Re: dk-milter/dk-filter
On Mon, Aug 23, 2010 at 01:23:59PM +0100, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
> The package hasn't been in squeeze for several months now, mostly due to
> that bug, and hasn't seen an upload since 2008; that doesn't immediately
> scream "freeze exception candidate".
Fair enough; I don't know that it's widely used, but my movement on this
after the inactivity was largely triggered by a user's interest in and
suggestions for getting it back into squeeze.
> Please could you provide diffs for each of the options you mentioned?
> i.e. 1.0.0.dfsg-1 to a version with the fix for #481072, and 1.0.0.dfsg-1
> to 1.0.2?
I've attached a diff between 1.0.0.dfsg-1 and the proposed 1.0.0.dfsg-2,
and another between 1.0.0.dfsg-1 and 1.0.2. Note that the bugfix in
1.0.0.dfsg-1 is not currently in 1.0.2, as I haven't packaged it yet.
(The second chunk in my 1.0.0 patch is to ensure that the previously
assigned result of dk_sterilize(), which has already been checked for
NULL, is used. I've done so to eliminate any possibility that it will
somehow return NULL there when it did not do so a few lines earlier.
There are two other calls to dk_sterilize() in the code; both explicitly
check the returned value for NULL and raise an error without terminating
the program.)
--
Mike Markley <mike@markley.org>
diff -ur lenny/dk-milter-1.0.0.dfsg/debian/changelog dk-milter-1.0.0.dfsg/debian/changelog
--- lenny/dk-milter-1.0.0.dfsg/debian/changelog 2010-08-24 02:23:03.000000000 -0700
+++ dk-milter-1.0.0.dfsg/debian/changelog 2010-08-22 12:36:57.000000000 -0700
@@ -1,3 +1,11 @@
+dk-milter (1.0.0.dfsg-2) unstable; urgency=low
+
+ * Since all calls to dk_sterilize protect the result by checking
+ for NULL, its assert() has been replaced with an explicit check
+ for the same. Closes: #481072
+
+ -- Mike Markley <mike@markley.org> Tue, 17 Aug 2010 15:07:55 -0700
+
dk-milter (1.0.0.dfsg-1) unstable; urgency=low
* New upstream version.
diff -ur lenny/dk-milter-1.0.0.dfsg/libdk/dk.c dk-milter-1.0.0.dfsg/libdk/dk.c
--- lenny/dk-milter-1.0.0.dfsg/libdk/dk.c 2008-03-09 08:48:02.000000000 -0700
+++ dk-milter-1.0.0.dfsg/libdk/dk.c 2010-08-22 12:36:57.000000000 -0700
@@ -465,8 +465,7 @@
/* send the NS query */
memset(qname, '\0', sizeof qname);
- snprintf(qname, sizeof qname - 1, "%s.%s", DK_DNSNAME,
- dk_sterilize(dk->dk_domain));
+ snprintf(qname, sizeof qname - 1, "%s.%s", DK_DNSNAME, ssel);
#if USE_ARLIB
timeout.tv_sec = dk->dk_timeout;
diff -ur lenny/dk-milter-1.0.0.dfsg/libdk/util.c dk-milter-1.0.0.dfsg/libdk/util.c
--- lenny/dk-milter-1.0.0.dfsg/libdk/util.c 2006-06-01 10:55:48.000000000 -0700
+++ dk-milter-1.0.0.dfsg/libdk/util.c 2010-08-22 12:36:57.000000000 -0700
@@ -44,7 +44,9 @@
char *p;
char *ret;
- assert(str != NULL);
+ /* Debian bugfix: Handle this explicitly in place of a previous assert() */
+ if (str == NULL)
+ return NULL;
ret = str;
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/devtools/M4/switch.m4 upstream/dk-milter-1.0.2/devtools/M4/switch.m4
--- dk-milter-1.0.0.dfsg/devtools/M4/switch.m4 2000-04-06 11:45:22.000000000 -0700
+++ upstream/dk-milter-1.0.2/devtools/M4/switch.m4 2008-08-06 15:41:33.000000000 -0700
@@ -10,7 +10,7 @@
#
# Definitions for Makefile construction for sendmail
#
-# $Id: switch.m4,v 8.16 2000/04/06 18:45:22 peterh Exp $
+# $Id: switch.m4,v 8.17 2008/08/06 22:41:33 guenther Exp $
#
divert(0)dnl
include(confBUILDTOOLSDIR`/M4/string.m4')dnl
@@ -46,7 +46,7 @@
define(`bldPRODUCT_START',
`define(`bldCURRENT_PRODUCT', `$2')dnl
-define(`bldCURRENT_PRD', translit(`$2', `.', `_'))dnl
+define(`bldCURRENT_PRD', translit(`$2', `-.', `__'))dnl
define(`bldPRODUCT_TYPE', `$1')dnl'
)dnl
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/devtools/OS/Linux upstream/dk-milter-1.0.2/devtools/OS/Linux
--- dk-milter-1.0.0.dfsg/devtools/OS/Linux 2002-03-21 15:59:25.000000000 -0800
+++ upstream/dk-milter-1.0.2/devtools/OS/Linux 2009-01-21 18:15:42.000000000 -0800
@@ -1,9 +1,10 @@
-# $Id: Linux,v 8.30 2002/03/21 23:59:25 gshapiro Exp $
+# $Id: Linux,v 8.31 2009/01/22 02:15:42 guenther Exp $
dnl DO NOT EDIT THIS FILE.
