Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
This update is based on a maitnenance update from upstream (1.0.2) by an upstream familiar with Debian's post-release update process with an intent to only address issues appropriate for a Debian stable update. There are several types of changes included: 1. Resiliance: After the last upstream release, a nubmer of issues with the reliability of the milter when presented with corrupted data were identified (although not in the BTS, the report was upstream from a Debian user). There are a number of changes to catch errors and continue the milter running. These are the most critical. dkimpy-milter-1.0.2/dkimpy_milter/__init__.py line 54, 133, and line 255 through 303 hunks. 2. Correctness: If the milter is configured to both sign and verify messages in the same process (which is not the usual case, but can happen - I discuverd this one the hard way), then the milter will fail. dkimpy-milter-1.0.2/dkimpy_milter/__init__.py line 174 hunk The log message that the milter is starting would not log anything in the failure case, which is the interesting one. dkimpy-milter-1.0.2/dkimpy_milter/__init__.py line 351 hunk All of the above are low risk, important fixes that will affect all users of the package. 3. Init fixes for sysv: It turns out people use this in Docker containers and bugs were filed upstream about the init scripts not working in Debian Buster. This was both packaging problems (debian/ rules changes) and init problems. Updating the init so it works when installed from upstream source, also required changes to paths used by Debian (0001-update-upstream-unit-and-init-file-paths.patch). These changes are slightly more extensive, but have no impact for users of Debian's default init. Sysv init support is totally broken now, so there is no risk of regression. I did my own test of these in Docker (since that's where they seem to be used) and with these changes, they work now. Scott K
diff -Nru dkimpy-milter-1.0.1/CHANGES dkimpy-milter-1.0.2/CHANGES --- dkimpy-milter-1.0.1/CHANGES 2019-02-11 15:13:44.000000000 -0500 +++ dkimpy-milter-1.0.2/CHANGES 2019-10-07 00:12:30.000000000 -0400 @@ -1,3 +1,13 @@ +1.0.2 2019-10-07 + - Fix startup logging so it provides information at a useful time + - Fix message extraction so that signing in the same pass through the milter + as verifying works correctly + - Fix variable initialization so mailformed mails missing body From do not + cause a traceback (LP: #1844161) + - Catch more ascii encoding errors to improve resilience against bad data + (LP: #1844189) + - Fix sysv init so it works (LP: #1839487) + 1.0.1 2019-02-11 * Reorder milter start and dropping privileges so permissions on Unix socket are correct (LP: 1797720) diff -Nru dkimpy-milter-1.0.1/debian/changelog dkimpy-milter-1.0.2/debian/changelog --- dkimpy-milter-1.0.1/debian/changelog 2019-02-11 15:32:17.000000000 -0500 +++ dkimpy-milter-1.0.2/debian/changelog 2019-10-07 00:31:48.000000000 -0400 @@ -1,3 +1,14 @@ +dkimpy-milter (1.0.2-1) buster; urgency=medium + + * New upstream release + * Put upstream init file where dh_installinit expects to find it so it is + properly registered + * Update debian/watch to point to 1.0 version for stable updates + * Update and rename d/p/0001-update-upstream-unit-and-init-file-paths.patch + so sysv init paths are correct too + + -- Scott Kitterman <sc...@kitterman.com> Mon, 07 Oct 2019 00:31:48 -0400 + dkimpy-milter (1.0.1-1) unstable; urgency=medium * New upstream release diff -Nru dkimpy-milter-1.0.1/debian/gbp.conf dkimpy-milter-1.0.2/debian/gbp.conf --- dkimpy-milter-1.0.1/debian/gbp.conf 2018-03-19 01:16:48.000000000 -0400 +++ dkimpy-milter-1.0.2/debian/gbp.conf 2019-10-07 00:25:34.000000000 -0400 @@ -1,2 +1,3 @@ [DEFAULT] -debian-branch=debian/master +debian-branch=debian/buster +upstream-branch=buster/upstream diff -Nru dkimpy-milter-1.0.1/debian/patches/0001-update-upstream-unit-and-init-file-paths.patch dkimpy-milter-1.0.2/debian/patches/0001-update-upstream-unit-and-init-file-paths.patch --- dkimpy-milter-1.0.1/debian/patches/0001-update-upstream-unit-and-init-file-paths.patch 1969-12-31 19:00:00.000000000 -0500 +++ dkimpy-milter-1.0.2/debian/patches/0001-update-upstream-unit-and-init-file-paths.patch 2019-10-07 00:29:55.000000000 -0400 @@ -0,0 +1,38 @@ +From: Scott Kitterman <sc...@kitterman.com> +Date: Wed, 14 Mar 2018 22:53:01 -0400 +Subject: update upstream unit and init file paths + +--- + system/dkimpy-milter | 4 ++-- + system/dkimpy-milter.service | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/system/dkimpy-milter b/system/dkimpy-milter +index f4d4e0f..5ca6368 100755 +--- a/system/dkimpy-milter ++++ b/system/dkimpy-milter +@@ -18,9 +18,9 @@ + # Short-Description: dkimpy-milter + # Description: Python DKIM Milter for Sendmail and Postfix + ### END INIT INFO +-prefix="/usr/local" ++prefix="/usr" + exec_prefix=${prefix} +-sysconfdir="/usr/local/etc" ++sysconfdir="/etc" + bindir="${exec_prefix}/bin/" + RUNDIR="/run/dkimpy-milter" + DAEMON=${bindir}/dkimpy-milter +diff --git a/system/dkimpy-milter.service b/system/dkimpy-milter.service +index 1ec8afb..92f0dff 100644 +--- a/system/dkimpy-milter.service ++++ b/system/dkimpy-milter.service +@@ -6,7 +6,7 @@ After=network.target + [Service] + Type=simple + PIDFile=/var/run/dkimpy-milter/dkimpy-milter.pid +-ExecStart=/usr/local/bin/dkimpy-milter /usr/local/etc/dkimpy-milter.conf ++ExecStart=/usr/bin/dkimpy-milter /etc/dkimpy-milter.conf + + [Install] + WantedBy=multi-user.target diff -Nru dkimpy-milter-1.0.1/debian/patches/0001-update-upstream-unit-file-paths.patch dkimpy-milter-1.0.2/debian/patches/0001-update-upstream-unit-file-paths.patch --- dkimpy-milter-1.0.1/debian/patches/0001-update-upstream-unit-file-paths.patch 2018-05-17 00:53:54.000000000 -0400 +++ dkimpy-milter-1.0.2/debian/patches/0001-update-upstream-unit-file-paths.patch 1969-12-31 19:00:00.000000000 -0500 @@ -1,21 +0,0 @@ -From: Scott Kitterman <sc...@kitterman.com> -Date: Wed, 14 Mar 2018 22:53:01 -0400 -Subject: update upstream unit file paths - ---- - system/dkimpy-milter.service | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/system/dkimpy-milter.service b/system/dkimpy-milter.service -index 1ec8afb..92f0dff 100644 ---- a/system/dkimpy-milter.service -+++ b/system/dkimpy-milter.service -@@ -6,7 +6,7 @@ After=network.target - [Service] - Type=simple - PIDFile=/var/run/dkimpy-milter/dkimpy-milter.pid --ExecStart=/usr/local/bin/dkimpy-milter /usr/local/etc/dkimpy-milter.conf -+ExecStart=/usr/bin/dkimpy-milter /etc/dkimpy-milter.conf - - [Install] - WantedBy=multi-user.target diff -Nru dkimpy-milter-1.0.1/debian/patches/series dkimpy-milter-1.0.2/debian/patches/series --- dkimpy-milter-1.0.1/debian/patches/series 2018-05-11 19:03:21.000000000 -0400 +++ dkimpy-milter-1.0.2/debian/patches/series 2019-10-07 00:29:55.000000000 -0400 @@ -1 +1 @@ -0001-update-upstream-unit-file-paths.patch +0001-update-upstream-unit-and-init-file-paths.patch diff -Nru dkimpy-milter-1.0.1/debian/rules dkimpy-milter-1.0.2/debian/rules --- dkimpy-milter-1.0.1/debian/rules 2018-03-19 01:16:48.000000000 -0400 +++ dkimpy-milter-1.0.2/debian/rules 2019-10-07 00:10:28.000000000 -0400 @@ -9,12 +9,12 @@ override_dh_auto_install: dh_auto_install + cp system/dkimpy-milter debian/dkimpy-milter.init mkdir -p debian/dkimpy-milter/lib/systemd/system - mkdir -p debian/dkimpy-milter/etc/init.d + mkdir -p debian/dkimpy-milter/etc mv debian/dkimpy-milter/usr/lib/systemd/system/dkimpy-milter.service \ debian/dkimpy-milter/lib/systemd/system/dkimpy-milter.service mv debian/dkimpy-milter/usr/etc/* debian/dkimpy-milter/etc - chmod +x debian/dkimpy-milter/etc/init.d/dkimpy-milter rm -rf debian/dkimpy-milter/usr/lib/systemd rm -rf debian/dkimpy-milter/usr/etc diff -Nru dkimpy-milter-1.0.1/debian/watch dkimpy-milter-1.0.2/debian/watch --- dkimpy-milter-1.0.1/debian/watch 2018-03-19 01:16:48.000000000 -0400 +++ dkimpy-milter-1.0.2/debian/watch 2019-10-07 00:20:14.000000000 -0400 @@ -1,4 +1,4 @@ version=3 opts="pgpsigurlmangle=s/$/.asc/" https://launchpad.net/dkimpy-milter/+download \ -https://launchpad.net/dkimpy-milter/.*/.*/dkimpy-milter-(.*)\.tar\.gz \ +https://launchpad.net/dkimpy-milter/.*/.*/dkimpy-milter-(1.0.*)\.tar\.gz \ diff -Nru dkimpy-milter-1.0.1/dkimpy_milter/__init__.py dkimpy-milter-1.0.2/dkimpy_milter/__init__.py --- dkimpy-milter-1.0.1/dkimpy_milter/__init__.py 2019-02-11 15:10:47.000000000 -0500 +++ dkimpy-milter-1.0.2/dkimpy_milter/__init__.py 2019-10-06 23:49:01.000000000 -0400 @@ -54,6 +54,7 @@ self.privatersa = privateRSA self.privateed25519 = privateEd25519 self.fp = None + self.fdomain = '' @Milter.noreply def connect(self, hostname, unused, hostaddr): @@ -133,14 +134,18 @@ try: self.fdomain = self.author.split('@')[1].lower() except IndexError as er: - self.fdomain = '' # self.author was not a proper email address + pass # self.author was not a proper email address if (milterconfig.get('Syslog') and milterconfig.get('debugLevel') >= 1): syslog.syslog("{0}: {1}".format(name, val)) elif lname == 'authentication-results': self.arheaders.append(val) if self.fp: - self.fp.write("%s: %s\n" % (name, val)) + try: + self.fp.write("%s: %s\n" % (name, val)) + except: + # Don't choke on header fields with garbage in them. + pass return Milter.CONTINUE @Milter.noreply @@ -174,20 +179,19 @@ except: # Don't error out on unparseable AR header fiels pass - # Check or sign DKIM + # Check and/or sign DKIM self.fp.seek(0) + txt = self.fp.read() if milterconfig.get('Domain'): domain = milterconfig.get('Domain') else: domain = '' if ((self.fdomain in domain) and not milterconfig.get('Mode') == 'v' and not self.external_connection): - txt = self.fp.read() self.sign_dkim(txt) if ((self.has_dkim) and (not self.internal_connection) and (milterconfig.get('Mode') == 'v' or milterconfig.get('Mode') == 'sv')): - txt = self.fp.read() self.check_dkim(txt) if self.arresults: h = authres.AuthenticationResultsHeader(authserv_id= @@ -255,6 +259,7 @@ def check_dkim(self, txt): res = False + self.header_a = None for y in range(self.has_dkim): # Verify _ALL_ the signatures d = dkim.DKIM(txt) try: @@ -281,9 +286,20 @@ self.dkim_comment = str(x) if milterconfig.get('Syslog'): syslog.syslog("check_dkim: {0}".format(x)) - self.header_i = d.signature_fields.get(b'i') - self.header_d = d.signature_fields.get(b'd') - self.header_a = d.signature_fields.get(b'a') + try: + self.header_i = d.signature_fields.get(b'i') + except TypeError as x: + self.header_i = None + try: + self.header_d = d.signature_fields.get(b'd') + self.header_a = d.signature_fields.get(b'a') + except Exception as x: + self.dkim_comment = str(x) + if milterconfig.get('Syslog'): + syslog.syslog("check_dkim: {0}".format(x)) + self.header_d = None + if not self.header_a: + self.header_a = 'rsa-sha256' if res: if (milterconfig.get('Syslog') and (milterconfig.get('SyslogSuccess') or @@ -303,20 +319,27 @@ syslog.syslog('DKIM: Fail (saved as {0})' .format(fname)) else: - syslog.syslog('DKIM: Fail ({0})'.format(d.domain.lower())) + if milterconfig.get('Syslog'): + if d.domain: + syslog.syslog('DKIM: Fail ({0})' + .format(d.domain.lower())) + else: + syslog.syslog('DKIM: Fail, unextractable domain') if res: result = 'pass' else: result = 'fail' res = False - self.arresults.append( - authres.DKIMAuthenticationResult(result=result, + if self.header_d: + self.arresults.append( + authres.DKIMAuthenticationResult(result=result, header_i=self.header_i, header_d=self.header_d, header_a=self.header_a, result_comment= self.dkim_comment) ) + self.header_a = None return @@ -351,10 +374,10 @@ own_socketfile(milterconfig) drop_privileges(milterconfig) sys.stdout.flush() - Milter.runmilter(miltername, socketname, 240) if milterconfig.get('Syslog'): - syslog.syslog('dkimpy-milter started:{0} user:{1}' + syslog.syslog('dkimpy-milter starting:{0} user:{1}' .format(pid, milterconfig.get('UserID'))) + Milter.runmilter(miltername, socketname, 240) if __name__ == "__main__": main() diff -Nru dkimpy-milter-1.0.1/dkimpy_milter.egg-info/PKG-INFO dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO --- dkimpy-milter-1.0.1/dkimpy_milter.egg-info/PKG-INFO 2019-02-11 15:14:33.000000000 -0500 +++ dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO 2019-10-07 00:14:32.000000000 -0400 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: dkimpy-milter -Version: 1.0.1 +Version: 1.0.2 Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail. Home-page: https://launchpad.net/dkimpy-milter Author: Scott Kitterman diff -Nru dkimpy-milter-1.0.1/dkimpy_milter.egg-info/requires.txt dkimpy-milter-1.0.2/dkimpy_milter.egg-info/requires.txt --- dkimpy-milter-1.0.1/dkimpy_milter.egg-info/requires.txt 2019-02-11 15:14:33.000000000 -0500 +++ dkimpy-milter-1.0.2/dkimpy_milter.egg-info/requires.txt 2019-10-07 00:14:32.000000000 -0400 @@ -1,6 +1,6 @@ -dkimpy>=0.7 -pymilter -authres>=1.1.0 +PyDNS PyNaCl +authres>=1.1.0 +dkimpy>=0.7 ipaddress -PyDNS \ No newline at end of file +pymilter diff -Nru dkimpy-milter-1.0.1/PKG-INFO dkimpy-milter-1.0.2/PKG-INFO --- dkimpy-milter-1.0.1/PKG-INFO 2019-02-11 15:14:33.000000000 -0500 +++ dkimpy-milter-1.0.2/PKG-INFO 2019-10-07 00:14:32.000000000 -0400 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: dkimpy-milter -Version: 1.0.1 +Version: 1.0.2 Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail. Home-page: https://launchpad.net/dkimpy-milter Author: Scott Kitterman diff -Nru dkimpy-milter-1.0.1/README dkimpy-milter-1.0.2/README --- dkimpy-milter-1.0.1/README 2019-02-11 14:22:05.000000000 -0500 +++ dkimpy-milter-1.0.2/README 2019-10-07 00:13:49.000000000 -0400 @@ -37,7 +37,7 @@ packages and then pip install dkimpy_milter. The milter will work with either pydns (DNS) or dnspython (dns), preferring -dnspython is both are available. The dkimpy DKIM module also works with +dnspython if both