Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-dkimpy for openSUSE:Factory
checked in at 2024-09-01 19:22:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-dkimpy (Old)
and /work/SRC/openSUSE:Factory/.python-dkimpy.new.2698 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-dkimpy"
Sun Sep 1 19:22:38 2024 rev:9 rq:1198093 version:1.1.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-dkimpy/python-dkimpy.changes
2024-04-21 20:28:40.789000898 +0200
+++ /work/SRC/openSUSE:Factory/.python-dkimpy.new.2698/python-dkimpy.changes
2024-09-01 19:23:04.860078784 +0200
@@ -1,0 +2,13 @@
+Sat Aug 31 15:09:54 UTC 2024 - Dirk Müller <dmuel...@suse.com>
+
+- update to 1.1.8:
+ * Correctly handle verification of signatures without t=
+ (timestamp) and with x= (expiration); both are optional
+ * Fix error in validate_signature_fields which prevented
+ signature expiration from being properly evaluated
+ * Correct ARC signing for AR headers with authres-version
+ or comments before resinfo
+ * Correct line separtor after AAR header field
+ * Correct signature in ARC-Seal on LF as linesep
+
+-------------------------------------------------------------------
Old:
----
dkimpy-1.1.6.tar.gz
New:
----
dkimpy-1.1.8.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-dkimpy.spec ++++++
--- /var/tmp/diff_new_pack.dCxQBh/_old 2024-09-01 19:23:05.296096691 +0200
+++ /var/tmp/diff_new_pack.dCxQBh/_new 2024-09-01 19:23:05.300096857 +0200
@@ -19,7 +19,7 @@
%{?sle15_python_module_pythons}
%define commands arcsign arcverify dkimsign dkimverify dknewkey
Name: python-dkimpy
-Version: 1.1.6
+Version: 1.1.8
Release: 0
Summary: DKIM (DomainKeys Identified Mail)
License: BSD-2-Clause
++++++ dkimpy-1.1.6.tar.gz -> dkimpy-1.1.8.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/ChangeLog new/dkimpy-1.1.8/ChangeLog
--- old/dkimpy-1.1.6/ChangeLog 2024-04-14 21:30:39.000000000 +0200
+++ new/dkimpy-1.1.8/ChangeLog 2024-07-05 00:09:06.000000000 +0200
@@ -1,3 +1,18 @@
+2024-07-04 Version 1.1.8
+ - Correctly handle verification of signatures without t= (timestamp) and
+ with x= (expiration); both are optional (LP: 2071892)
+
+2024-06-23 Version 1.1.7
+ - Fix error in validate_signature_fields which prevented signature
+ expiration from being properly evaluated (LP: #2068937)
+ - Correct ARC signing for AR headers with authres-version or comments
+ before resinfo (LP: #2052526) - Thanks to Nikolay Vizovitin for the
+ report and the fix
+ - Correct line separtor after AAR header field (LP: #2049018) - Thanks to
+ Nikolay Vizovitin for the report and the fix
+ - Correct signature in ARC-Seal on LF as linesep (LP: #2052720) - Thanks to
+ Nikolay Vizovitin for the report and the fix
+
2024-04-14 Version 1.1.6
- Use raw byte string for regex; fixes SyntaxWarning in Python 3.12 due to
invalid escape sequence (LP: #2049518) - Thanks to Simon Chopin for the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/PKG-INFO new/dkimpy-1.1.8/PKG-INFO
--- old/dkimpy-1.1.6/PKG-INFO 2024-04-14 21:32:18.070522000 +0200
+++ new/dkimpy-1.1.8/PKG-INFO 2024-07-05 00:10:41.858159300 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: dkimpy
-Version: 1.1.6
+Version: 1.1.8
Summary: DKIM (DomainKeys Identified Mail), ARC (Authenticated Receive Chain),
and TLSRPT (TLS Report) email signing and verification
Home-page: https://launchpad.net/dkimpy
Author: Scott Kitterman
@@ -39,7 +39,7 @@
# VERSION
-This is dkimpy 1.1.6.
+This is dkimpy 1.1.8.
# REQUIREMENTS
@@ -50,8 +50,8 @@
Similarly, extras_requires feature 'asyncio' will add the extra dependencies
needed for asyncio.
- - Python 3.x >= 3.5. Recent versions have not been on python3 < 3.4, but
- may still work on earlier python3 versions.
+ - Python 3.x >= 3.5. Recent versions have not been tested on python3 < 3.4,
+ but may still work on earlier python3 versions.
- dnspython or py3dns. dnspython is preferred if both are present and
installed to satisfy the DNS module requirement if neither are installed.
- authres. Needed for ARC.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/README.md new/dkimpy-1.1.8/README.md
--- old/dkimpy-1.1.6/README.md 2024-04-14 21:25:58.000000000 +0200
+++ new/dkimpy-1.1.8/README.md 2024-07-05 00:04:30.000000000 +0200
@@ -13,7 +13,7 @@
# VERSION
-This is dkimpy 1.1.6.
+This is dkimpy 1.1.8.
# REQUIREMENTS
@@ -24,8 +24,8 @@
Similarly, extras_requires feature 'asyncio' will add the extra dependencies
needed for asyncio.
- - Python 3.x >= 3.5. Recent versions have not been on python3 < 3.4, but
- may still work on earlier python3 versions.
+ - Python 3.x >= 3.5. Recent versions have not been tested on python3 < 3.4,
+ but may still work on earlier python3 versions.
- dnspython or py3dns. dnspython is preferred if both are present and
installed to satisfy the DNS module requirement if neither are installed.
- authres. Needed for ARC.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/dkim/__init__.py
new/dkimpy-1.1.8/dkim/__init__.py
--- old/dkimpy-1.1.6/dkim/__init__.py 2024-04-14 20:16:50.000000000 +0200
+++ new/dkimpy-1.1.8/dkim/__init__.py 2024-07-05 00:01:37.000000000 +0200
@@ -331,6 +331,8 @@
t_sign = int(sig[b't'])
if t_sign > now + slop:
raise ValidationError("t= value is in the future (%s)" % sig[b't'])
+ else:
+ t_sign = None
if b'v' in sig and sig[b'v'] != b"1":
raise ValidationError("v= value is not 1 (%s)" % sig[b'v'])
@@ -345,10 +347,10 @@
if x_sign < now - slop:
raise ValidationError(
"x= value is past (%s)" % sig[b'x'])
- if x_sign < t_sign:
- raise ValidationError(
- "x= value is less than t= value (x=%s t=%s)" %
- (sig[b'x'], sig[b't']))
+ if t_sign and x_sign < t_sign:
+ raise ValidationError(
+ "x= value is less than t= value (x=%s t=%s)" %
+ (sig[b'x'], sig[b't']))
def rfc822_parse(message):
@@ -1052,28 +1054,26 @@
# extract, parse, filter & group AR headers
ar_headers = [res.strip() for [ar, res] in self.headers if ar ==
b'Authentication-Results']
- grouped_headers = []
+ parsed_ar_headers = []
for res in ar_headers:
try: # see LP: #1884044
- grouped_headers.append((res,
authres.AuthenticationResultsHeader.parse('Authentication-Results: ' +
res.decode('utf-8'))))
+ # Note: parsing headers currently strips embedded comments
+
parsed_ar_headers.append(authres.AuthenticationResultsHeader.parse('Authentication-Results:
' + res.decode('utf-8')))
except authres.core.SyntaxError:
# Skip over invalid AR header fields
pass
- auth_headers = [res for res in grouped_headers if res[1].authserv_id ==
srv_id.decode('utf-8')]
+ auth_headers = [header for header in parsed_ar_headers if
header.authserv_id == srv_id.decode('utf-8')]
if len(auth_headers) == 0:
self.logger.debug("no AR headers found, chain terminated")
return []
# consolidate headers
- results_lists = [raw.replace(srv_id + b';', b'').strip() for (raw, parsed)
in auth_headers]
- results_lists = [tags.split(b';') for tags in results_lists]
- results = [tag.strip() for sublist in results_lists for tag in sublist]
- auth_results = srv_id + b'; ' + (b';' + self.linesep + b' ').join(results)
+ results = [res for header in auth_headers for res in header.results]
+ auth_results = srv_id + b''.join(b';' + self.linesep + b' ' +
str(res).encode('utf-8') for res in results)
# extract cv
- parsed_auth_results =
authres.AuthenticationResultsHeader.parse('Authentication-Results: ' +
auth_results.decode('utf-8'))
- arc_results = [res for res in parsed_auth_results.results if res.method ==
'arc']
+ arc_results = [res for res in results if res.method == 'arc']
if len(arc_results) == 0:
chain_validation_status = CV_None
elif len(arc_results) != 1:
@@ -1120,16 +1120,13 @@
arc_headers = []
# Compute ARC-Authentication-Results
- aar_value = ("i=%d; " % instance).encode('utf-8') + auth_results
- if aar_value[-1] != b'\n': aar_value += b'\r\n'
-
+ aar_value = ("i=%d; " % instance).encode('utf-8') + auth_results.rstrip()
+ self.linesep
+ canon_policy = CanonicalizationPolicy.from_c_value(b'relaxed/relaxed')
new_arc_set.append(b"ARC-Authentication-Results: " + aar_value)
- self.headers.insert(0, (b"arc-authentication-results", aar_value))
arc_headers.insert(0, (b"ARC-Authentication-Results", aar_value))
+ self.headers = canon_policy.canonicalize_headers(arc_headers[:1]) +
self.headers
# Compute bh=
- canon_policy = CanonicalizationPolicy.from_c_value(b'relaxed/relaxed')
-
self.hasher = HASH_ALGORITHMS[self.signature_algorithm]
h = HashThrough(self.hasher(), self.debug_content)
h.update(canon_policy.canonicalize_body(self.body))
@@ -1157,8 +1154,8 @@
b"ARC-Message-Signature", pk, standardize)
new_arc_set.append(b"ARC-Message-Signature: " + res)
- self.headers.insert(0, (b"ARC-Message-Signature", res))
arc_headers.insert(0, (b"ARC-Message-Signature", res))
+ self.headers = canon_policy.canonicalize_headers(arc_headers[:1]) +
self.headers
# Compute ARC-Seal
as_fields = [x for x in [
@@ -1186,8 +1183,8 @@
b"ARC-Seal", pk, standardize)
new_arc_set.append(b"ARC-Seal: " + res)
- self.headers.insert(0, (b"ARC-Seal", res))
arc_headers.insert(0, (b"ARC-Seal", res))
+ self.headers = canon_policy.canonicalize_headers(arc_headers[:1]) +
self.headers
new_arc_set.reverse()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/dkim/canonicalization.py
new/dkimpy-1.1.8/dkim/canonicalization.py
--- old/dkimpy-1.1.6/dkim/canonicalization.py 2020-04-06 06:06:13.000000000
+0200
+++ new/dkimpy-1.1.8/dkim/canonicalization.py 2024-06-23 23:18:38.000000000
+0200
@@ -58,7 +58,7 @@
return content[:end]
def unfold_header_value(content):
- return re.sub(b"\r\n", b"", content)
+ return re.sub(b"\r?\n", b"", content)
def correct_empty_body(content):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/dkim/tests/data/rfc6376.signed.no_t.msg
new/dkimpy-1.1.8/dkim/tests/data/rfc6376.signed.no_t.msg
--- old/dkimpy-1.1.6/dkim/tests/data/rfc6376.signed.no_t.msg 1970-01-01
01:00:00.000000000 +0100
+++ new/dkimpy-1.1.8/dkim/tests/data/rfc6376.signed.no_t.msg 2024-07-04
23:56:10.000000000 +0200
@@ -0,0 +1,20 @@
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
+ d=football.example.com; i=@football.example.com;
+ q=dns/txt; s=test; h=from : to : subject :
+ date : message-id : from : subject : date; x=100000000000;
+ bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=;
