[packages/exim] - rel 6; DKIM verification fixes
arekm
arekm at pld-linux.org
Wed Dec 2 09:23:44 CET 2015
commit 8ba7f6116fc8170d36649e3deb462e44c2b3ad29
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed Dec 2 09:23:38 2015 +0100
- rel 6; DKIM verification fixes
exim-dkim.patch | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
exim.spec | 5 ++-
2 files changed, 140 insertions(+), 2 deletions(-)
---
diff --git a/exim.spec b/exim.spec
index 09cc6b9..878bdcb 100644
--- a/exim.spec
+++ b/exim.spec
@@ -21,7 +21,7 @@ Summary(pl.UTF-8): Agent Transferu Poczty Uniwersytetu w Cambridge
Summary(pt_BR.UTF-8): Servidor de correio eletrônico exim
Name: exim
Version: 4.86
-Release: 5
+Release: 6
Epoch: 2
License: GPL
Group: Networking/Daemons/SMTP
@@ -54,7 +54,7 @@ Patch3: exim-defs.patch
Patch4: %{name}4-Makefile-Default.patch
# http://marc.merlins.org/linux/exim/files/sa-exim-cvs/localscan_dlopen_exim_4.20_or_better.patch
Patch5: localscan_dlopen_%{name}_4.20_or_better.patch
-
+Patch6: exim-dkim.patch
Patch8: %{name}-spam-timeout.patch
Patch10: %{name}-force-sigalrm.patch
@@ -175,6 +175,7 @@ Pliki nagłówkowe dla Exima.
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p2
%patch8 -p1
%patch10 -p1
diff --git a/exim-dkim.patch b/exim-dkim.patch
new file mode 100644
index 0000000..0dcdbea
--- /dev/null
+++ b/exim-dkim.patch
@@ -0,0 +1,137 @@
+commit 6a11a9e618a72b8d96aecb2ad9aa300b98f8d991
+Author: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Sun Nov 29 01:12:38 2015 +0000
+
+ DKIM: relaxed body canonicalisation should ignore whitespace at EOL
+ and empty lines at EOM. Bug 1721
+
+diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
+index cd79521..de774a2 100644
+--- a/src/src/pdkim/pdkim.c
++++ b/src/src/pdkim/pdkim.c
+@@ -596,7 +596,7 @@ pdkim_signature *pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) {
+ pdkim_strtrim(cur_val);
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream)
+- fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str);
++ fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str);
+ #endif
+ switch (cur_tag->str[0]) {
+ case 'b':
+@@ -674,7 +674,7 @@ pdkim_signature *pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) {
+ default:
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream)
+- fprintf(ctx->debug_stream, "Unknown tag encountered\n");
++ fprintf(ctx->debug_stream, " Unknown tag encountered\n");
+ #endif
+ break;
+ }
+@@ -799,7 +799,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) {
+ pdkim_strtrim(cur_val);
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream)
+- fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str);
++ fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str);
+ #endif
+ switch (cur_tag->str[0]) {
+ case 'v':
+@@ -833,7 +833,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) {
+ default:
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream)
+- fprintf(ctx->debug_stream, "Unknown tag encountered\n");
++ fprintf(ctx->debug_stream, " Unknown tag encountered\n");
+ #endif
+ break;
+ }
+@@ -925,7 +925,7 @@ int pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len) {
+ sig->signed_body_bytes += canon_len;
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream!=NULL)
+- pdkim_quoteprint(ctx->debug_stream,canon_data,canon_len,0);
++ pdkim_quoteprint(ctx->debug_stream,canon_data,canon_len,1);
+ #endif
+ }
+
+@@ -1037,6 +1037,23 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) {
+ goto BAIL;
+ }
+
++ if ( ctx->sig
++ && ctx->sig->canon_body == PDKIM_CANON_RELAXED) {
++ /* Lines with just spaces need to be buffered too */
++ char *check = p;
++ while(memcmp(check,"\r\n",2) != 0) {
++ char c = *check;
++
++ if (c != '\t' && c != ' ')
++ goto PROCESS;
++ check++;
++ }
++
++ ctx->num_buffered_crlf++;
++ goto BAIL;
++ }
++
++ PROCESS:
+ /* At this point, we have a non-empty line, so release the buffered ones. */
+ while (ctx->num_buffered_crlf) {
+ pdkim_update_bodyhash(ctx,"\r\n",2);
+@@ -1699,7 +1716,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu
+ if (ctx->debug_stream) {
+ fprintf(ctx->debug_stream,
+ "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
+- fprintf(ctx->debug_stream,"Raw record: ");
++ fprintf(ctx->debug_stream," Raw record: ");
+ pdkim_quoteprint(ctx->debug_stream, dns_txt_reply, strlen(dns_txt_reply), 1);
+ }
+ #endif
+@@ -1710,7 +1727,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu
+ sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_PARSING;
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream) {
+- fprintf(ctx->debug_stream,"Error while parsing public key record\n");
++ fprintf(ctx->debug_stream," Error while parsing public key record\n");
+ fprintf(ctx->debug_stream,
+ "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ }
+
+commit 9042106b5116fcc621e1c720460a42896011c1cd
+Author: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Sun Nov 29 01:36:06 2015 +0000
+
+ DKIM: fix relaxed body verify for a newline-only body. Bug 963
+
+diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
+index 99948ff..94328f7 100644
+--- a/src/src/pdkim/pdkim.c
++++ b/src/src/pdkim/pdkim.c
+@@ -987,11 +987,11 @@ int pdkim_finish_bodyhash(pdkim_ctx *ctx) {
+ else {
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream) {
+- fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n",
+- sig->domain);
+ fprintf(ctx->debug_stream, "PDKIM [%s] bh signature: ", sig->domain);
+ pdkim_hexprint(ctx->debug_stream, sig->bodyhash,
+ (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32,1);
++ fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n",
++ sig->domain);
+ }
+ #endif
+ sig->verify_status = PDKIM_VERIFY_FAIL;
+@@ -1022,6 +1022,12 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) {
+ if (ctx->input_mode == PDKIM_INPUT_SMTP) {
+ /* Terminate on EOD marker */
+ if (memcmp(p,".\r\n",3) == 0) {
++ /* In simple body mode, if any empty lines were buffered,
++ replace with one. rfc 4871 3.4.3 */
++ if (ctx->sig && ctx->sig->canon_body == PDKIM_CANON_SIMPLE
++ && ctx->num_buffered_crlf > 0)
++ pdkim_update_bodyhash(ctx,"\r\n",2);
++
+ ctx->seen_eod = 1;
+ goto BAIL;
+ }
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/exim.git/commitdiff/8ba7f6116fc8170d36649e3deb462e44c2b3ad29
More information about the pld-cvs-commit
mailing list