From: Wietse Venema <wietse@porcupine.org>
Date: Wed, 11 Oct 2023 05:00:00 +0000 (-0500)
Subject: postfix-3.9-20231011
X-Git-Tag: v3.9.0~36
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=4cccb2a89bec12fdd5f2a9685c69c434f3f7fd81;p=thirdparty%2Fpostfix.git

postfix-3.9-20231011
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 017bef0af..a41360de9 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -27463,3 +27463,11 @@ Apologies for any names omitted.
 	git metadata.  Added similar tests for the valid_utf8_string()
 	function. Files: util/valid_utf8_string.c, util/printable.c,
 	util/parse_utf8_char.h, util/Makefile.in.
+
+20231011
+
+	Documentation: fixed some instances of "." instead of ",".
+	Files: proto/POSTSCREEN_README.html, proto/socketmap_table.
+
+	Cleanup: finer-grained unit tests for valid_utf8_string().
+	File: util/valid_utf8_string.c.
diff --git a/postfix/README_FILES/POSTSCREEN_README b/postfix/README_FILES/POSTSCREEN_README
index 420f5a08c..5b4d20011 100644
--- a/postfix/README_FILES/POSTSCREEN_README
+++ b/postfix/README_FILES/POSTSCREEN_README
@@ -114,7 +114,7 @@ clients.
 
 QQuuiicckk tteessttss bbeeffoorree eevveerryytthhiinngg eellssee
 
-Before engaging in SMTP-level tests. postscreen(8) queries a number of local
+Before engaging in SMTP-level tests, postscreen(8) queries a number of local
 deny and allowlists. These tests speed up the handling of known clients.
 
   * Permanent allow/denylist test
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index ee2cca0f1..30f1b81ed 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -8,6 +8,14 @@ Wish list:
 
 	postfix-install should mention makedefs.out.
 
+	In valid_utf8_string.c, add tests for over-long encodings
+	and surrogates. Can we add tests for 4-byte encodings with
+	strings that are displayable?
+
+	Add a pre-release check for '.' instead of ','. Generalize
+	from grep '[a-zA-Z0-9]\.  *[a-z]' proto/*|egrep -v
+	'i\.e\.|etc\.|e\.g\.|\.  *[a-zA-Z0-9]*\('
+
 	Update DKIM examples for signing with the benefits of forced
 	MIME converison with "force_mime_input_conversion = yes"
  
diff --git a/postfix/html/POSTSCREEN_README.html b/postfix/html/POSTSCREEN_README.html
index 328131f77..9bef8db4a 100644
--- a/postfix/html/POSTSCREEN_README.html
+++ b/postfix/html/POSTSCREEN_README.html
@@ -159,7 +159,7 @@ overhead for legitimate clients. </p>
 
 <h2> <a name="quick">Quick tests before everything else</a> </h2>
 
-<p> Before engaging in SMTP-level tests. <a href="postscreen.8.html">postscreen(8)</a> queries a
+<p> Before engaging in SMTP-level tests, <a href="postscreen.8.html">postscreen(8)</a> queries a
 number of local deny and allowlists. These tests speed up the
 handling of known clients. </p>
 
diff --git a/postfix/html/socketmap_table.5.html b/postfix/html/socketmap_table.5.html
index a8bbd07ae..4c9e96cc8 100644
--- a/postfix/html/socketmap_table.5.html
+++ b/postfix/html/socketmap_table.5.html
@@ -18,7 +18,7 @@ SOCKETMAP_TABLE(5)                                          SOCKETMAP_TABLE(5)
        <b>postmap -q - <a href="socketmap_table.html">socketmap</a>:unix:</b><i>pathname</i><b>:</b><i>name</i> &lt;<i>inputfile</i>
 
 <b>DESCRIPTION</b>
-       The  Postfix  mail  system  uses optional tables for address rewriting.
+       The  Postfix  mail  system  uses optional tables for address rewriting,
        mail routing or policy lookup.
 
        The Postfix socketmap client expects TCP endpoint  names  of  the  form
diff --git a/postfix/man/man5/socketmap_table.5 b/postfix/man/man5/socketmap_table.5
index c53db3d6b..e5671ddbc 100644
--- a/postfix/man/man5/socketmap_table.5
+++ b/postfix/man/man5/socketmap_table.5
@@ -19,7 +19,7 @@ Postfix socketmap table lookup client
 .ad
 .fi
 The Postfix mail system uses optional tables for address
-rewriting. mail routing or policy lookup.
+rewriting, mail routing or policy lookup.
 
 The Postfix socketmap client expects TCP endpoint names of
 the form \fBinet:\fIhost\fB:\fIport\fB:\fIname\fR, or
diff --git a/postfix/proto/POSTSCREEN_README.html b/postfix/proto/POSTSCREEN_README.html
index b2d412df3..afd5cd3f1 100644
--- a/postfix/proto/POSTSCREEN_README.html
+++ b/postfix/proto/POSTSCREEN_README.html
@@ -159,7 +159,7 @@ overhead for legitimate clients. </p>
 
 <h2> <a name="quick">Quick tests before everything else</a> </h2>
 
-<p> Before engaging in SMTP-level tests. postscreen(8) queries a
+<p> Before engaging in SMTP-level tests, postscreen(8) queries a
 number of local deny and allowlists. These tests speed up the
 handling of known clients. </p>
 
diff --git a/postfix/proto/socketmap_table b/postfix/proto/socketmap_table
index be010540f..52d1f4705 100644
--- a/postfix/proto/socketmap_table
+++ b/postfix/proto/socketmap_table
@@ -13,7 +13,7 @@
 #	\fBpostmap -q - socketmap:unix:\fIpathname\fB:\fIname\fB <\fIinputfile\fR
 # DESCRIPTION
 #	The Postfix mail system uses optional tables for address
-#	rewriting. mail routing or policy lookup.
+#	rewriting, mail routing or policy lookup.
 #
 #	The Postfix socketmap client expects TCP endpoint names of
 #	the form \fBinet:\fIhost\fB:\fIport\fB:\fIname\fR, or
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 28ebac2fb..249e5576d 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20231010"
+#define MAIL_RELEASE_DATE	"20231011"
 #define MAIL_VERSION_NUMBER	"3.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/util/valid_utf8_string.c b/postfix/src/util/valid_utf8_string.c
index b03ceae4e..08b7e629c 100644
--- a/postfix/src/util/valid_utf8_string.c
+++ b/postfix/src/util/valid_utf8_string.c
@@ -85,6 +85,8 @@ int     valid_utf8_string(const char *str, ssize_t len)
   * 
   * XXX Need a test for 4-byte encodings, preferably with strings that can be
   * displayed.
+  * 
+  * XXX Need tests for over-long encodings and surrogates.
   */
 struct testcase {
     const char *name;
@@ -92,37 +94,65 @@ struct testcase {
     int     expected;
 };
 
