Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
After the last stable update, a serious problem with using Unix sockets was reported upstream by a Debian user and fixed in version 2.9.2. The proposed update makes it so Unix sockets work. There are also some minor documentation improvements. Being limited to TCP sockets is a substantial limitation for a milter application. The fix has been tested on buster prior to upstream release and no significant issues have come up in the two months since it was released. This change will not affect TCP socket users and makes Unix sockets working vice not working, so the regression risk is negligible. Scott K
diff -Nru spf-engine-2.9.1/CHANGES spf-engine-2.9.2/CHANGES --- spf-engine-2.9.1/CHANGES 2019-10-06 20:31:00.000000000 -0400 +++ spf-engine-2.9.2/CHANGES 2019-11-22 19:01:08.000000000 -0500 @@ -4,6 +4,16 @@ # ! = Changed something significant, or removed a feature # * = Fixed a bug, or made a minor improvement +--- 2.9.2 (1019-11-22) + * Add mention in policyd-spf.conf (5) in the TestOnly entry that to get both + TestOnly behavior and no header field appended, Header_Type = None also + needs to be set (LP: #1849994) + * Milter: Move drop_privileges before Milter.runmilter and delete + own_socketfile so that the milter interface runs as the correct user + without race conditions about changing ownership of the socket file when + it hasn't been created yet (When the milter is started, it will create the + socket based on uMask, so we don't need to manually change it) + --- 2.9.1 (2019-10-06) * Use /run instead of /var/run * Fix-up sysv init so it works diff -Nru spf-engine-2.9.1/debian/changelog spf-engine-2.9.2/debian/changelog --- spf-engine-2.9.1/debian/changelog 2019-10-14 19:04:55.000000000 -0400 +++ spf-engine-2.9.2/debian/changelog 2020-01-14 11:41:17.000000000 -0500 @@ -1,3 +1,19 @@ +spf-engine (2.9.2-0+deb10u1) buster; urgency=medium + + * New upstream bugfix release: + * Improve documentation based on user feedbacK: + Add mention in policyd-spf.conf (5) in the TestOnly entry that to get both + TestOnly behavior and no header field appended, Header_Type = None also + needs to be set (LP: #1849994) + * Fix priviledge managment at startup so Unix sockets work: + Milter: Move drop_privileges before Milter.runmilter and delete + own_socketfile so that the milter interface runs as the correct user + without race conditions about changing ownership of the socket file when + it hasn't been created yet (When the milter is started, it will create the + socket based on uMask, so we don't need to manually change it) + + -- Scott Kitterman <sc...@kitterman.com> Tue, 14 Jan 2020 11:41:17 -0500 + spf-engine (2.9.1-0+deb10u1) buster; urgency=medium * New upstream bugfix release diff -Nru spf-engine-2.9.1/PKG-INFO spf-engine-2.9.2/PKG-INFO --- spf-engine-2.9.1/PKG-INFO 2019-10-06 20:31:42.000000000 -0400 +++ spf-engine-2.9.2/PKG-INFO 2019-11-22 19:01:59.000000000 -0500 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: spf-engine -Version: 2.9.1 +Version: 2.9.2 Summary: SPF processing for Postfix (and Sendmail) Home-page: https://launchpad.net/spf-engine Author: Scott Kitterman diff -Nru spf-engine-2.9.1/policyd-spf.conf.5 spf-engine-2.9.2/policyd-spf.conf.5 --- spf-engine-2.9.1/policyd-spf.conf.5 2019-02-07 21:09:08.000000000 -0500 +++ spf-engine-2.9.2/policyd-spf.conf.5 2019-10-26 21:08:05.000000000 -0400 @@ -212,7 +212,8 @@ The policy server can operate in a test only mode. This allows you to see the potential impact of SPF checking in your mail logs without rejecting mail. Headers are prepended in messages, but message delivery is not affected. This -mode is not enabled by default. To enable it, set TestOnly = 0. +mode is not enabled by default. To enable it, set TestOnly = 0. If you want +test operation with no header added, also set Header_Type = None. Note: This option was previously named defaultSeedOnly. This is still accepted, but logs an error. diff -Nru spf-engine-2.9.1/setup.py spf-engine-2.9.2/setup.py --- spf-engine-2.9.1/setup.py 2019-02-01 21:29:44.000000000 -0500 +++ spf-engine-2.9.2/setup.py 2019-10-26 21:15:11.000000000 -0400 @@ -5,7 +5,7 @@ DESC = """SPF (Sender Policy Framework) processing engine for Postfix policy server and Milter implemented in Python.""" setup(name='spf-engine', - version='2.9.1', + version='2.9.2', description='SPF processing for Postfix (and Sendmail)', long_description=DESC, author='Scott Kitterman', diff -Nru spf-engine-2.9.1/spf_engine/milter_spf.py spf-engine-2.9.2/spf_engine/milter_spf.py --- spf-engine-2.9.1/spf_engine/milter_spf.py 2019-02-01 21:30:24.000000000 -0500 +++ spf-engine-2.9.2/spf_engine/milter_spf.py 2019-10-26 21:15:59.000000000 -0400 @@ -40,7 +40,7 @@ from spf_engine.util import own_socketfile from spf_engine.util import fold -__version__ = "2.9.1" +__version__ = "2.9.2" FWS = re.compile(r'\r?\n[ \t]+') @@ -231,9 +231,8 @@ syslog.syslog('pyspf-milter started:{0} user:{1}' .format(pid, milterconfig.get('UserID'))) sys.stdout.flush() - Milter.runmilter(miltername, socketname, 240) - own_socketfile(milterconfig) drop_privileges(milterconfig) + Milter.runmilter(miltername, socketname, 240) if __name__ == "__main__": main() diff -Nru spf-engine-2.9.1/spf_engine/policyd_spf.py spf-engine-2.9.2/spf_engine/policyd_spf.py --- spf-engine-2.9.1/spf_engine/policyd_spf.py 2019-02-01 21:30:04.000000000 -0500 +++ spf-engine-2.9.2/spf_engine/policyd_spf.py 2019-10-26 21:15:38.000000000 -0400 @@ -24,7 +24,7 @@ ''' def main(): - __version__ = "2.9.1" + __version__ = "2.9.2" import syslog import os diff -Nru spf-engine-2.9.1/spf_engine/util.py spf-engine-2.9.2/spf_engine/util.py --- spf-engine-2.9.1/spf_engine/util.py 2019-02-01 13:22:20.000000000 -0500 +++ spf-engine-2.9.2/spf_engine/util.py 2019-10-26 21:14:23.000000000 -0400 @@ -124,13 +124,3 @@ return pid -def own_socketfile(milterconfig): - """If socket is Unix socket, chown to UserID before dropping privileges""" - import os - user, group = user_group(milterconfig.get('UserID')) - if milterconfig.get('Socket')[:1] == '/': - os.chown(milterconfig.get('Socket')[1:], user, group) - if milterconfig.get('Socket')[:6] == "local:": - os.chown(milterconfig.get('Socket')[6:], user, group) - - diff -Nru spf-engine-2.9.1/spf_engine.egg-info/PKG-INFO spf-engine-2.9.2/spf_engine.egg-info/PKG-INFO --- spf-engine-2.9.1/spf_engine.egg-info/PKG-INFO 2019-10-06 20:31:42.000000000 -0400 +++ spf-engine-2.9.2/spf_engine.egg-info/PKG-INFO 2019-11-22 19:01:59.000000000 -0500 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: spf-engine -Version: 2.9.1 +Version: 2.9.2 Summary: SPF processing for Postfix (and Sendmail) Home-page: https://launchpad.net/spf-engine Author: Scott Kitterman
