Re: remote crash in dkim-milter currently in lenny
Mike Markley wrote: > On Mon, Feb 09, 2009 at 03:40:21PM +0100, Marc 'HE' Brockschmidt > wrote: >> Please upload just a fixed version of 2.6.0.dfsg-1 to unstable, then >> ping us again. A few days before the release, switching to a major new >> upstream version is not an option. > > 2.6.0.dfsg-2 has been uploaded; I've attached an interdiff output > between it and -1. Unfortunately this won't make it. Please request its inclusion in r1 after the release, TIA. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: remote crash in dkim-milter currently in lenny
On Mon, Feb 09, 2009 at 03:40:21PM +0100, Marc 'HE' Brockschmidt
wrote:
> Please upload just a fixed version of 2.6.0.dfsg-1 to unstable, then
> ping us again. A few days before the release, switching to a major new
> upstream version is not an option.
2.6.0.dfsg-2 has been uploaded; I've attached an interdiff output
between it and -1.
--
Mike Markley
I don't believe in God because I don't believe in Mother Goose.
- Clarence Darrow
diff -u dkim-milter-2.6.0.dfsg/debian/changelog dkim-milter-2.6.0.dfsg/debian/changelog
--- dkim-milter-2.6.0.dfsg/debian/changelog
+++ dkim-milter-2.6.0.dfsg/debian/changelog
@@ -1,3 +1,11 @@
+dkim-milter (2.6.0.dfsg-2) unstable; urgency=high
+
+ * Fix SF bug #2508602, which causes a failed assertion (and therefore a
+filter crash) when libdkim attempts to verify a message signed with a
+revoked key.
+
+ -- Mike Markley Thu, 12 Feb 2009 21:13:23 -0800
+
dkim-milter (2.6.0.dfsg-1) unstable; urgency=low
* New upstream version.
only in patch2:
unchanged:
--- dkim-milter-2.6.0.dfsg.orig/libdkim/dkim-tables.c
+++ dkim-milter-2.6.0.dfsg/libdkim/dkim-tables.c
@@ -218,6 +218,7 @@
{ "key granularity mismatch", DKIM_SIGERROR_GRANULARITY },
{ "key type missing", DKIM_SIGERROR_KEYTYPEMISSING },
{ "unknown key type", DKIM_SIGERROR_KEYTYPEUNKNOWN },
+ { "key revoked", DKIM_SIGERROR_KEYREVOKED },
{ NULL, -1 },
};
struct nametable *sigerrors = prv_sigerrors;
Re: remote crash in dkim-milter currently in lenny
Mike Markley writes: > I discovered a remote crash in all versions of dkim-milter subsequent to > 2.6.0 (which is the version currently in lenny). There's a patch to > 2.6.0 which fixes this, and a more complete change to the included > library resposnible for the failed assertion is shipped in 2.8.1, which > I plan to upload as soon as I figure out the best course of action to > ensure the fix makes it into lenny. > > Because there have been some changes to some of the related IETF drafts > as they've solidifed over the past few months, my preference would be to > get 2.8.1 into lenny. With that said, I won't misrepresent the changes > between the two versions as minor. I've run the latest versions in > production successfully, but I'll obviously defer to the release team's > judgment on that. Please upload just a fixed version of 2.6.0.dfsg-1 to unstable, then ping us again. A few days before the release, switching to a major new upstream version is not an option. Marc -- BOFH #379: We've picked COBOL as the language of choice. pgpaMOWf8LRjO.pgp Description: PGP signature
remote crash in dkim-milter currently in lenny
All, I discovered a remote crash in all versions of dkim-milter subsequent to 2.6.0 (which is the version currently in lenny). There's a patch to 2.6.0 which fixes this, and a more complete change to the included library resposnible for the failed assertion is shipped in 2.8.1, which I plan to upload as soon as I figure out the best course of action to ensure the fix makes it into lenny. Because there have been some changes to some of the related IETF drafts as they've solidifed over the past few months, my preference would be to get 2.8.1 into lenny. With that said, I won't misrepresent the changes between the two versions as minor. I've run the latest versions in production successfully, but I'll obviously defer to the release team's judgment on that. My initial contact was with the security team, but they suggested I reach out to the release team instead since the versions in sid and lenny are currently identical. So: how should I proceed? Thanks, -- Mike Markley There are some things worth dying for. - Kirk, "Errand of Mercy", stardate 3201.7 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