dnl Place personal settings in devtools/Site/site.config.m4
define(`confDEPEND_TYPE', `CC-M')
+define(`confCCOPTS_SO', `-fPIC')
define(`confSM_OS_HEADER', `sm_os_linux')
define(`confMANROOT', `/usr/man/man')
define(`confLIBS', `-ldl')
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/devtools/OS/OpenBSD upstream/dk-milter-1.0.2/devtools/OS/OpenBSD
--- dk-milter-1.0.0.dfsg/devtools/OS/OpenBSD 2002-03-21 15:59:25.000000000 -0800
+++ upstream/dk-milter-1.0.2/devtools/OS/OpenBSD 2008-08-06 16:41:44.000000000 -0700
@@ -1,4 +1,4 @@
-# $Id: OpenBSD,v 8.20 2002/03/21 23:59:25 gshapiro Exp $
+# $Id: OpenBSD,v 8.21 2008/08/06 23:41:44 guenther Exp $
dnl DO NOT EDIT THIS FILE.
dnl Place personal settings in devtools/Site/site.config.m4
@@ -8,7 +8,32 @@
define(`confCCOPTS_SO', `-fPIC')
define(`confMAPDEF', `-DNEWDB -DNIS -DMAP_REGEX')
-define(`confENVDEF', ` -DNETISO -DFAST_PID_RECYCLE')
+define(`confENVDEF', ` -DFAST_PID_RECYCLE')
define(`confSM_OS_HEADER', `sm_os_openbsd')
define(`confMTCCOPTS', `-pthread')
define(`confMTLDOPTS', `-pthread')
+
+ifelse(confBLDVARIANT, `DEBUG',
+dnl Debug build
+`
+ define(`confOPTIMIZE',`-g')
+',
+dnl Optimized build
+confBLDVARIANT, `OPTIMIZED',
+`
+ define(`confOPTIMIZE',`-O')
+',
+dnl Purify build
+confBLDVARIANT, `PURIFY',
+`
+ define(`confOPTIMIZE',`-g')
+',
+dnl default
+`
+ define(`confOPTIMIZE',`-O')
+')
+define(`USE_ICONV',`
+ APPENDDEF(`confLIBS',`-liconv ')dnl
+ APPENDDEF(`confLIBDIRS',`-L/usr/local/lib ')dnl
+ APPENDDEF(`confINCDIRS',`-I/usr/local/include ')dnl
+')dnl
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/devtools/README upstream/dk-milter-1.0.2/devtools/README
--- dk-milter-1.0.0.dfsg/devtools/README 2008-02-12 08:40:05.000000000 -0800
+++ upstream/dk-milter-1.0.2/devtools/README 2009-01-21 18:15:07.000000000 -0800
@@ -86,7 +86,7 @@
directory.
confCC cc The C compiler to use.
confCCOPTS [empty] Additional options to pass to confCC.
-*confCCOPTS_SO -fPIC Additional options for compiling
+*confCCOPTS_SO [empty] Additional options for compiling
shared object libraries.
confCCLINK confCC Linker to use (for executables).
confCOPY cp A program that copies files.
@@ -129,7 +129,7 @@
confINSTALL_RAWMAN [undefined] Install the unformatted manual pages.
*confLD confCC Linker to use (for libraries).
confLDOPTS [empty] Linker options.
-*confLDOPTS_SO -shared -Wl Additional linker options for
+*confLDOPTS_SO [empty] Additional linker options for
linking shared object libraries.
confLIBDIR /usr/lib Where to install library files.
confLIBDIRS [empty] -L flags passed to ld.
@@ -395,4 +395,4 @@
bldINSTALLABLE - This should be set if the library should be installed in
confLIBDIR.
-$Revision: 8.102 $, Last updated $Date: 2008/02/12 16:40:05 $
+$Revision: 8.103 $, Last updated $Date: 2009/01/22 02:15:07 $
Only in upstream/dk-milter-1.0.2/dk-filter: dk-crypto.c
Only in upstream/dk-milter-1.0.2/dk-filter: dk-crypto.h
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/dk-filter/dk-filter.8 upstream/dk-milter-1.0.2/dk-filter/dk-filter.8
--- dk-milter-1.0.0.dfsg/dk-filter/dk-filter.8 2008-03-12 07:26:11.000000000 -0700
+++ upstream/dk-milter-1.0.2/dk-filter/dk-filter.8 2008-09-04 11:32:17.000000000 -0700
@@ -296,7 +296,7 @@
and the filter. Otherwise, the MTA could abort a message while waiting for
a reply from the filter, which in turn is still waiting for a DNS reply.
.SH VERSION
-This man page covers version 1.0.0 of
+This man page covers version 1.0.1 of
.I dk-filter.
.SH COPYRIGHT
Copyright (c) 2004-2008, Sendmail, Inc. and its suppliers. All rights
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/dk-filter/dk-filter.c upstream/dk-milter-1.0.2/dk-filter/dk-filter.c
--- dk-milter-1.0.0.dfsg/dk-filter/dk-filter.c 2008-03-13 15:23:48.000000000 -0700
+++ upstream/dk-milter-1.0.2/dk-filter/dk-filter.c 2008-09-04 11:32:36.000000000 -0700
@@ -2,11 +2,11 @@
** Copyright (c) 2004-2008 Sendmail, Inc. and its suppliers.
** All rights reserved.
**
-** $Id: dk-filter.c,v 1.180 2008/03/12 14:17:17 msk Exp $
+** $Id: dk-filter.c,v 1.183 2008/09/04 18:32:36 msk Exp $
*/
#ifndef lint
-static char dk_filter_c_id[] = "@(#)$Id: dk-filter.c,v 1.180 2008/03/12 14:17:17 msk Exp $";
+static char dk_filter_c_id[] = "@(#)$Id: dk-filter.c,v 1.183 2008/09/04 18:32:36 msk Exp $";
#endif /* !lint */
/* system includes */
@@ -74,6 +74,7 @@
/* dk-filter includes */
#include "dk-filter.h"
+#include "dk-crypto.h"
#include "util.h"
#ifdef DEBUG
@@ -3684,10 +3685,11 @@
pw = getpwnam(become);
if (pw == NULL)
{
+ char *q;
uid_t uid;
- uid = atoi(become);
- if (uid != 0 && uid != LONG_MIN && uid != LONG_MAX)
+ uid = (uid_t) strtol(become, &q, 10);
+ if (*q == '\0')
pw = getpwuid(uid);
if (pw == NULL)
{
@@ -4094,7 +4096,15 @@
}
}
- ERR_load_crypto_strings();
+ status = dkf_crypto_init();
+ if (status != 0)
+ {
+ if (dolog)
+ syslog(LOG_ERR, "can't initialize OpenSSL library");
+
+ dkf_zapkey();
+ return EX_UNAVAILABLE;
+ }
/* initialize the DomainKeys package */
libdk = dk_init(NULL, NULL);
@@ -4200,6 +4210,7 @@
popdbfile);
dkf_zapkey();
+ dkf_crypto_free();
return EX_UNAVAILABLE;
}
}
@@ -4233,6 +4244,8 @@
}
#endif /* POPAUTH */
+ dkf_crypto_free();
+
dkf_zapkey();
dk_close(libdk);
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/dk-filter/dk-filter.h upstream/dk-milter-1.0.2/dk-filter/dk-filter.h
--- dk-milter-1.0.0.dfsg/dk-filter/dk-filter.h 2008-03-13 15:22:59.000000000 -0700
+++ upstream/dk-milter-1.0.2/dk-filter/dk-filter.h 2009-02-04 09:52:29.000000000 -0800
@@ -1,19 +1,19 @@
/*
-** Copyright (c) 2004-2008 Sendmail, Inc. and its suppliers.
+** Copyright (c) 2004-2009 Sendmail, Inc. and its suppliers.
** All rights reserved.
**
-** $Id: dk-filter.h,v 1.101 2008/03/13 22:22:59 msk Exp $
+** $Id: dk-filter.h,v 1.103 2009/02/04 17:52:29 msk Exp $
*/
#ifndef _DK_FILTER_H_
#define _DK_FILTER_H_
#ifndef lint
-static char dk_filter_h_id[] = "@(#)$Id: dk-filter.h,v 1.101 2008/03/13 22:22:59 msk Exp $";
+static char dk_filter_h_id[] = "@(#)$Id: dk-filter.h,v 1.103 2009/02/04 17:52:29 msk Exp $";
#endif /* !lint */
#define DKF_PRODUCT "Sendmail DomainKeys Filter"
-#define DKF_VERSION "1.0.0"
+#define DKF_VERSION "1.0.2"
/* libdk */
#include <dk.h>
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/dk-filter/Makefile.m4 upstream/dk-milter-1.0.2/dk-filter/Makefile.m4
--- dk-milter-1.0.0.dfsg/dk-filter/Makefile.m4 2007-05-31 13:31:01.000000000 -0700
+++ upstream/dk-milter-1.0.2/dk-filter/Makefile.m4 2008-09-04 10:39:00.000000000 -0700
@@ -26,7 +26,7 @@
bldPRODUCT_START(`executable', `dk-filter')
-define(`bldSOURCES', `dk-filter.c util.c ')
+define(`bldSOURCES', `dk-filter.c dk-crypto.c util.c ')
PREPENDDEF(`confLIBS', `-lmilter ')
bldPRODUCT_END
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/FEATURES upstream/dk-milter-1.0.2/FEATURES
--- dk-milter-1.0.0.dfsg/FEATURES 2007-05-31 11:58:00.000000000 -0700
+++ upstream/dk-milter-1.0.2/FEATURES 2008-03-17 09:04:03.000000000 -0700
@@ -27,11 +27,6 @@
FLUSH_HEADERS Delete existing DK headers before delivery. (dk-filter)
-MULTIPLE_KEYS Adds a new command line option "-k", which changes
- interpretation of the "-s" to be a list of user@host
- patterns with matching filenames indicating which key
- to use to sign messages. (dk-filter)
-
REQUIRED_HEADERS
Optionally enforce minimum header requirements per RFC2822.
(dk-filter)
@@ -43,4 +38,4 @@
use. (dk-filter)
-$Revision: 1.18 $, Last updated $Date: 2007/05/31 18:58:00 $
+$Revision: 1.19 $, Last updated $Date: 2008/03/17 16:04:03 $
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/include/sm/conf.h upstream/dk-milter-1.0.2/include/sm/conf.h
--- dk-milter-1.0.0.dfsg/include/sm/conf.h 2007-09-24 16:05:37.000000000 -0700
+++ upstream/dk-milter-1.0.2/include/sm/conf.h 2009-01-14 16:46:13.000000000 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
@@ -10,7 +10,7 @@
* the sendmail distribution.
*
*
- * $Id: conf.h,v 1.134 2007/09/24 23:05:37 ca Exp $
+ * $Id: conf.h,v 1.136 2009/01/15 00:46:13 ca Exp $
*/
/*
@@ -463,6 +463,7 @@
# endif /* SOLARIS >= 21000 || (SOLARIS < 10000 && SOLARIS >= 210) */
# if SOLARIS >= 21100 || (SOLARIS < 10000 && SOLARIS >= 211)
# define GETLDAPALIASBYNAME_VERSION 2 /* changed in S11 */
+# define HAVE_NANOSLEEP 1 /* moved from librt to libc in S11 */
# endif /* SOLARIS >= 21100 || (SOLARIS < 10000 && SOLARIS >= 211) */
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps pre-2.7 */
@@ -2901,6 +2902,20 @@
# define MAXHOSTNAMELEN 256
# endif /* !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) */
+
+# if _FFR_LINUX_MHNL && defined(__linux__) && MAXHOSTNAMELEN < 255
+ /*
+ ** override Linux wierdness: a FQHN can be 255 chars long
+ ** SUSv3 requires HOST_NAME_MAX ("Maximum length of a host
+ ** name (not including the terminating null) as returned from the
+ ** gethostname() function.") to be at least 255. c.f.:
+ ** http://www.opengroup.org/onlinepubs/009695399
+ ** but Linux defines that to 64 too.
+ */
+# undef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 256
+# endif /* _FFR_LINUX_MHNL && defined(__linux__) && MAXHOSTNAMELEN < 255 */
+
# if !defined(SIGCHLD) && defined(SIGCLD)
# define SIGCHLD SIGCLD
# endif /* !defined(SIGCHLD) && defined(SIGCLD) */
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/include/sm/ldap.h upstream/dk-milter-1.0.2/include/sm/ldap.h
--- dk-milter-1.0.0.dfsg/include/sm/ldap.h 2007-10-09 17:06:44.000000000 -0700
+++ upstream/dk-milter-1.0.2/include/sm/ldap.h 2008-11-17 13:02:54.000000000 -0800
@@ -6,7 +6,7 @@
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
- * $Id: ldap.h,v 1.33 2007/10/10 00:06:44 ca Exp $
+ * $Id: ldap.h,v 1.34 2008/11/17 21:02:54 ca Exp $
*/
#ifndef SM_LDAP_H
@@ -92,7 +92,7 @@
char ldap_attrsep;
# if _FFR_LDAP_NETWORK_TIMEOUT
- struct timeval ldap_networktmo;
+ int ldap_networktmo;
# endif /* _FFR_LDAP_NETWORK_TIMEOUT */
/* Linked list of maps sharing the same LDAP binding */
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/include/sm/sem.h upstream/dk-milter-1.0.2/include/sm/sem.h
--- dk-milter-1.0.0.dfsg/include/sm/sem.h 2005-02-17 14:08:58.000000000 -0800
+++ upstream/dk-milter-1.0.2/include/sm/sem.h 2008-05-30 09:26:39.000000000 -0700
@@ -1,12 +1,12 @@
/*
- * Copyright (c) 2000-2001, 2005 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 2000-2001, 2005, 2008 Sendmail, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
- * $Id: sem.h,v 1.9 2005/02/17 22:08:58 ca Exp $
+ * $Id: sem.h,v 1.10 2008/05/30 16:26:39 ca Exp $
*/
#ifndef SM_SEM_H
@@ -47,6 +47,7 @@
extern int sm_sem_acq __P((int, int, int));
extern int sm_sem_rel __P((int, int, int));
extern int sm_sem_get __P((int, int));
+extern int sm_semsetowner __P((int, uid_t, gid_t, mode_t));
# else /* SM_CONF_SEM > 0 */
# define sm_sem_start(key, nsem, semflg, owner) 0
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/libdk/dk.c upstream/dk-milter-1.0.2/libdk/dk.c
--- dk-milter-1.0.0.dfsg/libdk/dk.c 2010-08-22 12:36:57.000000000 -0700
+++ upstream/dk-milter-1.0.2/libdk/dk.c 2009-02-04 09:52:47.000000000 -0800
@@ -1,12 +1,12 @@
/*
-** Copyright (c) 2004-2007 Sendmail, Inc. and its suppliers.
+** Copyright (c) 2004-2009 Sendmail, Inc. and its suppliers.
** All rights reserved.
**
-** $Id: dk.c,v 1.186 2008/03/09 15:48:02 msk Exp $
+** $Id: dk.c,v 1.192 2009/02/04 17:52:47 msk Exp $
*/
#ifndef lint
-static char dk_c_id[] = "@(#)$Id: dk.c,v 1.186 2008/03/09 15:48:02 msk Exp $";
+static char dk_c_id[] = "@(#)$Id: dk.c,v 1.192 2009/02/04 17:52:47 msk Exp $";
#endif /* !lint */
/* system includes */
@@ -465,7 +465,8 @@
/* send the NS query */
memset(qname, '\0', sizeof qname);
- snprintf(qname, sizeof qname - 1, "%s.%s", DK_DNSNAME, ssel);
+ snprintf(qname, sizeof qname - 1, "%s.%s", DK_DNSNAME,
+ dk_sterilize(dk->dk_domain));
#if USE_ARLIB
timeout.tv_sec = dk->dk_timeout;
@@ -1920,23 +1921,24 @@
}
/*
-** DK_VERROR -- log an error into a DK handle (varargs version)
+** DK_ERROR -- log an error into a DK handle
**
** Parameters:
** dk -- DK context in which this is performed
** format -- format to apply
-** va -- argument list
+** ... -- arguments
**
** Return value:
** None.
*/
-static void
-dk_verror(DK *dk, const char *format, va_list va)
+void
+dk_error(DK *dk, const char *format, ...)
{
int flen;
int saverr;
char *newdk;
+ va_list va;
assert(dk != NULL);
assert(format != NULL);
@@ -1957,7 +1959,9 @@
for (;;)
{
+ va_start(va, format);
flen = vsnprintf(dk->dk_error, dk->dk_errlen, format, va);
+ va_end(va);
/* compensate for broken vsnprintf() implementations */
if (flen == -1)
@@ -1988,31 +1992,6 @@
}
/*
-** DK_ERROR -- log an error into a DK handle
-**
-** Parameters:
-** dk -- DK context in which this is performed
-** format -- format to apply
-** ... -- arguments
-**
-** Return value:
-** None.
-*/
-
-static void
-dk_error(DK *dk, const char *format, ...)