+ b=icKcLSEZYXJ95flvWE8FT6hl5iqd8MC/LEKYH0QjsqYy6MO/4pgVNCZH
+ l/RAXAuADxE/40Fg7uTlxwwD1hjN2Ple6J//cJfslBdDOq6zTVbne1dqtl
+ NOat7iamJ1AfRqyG+ja7a2AZsrpUuJ7VA6O+0zRYPqpwMEkEFIzI9i/Xk=
+From: Joe SixPack <j...@football.example.com>
+To: Suzie Q <su...@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5...@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/dkim/tests/test_arc.py
new/dkimpy-1.1.8/dkim/tests/test_arc.py
--- old/dkimpy-1.1.6/dkim/tests/test_arc.py 2020-04-06 06:27:45.000000000
+0200
+++ new/dkimpy-1.1.8/dkim/tests/test_arc.py 2024-06-23 23:00:05.000000000
+0200
@@ -74,7 +74,7 @@
sig_lines = dkim.arc_sign(
self.message, b"test", b"example.com", self.key,
b"lists.example.org", timestamp="12345")
- expected_sig = [b'ARC-Seal: i=1; cv=none; a=rsa-sha256; d=example.com;
s=test; t=12345;\r\n
b=MBw2+L1/4PuYWJlt1tZlDtbOvyfbyH2t2N6DinFV/BIaB2LqbDKTYjXXk9HuuK1/qEkTd\r\n
TxCYScIrtVO7pFbGiSawMuLatVzHNCqTURa1zBTXr2mKW1hgdmrtMMUcMVCYxr1AJpu6IYX\r\n
VMIoOAn7tIDdO0VLokK6FnIXTWEAplQ=\r\n', b'ARC-Message-Signature: i=1;
a=rsa-sha256; c=relaxed/relaxed;\r\n d=example.com; s=test; t=12345;
h=message-id : date : from : to :\r\n subject : from;
bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=;\r\n
b=a0f6qc3k9eECTSR155A0TQS+LjqPFWfI/brQBA83EUz00SNxj1wmWykvs1hhBVeM0r1kE\r\n
Qc6CKbzRYaBNSiFj4q8JBpRIujLz1qLyGmPuAI6ddu/Z/1hQxgpVcp/odmI1UMV2R+d+yQ7\r\n
tUp3EQxF/GYNt22rV4rNmDmANZVqJ90=\r\n', b'ARC-Authentication-Results: i=1;
lists.example.org; arc=none;\r\n spf=pass smtp.mfrom=jqd@d1.example;\r\n
dkim=pass (1024-bit key) header.i=@d1.example;\r\n dmarc=pass\r\n']
+ expected_sig = [b'ARC-Seal: i=1; cv=none; a=rsa-sha256; d=example.com;
s=test; t=12345;\r\n
b=iSKjTQ93xUC6gt4yutHrOf0F/qb4E5voEeuucd66VhM4n/7ifBMMHqYwncgz9sefduM6C\r\n
UthuUSzqE2YamkGXQgKPIG9t4ZCOrx1OXGE34WF9ZeI/E0csrN+wK7sq/RjgN3z4qxLPMsp\r\n
lW+BUUHCNuCIvxcZ55Ky6evIb/Saj2o=\r\n', b'ARC-Message-Signature: i=1;
a=rsa-sha256; c=relaxed/relaxed;\r\n d=example.com; s=test; t=12345;
h=message-id : date : from : to :\r\n subject : from;
bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=;\r\n
b=a0f6qc3k9eECTSR155A0TQS+LjqPFWfI/brQBA83EUz00SNxj1wmWykvs1hhBVeM0r1kE\r\n
Qc6CKbzRYaBNSiFj4q8JBpRIujLz1qLyGmPuAI6ddu/Z/1hQxgpVcp/odmI1UMV2R+d+yQ7\r\n
tUp3EQxF/GYNt22rV4rNmDmANZVqJ90=\r\n', b'ARC-Authentication-Results: i=1;
lists.example.org;\r\n arc=none;\r\n spf=pass smtp.mfrom=jqd@d1.example;\r\n
dkim=pass header.i=@d1.example;\r\n dmarc=pass\r\n']
self.assertEqual(expected_sig, sig_lines)
(cv, res, reason) = dkim.arc_verify(b''.join(sig_lines) +
self.message, dnsfunc=self.dnsfunc)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/dkim/tests/test_dkim.py
new/dkimpy-1.1.8/dkim/tests/test_dkim.py
--- old/dkimpy-1.1.6/dkim/tests/test_dkim.py 2023-04-30 16:18:48.000000000
+0200
+++ new/dkimpy-1.1.8/dkim/tests/test_dkim.py 2024-07-04 23:59:14.000000000
+0200
@@ -62,6 +62,7 @@
self.message5 = read_test_data("rfc6376.signed.rsa.msg")
self.message6 = read_test_data("test.message.baddomain")
self.message7 = read_test_data("rfc6376.w1258.msg")
+ self.message8 = read_test_data("rfc6376.signed.no_t.msg")
self.key = read_test_data("test.private")
self.rfckey = read_test_data("rfc8032_7_1.key")
@@ -250,6 +251,7 @@
d = dkim.DKIM(self.message4)
res = d.verify(dnsfunc=self.dnsfunc5)
self.assertTrue(res)
+
def test_non_utf8(self):
