--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package dkimpy-milter/1.0.2-1
- From: Scott Kitterman <debian@kitterman.com>
- Date: Wed, 15 Jan 2020 08:59:14 -0500
- Message-id: <157909675446.300.12641278261709963765.reportbug@l5580.kitterman.com>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Note: This is very similar to a pu request I filed for spf-engine
because the same idiot upstream (me) made just about the same mistake in
two projects.
After the last stable update, a serious problem with using Unix sockets
was reported upstream by a Debian user in spf-engine (pyspf-milter) and
ixed in version 2.9.2. Approximately the same issue applies to
dkimpy-milter. The proposed update makes it so Unix sockets work. There
are also some minor log message improvements. Being limited to TCP
sockets is a substantial limitation for a milter application.
The fix has been tested on buster prior to upstream release and no
significant issues have come up in the two months since it was released.
This change will not affect TCP socket users and makes Unix sockets
working vice not working, so the regression risk is negligible.
Scott K
diff -Nru dkimpy-milter-1.0.2/CHANGES dkimpy-milter-1.0.3/CHANGES
--- dkimpy-milter-1.0.2/CHANGES 2019-10-07 00:12:30.000000000 -0400
+++ dkimpy-milter-1.0.3/CHANGES 2019-11-22 20:37:23.000000000 -0500
@@ -1,3 +1,10 @@
+1.0.3 2019-11-22
+ - Make error logging more explicit to aid debugging
+ - Delete own_socketfile to resolve race condition where the permissions
+ change fails on a Unix socket because it hasn't been created yet (libmilter
+ will do this correctly on its own based on umask, the milter doesn't need
+ to do it) (LP: #1849712)
+
1.0.2 2019-10-07
- Fix startup logging so it provides information at a useful time
- Fix message extraction so that signing in the same pass through the milter
diff -Nru dkimpy-milter-1.0.2/debian/changelog dkimpy-milter-1.0.3/debian/changelog
--- dkimpy-milter-1.0.2/debian/changelog 2019-10-07 00:31:48.000000000 -0400
+++ dkimpy-milter-1.0.3/debian/changelog 2020-01-15 08:43:45.000000000 -0500
@@ -1,3 +1,16 @@
+dkimpy-milter (1.0.3-1) buster; urgency=medium
+
+ * New upstream release:
+ * Fix priviledge managment at startup so Unix sockets work:
+ Milter: Move drop_privileges before Milter.runmilter and delete
+ own_socketfile so that the milter interface runs as the correct user
+ without race conditions about changing ownership of the socket file when
+ it hasn't been created yet (When the milter is started, it will create the
+ socket based on uMask, so we don't need to manually change it)
+ * Improve error log messages to aid troublshooting
+
+ -- Scott Kitterman <scott@kitterman.com> Wed, 15 Jan 2020 08:43:45 -0500
+
dkimpy-milter (1.0.2-1) buster; urgency=medium
* New upstream release
diff -Nru dkimpy-milter-1.0.2/dkimpy_milter/__init__.py dkimpy-milter-1.0.3/dkimpy_milter/__init__.py
--- dkimpy-milter-1.0.2/dkimpy_milter/__init__.py 2019-10-06 23:49:01.000000000 -0400
+++ dkimpy-milter-1.0.3/dkimpy_milter/__init__.py 2019-11-22 20:36:30.000000000 -0500
@@ -36,7 +36,6 @@
from dkimpy_milter.util import setExceptHook
from dkimpy_milter.util import write_pid
from dkimpy_milter.util import read_keyfile
-from dkimpy_milter.util import own_socketfile
from dkimpy_milter.util import fold
__version__ = "1.0.1"
@@ -285,7 +284,7 @@
except Exception as x:
self.dkim_comment = str(x)
if milterconfig.get('Syslog'):
- syslog.syslog("check_dkim: {0}".format(x))
+ syslog.syslog("check_dkim: Internal program fault while verifying: {0}".format(x))
try:
self.header_i = d.signature_fields.get(b'i')
except TypeError as x:
@@ -296,7 +295,7 @@
except Exception as x:
self.dkim_comment = str(x)
if milterconfig.get('Syslog'):
- syslog.syslog("check_dkim: {0}".format(x))
+ syslog.syslog("check_dkim: Internal proram fuault extracting header a or d: {0}".format(x))
self.header_d = None
if not self.header_a:
self.header_a = 'rsa-sha256'
@@ -371,7 +370,6 @@
Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS)
miltername = 'dkimpy-filter'
socketname = milterconfig.get('Socket')
- own_socketfile(milterconfig)
drop_privileges(milterconfig)
sys.stdout.flush()
if milterconfig.get('Syslog'):
diff -Nru dkimpy-milter-1.0.2/dkimpy_milter/util.py dkimpy-milter-1.0.3/dkimpy_milter/util.py
--- dkimpy-milter-1.0.2/dkimpy_milter/util.py 2019-10-06 23:49:01.000000000 -0400
+++ dkimpy-milter-1.0.3/dkimpy_milter/util.py 2019-11-22 20:36:30.000000000 -0500
@@ -146,16 +146,6 @@
return pid
-def own_socketfile(milterconfig):
- """If socket is Unix socket, chown to UserID before dropping privileges"""
- import os
- user, group = user_group(milterconfig.get('UserID'))
- if milterconfig.get('Socket')[:1] == '/':
- os.chown(milterconfig.get('Socket')[1:], user, group)
- if milterconfig.get('Socket')[:6] == "local:":
- os.chown(milterconfig.get('Socket')[6:], user, group)
-
-
def read_keyfile(milterconfig, keytype):
"""Read private key from file."""
import syslog
diff -Nru dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO dkimpy-milter-1.0.3/dkimpy_milter.egg-info/PKG-INFO
--- dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO 2019-10-07 00:14:32.000000000 -0400
+++ dkimpy-milter-1.0.3/dkimpy_milter.egg-info/PKG-INFO 2019-11-22 20:42:41.000000000 -0500
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: dkimpy-milter
-Version: 1.0.2
+Version: 1.0.3
Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail.
Home-page: https://launchpad.net/dkimpy-milter
Author: Scott Kitterman
diff -Nru dkimpy-milter-1.0.2/PKG-INFO dkimpy-milter-1.0.3/PKG-INFO
--- dkimpy-milter-1.0.2/PKG-INFO 2019-10-07 00:14:32.000000000 -0400
+++ dkimpy-milter-1.0.3/PKG-INFO 2019-11-22 20:42:41.000000000 -0500
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: dkimpy-milter
-Version: 1.0.2
+Version: 1.0.3
Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail.
Home-page: https://launchpad.net/dkimpy-milter
Author: Scott Kitterman
diff -Nru dkimpy-milter-1.0.2/setup.py dkimpy-milter-1.0.3/setup.py
--- dkimpy-milter-1.0.2/setup.py 2019-10-07 00:11:42.000000000 -0400
+++ dkimpy-milter-1.0.3/setup.py 2019-11-22 20:42:32.000000000 -0500
@@ -30,7 +30,7 @@
setup(
name='dkimpy-milter',
- version='1.0.2',
+ version='1.0.3',
author='Scott Kitterman',
author_email='scott@kitterman.com',
url='https://launchpad.net/dkimpy-milter',
--- End Message ---