-{
- va_list va;
-
- assert(dk != NULL);
- assert(format != NULL);
-
- va_start(va, format);
- dk_verror(dk, format, va);
- va_end(va);
-}
-
-/*
** ===== PUBLIC SECTION
*/
@@ -2825,13 +2804,6 @@
}
else
{
- for (c = 0;
- c < dk->dk_blanks;
- c++)
- DK_CANON(dk, CRLF, 2);
-
- dk->dk_blanks = 0;
-
DK_CANON(dk, wrote, wlen);
DK_CANON(dk, CRLF, 2);
@@ -2850,7 +2822,21 @@
/* write what's left */
if (wlen > 0)
+ {
+ if (dk->dk_blanks > 0)
+ {
+ int c;
+
+ for (c = 0;
+ c < dk->dk_blanks;
+ c++)
+ DK_CANON(dk, CRLF, 2);
+
+ dk->dk_blanks = 0;
+ }
+
DK_CANON(dk, wrote, wlen);
+ }
break;
@@ -2898,6 +2884,18 @@
{
if (lidx == sizeof lbuf)
{
+ if (dk->dk_blanks > 0)
+ {
+ int c;
+
+ for (c = 0;
+ c < dk->dk_blanks;
+ c++)
+ DK_CANON(dk, CRLF, 2);
+
+ dk->dk_blanks = 0;
+ }
+
DK_CANON(dk, lbuf, lidx);
lidx = 0;
}
@@ -2910,7 +2908,21 @@
}
if (lidx > 0)
+ {
+ if (dk->dk_blanks > 0)
+ {
+ int c;
+
+ for (c = 0;
+ c < dk->dk_blanks;
+ c++)
+ DK_CANON(dk, CRLF, 2);
+
+ dk->dk_blanks = 0;
+ }
+
DK_CANON(dk, lbuf, lidx);
+ }
break;
@@ -2950,6 +2962,10 @@
{
int status;
+#ifdef _FFR_HASH_BUFFERING
+ dk_canonbuffer(dk, NULL, 0);
+#endif /* _FFR_HASH_BUFFERING */
+
/* no sender header was found below the signature */
if (dk->dk_skipbody && dk->dk_processing)
{
@@ -2988,10 +3004,6 @@
return DK_STAT_NORESOURCE;
}
-#ifdef _FFR_HASH_BUFFERING
- dk_canonbuffer(dk, NULL, 0);
-#endif /* _FFR_HASH_BUFFERING */
-
/* set up the RSA object */
sha1->sha1_rsa = EVP_PKEY_get1_RSA(sha1->sha1_pkey);
if (sha1->sha1_rsa == NULL)
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/libdk/dk.h upstream/dk-milter-1.0.2/libdk/dk.h
--- dk-milter-1.0.0.dfsg/libdk/dk.h 2008-03-09 00:47:59.000000000 -0800
+++ upstream/dk-milter-1.0.2/libdk/dk.h 2009-02-04 09:45:32.000000000 -0800
@@ -1,15 +1,15 @@
/*
-** Copyright (c) 2004-2007 Sendmail, Inc. and its suppliers.
+** Copyright (c) 2004-2009 Sendmail, Inc. and its suppliers.
** All rights reserved.
**
-** $Id: dk.h,v 1.54 2008/03/09 08:47:59 msk Exp $
+** $Id: dk.h,v 1.57 2009/02/04 17:45:32 msk Exp $
*/
#ifndef _SMI_DK_H_
#define _SMI_DK_H_
#ifndef lint
-static char dk_h_id[] = "@(#)$Id: dk.h,v 1.54 2008/03/09 08:47:59 msk Exp $";
+static char dk_h_id[] = "@(#)$Id: dk.h,v 1.57 2009/02/04 17:45:32 msk Exp $";
#endif /* !lint */
/* system includes */
@@ -27,7 +27,7 @@
** pp == patch number
*/
-#define DK_LIB_VERSION 0x01000000
+#define DK_LIB_VERSION 0x01000200
#define DK_DNSNAME "_domainkey"
/* common DNS label */
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/libdk/dk-private.h upstream/dk-milter-1.0.2/libdk/dk-private.h
--- dk-milter-1.0.0.dfsg/libdk/dk-private.h 2008-03-08 00:58:35.000000000 -0800
+++ upstream/dk-milter-1.0.2/libdk/dk-private.h 2008-06-19 13:59:26.000000000 -0700
@@ -1,15 +1,15 @@
/*
-** Copyright (c) 2004, 2007 Sendmail, Inc. and its suppliers.
+** Copyright (c) 2004, 2007, 2008 Sendmail, Inc. and its suppliers.
** All rights reserved.
**
-** $Id: dk-private.h,v 1.42 2008/03/08 08:58:35 msk Exp $
+** $Id: dk-private.h,v 1.43 2008/06/19 20:59:26 msk Exp $
*/
#ifndef _SMI_DK_PRIVATE_H_
#define _SMI_DK_PRIVATE_H_
#ifndef lint
-static char dk_private_h_id[] = "@(#)$Id: dk-private.h,v 1.42 2008/03/08 08:58:35 msk Exp $";
+static char dk_private_h_id[] = "@(#)$Id: dk-private.h,v 1.43 2008/06/19 20:59:26 msk Exp $";
#endif /* !lint */
/* system */
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/libdk/util.c upstream/dk-milter-1.0.2/libdk/util.c
--- dk-milter-1.0.0.dfsg/libdk/util.c 2010-08-22 12:36:57.000000000 -0700
+++ upstream/dk-milter-1.0.2/libdk/util.c 2006-06-01 10:55:48.000000000 -0700
@@ -44,9 +44,7 @@
char *p;
char *ret;
- /* Debian bugfix: Handle this explicitly in place of a previous assert() */
- if (str == NULL)
- return NULL;
+ assert(str != NULL);
ret = str;
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/libsm/ldap.c upstream/dk-milter-1.0.2/libsm/ldap.c
--- dk-milter-1.0.0.dfsg/libsm/ldap.c 2007-10-11 17:19:44.000000000 -0700
+++ upstream/dk-milter-1.0.2/libsm/ldap.c 2008-11-17 13:02:55.000000000 -0800
@@ -11,7 +11,7 @@
#define LDAP_DEPRECATED 1
#include <sm/gen.h>
-SM_RCSID("@(#)$Id: ldap.c,v 1.80 2007/10/12 00:19:44 ca Exp $")
+SM_RCSID("@(#)$Id: ldap.c,v 1.82 2008/11/17 21:02:55 ca Exp $")
#if LDAPMAP
# include <sys/types.h>
@@ -1372,9 +1372,16 @@
ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit);
ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit);
-# if _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT)
- ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &lmap->ldap_networktmo);
-# endif /* _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */
+# if _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT)
+ if (lmap->ldap_networktmo > 0)
+ {
+ struct timeval tmo;
+
+ tmo.tv_sec = lmap->ldap_networktmo;
+ tmo.tv_usec = 0;
+ ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tmo);
+ }
+# endif /* _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */
# ifdef LDAP_OPT_RESTART
ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
# endif /* LDAP_OPT_RESTART */
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/libsm/sem.c upstream/dk-milter-1.0.2/libsm/sem.c
--- dk-milter-1.0.0.dfsg/libsm/sem.c 2005-08-12 13:39:59.000000000 -0700
+++ upstream/dk-milter-1.0.2/libsm/sem.c 2008-05-30 09:26:38.000000000 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000-2001, 2005 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 2000-2001, 2005, 2008 Sendmail, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
@@ -8,11 +8,12 @@
*/
#include <sm/gen.h>
-SM_RCSID("@(#)$Id: sem.c,v 1.13 2005/08/12 20:39:59 ca Exp $")
+SM_RCSID("@(#)$Id: sem.c,v 1.14 2008/05/30 16:26:38 ca Exp $")
#if SM_CONF_SEM
# include <stdlib.h>
# include <unistd.h>
+# include <sm/string.h>
# include <sm/sem.h>
# include <sm/heap.h>
# include <errno.h>
@@ -200,4 +201,47 @@
return -1;
return semval;
}
+
+/*
+** SM_SEMSETOWNER -- set owner/group/mode of semaphores.
+**
+** Parameters:
+** semid -- id for semaphores.
+** uid -- uid to use
+** gid -- gid to use
+** mode -- mode to use
+**
+** Returns:
+** 0 on success.
+** < 0 on failure.