are available. The dkimpy DKIM module also works with either. @@ -84,9 +84,8 @@ Both a systemd unit file and a sysv init file are provided. Both make assumptions about defaults being used, e.g. if a non-standard pidfile name is -used, they will need to be updated. The sysv init file is Debian specific and -untested, since the developers are not using sysv init. Feedback/patches -welcome. +used, they will need to be updated. The sysv init file uses start-stop-deamon +from Debian. It is not portable to systems without that available. The dkimpy-milter drops priviledges after setup to the user/group specified in UserID. During initial setup, this system user needs to be manually created. diff -Nru dkimpy-milter-1.0.1/setup.cfg dkimpy-milter-1.0.2/setup.cfg --- dkimpy-milter-1.0.1/setup.cfg 2019-02-11 15:14:33.000000000 -0500 +++ dkimpy-milter-1.0.2/setup.cfg 2019-10-07 00:14:32.000000000 -0400 @@ -1,5 +1,4 @@ [egg_info] tag_build = tag_date = 0 -tag_svn_revision = 0 diff -Nru dkimpy-milter-1.0.1/setup.py dkimpy-milter-1.0.2/setup.py --- dkimpy-milter-1.0.1/setup.py 2019-02-11 15:11:02.000000000 -0500 +++ dkimpy-milter-1.0.2/setup.py 2019-10-07 00:11:42.000000000 -0400 @@ -30,7 +30,7 @@ setup( name='dkimpy-milter', - version='1.0.1', + version='1.0.2', author='Scott Kitterman', author_email='sc...@kitterman.com', url='https://launchpad.net/dkimpy-milter', diff -Nru dkimpy-milter-1.0.1/system/dkimpy-milter dkimpy-milter-1.0.2/system/dkimpy-milter --- dkimpy-milter-1.0.1/system/dkimpy-milter 2018-03-15 23:58:02.000000000 -0400 +++ dkimpy-milter-1.0.2/system/dkimpy-milter 2019-10-06 23:49:01.000000000 -0400 @@ -20,9 +20,9 @@ ### END INIT INFO prefix="/usr/local" exec_prefix=${prefix} -sysconfdir="/etc/dkimpy-milter" +sysconfdir="/usr/local/etc" bindir="${exec_prefix}/bin/" -RUNDIR="/var/run/dkimpy-milter" +RUNDIR="/run/dkimpy-milter" DAEMON=${bindir}/dkimpy-milter PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin: NAME=dkimpy-milter @@ -67,14 +67,14 @@ fi fi fi - - start-stop-daemon --start --quiet --pidfile $RUNDIR/$NAME.pid --startas \ - $DAEMON $sysconfdir/$NAME.conf --name $NAME --test > /dev/null \ + start-stop-daemon --start --background --quiet --pidfile \ + $RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf echo "$NAME." ;; stop) echo -n "Stopping $DESC: " if [ -f $RUNDIR/$NAME.pid ]; then + chown root:root $RUNDIR/$NAME.pid start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid rm $RUNDIR/$NAME.pid #echo $SOCKET @@ -87,6 +87,7 @@ force-reload) echo -n "Force reloading $DESC: " if [ -f $RUNDIR/$NAME.pid ]; then + chown root:root $RUNDIR/$NAME.pid start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid rm $RUNDIR/$NAME.pid #echo $SOCKET @@ -95,7 +96,7 @@ fi fi sleep 1 - start-stop-daemon --start --chuid $USER --background --quiet --pidfile \ + start-stop-daemon --start --background --quiet --pidfile \ $RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf echo "$NAME." ;; @@ -103,6 +104,7 @@ echo "Restarting $DESC: " echo -n "Stopping $DESC: " if [ -f $RUNDIR/$NAME.pid ]; then + chown root:root $RUNDIR/$NAME.pid start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid rm $RUNDIR/$NAME.pid #echo $SOCKET @@ -113,7 +115,7 @@ echo "$NAME." sleep 1 echo -n "Starting $DESC: " - start-stop-daemon --start --chuid $USER --background --quiet --pidfile \ + start-stop-daemon --start --background --quiet --pidfile \ $RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf echo "$NAME." ;;