Shall I update dkimproxy to the latest version??? (from 1.0.1 to 1.1)

[Thomas Goirand <thomas@goirand.fr>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I asked advices to my sponsor, and he told me best was to ask the
release team for an opinion.

dkimproxy just got released with a new version that seems worth updating
to. Attached is a diff between the "currently in testing" and the new
version from upstream.

Now I have 2 options:

- - upload an update with this new version 1.1 and ask for a freeze
exception
- - upload only a patch for the syslog bug (see bellow)

The upstream was nice enough to send me a patch for the most important
bug (from ChangeLog of upstream):

  * scripts/dkimproxy.{in,out}: detect syslog errors and report them
    to the client, instead of just dropping the connection (issue
    #2068222)

I have attached both patch files, please let me know what you think I
shall do.

Thomas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkT2zQACgkQl4M9yZjvmkkgMwCfdRxbYHk5bsU4rRLLJVRa8NSu
ewEAn0+LhyBGmmC6tAlTbUcXr+vWl5nJ
=zQYn
-----END PGP SIGNATURE-----

diff -u dkimproxy-1.0.1/AUTHORS dkimproxy-1.1/AUTHORS
--- dkimproxy-1.0.1/AUTHORS	2006-10-11 02:13:00.000000000 +0800
+++ dkimproxy-1.1/AUTHORS	2008-10-23 23:40:33.000000000 +0800
@@ -1,9 +1,11 @@
 Jason Long <jlong@messiah.edu>
 
-Uses code from smtpprox:
+This project incorporates code from the "smtpprox" program:
   http://bent.latency.net/smtpprox/
   Bennett Todd <bet@rahul.net>
+  Copyright (C) 2001 Morgan Stanley Dean Witter, licensed under GPL2+.
 
-and code from Mail::DomainKeys:
+and code from the "Mail::DomainKeys" Perl module:
   http://killa.net/infosec/Mail-DomainKeys/
   Anthony D. Urso <anthonyu@cpan.org>
+  Copyright (C) 2004 Anthony D. Urso, licensed same as Perl (GPL2+).
diff -u dkimproxy-1.0.1/ChangeLog dkimproxy-1.1/ChangeLog
--- dkimproxy-1.0.1/ChangeLog	2008-02-08 23:39:14.000000000 +0800
+++ dkimproxy-1.1/ChangeLog	2008-10-23 23:40:33.000000000 +0800
@@ -1,3 +1,31 @@
+2008-08-26: Jason Long <jlong@messiah.edu>
+ * scripts/dkimproxy.{in,out}: slight wording change in how client
+   IP addresses are logged
+ * various files: updated/replaced copyright notice... now it
+   explicitly specifies version 2 or later of GPL
+
+ -- VERSION 1.1RC1 --
+
+2008-08-25: Jason Long <jlong@messiah.edu>
+ * scripts/dkimproxy.{in,out}: if unable to connect to relay host,
+   report an error to the client instead of just dropping the connection
+ * scripts/dkimproxy.{in,out}: detect syslog errors and report them
+   to the client, instead of just dropping the connection (issue
+   #2068222)
+ * scripts/dkimproxy.{in,out}: report client address to syslog
+
+2008-04-11: Jason Long <jlong@messiah.edu>
+ * scripts/dkim_responder.pl, dkimproxy.in: fix authentication results
+   header so it displays identity source properly (issue #1940393)
+
+2008-04-09: Jason Long <jlong@messiah.edu>
+ * scripts/dkim_responder.pl: response will now include multiple
+   canonicalized.txt attachments-- one for each canonicalization object
+   that was used
+
+2008-02-13: Jason Long <jlong@messiah.edu>
+ * sample-dkim-init-script.sh: fix for bug 1892220
+
  -- VERSION 1.0.1 --
 
 2008-02-08: Jason Long <jlong@messiah.edu>
diff -u dkimproxy-1.0.1/configure dkimproxy-1.1/configure
--- dkimproxy-1.0.1/configure	2008-02-08 23:39:40.000000000 +0800
+++ dkimproxy-1.1/configure	2008-10-23 23:45:55.000000000 +0800
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.53 for dkimproxy 1.0.1.
+# Generated by GNU Autoconf 2.53 for dkimproxy 1.1.
 #
 # Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
 # Free Software Foundation, Inc.
@@ -254,8 +254,8 @@
 # Identity of this package.
 PACKAGE_NAME='dkimproxy'
 PACKAGE_TARNAME='dkimproxy'
-PACKAGE_VERSION='1.0.1'
-PACKAGE_STRING='dkimproxy 1.0.1'
+PACKAGE_VERSION='1.1'
+PACKAGE_STRING='dkimproxy 1.1'
 PACKAGE_BUGREPORT=''
 
 
@@ -702,7 +702,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures dkimproxy 1.0.1 to adapt to many kinds of systems.
+\`configure' configures dkimproxy 1.1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -764,7 +764,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of dkimproxy 1.0.1:";;
+     short | recursive ) echo "Configuration of dkimproxy 1.1:";;
    esac
   cat <<\_ACEOF
 
@@ -830,7 +830,7 @@
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
   cat <<\_ACEOF
-dkimproxy configure 1.0.1
+dkimproxy configure 1.1
 generated by GNU Autoconf 2.53
 
 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
@@ -845,7 +845,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by dkimproxy $as_me 1.0.1, which was
+It was created by dkimproxy $as_me 1.1, which was
 generated by GNU Autoconf 2.53.  Invocation command line was
 
   $ $0 $@
@@ -1377,7 +1377,7 @@
 
 # Define the identity of the package.
  PACKAGE=dkimproxy
- VERSION=1.0.1
+ VERSION=1.1
 
 
 cat >>confdefs.h <<_ACEOF
@@ -1547,17 +1547,17 @@
 
 
 
-echo "$as_me:$LINENO: checking for Perl module 'Mail::DKIM 0.29'" >&5
-echo $ECHO_N "checking for Perl module 'Mail::DKIM 0.29'... $ECHO_C" >&6
+echo "$as_me:$LINENO: checking for Perl module 'Mail::DKIM 0.30'" >&5
+echo $ECHO_N "checking for Perl module 'Mail::DKIM 0.30'... $ECHO_C" >&6
 
-if perl -e 'use Mail::DKIM 0.29 ' 2>/dev/null; then
+if perl -e 'use Mail::DKIM 0.30 ' 2>/dev/null; then
 	echo "$as_me:$LINENO: result: found" >&5
 echo "${ECHO_T}found" >&6
 else
 	echo "$as_me:$LINENO: result: not found" >&5
 echo "${ECHO_T}not found" >&6
-	{ { echo "$as_me:$LINENO: error: requested Perl module 'Mail::DKIM 0.29' not found" >&5
-echo "$as_me: error: requested Perl module 'Mail::DKIM 0.29' not found" >&2;}
+	{ { echo "$as_me:$LINENO: error: requested Perl module 'Mail::DKIM 0.30' not found" >&5
+echo "$as_me: error: requested Perl module 'Mail::DKIM 0.30' not found" >&2;}
    { (exit 1); exit 1; }; }
 fi
 
@@ -1954,7 +1954,7 @@
 } >&5
 cat >&5 <<_CSEOF
 
-This file was extended by dkimproxy $as_me 1.0.1, which was
+This file was extended by dkimproxy $as_me 1.1, which was
 generated by GNU Autoconf 2.53.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -2008,7 +2008,7 @@
 
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-dkimproxy config.status 1.0.1
+dkimproxy config.status 1.1
 configured by $0, generated by GNU Autoconf 2.53,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
 
diff -u dkimproxy-1.0.1/configure.ac dkimproxy-1.1/configure.ac
--- dkimproxy-1.0.1/configure.ac	2008-02-08 23:34:44.000000000 +0800
+++ dkimproxy-1.1/configure.ac	2008-10-23 23:41:51.000000000 +0800
@@ -1,12 +1,12 @@
 dnl Initialize automake/autoconf
-AC_INIT(dkimproxy, 1.0.1)
+AC_INIT(dkimproxy, 1.1)
 AM_INIT_AUTOMAKE
 
 dnl Check for Perl
 AC_PATH_PROG(PERL, perl, perl)
 
 dnl Check for Perl dependencies
-local_CHECK_PERL_MODULE(Mail::DKIM 0.29)
+local_CHECK_PERL_MODULE(Mail::DKIM 0.30)
 local_CHECK_PERL_MODULE(Error)
 local_CHECK_PERL_MODULE(Net::Server 0.91)
 
Common subdirectories: dkimproxy-1.0.1/lib and dkimproxy-1.1/lib
diff -u dkimproxy-1.0.1/NEWS dkimproxy-1.1/NEWS
--- dkimproxy-1.0.1/NEWS	2008-02-08 23:38:51.000000000 +0800
+++ dkimproxy-1.1/NEWS	2008-10-23 23:45:12.000000000 +0800
@@ -1,6 +1,23 @@
 This file summarizes what's changed between releases of dkimproxy.
 See the ChangeLog file for the details.
 