+#define T_VALID		(1)
+#define T_INVALID	(0)
+#define valid_to_str(v)	((v) ? "VALID" : "INVALID")
+
 static const struct testcase testcases[] = {
     {"Printable ASCII",
-	"printable", 1,
+	"printable", T_VALID,
+    },
+    {"Latin script, accented, no error",
+	"na\303\257ve", T_VALID,
     },
-    {"Latin accented text, no error",
-	"na\303\257ve", 1,
+    {"Latin script, accented, missing non-leading byte",
+	"na\303ve", T_INVALID,
     },
-    {"Latin text, with error",
-	"na\303ve", 0,
+    {"Latin script, accented, missing leading byte",
+	"na\257ve", T_INVALID,
     },
     {"Viktor, Cyrillic, no error",
-	"\320\262\320\270\320\272\321\202\320\276\321\200", 1,
+	"\320\262\320\270\320\272\321\202\320\276\321\200", T_VALID,
     },
-    {"Viktor, Cyrillic, two errors",
-	"\320\262\320\320\272\272\321\202\320\276\321\200", 0,
+    {"Viktor, Cyrillic, missing non-leading byte",
+	"\320\262\320\320\272\321\202\320\276\321\200", T_INVALID,
+    },
+    {"Viktor, Cyrillic, missing leading byte",
+	"\320\262\270\320\272\321\202\320\276\321\200", T_INVALID,
+    },
+    {"Viktor, Cyrillic, truncated",
+	"\320\262\320\270\320\272\321\202\320\276\321", T_INVALID,
     },
     {"Viktor, Hebrew, no error",
-	"\327\225\327\231\327\247\327\230\327\225\326\274\327\250", 1,
+	"\327\225\327\231\327\247\327\230\327\225\326\274\327\250", T_VALID,
     },
-    {"Viktor, Hebrew, with error",
-	"\327\225\231\327\247\327\230\327\225\326\274\327\250", 0,
+    {"Viktor, Hebrew, missing leading byte",
+	"\327\225\231\327\247\327\230\327\225\326\274\327\250", T_INVALID,
     },
     {"Chinese (Simplified), no error",
 	"\344\270\255\345\233\275\344\272\222\350\201\224\347\275\221\347"
 	"\273\234\345\217\221\345\261\225\347\212\266\345\206\265\347\273"
-	"\237\350\256\241\346\212\245\345\221\212", 1,
+	"\237\350\256\241\346\212\245\345\221\212", T_VALID,
+    },
+    {"Chinese (Simplified), missing leading byte",
+	"\344\270\255\345\233\275\344\272\222\350\201\224\275\221\347"
+	"\273\234\345\217\221\345\261\225\347\212\266\345\206\265\347\273"
+	"\237\350\256\241\346\212\245\345\221\212", T_INVALID,
+    },
+    {"Chinese (Simplified), missing first non-leading byte",
+	"\344\270\255\345\233\275\344\272\222\350\201\224\347\221\347"
+	"\273\234\345\217\221\345\261\225\347\212\266\345\206\265\347\273"
+	"\237\350\256\241\346\212\245\345\221\212", T_INVALID,
     },
-    {"Chinese (Simplified), with errors",
-	"\344\270\255\345\344\272\222\350\224\347\275\221\347"
+    {"Chinese (Simplified), missing second non-leading byte",
+	"\344\270\255\345\233\275\344\272\222\350\201\224\347\275\347"
+	"\273\234\345\217\221\345\261\225\347\212\266\345\206\265\347\273"
+	"\237\350\256\241\346\212\245\345\221\212", T_INVALID,
+    },
+    {"Chinese (Simplified), truncated",
+	"\344\270\255\345\233\275\344\272\222\350\201\224\347\275\221\347"
 	"\273\234\345\217\221\345\261\225\347\212\266\345\206\265\347\273"
-	"\237\350\256\241\346\212\245\345", 0,
+	"\237\350\256\241\346\212\245\345", T_INVALID,
     },
 };
 
@@ -151,13 +181,13 @@ int     main(int argc, char **argv)
 
 	if (actual == tp->expected) {
 	    vstream_fprintf(VSTREAM_ERR, "input: >%s<, want and got: >%s<\n",
-			    tp->input, actual ? "valid" : "not valid");
+			    tp->input, valid_to_str(actual));
 	    vstream_fprintf(VSTREAM_ERR, "PASS %s\n", tp->name);
 	    pass++;
 	} else {
 	    vstream_fprintf(VSTREAM_ERR, "input: >%s<, want: >%s<, got: >%s<\n",
-			    tp->input, tp->expected ? "valid" : "not valid",
-			    actual ? "valid" : "not valid");
+			    tp->input, valid_to_str(tp->expected),
+			    valid_to_str(actual));
 	    vstream_fprintf(VSTREAM_ERR, "FAIL %s\n", tp->name);
 	    fail++;
 	}
