[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Lucid is still supported on servers. Please don't untarget it for server packages. -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Lucid Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
(Untargetting EOLd releases) ** No longer affects: opendkim (Ubuntu Lucid) ** No longer affects: opendkim (Ubuntu Natty) ** No longer affects: opendkim (Ubuntu Oneiric) -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
This bug was fixed in the package opendkim - 2.6.8-0ubuntu1.0.1 --- opendkim (2.6.8-0ubuntu1.0.1) precise-proposed; urgency=low * New upstream security release to add capability to exclude use of insecure keys (Closes: #691394, LP: #1071139) - Fix bug #SF3539449: Clarify legal "Socket" values. Requested by Scott Kitterman. - Fix bug #SF3539493: Handle certain cases of data set names that appear to be comma-separated lists which include IPv6 addresses. Reported by Scott Kitterman. (Closes: #679548) - Rename libopendkim6 to libopendkim7 to match new soname - Update package and dependencies in debian/control - Rename .install and .doc files - Drop --enable-xtags from configure in debian/rules since it is now on by default - Update debian/copyright - Remove dversionmangle from debian/watch - Update README.Debian to reflect documentation no longer being stripped * Update 2.6.8 in Precise to match Debian Wheezy and Quantal (LP: #1170896) * Backport fix from upstream to log the correct message selector (Closes: #695145) (fix was included as part of the just released 2.7.4) * Add missing depends on openssl to opendkim-tools so opendkim-genkey will work (Closes: #693188) * Drop obsolete configure option enable-selector_header * Use restorecon to apply a SE Linux label after creating a run dir (Closes: #679852) * Use CFLAGS, CPPFLAGS, and LDFLAGS from dpkg-buildflags * Split opendkim into opendkim and opendkim-tools since the command line support tools are now bigger than the application * Add status option to /etc/init.d/opendkim - Add depends on lsb-base * Add Description to /etc/init.d/opendkim header * Enable Vouch By Reference support: - Add --enable-vbr in debian/rules - Update libopendkim install files to be more specific and not install libvbr related files - Add libvbr2 and libvbr-dev to debian/control - Add debian/libvbr2.docs, libvbr2.install, and libvbr-dev.install * Enable extensions for adding arbitrary experimental signature tags and values in libopendkim (neeeded for ATPS support) - Add --enable-xtags in debian/rules * Enable support for RFC 6541 DKIM Authorized Third-Party Signatures (ATPS) - Add --enable-atps in debian/rules * Enable support for optional oversigning of header fields to prevent malicious parties from adding additional instances of the field - Add --enable-oversign to debian/rules - Modify debian/opendkim.conf to use OversignHeaders for From by default * Add required build-arch and build-indep targets to debian/rules * Added new opendkim.NEWS entry to describe changed defaults with this revision * Update debian/copyright (Closes: #664132) * Add debian/watch * Remove unneeded shlibs:Depends for libdkim-dev -- Scott KittermanSun, 28 Apr 2013 12:02:43 -0400 ** Changed in: opendkim (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Hello Scott, or anyone else affected, Accepted opendkim into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/opendkim/2.6.8-0ubuntu1.0.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: opendkim (Ubuntu Precise) Status: New => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
This bug was fixed in the package opendkim - 2.6.8-0ubuntu1 --- opendkim (2.6.8-0ubuntu1) quantal-proposed; urgency=low * New upstream security release to add capability to exclude use of insecure keys (Closes: #691394, LP: #1071139) -- Scott KittermanThu, 25 Oct 2012 01:04:27 -0400 ** Changed in: opendkim (Ubuntu Quantal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Tested that opendkim is working with the quantal-proposed package. I've got additional verification that the fix is good since I've got the same package backported to precise running in production. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Uploading to ubuntu (via ftp to upload.ubuntu.com): Uploading opendkim_2.6.8-0ubuntu1~ubuntu10.04.1.dsc: done. Uploading opendkim_2.6.8.orig.tar.gz: done. Uploading opendkim_2.6.8-0ubuntu1~ubuntu10.04.1.diff.gz: done. Uploading opendkim_2.6.8-0ubuntu1~ubuntu10.04.1_source.changes: done. Successfully uploaded packages. ** Changed in: lucid-backports Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Uploading to ubuntu (via ftp to upload.ubuntu.com): Uploading opendkim_2.6.8-0ubuntu1~ubuntu12.04.1.dsc: done. Uploading opendkim_2.6.8.orig.tar.gz: done. Uploading opendkim_2.6.8-0ubuntu1~ubuntu12.04.1.diff.gz: done. Uploading opendkim_2.6.8-0ubuntu1~ubuntu12.04.1_source.changes: done. Successfully uploaded packages. ** Changed in: precise-backports Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
B/I/R on lucid and precise. -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
Re: [Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
On Wednesday, November 07, 2012 10:26:23 PM you wrote: > Since this is a fairly thorny issue, and a large patch to solve it, > verification needs to include extensive documentation of what testing > was done. Almost all the patch was tool noise, so it's pretty low risk. There isn't a good way to verify the key length checks are doing precisely what they are supposed to, but be can validate no regressions. I'm in contact with upstream and they've had no reports of issues, so I'm confident the upstream changes work. -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Since this is a fairly thorny issue, and a large patch to solve it, verification needs to include extensive documentation of what testing was done. -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Hello Scott, or anyone else affected, Accepted opendkim into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/opendkim/2.6.8-0ubuntu1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: opendkim (Ubuntu Quantal) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
This bug was fixed in the package opendkim - 2.6.8-1 --- opendkim (2.6.8-1) experimental; urgency=low * New upstream security release to add capability to exclude use of insecure keys (Closes: #691394, LP: #1071139) -- Scott Kitterman Thu, 25 Oct 2012 01:04:27 -0400 ** Changed in: opendkim (Ubuntu Raring) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
** Changed in: precise-backports Importance: Undecided => High ** Changed in: precise-backports Status: New => In Progress ** Changed in: precise-backports Assignee: (unassigned) => Scott Kitterman (kitterman) ** Changed in: lucid-backports Importance: Undecided => High ** Changed in: lucid-backports Status: New => In Progress ** Changed in: lucid-backports Assignee: (unassigned) => Scott Kitterman (kitterman) -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
** Description changed: See http://www.kb.cert.org/vuls/id/268267, VU#268267 opendkim in squeeze, wheezy, sid offers no method to prevent use of keys less than 1024 bits. This is added in the new upstream release, 2.6.8, that was released just for this issue. + + [IMPACT] + + * DKIM verifiers using opendkim will use insecure keys to produce valid + results. + + [TESTCASE] + + * The new functionality to limit key sizes is not easy to test, but is covered by +additions to the test suite. + + * In order to verify this package, it needs to be installed and tested that it +generally works as before. + + * Because of the specialized nature of this package, it's not possible to produce +a test case that just anyone can verify. + + [Regression Potential] + + * Regression potential is very small as the only code changes in this release are +the changes to resolve this issue. + + [Other Info] + + * Almost all of the diff is tool related noise. I've attached the non-noise part +of the diff to this bug for reference. I think it's lower risk to just update +to the new release to match what upstream is doing since there are no other +changes in this release. + + * The security team has reviewed this bug and said it should go via SRU and not in +-security since it causes a config file change. ** Changed in: opendkim (Ubuntu Quantal) Status: New => In Progress ** Changed in: opendkim (Ubuntu Quantal) Importance: Undecided => High ** Changed in: opendkim (Ubuntu Quantal) Assignee: (unassigned) => Scott Kitterman (kitterman) ** Changed in: opendkim (Ubuntu Quantal) Milestone: None => quantal-updates ** Attachment added: "Abbreviated diff" https://bugs.launchpad.net/ubuntu/+source/opendkim/+bug/1071139/+attachment/3415118/+files/patch2.6.7-2.6.8 ** Also affects: precise-backports Importance: Undecided Status: New ** Also affects: lucid-backports Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports