--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package dkimpy-milter/1.0.1-1
- From: Scott Kitterman <debian@kitterman.com>
- Date: Fri, 11 Oct 2019 10:05:39 -0400
- Message-id: <157080273982.16471.3114737773062987956.reportbug@l5580.kitterman.com>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
This update is based on a maitnenance update from upstream (1.0.2) by an
upstream familiar with Debian's post-release update process with an
intent to only address issues appropriate for a Debian stable update.
There are several types of changes included:
1. Resiliance: After the last upstream release, a nubmer of issues with
the reliability of the milter when presented with corrupted data were
identified (although not in the BTS, the report was upstream from a
Debian user). There are a number of changes to catch errors and
continue the milter running. These are the most critical.
dkimpy-milter-1.0.2/dkimpy_milter/__init__.py
line 54, 133, and line 255 through 303 hunks.
2. Correctness: If the milter is configured to both sign and verify
messages in the same process (which is not the usual case, but can
happen - I discuverd this one the hard way), then the milter will fail.
dkimpy-milter-1.0.2/dkimpy_milter/__init__.py line 174 hunk
The log message that the milter is starting would not log anything in
the failure case, which is the interesting one.
dkimpy-milter-1.0.2/dkimpy_milter/__init__.py line 351 hunk
All of the above are low risk, important fixes that will affect all
users of the package.
3. Init fixes for sysv: It turns out people use this in Docker
containers and bugs were filed upstream about the init scripts not
working in Debian Buster. This was both packaging problems (debian/
rules changes) and init problems. Updating the init so it works when
installed from upstream source, also required changes to paths used by
Debian (0001-update-upstream-unit-and-init-file-paths.patch).
These changes are slightly more extensive, but have no impact for users
of Debian's default init. Sysv init support is totally broken now, so
there is no risk of regression.
I did my own test of these in Docker (since that's where they seem to be
used) and with these changes, they work now.
Scott K
diff -Nru dkimpy-milter-1.0.1/CHANGES dkimpy-milter-1.0.2/CHANGES
--- dkimpy-milter-1.0.1/CHANGES 2019-02-11 15:13:44.000000000 -0500
+++ dkimpy-milter-1.0.2/CHANGES 2019-10-07 00:12:30.000000000 -0400
@@ -1,3 +1,13 @@
+1.0.2 2019-10-07
+ - Fix startup logging so it provides information at a useful time
+ - Fix message extraction so that signing in the same pass through the milter
+ as verifying works correctly
+ - Fix variable initialization so mailformed mails missing body From do not
+ cause a traceback (LP: #1844161)
+ - Catch more ascii encoding errors to improve resilience against bad data
+ (LP: #1844189)
+ - Fix sysv init so it works (LP: #1839487)
+
1.0.1 2019-02-11
* Reorder milter start and dropping privileges so permissions on Unix socket
are correct (LP: 1797720)
diff -Nru dkimpy-milter-1.0.1/debian/changelog dkimpy-milter-1.0.2/debian/changelog
--- dkimpy-milter-1.0.1/debian/changelog 2019-02-11 15:32:17.000000000 -0500