# A message with Windows-1258 encoding is signed and verifies.
for header_algo in (b"simple", b"relaxed"):
@@ -262,6 +264,13 @@
# As of 1.1.0 this won't verify, but at least we don't crash.
FIXME
self.assertFalse(res)
+ def test_no_t(self):
+ # Signature Timestamp is optional, so don't crash if it's missing.
+ d = dkim.DKIM(self.message8)
+ res = d.verify(dnsfunc=self.dnsfunc5)
+ # Signature won't verify, but that's not what we are testing.
+ self.assertFalse(res)
+
def test_catch_bad_key(self):
# Raise correct error for defective public key.
d = dkim.DKIM(self.message5)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/dkimpy.egg-info/PKG-INFO
new/dkimpy-1.1.8/dkimpy.egg-info/PKG-INFO
--- old/dkimpy-1.1.6/dkimpy.egg-info/PKG-INFO 2024-04-14 21:32:17.000000000
+0200
+++ new/dkimpy-1.1.8/dkimpy.egg-info/PKG-INFO 2024-07-05 00:10:41.000000000
+0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: dkimpy
-Version: 1.1.6
+Version: 1.1.8
Summary: DKIM (DomainKeys Identified Mail), ARC (Authenticated Receive Chain),
and TLSRPT (TLS Report) email signing and verification
Home-page: https://launchpad.net/dkimpy
Author: Scott Kitterman
@@ -39,7 +39,7 @@
# VERSION
-This is dkimpy 1.1.6.
+This is dkimpy 1.1.8.
# REQUIREMENTS
@@ -50,8 +50,8 @@
Similarly, extras_requires feature 'asyncio' will add the extra dependencies
needed for asyncio.
- - Python 3.x >= 3.5. Recent versions have not been on python3 < 3.4, but
- may still work on earlier python3 versions.
+ - Python 3.x >= 3.5. Recent versions have not been tested on python3 < 3.4,
+ but may still work on earlier python3 versions.
- dnspython or py3dns. dnspython is preferred if both are present and
installed to satisfy the DNS module requirement if neither are installed.
- authres. Needed for ARC.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/dkimpy.egg-info/SOURCES.txt
new/dkimpy-1.1.8/dkimpy.egg-info/SOURCES.txt
--- old/dkimpy-1.1.6/dkimpy.egg-info/SOURCES.txt 2024-04-14
21:32:18.000000000 +0200
+++ new/dkimpy-1.1.8/dkimpy.egg-info/SOURCES.txt 2024-07-05
00:10:41.000000000 +0200
@@ -46,6 +46,7 @@
dkim/tests/data/message.mbox
dkim/tests/data/rfc6376.msg
dkim/tests/data/rfc6376.signed.msg
+dkim/tests/data/rfc6376.signed.no_t.msg
dkim/tests/data/rfc6376.signed.rsa.msg
dkim/tests/data/rfc6376.w1258.msg
dkim/tests/data/rfc8032_7_1.key
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dkimpy-1.1.6/setup.py new/dkimpy-1.1.8/setup.py
--- old/dkimpy-1.1.6/setup.py 2024-04-14 21:27:00.000000000 +0200
+++ new/dkimpy-1.1.8/setup.py 2024-07-05 00:04:40.000000000 +0200
@@ -25,7 +25,7 @@
import os
import sys
-version = "1.1.6"
+version = "1.1.8"
kw = {} # Work-around for lack of 'or' requires in setuptools.
try:
