Bug#948979: marked as done (buster-pu: package dkimpy-milter/1.0.2-1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#948979: marked as done (buster-pu: package dkimpy-milter/1.0.2-1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 08 Feb 2020 14:26:02 +0000
Message-id: <[🔎] handler.948979.D948979.158117172315203.ackdone@bugs.debian.org>
Reply-to: 948979@bugs.debian.org
References: <cf1cb2f35981916a86b98b83609df15c95aa378b.camel@adam-barratt.org.uk> <157909675446.300.12641278261709963765.reportbug@l5580.kitterman.com>

Your message dated Sat, 08 Feb 2020 14:21:36 +0000
with message-id <cf1cb2f35981916a86b98b83609df15c95aa378b.camel@adam-barratt.org.uk>
and subject line Closing requests included in 10.3 point release
has caused the Debian Bug report #948979,
regarding buster-pu: package dkimpy-milter/1.0.2-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
948979: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948979
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: buster-pu: package dkimpy-milter/1.0.2-1
From: Scott Kitterman <debian@kitterman.com>
Date: Wed, 15 Jan 2020 08:59:14 -0500
Message-id: <157909675446.300.12641278261709963765.reportbug@l5580.kitterman.com>

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Note: This is very similar to a pu request I filed for spf-engine
because the same idiot upstream (me) made just about the same mistake in
two projects.

After the last stable update, a serious problem with using Unix sockets
was reported upstream by a Debian user in spf-engine (pyspf-milter) and
ixed in version 2.9.2.  Approximately the same issue applies to
dkimpy-milter.  The proposed update makes it so Unix sockets work.  There
are also some minor log message improvements.  Being limited to TCP
sockets is a substantial limitation for a milter application.

The fix has been tested on buster prior to upstream release and no
significant issues have come up in the two months since it was released.

This change will not affect TCP socket users and makes Unix sockets
working vice not working, so the regression risk is negligible.

Scott K

diff -Nru dkimpy-milter-1.0.2/CHANGES dkimpy-milter-1.0.3/CHANGES
--- dkimpy-milter-1.0.2/CHANGES	2019-10-07 00:12:30.000000000 -0400
+++ dkimpy-milter-1.0.3/CHANGES	2019-11-22 20:37:23.000000000 -0500
@@ -1,3 +1,10 @@
+1.0.3 2019-11-22
+ - Make error logging more explicit to aid debugging
+ - Delete own_socketfile to resolve race condition where the permissions
+   change fails on a Unix socket because it hasn't been created yet (libmilter
+   will do this correctly on its own based on umask, the milter doesn't need
+   to do it) (LP: #1849712)
+
 1.0.2 2019-10-07
  - Fix startup logging so it provides information at a useful time
  - Fix message extraction so that signing in the same pass through the milter
diff -Nru dkimpy-milter-1.0.2/debian/changelog dkimpy-milter-1.0.3/debian/changelog
--- dkimpy-milter-1.0.2/debian/changelog	2019-10-07 00:31:48.000000000 -0400
+++ dkimpy-milter-1.0.3/debian/changelog	2020-01-15 08:43:45.000000000 -0500
@@ -1,3 +1,16 @@
+dkimpy-milter (1.0.3-1) buster; urgency=medium
+
+  * New upstream release:
+  * Fix priviledge managment at startup so Unix sockets work:
+    Milter: Move drop_privileges before Milter.runmilter and delete
+    own_socketfile so that the milter interface runs as the correct user
+    without race conditions about changing ownership of the socket file when
+    it hasn't been created yet (When the milter is started, it will create the
+    socket based on uMask, so we don't need to manually change it)
+  * Improve error log messages to aid troublshooting
+
+ -- Scott Kitterman <scott@kitterman.com>  Wed, 15 Jan 2020 08:43:45 -0500
+
 dkimpy-milter (1.0.2-1) buster; urgency=medium
 
   * New upstream release
diff -Nru dkimpy-milter-1.0.2/dkimpy_milter/__init__.py dkimpy-milter-1.0.3/dkimpy_milter/__init__.py
--- dkimpy-milter-1.0.2/dkimpy_milter/__init__.py	2019-10-06 23:49:01.000000000 -0400
+++ dkimpy-milter-1.0.3/dkimpy_milter/__init__.py	2019-11-22 20:36:30.000000000 -0500
@@ -36,7 +36,6 @@
 from dkimpy_milter.util import setExceptHook
 from dkimpy_milter.util import write_pid
 from dkimpy_milter.util import read_keyfile
-from dkimpy_milter.util import own_socketfile
 from dkimpy_milter.util import fold
 
 __version__ = "1.0.1"
@@ -285,7 +284,7 @@
             except Exception as x:
                 self.dkim_comment = str(x)
                 if milterconfig.get('Syslog'):
-                    syslog.syslog("check_dkim: {0}".format(x))
+                    syslog.syslog("check_dkim: Internal program fault while verifying: {0}".format(x))
             try:
                 self.header_i = d.signature_fields.get(b'i')
             except TypeError as x:
@@ -296,7 +295,7 @@
             except Exception as x:
                 self.dkim_comment = str(x)
                 if milterconfig.get('Syslog'):
-                    syslog.syslog("check_dkim: {0}".format(x))
+                    syslog.syslog("check_dkim: Internal proram fuault extracting header a or d: {0}".format(x))
                 self.header_d = None
             if not self.header_a:
                 self.header_a = 'rsa-sha256'
@@ -371,7 +370,6 @@
     Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS)
     miltername = 'dkimpy-filter'
     socketname = milterconfig.get('Socket')
-    own_socketfile(milterconfig)
     drop_privileges(milterconfig)
     sys.stdout.flush()
     if milterconfig.get('Syslog'):
diff -Nru dkimpy-milter-1.0.2/dkimpy_milter/util.py dkimpy-milter-1.0.3/dkimpy_milter/util.py
--- dkimpy-milter-1.0.2/dkimpy_milter/util.py	2019-10-06 23:49:01.000000000 -0400
+++ dkimpy-milter-1.0.3/dkimpy_milter/util.py	2019-11-22 20:36:30.000000000 -0500
@@ -146,16 +146,6 @@
     return pid
 
 
-def own_socketfile(milterconfig):
-    """If socket is Unix socket, chown to UserID before dropping privileges"""
-    import os
-    user, group = user_group(milterconfig.get('UserID'))
-    if milterconfig.get('Socket')[:1] == '/':
-        os.chown(milterconfig.get('Socket')[1:], user, group)
-    if milterconfig.get('Socket')[:6] == "local:":
-        os.chown(milterconfig.get('Socket')[6:], user, group)
-
-
 def read_keyfile(milterconfig, keytype):
     """Read private key from file."""
     import syslog
diff -Nru dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO dkimpy-milter-1.0.3/dkimpy_milter.egg-info/PKG-INFO
--- dkimpy-milter-1.0.2/dkimpy_milter.egg-info/PKG-INFO	2019-10-07 00:14:32.000000000 -0400
+++ dkimpy-milter-1.0.3/dkimpy_milter.egg-info/PKG-INFO	2019-11-22 20:42:41.000000000 -0500
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: dkimpy-milter
-Version: 1.0.2
+Version: 1.0.3
 Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail.
 Home-page: https://launchpad.net/dkimpy-milter
 Author: Scott Kitterman
diff -Nru dkimpy-milter-1.0.2/PKG-INFO dkimpy-milter-1.0.3/PKG-INFO
--- dkimpy-milter-1.0.2/PKG-INFO	2019-10-07 00:14:32.000000000 -0400
+++ dkimpy-milter-1.0.3/PKG-INFO	2019-11-22 20:42:41.000000000 -0500
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: dkimpy-milter
-Version: 1.0.2
+Version: 1.0.3
 Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail.
 Home-page: https://launchpad.net/dkimpy-milter
 Author: Scott Kitterman
diff -Nru dkimpy-milter-1.0.2/setup.py dkimpy-milter-1.0.3/setup.py
--- dkimpy-milter-1.0.2/setup.py	2019-10-07 00:11:42.000000000 -0400
+++ dkimpy-milter-1.0.3/setup.py	2019-11-22 20:42:32.000000000 -0500
@@ -30,7 +30,7 @@
 
 setup(
     name='dkimpy-milter',
-    version='1.0.2',
+    version='1.0.3',
     author='Scott Kitterman',
     author_email='scott@kitterman.com',
     url='https://launchpad.net/dkimpy-milter',

--- End Message ---

--- Begin Message ---

To: 939036-done@bugs.debian.org, 939802-done@bugs.debian.org, 940647-done@bugs.debian.org, 941365-done@bugs.debian.org, 941713-done@bugs.debian.org, 942575-done@bugs.debian.org, 944294-done@bugs.debian.org, 944348-done@bugs.debian.org, 944856-done@bugs.debian.org, 944865-done@bugs.debian.org, 945518-done@bugs.debian.org, 945845-done@bugs.debian.org, 945896-done@bugs.debian.org, 945925-done@bugs.debian.org, 945965-done@bugs.debian.org, 946032-done@bugs.debian.org, 946033-done@bugs.debian.org, 946083-done@bugs.debian.org, 946175-done@bugs.debian.org, 946184-done@bugs.debian.org, 946402-done@bugs.debian.org, 946557-done@bugs.debian.org, 946559-done@bugs.debian.org, 946651-done@bugs.debian.org, 946705-done@bugs.debian.org, 946819-done@bugs.debian.org, 946822-done@bugs.debian.org, 946831-done@bugs.debian.org, 946841-done@bugs.debian.org, 946864-done@bugs.debian.org, 946901-done@bugs.debian.org, 946960-done@bugs.debian.org, 947038-done@bugs.debian.org, 947125-done@bugs.debian.org, 947201-done@bugs.debian.org, 947254-done@bugs.debian.org, 947321-done@bugs.debian.org, 947331-done@bugs.debian.org, 947832-done@bugs.debian.org, 948104-done@bugs.debian.org, 948203-done@bugs.debian.org, 948205-done@bugs.debian.org, 948290-done@bugs.debian.org, 948363-done@bugs.debian.org, 948390-done@bugs.debian.org, 948400-done@bugs.debian.org, 948464-done@bugs.debian.org, 948472-done@bugs.debian.org, 948485-done@bugs.debian.org, 948544-done@bugs.debian.org, 948545-done@bugs.debian.org, 948550-done@bugs.debian.org, 948601-done@bugs.debian.org, 948609-done@bugs.debian.org, 948695-done@bugs.debian.org, 948796-done@bugs.debian.org, 948826-done@bugs.debian.org, 948850-done@bugs.debian.org, 948854-done@bugs.debian.org, 948857-done@bugs.debian.org, 948899-done@bugs.debian.org, 948904-done@bugs.debian.org, 948910-done@bugs.debian.org, 948979-done@bugs.debian.org, 948988-done@bugs.debian.org, 948991-done@bugs.debian.org, 949120-done@bugs.debian.org, 949121-done@bugs.debian.org, 949310-done@bugs.debian.org, 949541-done@bugs.debian.org, 949704-done@bugs.debian.org, 949728-done@bugs.debian.org, 949842-done@bugs.debian.org, 949852-done@bugs.debian.org, 949895-done@bugs.debian.org, 949898-done@bugs.debian.org, 949899-done@bugs.debian.org, 949904-done@bugs.debian.org, 949906-done@bugs.debian.org, 949908-done@bugs.debian.org, 949957-done@bugs.debian.org, 950018-done@bugs.debian.org, 950139-done@bugs.debian.org, 950166-done@bugs.debian.org, 950257-done@bugs.debian.org, 950272-done@bugs.debian.org, 950280-done@bugs.debian.org, 950369-done@bugs.debian.org, 950466-done@bugs.debian.org

Subject: Closing requests included in 10.3 point release

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 08 Feb 2020 14:21:36 +0000

Message-id: <cf1cb2f35981916a86b98b83609df15c95aa378b.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 10.3

Hi,

Each of the uploads referred to by these bugs was included in today's
stable point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#948904: marked as done (buster-pu: package spf-engine/2.9.1-0+deb10u1)
Next by Date: Bug#949120: marked as done (buster-pu: package quassel/1:0.13.1-1)
Previous by thread: Bug#948904: marked as done (buster-pu: package spf-engine/2.9.1-0+deb10u1)
Next by thread: Bug#949120: marked as done (buster-pu: package quassel/1:0.13.1-1)
Index(es):
- Date
- Thread