+Version 1.1 - released 2008-10-23
+
+ * Copyright/permission notices have been clarified on several files
+   that make up this project. It should now be clear this project is
+   GPL2 or later.
+
+ - release candidate 1
+
+ * Fixed a bug in dkimproxy.in where DomainKey signatures were not
+   reported correctly in the Authentication-Results header. I.e.
+   Authentication-Results header now report "domainkeys=pass"
+   and "header.from=whatever" for DomainKeys signatures.
+ * Better error-handling for when the relay host is down or
+   syslog is down (the error is reported to the client via SMTP
+   before the connection is terminated).
+
+
 Version 1.0.1 - released 2008-02-08
 
  * Fixed a bug where the "key" parameter didn't work in a sender_map
diff -u dkimproxy-1.0.1/README dkimproxy-1.1/README
--- dkimproxy-1.0.1/README	2007-11-02 21:56:51.000000000 +0800
+++ dkimproxy-1.1/README	2008-10-23 23:40:33.000000000 +0800
@@ -1,3 +1,6 @@
+About
+=====
+
 DKIMproxy is an SMTP-proxy that implements the DKIM and DomainKeys
 standards, to sign and verify email messages using digital signatures
 and DNS records. It can be used to add DKIM support to nearly any
@@ -7,13 +10,14 @@
 verifying signatures of incoming email. With Postfix, the proxies can
 operate as either Before-Queue or After-Queue content filters.
 
-See the INSTALL file for installation instructions. Or, check the website
-at http://dkimproxy.sourceforge.net/.
+See the INSTALL file for installation instructions. Or, check the
+website at http://dkimproxy.sourceforge.net/.
 
 DKIMproxy has evolved from my earlier project, Dkfilter. It is based on
 smtpprox and Mail::DomainKeys. My thanks go out to Bennett Todd for
 providing smtpprox and Anthony D. Urso for providing Mail::DomainKeys.
 
-DKIMproxy is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation.
+DKIMproxy is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 2 of the License, or (at your
+option) any later version.
diff -u dkimproxy-1.0.1/sample-dkim-init-script.sh dkimproxy-1.1/sample-dkim-init-script.sh
--- dkimproxy-1.0.1/sample-dkim-init-script.sh	2007-11-08 00:56:06.000000000 +0800
+++ dkimproxy-1.1/sample-dkim-init-script.sh	2008-04-10 01:56:31.000000000 +0800
@@ -80,8 +80,8 @@
 		;;
 
 	start)
-		test -f $DKIMPROXY_IN_CFG && $0 start-in || exit $?
-		test -f $DKIMPROXY_OUT_CFG && $0 start-out || exit $?
+		test -f $DKIMPROXY_IN_CFG && { $0 start-in || exit $?; }
+		test -f $DKIMPROXY_OUT_CFG && { $0 start-out || exit $?; }
 		;;
 
 	stop-in)
@@ -109,8 +109,8 @@
 		;;
 
 	stop)
-		test -f $DKIMPROXY_IN_CFG && $0 stop-in || exit $?
-		test -f $DKIMPROXY_OUT_CFG && $0 stop-out || exit $?
+		test -f $DKIMPROXY_IN_CFG && { $0 stop-in || exit $?; }
+		test -f $DKIMPROXY_OUT_CFG && { $0 stop-out || exit $?; }
 		;;
 
 	restart)
@@ -146,8 +146,8 @@
 		;;
 
 	status)
-		test -f $DKIMPROXY_IN_CFG && $0 status-in || exit $?
-		test -f $DKIMPROXY_OUT_CFG && $0 status-out || exit $?
+		test -f $DKIMPROXY_IN_CFG && { $0 status-in || exit $?; }
+		test -f $DKIMPROXY_OUT_CFG && { $0 status-out || exit $?; }
 		;;
 	*)
 		echo "Usage: $0 {start|stop|restart|status}"
Common subdirectories: dkimproxy-1.0.1/scripts and dkimproxy-1.1/scripts

Index: scripts/dkimproxy.in
===================================================================
--- scripts/dkimproxy.in	(.../trunk)	(revision 799)
+++ scripts/dkimproxy.in	(.../branches/v1.1)	(revision 808)
@@ -138,9 +138,16 @@
 
 	# create an object for sending the outgoing SMTP commands
 	#  (and the verified message)
-    my $client = MSDW::SMTP::Client->new(
+    my $client = eval { MSDW::SMTP::Client->new(
 			interface => $self->{server}->{relay_host},
-			port => $self->{server}->{relay_port});
+			port => $self->{server}->{relay_port}) };
+	if (my $E = $@)
+	{
+		chomp $E;
+		print "421 Internal error (Next hop is down)\n";
+		die "$E\n";
+	}
+
 	return $client;
 }
 
@@ -148,10 +155,25 @@
 {
 	my $self = shift;
 
-	print STDERR "got new connection\n";
+	# try to determine peer's address
+	use Socket;
+	my $peersockaddr = getpeername(STDOUT);
+	my ($port, $iaddr) = sockaddr_in($peersockaddr);
+	$ENV{REMOTE_ADDR} = inet_ntoa($iaddr);
 
 	# initialize syslog
-	openlog("dkimproxy.in", "cons,pid", "mail");
+	eval
+	{
+		openlog("dkimproxy.in", "perror,pid,ndelay", "mail");
+		syslog("debug", '%s', "connect from $ENV{REMOTE_ADDR}");
+	};
+	if (my $E = $@)
+	{
+		chomp $E;
+		print "421 Internal error (Syslog is down)\n";
+		die "$E\n";
+	}
+
 	$self->{debug} = $debugtrace;
 
 	$self->SUPER::process_request;
@@ -187,7 +209,8 @@
 	{
 		my $E = $@;
 		chomp $E;
-		syslog("warning", '%s', "verify error: $E");
+		$E =~ s/\n/ /gs;
+		eval { syslog("warning", '%s', "verify error: $E") };
 		print STDERR "verify error: $E\n";
 		$verify_result = "temperror";
 		$verify_detail = "$verify_result ($E)";
Index: scripts/dkimproxy.out
===================================================================
--- scripts/dkimproxy.out	(.../trunk)	(revision 799)
+++ scripts/dkimproxy.out	(.../branches/v1.1)	(revision 808)
@@ -256,9 +256,15 @@
 
 	# create an object for sending the outgoing SMTP commands
 	#  (and the signed message)
-    my $client = MSDW::SMTP::Client->new(
+    my $client = eval { MSDW::SMTP::Client->new(
 			interface => $self->{server}->{relay_host},
-			port => $self->{server}->{relay_port});
+			port => $self->{server}->{relay_port}) };
+	if (my $E = $@)
+	{
+		chomp $E;
+		print "421 Internal error (Next hop is down)\n";
+		die "$E\n";
+	}
 	return $client;
 }
 
@@ -266,8 +272,25 @@
 {
 	my $self = shift;
 
+	# try to determine peer's address
+	use Socket;
+	my $peersockaddr = getpeername(STDOUT);
+	my ($port, $iaddr) = sockaddr_in($peersockaddr);
+	$ENV{REMOTE_ADDR} = inet_ntoa($iaddr);
+
 	# initialize syslog
-	openlog("dkimproxy.out", "cons,pid", "mail");
+	eval
+	{
+		openlog("dkimproxy.out", "perror,pid,ndelay", "mail");
+		syslog("debug", '%s', "connect from $ENV{REMOTE_ADDR}");
+	};
+	if (my $E = $@)
+	{
+		chomp $E;
+		print "421 Internal error (Syslog is down)\n";
+		die "$E\n";
+	}
+
 	$self->{debug} = $debugtrace;
 
 	$self->SUPER::process_request;
@@ -322,7 +345,8 @@
 	{
 		my $E = $@;
 		chomp $E;
-		syslog("warning", '%s', "signing error: $E");
+		$E =~ s/\n/ /gs;
+		eval { syslog("warning", '%s', "signing error: $E") };
 		print STDERR "Warning: signing error: $E\n";
 		$result = "temperror";
 		$result_detail = "$result ($E)";
Index: ChangeLog
===================================================================
--- ChangeLog	(.../trunk)	(revision 799)
+++ ChangeLog	(.../branches/v1.1)	(revision 808)
@@ -1,3 +1,17 @@
+2008-08-26: Jason Long <jlong@messiah.edu>
+ * scripts/dkimproxy.{in,out}: slight wording change in how client
+   IP addresses are logged
+
+ -- VERSION 1.1RC1 --
+
+2008-08-25: Jason Long <jlong@messiah.edu>
+ * scripts/dkimproxy.{in,out}: if unable to connect to relay host,
+   report an error to the client instead of just dropping the connection
+ * scripts/dkimproxy.{in,out}: detect syslog errors and report them
+   to the client, instead of just dropping the connection (issue
+   #2068222)
+ * scripts/dkimproxy.{in,out}: report client address to syslog
+
 2008-04-11: Jason Long <jlong@messiah.edu>
  * scripts/dkim_responder.pl, dkimproxy.in: fix authentication results
    header so it displays identity source properly (issue #1940393)