+++ dkimpy-milter-1.0.2/debian/changelog 2019-10-07 00:31:48.000000000 -0400
@@ -1,3 +1,14 @@
+dkimpy-milter (1.0.2-1) buster; urgency=medium
+
+ * New upstream release
+ * Put upstream init file where dh_installinit expects to find it so it is
+ properly registered
+ * Update debian/watch to point to 1.0 version for stable updates
+ * Update and rename d/p/0001-update-upstream-unit-and-init-file-paths.patch
+ so sysv init paths are correct too
+
+ -- Scott Kitterman <scott@kitterman.com> Mon, 07 Oct 2019 00:31:48 -0400
+
dkimpy-milter (1.0.1-1) unstable; urgency=medium
* New upstream release
diff -Nru dkimpy-milter-1.0.1/debian/gbp.conf dkimpy-milter-1.0.2/debian/gbp.conf
--- dkimpy-milter-1.0.1/debian/gbp.conf 2018-03-19 01:16:48.000000000 -0400
+++ dkimpy-milter-1.0.2/debian/gbp.conf 2019-10-07 00:25:34.000000000 -0400
@@ -1,2 +1,3 @@
[DEFAULT]
-debian-branch=debian/master
+debian-branch=debian/buster
+upstream-branch=buster/upstream
diff -Nru dkimpy-milter-1.0.1/debian/patches/0001-update-upstream-unit-and-init-file-paths.patch dkimpy-milter-1.0.2/debian/patches/0001-update-upstream-unit-and-init-file-paths.patch
--- dkimpy-milter-1.0.1/debian/patches/0001-update-upstream-unit-and-init-file-paths.patch 1969-12-31 19:00:00.000000000 -0500
+++ dkimpy-milter-1.0.2/debian/patches/0001-update-upstream-unit-and-init-file-paths.patch 2019-10-07 00:29:55.000000000 -0400
@@ -0,0 +1,38 @@
+From: Scott Kitterman <scott@kitterman.com>
+Date: Wed, 14 Mar 2018 22:53:01 -0400
+Subject: update upstream unit and init file paths
+
+---
+ system/dkimpy-milter | 4 ++--
+ system/dkimpy-milter.service | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/system/dkimpy-milter b/system/dkimpy-milter
+index f4d4e0f..5ca6368 100755
+--- a/system/dkimpy-milter
++++ b/system/dkimpy-milter
+@@ -18,9 +18,9 @@
+ # Short-Description: dkimpy-milter
+ # Description: Python DKIM Milter for Sendmail and Postfix
+ ### END INIT INFO
+-prefix="/usr/local"
++prefix="/usr"
+ exec_prefix=${prefix}
+-sysconfdir="/usr/local/etc"
++sysconfdir="/etc"
+ bindir="${exec_prefix}/bin/"
+ RUNDIR="/run/dkimpy-milter"
+ DAEMON=${bindir}/dkimpy-milter
+diff --git a/system/dkimpy-milter.service b/system/dkimpy-milter.service
+index 1ec8afb..92f0dff 100644
+--- a/system/dkimpy-milter.service
++++ b/system/dkimpy-milter.service
+@@ -6,7 +6,7 @@ After=network.target
+ [Service]
+ Type=simple
+ PIDFile=/var/run/dkimpy-milter/dkimpy-milter.pid
+-ExecStart=/usr/local/bin/dkimpy-milter /usr/local/etc/dkimpy-milter.conf
++ExecStart=/usr/bin/dkimpy-milter /etc/dkimpy-milter.conf
+
+ [Install]
+ WantedBy=multi-user.target
diff -Nru dkimpy-milter-1.0.1/debian/patches/0001-update-upstream-unit-file-paths.patch dkimpy-milter-1.0.2/debian/patches/0001-update-upstream-unit-file-paths.patch
--- dkimpy-milter-1.0.1/debian/patches/0001-update-upstream-unit-file-paths.patch 2018-05-17 00:53:54.000000000 -0400
+++ dkimpy-milter-1.0.2/debian/patches/0001-update-upstream-unit-file-paths.patch 1969-12-31 19:00:00.000000000 -0500
@@ -1,21 +0,0 @@
-From: Scott Kitterman <scott@kitterman.com>
-Date: Wed, 14 Mar 2018 22:53:01 -0400
-Subject: update upstream unit file paths
-
----
- system/dkimpy-milter.service | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/system/dkimpy-milter.service b/system/dkimpy-milter.service
-index 1ec8afb..92f0dff 100644
---- a/system/dkimpy-milter.service
-+++ b/system/dkimpy-milter.service
-@@ -6,7 +6,7 @@ After=network.target
- [Service]
- Type=simple
- PIDFile=/var/run/dkimpy-milter/dkimpy-milter.pid
--ExecStart=/usr/local/bin/dkimpy-milter /usr/local/etc/dkimpy-milter.conf
-+ExecStart=/usr/bin/dkimpy-milter /etc/dkimpy-milter.conf
-
- [Install]
- WantedBy=multi-user.target
diff -Nru dkimpy-milter-1.0.1/debian/patches/series dkimpy-milter-1.0.2/debian/patches/series
--- dkimpy-milter-1.0.1/debian/patches/series 2018-05-11 19:03:21.000000000 -0400
+++ dkimpy-milter-1.0.2/debian/patches/series 2019-10-07 00:29:55.000000000 -0400
@@ -1 +1 @@
-0001-update-upstream-unit-file-paths.patch
+0001-update-upstream-unit-and-init-file-paths.patch
diff -Nru dkimpy-milter-1.0.1/debian/rules dkimpy-milter-1.0.2/debian/rules
--- dkimpy-milter-1.0.1/debian/rules 2018-03-19 01:16:48.000000000 -0400
+++ dkimpy-milter-1.0.2/debian/rules 2019-10-07 00:10:28.000000000 -0400
@@ -9,12 +9,12 @@
override_dh_auto_install:
dh_auto_install
+ cp system/dkimpy-milter debian/dkimpy-milter.init
mkdir -p debian/dkimpy-milter/lib/systemd/system
- mkdir -p debian/dkimpy-milter/etc/init.d
+ mkdir -p debian/dkimpy-milter/etc
mv debian/dkimpy-milter/usr/lib/systemd/system/dkimpy-milter.service \
debian/dkimpy-milter/lib/systemd/system/dkimpy-milter.service
mv debian/dkimpy-milter/usr/etc/* debian/dkimpy-milter/etc
- chmod +x debian/dkimpy-milter/etc/init.d/dkimpy-milter
rm -rf debian/dkimpy-milter/usr/lib/systemd
rm -rf debian/dkimpy-milter/usr/etc
diff -Nru dkimpy-milter-1.0.1/debian/watch dkimpy-milter-1.0.2/debian/watch
--- dkimpy-milter-1.0.1/debian/watch 2018-03-19 01:16:48.000000000 -0400
+++ dkimpy-milter-1.0.2/debian/watch 2019-10-07 00:20:14.000000000 -0400
@@ -1,4 +1,4 @@
version=3
opts="pgpsigurlmangle=s/$/.asc/" https://launchpad.net/dkimpy-milter/+download \
-https://launchpad.net/dkimpy-milter/.*/.*/dkimpy-milter-(.*)\.tar\.gz \
+https://launchpad.net/dkimpy-milter/.*/.*/dkimpy-milter-(1.0.*)\.tar\.gz \
diff -Nru dkimpy-milter-1.0.1/dkimpy_milter/__init__.py dkimpy-milter-1.0.2/dkimpy_milter/__init__.py
--- dkimpy-milter-1.0.1/dkimpy_milter/__init__.py 2019-02-11 15:10:47.000000000 -0500
+++ dkimpy-milter-1.0.2/dkimpy_milter/__init__.py 2019-10-06 23:49:01.000000000 -0400
@@ -54,6 +54,7 @@
self.privatersa = privateRSA
self.privateed25519 = privateEd25519
self.fp = None
+ self.fdomain = ''
@Milter.noreply
def connect(self, hostname, unused, hostaddr):
@@ -133,14 +134,18 @@
try:
self.fdomain = self.author.split('@')[1].lower()
except IndexError as er:
- self.fdomain = '' # self.author was not a proper email address
+ pass # self.author was not a proper email address
if (milterconfig.get('Syslog') and
milterconfig.get('debugLevel') >= 1):
syslog.syslog("{0}: {1}".format(name, val))
elif lname == 'authentication-results':
self.arheaders.append(val)
if self.fp:
- self.fp.write("%s: %s\n" % (name, val))
+ try:
+ self.fp.write("%s: %s\n" % (name, val))
+ except:
+ # Don't choke on header fields with garbage in them.
+ pass
return Milter.CONTINUE
@Milter.noreply
@@ -174,20 +179,19 @@
except:
# Don't error out on unparseable AR header fiels
pass
- # Check or sign DKIM
+ # Check and/or sign DKIM
self.fp.seek(0)
+ txt = self.fp.read()
if milterconfig.get('Domain'):
domain = milterconfig.get('Domain')
else:
domain = ''
if ((self.fdomain in domain) and not milterconfig.get('Mode') == 'v'
and not self.external_connection):
- txt = self.fp.read()
self.sign_dkim(txt)
if ((self.has_dkim) and (not self.internal_connection) and
(milterconfig.get('Mode') == 'v' or
milterconfig.get('Mode') == 'sv')):
- txt = self.fp.read()
self.check_dkim(txt)
if self.arresults:
h = authres.AuthenticationResultsHeader(authserv_id=
@@ -255,6 +259,7 @@
def check_dkim(self, txt):
res = False
+ self.header_a = None
for y in range(self.has_dkim): # Verify _ALL_ the signatures
d = dkim.DKIM(txt)
try:
@@ -281,9 +286,20 @@
self.dkim_comment = str(x)
if milterconfig.get('Syslog'):
syslog.syslog("check_dkim: {0}".format(x))
- self.header_i = d.signature_fields.get(b'i')
- self.header_d = d.signature_fields.get(b'd')
- self.header_a = d.signature_fields.get(b'a')
+ try:
+ self.header_i = d.signature_fields.get(b'i')
+ except TypeError as x:
+ self.header_i = None
+ try:
+ self.header_d = d.signature_fields.get(b'd')
+ self.header_a = d.signature_fields.get(b'a')
+ except Exception as x:
+ self.dkim_comment = str(x)
+ if milterconfig.get('Syslog'):
+ syslog.syslog("check_dkim: {0}".format(x))
+ self.header_d = None
+ if not self.header_a:
+ self.header_a = 'rsa-sha256'
if res:
if (milterconfig.get('Syslog') and
(milterconfig.get('SyslogSuccess') or
@@ -303,20 +319,27 @@
syslog.syslog('DKIM: Fail (saved as {0})'
.format(fname))
else:
- syslog.syslog('DKIM: Fail ({0})'.format(d.domain.lower()))
+ if milterconfig.get('Syslog'):
+ if d.domain:
+ syslog.syslog('DKIM: Fail ({0})'
+ .format(d.domain.lower()))
+ else:
+ syslog.syslog('DKIM: Fail, unextractable domain')
if res:
result = 'pass'
else:
result = 'fail'
res = False
- self.arresults.append(
- authres.DKIMAuthenticationResult(result=result,
+ if self.header_d:
+ self.arresults.append(
+ authres.DKIMAuthenticationResult(result=result,
header_i=self.header_i,
header_d=self.header_d,
header_a=self.header_a,
result_comment=
self.dkim_comment)
)
+ self.header_a = None
return
@@ -351,10 +374,10 @@
own_socketfile(milterconfig)
drop_privileges(milterconfig)
sys.stdout.flush()
- Milter.runmilter(miltername, socketname, 240)
if milterconfig.get('Syslog'):
- syslog.syslog('dkimpy-milter started:{0} user:{1}'
+ syslog.syslog('dkimpy-milter starting:{0} user:{1}'
.format(pid, milterconfig.get('UserID')))
+ Milter.runmilter(miltername, socketname, 240)
if __name__ == "__main__":
main()
diff -Nru dkimpy-milter-1.0.1/dkimpy_milter.egg-info/PKG-INFO dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO
--- dkimpy-milter-1.0.1/dkimpy_milter.egg-info/PKG-INFO 2019-02-11 15:14:33.000000000 -0500
+++ dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO 2019-10-07 00:14:32.000000000 -0400
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: dkimpy-milter
-Version: 1.0.1
+Version: 1.0.2
Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail.
Home-page: https://launchpad.net/dkimpy-milter
Author: Scott Kitterman
diff -Nru dkimpy-milter-1.0.1/dkimpy_milter.egg-info/requires.txt dkimpy-milter-1.0.2/dkimpy_milter.egg-info/requires.txt
--- dkimpy-milter-1.0.1/dkimpy_milter.egg-info/requires.txt 2019-02-11 15:14:33.000000000 -0500
+++ dkimpy-milter-1.0.2/dkimpy_milter.egg-info/requires.txt 2019-10-07 00:14:32.000000000 -0400
@@ -1,6 +1,6 @@
-dkimpy>=0.7
-pymilter
-authres>=1.1.0
+PyDNS
PyNaCl
+authres>=1.1.0
+dkimpy>=0.7
ipaddress
-PyDNS
\ No newline at end of file
+pymilter
diff -Nru dkimpy-milter-1.0.1/PKG-INFO dkimpy-milter-1.0.2/PKG-INFO
--- dkimpy-milter-1.0.1/PKG-INFO 2019-02-11 15:14:33.000000000 -0500
+++ dkimpy-milter-1.0.2/PKG-INFO 2019-10-07 00:14:32.000000000 -0400
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: dkimpy-milter
-Version: 1.0.1
+Version: 1.0.2
Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail.
Home-page: https://launchpad.net/dkimpy-milter
Author: Scott Kitterman
diff -Nru dkimpy-milter-1.0.1/README dkimpy-milter-1.0.2/README
--- dkimpy-milter-1.0.1/README 2019-02-11 14:22:05.000000000 -0500
+++ dkimpy-milter-1.0.2/README 2019-10-07 00:13:49.000000000 -0400
@@ -37,7 +37,7 @@
packages and then pip install dkimpy_milter.
The milter will work with either pydns (DNS) or dnspython (dns), preferring
-dnspython is both are available. The dkimpy DKIM module also works with
+dnspython if both are available. The dkimpy DKIM module also works with
either.
@@ -84,9 +84,8 @@
Both a systemd unit file and a sysv init file are provided. Both make
assumptions about defaults being used, e.g. if a non-standard pidfile name is
-used, they will need to be updated. The sysv init file is Debian specific and
-untested, since the developers are not using sysv init. Feedback/patches
-welcome.
+used, they will need to be updated. The sysv init file uses start-stop-deamon
+from Debian. It is not portable to systems without that available.
The dkimpy-milter drops priviledges after setup to the user/group specified in
UserID. During initial setup, this system user needs to be manually created.
diff -Nru dkimpy-milter-1.0.1/setup.cfg dkimpy-milter-1.0.2/setup.cfg
--- dkimpy-milter-1.0.1/setup.cfg 2019-02-11 15:14:33.000000000 -0500
+++ dkimpy-milter-1.0.2/setup.cfg 2019-10-07 00:14:32.000000000 -0400
@@ -1,5 +1,4 @@
[egg_info]
tag_build =
tag_date = 0
-tag_svn_revision = 0
diff -Nru dkimpy-milter-1.0.1/setup.py dkimpy-milter-1.0.2/setup.py
--- dkimpy-milter-1.0.1/setup.py 2019-02-11 15:11:02.000000000 -0500
+++ dkimpy-milter-1.0.2/setup.py 2019-10-07 00:11:42.000000000 -0400
@@ -30,7 +30,7 @@
setup(
name='dkimpy-milter',
- version='1.0.1',
+ version='1.0.2',
author='Scott Kitterman',
author_email='scott@kitterman.com',
url='https://launchpad.net/dkimpy-milter',
diff -Nru dkimpy-milter-1.0.1/system/dkimpy-milter dkimpy-milter-1.0.2/system/dkimpy-milter
--- dkimpy-milter-1.0.1/system/dkimpy-milter 2018-03-15 23:58:02.000000000 -0400
+++ dkimpy-milter-1.0.2/system/dkimpy-milter 2019-10-06 23:49:01.000000000 -0400
@@ -20,9 +20,9 @@
### END INIT INFO
prefix="/usr/local"
exec_prefix=${prefix}
-sysconfdir="/etc/dkimpy-milter"
+sysconfdir="/usr/local/etc"
bindir="${exec_prefix}/bin/"
-RUNDIR="/var/run/dkimpy-milter"
+RUNDIR="/run/dkimpy-milter"
DAEMON=${bindir}/dkimpy-milter
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:
NAME=dkimpy-milter
@@ -67,14 +67,14 @@
fi
fi
fi
-
- start-stop-daemon --start --quiet --pidfile $RUNDIR/$NAME.pid --startas \
- $DAEMON $sysconfdir/$NAME.conf --name $NAME --test > /dev/null \
+ start-stop-daemon --start --background --quiet --pidfile \
+ $RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
if [ -f $RUNDIR/$NAME.pid ]; then
+ chown root:root $RUNDIR/$NAME.pid
start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid
rm $RUNDIR/$NAME.pid
#echo $SOCKET
@@ -87,6 +87,7 @@
force-reload)
echo -n "Force reloading $DESC: "
if [ -f $RUNDIR/$NAME.pid ]; then
+ chown root:root $RUNDIR/$NAME.pid
start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid
rm $RUNDIR/$NAME.pid
#echo $SOCKET
@@ -95,7 +96,7 @@
fi
fi
sleep 1
- start-stop-daemon --start --chuid $USER --background --quiet --pidfile \
+ start-stop-daemon --start --background --quiet --pidfile \
$RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
echo "$NAME."
;;
@@ -103,6 +104,7 @@
echo "Restarting $DESC: "
echo -n "Stopping $DESC: "
if [ -f $RUNDIR/$NAME.pid ]; then
+ chown root:root $RUNDIR/$NAME.pid
start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid
rm $RUNDIR/$NAME.pid
#echo $SOCKET
@@ -113,7 +115,7 @@
echo "$NAME."
sleep 1
echo -n "Starting $DESC: "
- start-stop-daemon --start --chuid $USER --background --quiet --pidfile \
+ start-stop-daemon --start --background --quiet --pidfile \
$RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
echo "$NAME."
;;
--- End Message ---