Package: release.debian.org Severity: normal Tags: buster User: [email protected] Usertags: pu
Note: This is very similar to a pu request I filed for spf-engine because the same idiot upstream (me) made just about the same mistake in two projects. After the last stable update, a serious problem with using Unix sockets was reported upstream by a Debian user in spf-engine (pyspf-milter) and ixed in version 2.9.2. Approximately the same issue applies to dkimpy-milter. The proposed update makes it so Unix sockets work. There are also some minor log message improvements. Being limited to TCP sockets is a substantial limitation for a milter application. The fix has been tested on buster prior to upstream release and no significant issues have come up in the two months since it was released. This change will not affect TCP socket users and makes Unix sockets working vice not working, so the regression risk is negligible. Scott K
diff -Nru dkimpy-milter-1.0.2/CHANGES dkimpy-milter-1.0.3/CHANGES --- dkimpy-milter-1.0.2/CHANGES 2019-10-07 00:12:30.000000000 -0400 +++ dkimpy-milter-1.0.3/CHANGES 2019-11-22 20:37:23.000000000 -0500 @@ -1,3 +1,10 @@ +1.0.3 2019-11-22 + - Make error logging more explicit to aid debugging + - Delete own_socketfile to resolve race condition where the permissions + change fails on a Unix socket because it hasn't been created yet (libmilter + will do this correctly on its own based on umask, the milter doesn't need + to do it) (LP: #1849712) + 1.0.2 2019-10-07 - Fix startup logging so it provides information at a useful time - Fix message extraction so that signing in the same pass through the milter diff -Nru dkimpy-milter-1.0.2/debian/changelog dkimpy-milter-1.0.3/debian/changelog --- dkimpy-milter-1.0.2/debian/changelog 2019-10-07 00:31:48.000000000 -0400 +++ dkimpy-milter-1.0.3/debian/changelog 2020-01-15 08:43:45.000000000 -0500 @@ -1,3 +1,16 @@ +dkimpy-milter (1.0.3-1) buster; urgency=medium + + * New upstream release: + * Fix priviledge managment at startup so Unix sockets work: + Milter: Move drop_privileges before Milter.runmilter and delete + own_socketfile so that the milter interface runs as the correct user + without race conditions about changing ownership of the socket file when + it hasn't been created yet (When the milter is started, it will create the + socket based on uMask, so we don't need to manually change it) + * Improve error log messages to aid troublshooting + + -- Scott Kitterman <[email protected]> Wed, 15 Jan 2020 08:43:45 -0500 + dkimpy-milter (1.0.2-1) buster; urgency=medium * New upstream release diff -Nru dkimpy-milter-1.0.2/dkimpy_milter/__init__.py dkimpy-milter-1.0.3/dkimpy_milter/__init__.py --- dkimpy-milter-1.0.2/dkimpy_milter/__init__.py 2019-10-06 23:49:01.000000000 -0400 +++ dkimpy-milter-1.0.3/dkimpy_milter/__init__.py 2019-11-22 20:36:30.000000000 -0500 @@ -36,7 +36,6 @@ from dkimpy_milter.util import setExceptHook from dkimpy_milter.util import write_pid from dkimpy_milter.util import read_keyfile -from dkimpy_milter.util import own_socketfile from dkimpy_milter.util import fold __version__ = "1.0.1" @@ -285,7 +284,7 @@ except Exception as x: self.dkim_comment = str(x) if milterconfig.get('Syslog'): - syslog.syslog("check_dkim: {0}".format(x)) + syslog.syslog("check_dkim: Internal program fault while verifying: {0}".format(x)) try: self.header_i = d.signature_fields.get(b'i') except TypeError as x: @@ -296,7 +295,7 @@ except Exception as x: self.dkim_comment = str(x) if milterconfig.get('Syslog'): - syslog.syslog("check_dkim: {0}".format(x)) + syslog.syslog("check_dkim: Internal proram fuault extracting header a or d: {0}".format(x)) self.header_d = None if not self.header_a: self.header_a = 'rsa-sha256' @@ -371,7 +370,6 @@ Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS) miltername = 'dkimpy-filter' socketname = milterconfig.get('Socket') - own_socketfile(milterconfig) drop_privileges(milterconfig) sys.stdout.flush() if milterconfig.get('Syslog'): diff -Nru dkimpy-milter-1.0.2/dkimpy_milter/util.py dkimpy-milter-1.0.3/dkimpy_milter/util.py --- dkimpy-milter-1.0.2/dkimpy_milter/util.py 2019-10-06 23:49:01.000000000 -0400 +++ dkimpy-milter-1.0.3/dkimpy_milter/util.py 2019-11-22 20:36:30.000000000 -0500 @@ -146,16 +146,6 @@ return pid -def own_socketfile(milterconfig): - """If socket is Unix socket, chown to UserID before dropping privileges""" - import os - user, group = user_group(milterconfig.get('UserID')) - if milterconfig.get('Socket')[:1] == '/': - os.chown(milterconfig.get('Socket')[1:], user, group) - if milterconfig.get('Socket')[:6] == "local:": - os.chown(milterconfig.get('Socket')[6:], user, group) - - def read_keyfile(milterconfig, keytype): """Read private key from file.""" import syslog diff -Nru dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO dkimpy-milter-1.0.3/dkimpy_milter.egg-info/PKG-INFO --- dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO 2019-10-07 00:14:32.000000000 -0400 +++ dkimpy-milter-1.0.3/dkimpy_milter.egg-info/PKG-INFO 2019-11-22 20:42:41.000000000 -0500 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: dkimpy-milter -Version: 1.0.2 +Version: 1.0.3 Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail. Home-page: https://launchpad.net/dkimpy-milter Author: Scott Kitterman diff -Nru dkimpy-milter-1.0.2/PKG-INFO dkimpy-milter-1.0.3/PKG-INFO --- dkimpy-milter-1.0.2/PKG-INFO 2019-10-07 00:14:32.000000000 -0400 +++ dkimpy-milter-1.0.3/PKG-INFO 2019-11-22 20:42:41.000000000 -0500 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: dkimpy-milter -Version: 1.0.2 +Version: 1.0.3 Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail. Home-page: https://launchpad.net/dkimpy-milter Author: Scott Kitterman diff -Nru dkimpy-milter-1.0.2/setup.py dkimpy-milter-1.0.3/setup.py --- dkimpy-milter-1.0.2/setup.py 2019-10-07 00:11:42.000000000 -0400 +++ dkimpy-milter-1.0.3/setup.py 2019-11-22 20:42:32.000000000 -0500 @@ -30,7 +30,7 @@ setup( name='dkimpy-milter', - version='1.0.2', + version='1.0.3', author='Scott Kitterman', author_email='[email protected]', url='https://launchpad.net/dkimpy-milter',
