Dear maintainers,
I have decided that I won’t be spending time on this bug in the future.
Please close if it is appropriate to do so.
Thank you,
--
David
Chris Hofstaedtler:
> Hi David,
>
> On Sun, Jan 28, 2024 at 01:44:34PM +0100, David Bürgin wrote:
> > Hello Chris,
> >
> > the deprecation notice was included only with the last stable release.
> > I think it would be nice to keep the file for another release
Hello Markus,
> i just got this:
> Dec 27 15:14:01 mitschnet-neu opendkim[77553]: E9121540408: DKIM
> verification successful
> Dec 27 15:14:01 mitschnet-neu opendkim[77553]: E9121540408: s=20230601
> d=gmail.com a=rsa-sha256 SSL
>
> when receiving an email.
Good, this means that communication
Forwarded Message
Subject: Re: Bug#1059520: opendkim: Crashes when postfix accesses opendkim.sock
Date: Wed, 27 Dec 2023 16:44:16 +0100
From: Markus Mitsch
To: David Bürgin
Hi David,
The output of:
---> ls -al /var/run/opendkim
drwxr-x--- 2 opendkim opendkim 80 Dec 27 15
What’s the output of:
ls -al /var/run/opendkim
groups postfix | grep opendkim
postconf | grep smtpd_milters
Is postfix running in a chroot? See master.cf.
Here are settings that work:
/etc/opendkim.conf:
UserID opendkim
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendmarc":
* Package name : opendmarc
Version : 1.4.2-4
Upstream contact : The Trusted Domain Project
* URL : http://www.trusteddomain.org/opendmarc
*
Control: tags -1 - moreinfo
Hello Tobi,
> A question to that: Can you elaborate a bit on the testing you have
> done to verify that this patch indeed fixes the vulnerability?
> (Asking, becasue unfortunatly there is not lot of information available
> e.g from the upstream issue and upstream
debian.net/package/opendkim/
Alternatively, you can download the package with 'dget' using this command:
dget -x
https://mentors.debian.net/debian/pool/main/o/opendkim/opendkim_2.11.0~beta2-9.dsc
Changes since the last upload:
opendkim (2.11.0~beta2-9) unstable; urgency=medium
.
[ Da
Salut Sébastien,
my apologies, I had forgotten that you wouldn’t get a notification.
Looking at the systemd documentation in systemd.exec(5) I see that for
most settings I added, there is a phrase saying ‘… NoNewPrivileges=yes
is implied’. That would be a problem for the opendmarc service.
For
Control: retitle -1 opendmarc: no longer able to send email reports due to
sandboxing
I was worried something like this would come up … Can you try removing
the setting
RestrictSUIDSGID=yes
in the systemd service file (‘sudo systemctl edit --full opendmarc’)?
If this doesn’t work can you try
he package with 'dget' using this command:
dget -x
https://mentors.debian.net/debian/pool/main/o/opendmarc/opendmarc_1.4.2-3.dsc
Changes since the last upload:
opendmarc (1.4.2-3) unstable; urgency=medium
.
[ David Bürgin ]
* debian/patches: Add missing upstream bug metadata, add n
I’ve proposed a stable update in #1033591.
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "openarc":
* Package name : openarc
Version : 1.0.0~beta3+dfsg-1~exp4
Upstream contact : The Trusted Domain Project
* URL :
Control: tags -1 upstream
Rob Leslie:
> Package: opendkim
> Version: 2.11.0~beta2-4
> Severity: important
>
> Dear Maintainer,
>
> I have been unable to use opendkim with an sqlite3 data source.
>
> According to the OpenDBX documentation[1], the sqlite backend uses the
> host information to
Hello Thomas,
Thomas Dettbarn:
> Package: sponsorship-requests
> Severity: wishlist
>
> Dear mentors,
>
> I am still looking for a sponsor for my package "d11amp":
> They are an elusive bunch, aren't they?
> So, this week, I am trying the SPAMMING approach. ;)
I am not a sponsor, but this kind
debian.net/package/opendkim/
Alternatively, you can download the package with 'dget' using this command:
dget -x
https://mentors.debian.net/debian/pool/main/o/opendkim/opendkim_2.11.0~beta2-8.dsc
Changes since the last upload:
opendkim (2.11.0~beta2-8) unstable; urgency=medium
.
[ Da
Hello Martin,
thank you for the patches.
Martin Grimm:
> Building opendkim with --with-gnutls disables support for ed25519, so I've
> taken a closer look at the problematic code and found the culprit code.
>
> The error comes from the call to the openssl function RSA_sign in
>
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "openarc":
* Package name : openarc
Version : 1.0.0~beta3+dfsg-1~exp3
Upstream contact : The Trusted Domain Project
* URL :
Patrik Schindler:
> Each and every time, Opendkim wakes up by work from Postfix, it creates
> a log entry:
>
> key data is not secure: .private is in group 133 which has multiple
> users (e.g., "postfix")
>
> This issue has been existing since 2015 (when I added DKIM to my mailflow) and
> the
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendmarc":
* Package name: opendmarc
Version : 1.4.2-2
Upstream Author : The Trusted Domain Project
* URL : http://www.trusteddomain.org/opendmarc
* License
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim":
* Package name: opendkim
Version : 2.11.0~beta2-7
Upstream Author : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License :
Jan Korbel:
> Package: opendkim
> Version: 2.11.0~beta2-4
>
> Debian stable (11.3) i386 with 5.10.0-15-cloud-amd64 kernel.
>
> Hello.
>
> We have some crashes of opendkim.
>
> In unstable changelog i found:
>
> opendkim (2.11.0~beta2-5) unstable; urgency=medium
> * Add new patches:
> -
Note that the current version in bullseye is 1.4.0~beta1+dfsg-6+deb11u1,
where this bug has been patched.
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "openarc":
* Package name: openarc
Version : 1.0.0~beta3+dfsg-1~exp2
Upstream Author : The Trusted Domain Project
* URL :
Robert Siemer:
> Without libunbound it works. – Problem solved? :-o
You decide. Well, I don’t think there’s much we can do in opendkim.
You could ask the unbound maintainers. It might be expected behaviour on
some unusual OS’es …? But I don’t know.
Robert Siemer:
> Opendkim does not run.
>
> # opendkim -f
> [1642532480] libunbound[837:0] error: nettle random(yarrow) cannot
> initialize, getentropy failed: Function not implemented
> opendkim: can't configure DKIM library: failed to initialize resolver
>
> I even recompiled from source deb,
Adam D. Barratt:
> Control: tags -1 + confirmed
>
> On Thu, 2021-11-04 at 10:01 +0100, David Bürgin wrote:
>> Since releasing the opendmarc version in Debian bullseye, two
>> important
>> issues affecting it have been reported upstream.
>>
>> [ Impact ]
>
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendmarc":
* Package name: opendmarc
Version : 1.4.0~beta1+dfsg-6+deb11u1
Upstream Author : The Trusted Domain Project
* URL :
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim":
* Package name: opendkim
Version : 2.11.0~beta2-6
Upstream Author : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License :
Control: severity -1 normal
> OpenDKIM igores IPv6 nets for InternalHosts file.
> For example, specifying 2001:0DB8::/32 or
> 2001:0db8::::::/32
> while the sender has IP 2001:db8:3604:3::1:1210
> makes OpenDKIM to skip signing with the message:
>
"ticket193.patch" (Closes: #995694):
+- Remove unexplained diff that breaks opendmarc-import
+ * Add patch "arcseal-segfaults.patch" (Closes: #995703):
+- Fix segfaults, increase token max lengths in ARC-Seal headers
+
+ -- David Bürgin Wed, 03 Nov 2021 16:56:39 +0100
+
op
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendmarc":
* Package name: opendmarc
Version : 1.4.1.1-2
Upstream Author : The Trusted Domain Project
* URL : http://www.trusteddomain.org/opendmarc
*
Proposed fix here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996680
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for my package "libopendbx":
* Package name: libopendbx
Version : 1.4.6-16
Upstream Author : Norbert Sendetzky
* URL : http://www.linuxnetworks.de/doc/index.php/OpenDBX
*
tags -1 moreinfo
thanks
Searching the web for ‘Specified key was too long; max key length is 767
bytes’ produces various solutions and work-arounds. It seems to be a
popular question for MySQL database flavours.
I cannot reproduce this problem today on Debian bullseye. Tagging as
moreinfo and
Package: opendmarc
Version: 1.4.0~beta1+dfsg-6
Severity: important
OpenDMARC crashes when parsing certain ARC-Seal headers.
This bug was reported upstream. See:
https://github.com/trusteddomainproject/OpenDMARC/issues/183
In Debian, it is patched in 1.4.1.1-1.
However, we might want to update
Package: opendmarc
Version: 1.4.0~beta1+dfsg-6
Severity: important
In Debian’s opendmarc we maintain patch ticket193.patch.
It is not documented what this patch is supposed to address or why it
was added. Though parts of the patch make sense, other parts are
unclear. The ticket at the old issue
Hello,
the proper way of handling this is to create and edit a drop-in file
with ‘systemctl edit opendkim.service’, and add the following contents:
[Unit]
After=mariadb.service
I don’t know how we would do this automatically in opendkim, but I will
document it in the README for the next
dget using this command:
dget -x
https://mentors.debian.net/debian/pool/main/o/opendmarc/opendmarc_1.4.1.1-1.dsc
Changes since the last upload:
opendmarc (1.4.1.1-1) unstable; urgency=medium
.
[ David Bürgin ]
* New upstream release
- Refresh patches, delete patches incorporated upstream
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim":
* Package name: opendkim
Version : 2.11.0~beta2-5
Upstream Author : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License :
Package: sponsorship-requests
Severity: wishlist
Dear mentors,
I am looking for a sponsor for my package "openarc":
* Package name: openarc
Version : 1.0.0~beta3+dfsg-1~exp1
Upstream Author : The Trusted Domain Project
* URL :
Control: tags -1 wontfix
I fundamentally agree that a dedicated directory in /etc for some
software package is the right way. I disagree with doing that now, only
in Debian, only for the OpenDKIM package.
I think the way forward would be to propose the change to upstream, for
all of OpenDKIM,
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendmarc":
* Package name: opendmarc
Version : 1.4.0~beta1+dfsg-6
Upstream Author : The Trusted Domain Project
* URL : http://www.trusteddomain.org/opendmarc
: #990001)
+
+ -- David Bürgin Fri, 18 Jun 2021 09:37:57 +0200
+
opendmarc (1.4.0~beta1+dfsg-5) unstable; urgency=high
* Amend cve-2020-12272.patch to keep libopendmarc2 public ABI unchanged
diff -Nru opendmarc-1.4.0~beta1+dfsg/debian/patches/cve-2021-34555.patch opendmarc-1.4.0~beta1+dfsg
Adam Borowski:
On Wed, Jun 02, 2021 at 11:45:23AM +0200, David Bürgin wrote:
The release team have asked for a change
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989324
Can I upload a new package with version 1.4.0~beta1+dfsg-4 to mentors,
or do I have to use version 1.4.0~beta1+dfsg-5
: #977766, #977767):
+- CVE-2019-16378: Fix handling of multi-valued From headers
+- CVE-2019-20790: Validate incoming SPF headers
+- CVE-2020-12272: Check DKIM and SPF domain syntax
+
+ -- David Bürgin Sat, 29 May 2021 16:22:50 +0200
+
opendmarc (1.4.0~beta1+dfsg-3) unstable; urgency=high
Package: wnpp
Severity: wishlist
Owner: David Bürgin
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: openarc
Version : 1.0.0~beta3
Upstream Author : The Trusted Domain Project
* URL : https://github.com/trusteddomainproject/OpenARC
* License : BSD
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendmarc":
* Package name: opendmarc
Version : 1.4.0~beta1+dfsg-4
Upstream Author : The Trusted Domain Project
* URL : http://www.trusteddomain.org/opendmarc
This appears to have been fixed in
https://github.com/trusteddomainproject/OpenDMARC/commit/f3a9a9d4edfaa05102292727d021683f58aa4b6e,
could we get that in Bullseye?
This isn’t the only commit for CVE-2020-12272.
I have been preparing OpenDMARC 1.4.1.1 for bookworm in Salsa. I’m also
preparing
Hello Harald,
Harald Dunkel:
Would you mind to apply the patch to opendkim in Sid to increase
the chance it can make it into Bullseye? Of course I had verified
it on my MTA using a private backport of 2.11.0~beta2-4 to Buster.
We are now in hard freeze (for opendkim = full freeze). I don’t
reopen 977766
tags 977766 - wontfix
thanks
Upstream have changed their position and are preparing a fix.
Attempt to fix here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975353
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for my package "libopendbx":
* Package name: libopendbx
Version : 1.4.6-15
Upstream Author : Norbert Sendetzky
* URL : http://www.linuxnetworks.de/doc/index.php/OpenDBX
*
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim":
* Package name: opendkim
Version : 2.11.0~beta2-4
Upstream Author : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License :
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendmarc":
* Package name: opendmarc
Version : 1.4.0~beta1+dfsg-3
Upstream Author : The Trusted Domain Project
* URL : http://www.trusteddomain.org/opendmarc
Control: retitle -1 opendmarc: postinst script hangs during installation
Note to others: the bug report is in the text attachment. (I first
overlooked the attachment and thought the report was empty.)