+*/
+
+int
+sm_semsetowner(semid, uid, gid, mode)
+ int semid;
+ uid_t uid;
+ gid_t gid;
+ mode_t mode;
+{
+# ifndef WIN32
+ int r;
+ struct semid_ds semidds;
+ union semun {
+ int val;
+ struct semid_ds *buf;
+ ushort *array;
+ } arg;
+
+ memset(&semidds, 0, sizeof(semidds));
+ arg.buf = &semidds;
+ if ((r = semctl(semid, 1, IPC_STAT, arg)) < 0)
+ return r;
+ semidds.sem_perm.uid = uid;
+ semidds.sem_perm.gid = gid;
+ semidds.sem_perm.mode = mode;
+ if ((r = semctl(semid, 1, IPC_SET, arg)) < 0)
+ return r;
+# endif /* WIN32 */
+ return 0;
+}
#endif /* SM_CONF_SEM */
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/libsm/t-sem.c upstream/dk-milter-1.0.2/libsm/t-sem.c
--- dk-milter-1.0.0.dfsg/libsm/t-sem.c 2007-03-21 16:22:10.000000000 -0700
+++ upstream/dk-milter-1.0.2/libsm/t-sem.c 2008-05-30 09:26:38.000000000 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000-2001, 2005-2007 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 2000-2001, 2005-2008 Sendmail, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
@@ -8,7 +8,7 @@
*/
#include <sm/gen.h>
-SM_RCSID("@(#)$Id: t-sem.c,v 1.16 2007/03/21 23:22:10 ca Exp $")
+SM_RCSID("@(#)$Id: t-sem.c,v 1.17 2008/05/30 16:26:38 ca Exp $")
#include <stdio.h>
@@ -127,6 +127,20 @@
exit(EX_UNAVAILABLE);
}
+static int
+drop_priv(uid, gid)
+ uid_t uid;
+ gid_t gid;
+{
+ int r;
+
+ r = setgid(gid);
+ if (r != 0)
+ return r;
+ r = setuid(uid);
+ return r;
+}
+
/*
** SEMTEST -- test of semaphores
**
@@ -141,12 +155,23 @@
# define MAX_CNT 10
static int
-semtest(owner)
+semtest(owner, uid, gid)
int owner;
+ uid_t uid;
+ gid_t gid;
{
int semid, r;
int cnt = 0;
+ if (!owner && uid != 0)
+ {
+ r = drop_priv(uid, gid);
+ if (r < 0)
+ {
+ perror("drop_priv child failed");
+ return -1;
+ }
+ }
semid = sm_sem_start(T_SM_SEM_KEY, 1, 0, owner);
if (semid < 0)
{
@@ -156,6 +181,22 @@
if (owner)
{
+ if (uid != 0)
+ {
+ r = sm_semsetowner(semid, uid, gid, 0660);
+ if (r < 0)
+ {
+ perror("sm_semsetowner failed");
+ return -1;
+ }
+ r = drop_priv(uid, gid);
+ if (r < 0)
+ {
+ perror("drop_priv owner failed");
+ return -1;
+ }
+ }
+
/* just in case someone kills the program... */
semid_c = semid;
(void) sm_signal(SIGHUP, sem_cleanup);
@@ -281,18 +322,31 @@
{
bool interactive = false;
bool owner = false;
- int ch;
- int r = 0;
+ int ch, r;
+ uid_t uid;
+ gid_t gid;
+
+ uid = 0;
+ gid = 0;
+ r = 0;
-# define OPTIONS "io"
+# define OPTIONS "iog:u:"
while ((ch = getopt(argc, argv, OPTIONS)) != -1)
{
switch ((char) ch)
{
+ case 'g':
+ gid = (gid_t)strtoul(optarg, 0, 0);
+ break;
+
case 'i':
interactive = true;
break;
+ case 'u':
+ uid = (uid_t)strtoul(optarg, 0, 0);
+ break;
+
case 'o':
owner = true;
break;
@@ -323,11 +377,11 @@
{
/* give the parent the chance to setup data */
sleep(1);
- r = semtest(false);
+ r = semtest(false, uid, gid);
}
else
{
- r = semtest(true);
+ r = semtest(true, uid, gid);
}
SM_TEST(r == 0);
return sm_test_end();
diff -ur -x debian -x CVS dk-milter-1.0.0.dfsg/RELEASE_NOTES upstream/dk-milter-1.0.2/RELEASE_NOTES
--- dk-milter-1.0.0.dfsg/RELEASE_NOTES 2008-03-13 15:23:08.000000000 -0700
+++ upstream/dk-milter-1.0.2/RELEASE_NOTES 2009-02-04 10:01:25.000000000 -0800
@@ -1,5 +1,5 @@
DK-MILTER RELEASE NOTES
- $Id: RELEASE_NOTES,v 1.165 2008/03/13 22:23:08 msk Exp $
+ $Id: RELEASE_NOTES,v 1.167 2009/02/04 18:01:25 msk Exp $
This listing shows the versions of the dk-milter package, the date of
@@ -10,6 +10,18 @@
were logged internally at Sendmail, Inc.
+1.0.2 2009/02/04
+ LIBDK: Fix bug in error message generation which could cause
+ crashes with very large error messages. Code copied
+ from dkim-milter.
+
+1.0.1 2008/09/04
+ Set up required callbacks for OpenSSL thread-safety. Code copied
+ from dkim-milter.
+ LIBDK: Fix bug in relaxed canonicalization mode when dealing with
+ very large input lines with cached blank lines.
+ Problem reported by Mark Martinec.
+
1.0.0 2008/03/13
Use the current Authentication-Results: format (the -13 draft).
Patch from S. Moonesamy of Eland Systems.
Only in upstream/dk-milter-1.0.2: rfc4870.txt
Reply to: