
-postfix/smtpd[27560]: using backwards-compatible default setting
-    smtputf8_enable=no to accept non-ASCII sender address
-    "??@example.org" from localhost[127.0.0.1]
-</pre>
-</blockquote>
-
-<blockquote>
-<pre>
-postfix/smtpd[27560]: using backwards-compatible default setting
-    smtputf8_enable=no to accept non-ASCII recipient address
-    "??@example.com" from localhost[127.0.0.1]
-</pre>
-</blockquote>
-
-<p> If the address should not be rejected, and the client cannot
-be updated to use SMTPUTF8, then the system administrator should
-make the backwards-compatible setting "smtputf8_enable = no" permanent
-in main.cf:
-
-<blockquote>
-<pre>
-# <b>postconf smtputf8_enable=no</b>
-# <b>postfix reload</b>
-</pre>
-</blockquote>
-
 <h2> <a name="smtpd_digest"> Using backwards-compatible
 default setting smtpd_tls_fingerprint_digest=md5</a> </h2>
 
diff --git a/postfix/proto/stop b/postfix/proto/stop
index ceb654e95..c9b260241 100644
--- a/postfix/proto/stop
+++ b/postfix/proto/stop
@@ -1594,3 +1594,4 @@ lf
 EOD
 chunking
 allowlists
+FWS
diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history
index b688da179..16d0e729f 100644
--- a/postfix/proto/stop.spell-history
+++ b/postfix/proto/stop.spell-history
@@ -68,3 +68,5 @@ Levente
 MariaDB
 dehtml
 NONPROD
+LC
+Philosof
diff --git a/postfix/src/global/mail_date.c b/postfix/src/global/mail_date.c
index 55d890776..e1313629e 100644
--- a/postfix/src/global/mail_date.c
+++ b/postfix/src/global/mail_date.c
@@ -98,8 +98,13 @@ const char *mail_date(time_t when)
      * First, format the date and wall-clock time. XXX The %e format (day of
      * month, leading zero replaced by blank) isn't in my POSIX book, but
      * many vendors seem to support it.
+     * 
+     * The RFC 5322 Date and Time Specification recommends (i.e., should) "that
+     * a single space be used in each place that FWS appears". To avoid a
+     * potentially breaking change, we prefer the %d (two-digit day) format,
+     * i.e. days 1-9 now have a leading zero instead of a leading space.
      */
-#ifdef MISSING_STRFTIME_E
+#if defined(MISSING_STRFTIME_E) || defined (TWO_DIGIT_DAY_IN_DATE_TIME)
 #define STRFTIME_FMT "%a, %d %b %Y %H:%M:%S "
 #else
 #define STRFTIME_FMT "%a, %e %b %Y %H:%M:%S "
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 454c98f9f..98c9ccb32 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20240129"
+#define MAIL_RELEASE_DATE	"20240206"
 #define MAIL_VERSION_NUMBER	"3.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h
index 924718531..62749ab57 100644
--- a/postfix/src/util/sys_defs.h
+++ b/postfix/src/util/sys_defs.h
@@ -1331,6 +1331,13 @@ extern int dup2_pass_on_exec(int oldd, int newd);
 #undef HAVE_RES_SEND
 #endif
 
+ /*
+  * The RFC 5322 Date and Time Specification recommends single space between
+  * date-time tokens. To avoid breaking change, format all numerical days as
+  * two-digit days (i.e. days 1-9 now have a leading zero instead of space).
+  */
+#define TWO_DIGIT_DAY_IN_DATE_TIME
+
  /*
   * Check for required but missing definitions.
   */