This surprised me too, but it is apparently an explicit choice made by
upstream.
gpg-wks-client(1) man page:
> gpg-wks-client is not commonly invoked directly and thus it is not
> installed in the bin directory.
debian/gpg-wks-client.lintian-overrides:
> # these binaries are stored in
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendmarc"
* Package name: opendmarc
Version : 1.4.0~beta1+dfsg-2
Upstream Author : The Trusted Domain Project
* URL : http://www.trusteddomain.org/opendmarc
Control: tags -1 moreinfo
In the meantime the /var/run paths have been updated to /run. It’s not
clear to me if there is anything else left to do here, so tagging as
‘moreinfo’.
Control: severity -1 normal
Decreasing the severity to ‘normal’, as I understand this is a
configuration problem.
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim"
* Package name: opendkim
Version : 2.11.0~beta2-3
Upstream Author : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License :
The -f flag suppresses backgrounding, omit the flag to run opendmarc in
the background. Again, I don’t see any changes since the last version
that would affect this, it continues to work as before for me.
Your report is very terse, perhaps there is some frustration. But we
need a complete problem
What we need to solve this properly is an additional dbconfig schema
migration that cleanly updates the previous database schema to the new
one. The migration script would have to be patched in and installed to
/usr/share/dbconfig-common/data/opendmarc/upgrade/mysql/1.4.0~beta1+dfsg-1.
It must
Daemonization is controlled with the ‘-f’ command-line option or the
‘Background’ parameter in the configuration file. Nothing has changed in
this area since the last version, so not sure what the problem is.
new Github repository, use version 4
- Thanks to David Bürgin for the opendkim version that made it easy
* New upstream release
- Refresh patches
- Delete debian/patches/ticket137.patch, ticket146.patch, ticket153.patch,
and ticket203.patch: incorporated upstream
* Add Da
:
https://mentors.debian.net/package/libopendbx
Alternatively, one can download the package with dget using this command:
dget -x
https://mentors.debian.net/debian/pool/main/libo/libopendbx/libopendbx_1.4.6-14.dsc
Changes since the last upload:
[ David Bürgin ]
* QA upload.
* Remove un
Thank you for the feedback.
> Do we need both packages in Debian? If, as you say, spamass-milter is
> orphaned upstream, maybe we should work to replace it with this new
> package? I'm not sure how our users benefit from having both, and the
> choice will undoubtedly lead to confusion.
I don’t
Package: wnpp
Owner: David Bürgin
Severity: wishlist
* Package name: spamassassin-milter
Version : 0.1.0
Upstream Author : David Bürgin
* URL : https://gitlab.com/glts/spamassassin-milter
* License : GPL-3.0-or-later
Programming Lang: Rust
Description
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim"
* Package name: opendkim
Version : 2.11.0~beta2-2
Upstream Author : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License :
Did you install the build dependencies?
https://sources.debian.org/src/opendkim/2.11.0%7Ebeta2-1/debian/control/#L5-L8
strlcpy and strlcat are provided by libbsd.
Control: tags -1 pending
I plan to discourage use of /etc/default/opendkim, ie to mark it as
‘legacy config’ in a documentation-only fix. Editing
/etc/default/opendkim and then running
/lib/opendkim/opendkim.service.generate to generate systemd override
files will still be supported, but not
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim"
* Package name: opendkim
Version : 2.11.0~beta2-1
Upstream Author : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License :
severity 878007 wishlist
tags 878007 help
thanks
Running opendkim in a chroot is possible, but it is an advanced setup.
One cannot simply create a directory and configure it as
ChangeRootDirectory. opendkim expects all kinds of services to be
available in there such as syslog socket, random
tags 859705 moreinfo
thanks
I’m not sure how to reproduce this issue. jessie and stretch are
oldstable and oldoldstable now. A few things that could be suspicious:
APT reporting ‘1 not fully installed or removed’; the message
‘invoke-rc.d: initscript opendkim, action "start" failed’, which points
tags 859067 unreproducible
thanks
OpenDKIM reports ‘key not found’ when no public key exists in DNS at its
specified location ._domainkey.. In my tests with
opendkim 2.11.0~alpha-11, the milter and opendkim-testmsg seem to agree
in their result when there is no key. We would need to see a sample
tags 944513 moreinfo
thanks
A web search for the OpenSSL error message produces a few results, eg:
https://sourceforge.net/p/opendkim/bugs/120/. Looks like a
configuration issue. The error message is not particularly helpful, but
that would be best directed upstream.
We would need more info on
retitle 810316 Allow easy use of /etc/resolv.conf
I agree that removing --with-unbound is an option.
However, I’d like to find out about tradeoffs before making such a
change. We need to make the right choice for most users.
The main advantage that --with-unbound brings, as far as I understand,
Tags: unreproducible
I cannot reproduce this with current stable version 2.11.0~alpha-12.
Setting ‘ResolverConfiguration /etc/unbound/unbound.conf’, with that
file containing an include of unbound.conf.d/*.conf seems to work
flawlessly now.
Cheers,
--
David
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim"
* Package name: opendkim
Version : 2.11.0~alpha-14
Upstream Author : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License :
, efficient, and
scalable Mail Transport Agent (metapackage)
Resent-Date: Wed, 18 Dec 2019 15:51:01 +
Resent-From: David Bürgin
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: Debian Mentors
Date: Wed, 18 Dec 2019 16:47:29 +0100
From: David Bürgin
Reply-To: David Bürgin , 946
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for a QA upload for package "sendmail"
* Package name: sendmail
Version : 8.15.2-16
Upstream Author : Sendmail, Inc.
* URL : http://www.sendmail.org
* License :
with dget using this command:
dget -x
https://mentors.debian.net/debian/pool/main/o/opendkim/opendkim_2.11.0~alpha-13.dsc
Changes since the last upload:
* miltertest: Fix broken mt.data() function (Closes: #946386)
* Set maintainer to David Bürgin, who intends to adopt the package
I inten
Hello Felix,
On Sat, Dec 14, 2019 at 03:23:32AM -0800, Felix Lechner wrote:
> I worked on this package before the buster freeze, but don't actually
> use it anymore. (Exim has built-in support for DKIM.) Are you
> interested in taking over maintenance?
indeed I am! I still use OpenDKIM with
Hello Felix,
I have opened Debian bug #946386 with a patch that I would like to get
into Debian.
You are the prospective maintainer of opendkim, is that right? How can I
help you with integrating the patch? It would be good to have a status
update on your adoption and maintenance plans for
Package: opendkim-tools
Version: 2.11.0~alpha-12
The MT_SMTPREPLY case in mt_eom_check prints two possibly-NULL char
pointers via format string %s. This triggers undefined behaviour. On my
machine, these pointers are printed as the string ‘(null)’. In any case
this distorts the test result.
The
Package: opendkim-tools
Version: 2.11.0~alpha-12
The implementation of mt.data() is broken. The state management uses the
wrong constants, thereby causing any use of mt.data() to time out:
miltertest: select(): timeout on fd 3
The fix is straightforward. Align the mistaken use of STATE_*
Below is a first sketch for a patch (= works for me).
I’ve tried to solve it with an additional patch in debian/patches. The
library path, and the library name, description, and version are still
hard-coded in milter.pc, they would need to be substituted in from
somewhere. Perhaps it would be
Correction: the version in milter.pc should rather be the milter library
version 1.0.1, not the sendmail version 8.15.2.
signature.asc
Description: PGP signature
I will need help with this. I’m not familiar with Debian packaging, nor
with the technologies used to build the libmilter package.
I think a simple milter.pc file would look something like the following:
prefix=/usr
Package: libmilter-dev
Version: 8.15.2-15
The libmilter-dev package does not include a pkg-config metadata file,
and so cannot be used out of the box with pkg-config.
$ pkg-config --libs milter
Package milter was not found in the pkg-config search path.
...
Often (usually?) library development
On 28/11/2019 14:00, Andreas Beckmann wrote:
> On 28/11/2019 13.39, David Bürgin wrote:
>> Given all this, I want to propose changing the log level of this message
>> to debug (SMI_LOG_DEBUG), guarded by ‘if (dbg > 0)’ as elsewhere.
>
> Your reasoning sounds plausible.
Package: libmilter-dev
Version: 8.15.2-15
Every time a milter exits a log message like the following appears in
syslog:
Nov 26 11:35:22 buster my_milter[13781]: my_milter: mi_stop=1
This message is logged at info level, but it looks like a debug message:
it refers to the internal function name
This is still a problem as of today, November 2018. Versions of all
components are up-to-date:
Postfix 3.3.0
SpamAssassin 3.4.2
spamass-milter 0.4.0-1
According to http://www.postfix.org/MILTER_README.html#workarounds, this
needs to be fixed in the milter implementation.
--
David
93 matches
Mail list logo
