[Python-modules-commits] r16015 - in packages/pydkim/trunk/debian (5 files)

kitterman at users.alioth.debian.org kitterman at users.alioth.debian.org
Mon Mar 7 05:23:41 UTC 2011 

    Date: Monday, March 7, 2011 @ 05:23:30
  Author: kitterman
Revision: 16015

pydkim (0.3-5) unstable; urgency=low

  * Add debian/patches/relaxed-canonicalization.patch to fix body hash
    verification failures due to out of sequence operations.  Thanks to
    Martin Pool for the patch
  * Add debian/patches/fix-key-record-validation.patch to fix incorrect key
    record validation failures due to invalid assumptions about public key
    record requirements
  * Bump standards version to 3.9.1 without further change
  * Change XS-Python-Version to X-Python-Version
  * Add Breaks: 
  * Drop XB-Python-Version

Added:
  packages/pydkim/trunk/debian/patches/fix-key-record-validation.patch
  packages/pydkim/trunk/debian/patches/relaxed-canonicalization.patch
Modified:
  packages/pydkim/trunk/debian/changelog
  packages/pydkim/trunk/debian/control
  packages/pydkim/trunk/debian/patches/series

Modified: packages/pydkim/trunk/debian/changelog
===================================================================
--- packages/pydkim/trunk/debian/changelog	2011-03-06 20:53:10 UTC (rev 16014)
+++ packages/pydkim/trunk/debian/changelog	2011-03-07 05:23:30 UTC (rev 16015)
@@ -1,3 +1,18 @@
+pydkim (0.3-5) unstable; urgency=low
+
+  * Add debian/patches/relaxed-canonicalization.patch to fix body hash
+    verification failures due to out of sequence operations.  Thanks to
+    Martin Pool for the patch
+  * Add debian/patches/fix-key-record-validation.patch to fix incorrect key
+    record validation failures due to invalid assumptions about public key
+    record requirements
+  * Bump standards version to 3.9.1 without further change
+  * Change XS-Python-Version to X-Python-Version
+  * Add Breaks: ${python:Breaks}
+  * Drop XB-Python-Version
+
+ -- Scott Kitterman <scott at kitterman.com>  Mon, 07 Mar 2011 00:09:56 -0500
+
 pydkim (0.3-4) unstable; urgency=low
 
   * Convert from CDBS to Debhelper 7:

Modified: packages/pydkim/trunk/debian/control
===================================================================
--- packages/pydkim/trunk/debian/control	2011-03-06 20:53:10 UTC (rev 16014)
+++ packages/pydkim/trunk/debian/control	2011-03-07 05:23:30 UTC (rev 16015)
@@ -4,17 +4,17 @@
 Maintainer: Scott Kitterman <scott at kitterman.com>
 Uploaders: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org> 
 Build-Depends: debhelper (>= 7.3.16), python (>= 2.6.5-2~), quilt (>= 0.46-7)
-XS-Python-Version: >= 2.5
+X-Python-Version: >= 2.5
 Vcs-Svn: svn://svn.debian.org/python-modules/packages/pydkim/trunk/
 Vcs-Browser: http://svn.debian.org/viewsvn/python-modules/packages/pydkim/trunk/
-Standards-Version: 3.8.4
+Standards-Version: 3.9.1
 Homepage: http://hewgill.com/pydkim
 
 Package: python-dkim
 Architecture: all
 Depends: ${python:Depends}, ${misc:Depends}, python-dnspython
+Breaks: ${python:Breaks}
 Conflicts: dkimproxy (<< 1.0.1-8.1~)
-XB-Python-Version: ${python:Versions}
 Description: Python module for DKIM signing and verification
  Python module that implements DKIM (DomainKeys Identified Mail) email signing
  and verification. It also provides helper scripts for command line signing

Added: packages/pydkim/trunk/debian/patches/fix-key-record-validation.patch
===================================================================
--- packages/pydkim/trunk/debian/patches/fix-key-record-validation.patch	                        (rev 0)
+++ packages/pydkim/trunk/debian/patches/fix-key-record-validation.patch	2011-03-07 05:23:30 UTC (rev 16015)
@@ -0,0 +1,15 @@
+Index: pydkim-0.3/dkim.py
+===================================================================
+--- pydkim-0.3.orig/dkim.py	2011-03-06 23:33:14.000000000 -0500
++++ pydkim-0.3/dkim.py	2011-03-06 23:34:13.000000000 -0500
+@@ -557,6 +557,10 @@
+     if not s:
+         return False
+     a = re.split(r"\s*;\s*", s)
++    # Trailing ';' on signature record is valid, see RFC 4871 3.2
++    #  tag-list  =  tag-spec 0*( ";" tag-spec ) [ ";" ]
++    if a[-1] == '':
++        a.pop(-1)
+     pub = {}
+     for f in a:
+         m = re.match(r"(\w+)=(.*)", f)

Added: packages/pydkim/trunk/debian/patches/relaxed-canonicalization.patch
===================================================================
--- packages/pydkim/trunk/debian/patches/relaxed-canonicalization.patch	                        (rev 0)
+++ packages/pydkim/trunk/debian/patches/relaxed-canonicalization.patch	2011-03-07 05:23:30 UTC (rev 16015)
@@ -0,0 +1,44 @@
+Index: pydkim-0.3/dkim.py
+===================================================================
+--- pydkim-0.3.orig/dkim.py	2010-08-25 20:45:42.000000000 +0000
++++ pydkim-0.3/dkim.py	2010-08-25 20:45:53.000000000 +0000
+@@ -363,18 +363,23 @@
+         ('bh', bodyhash),
+         ('b', ""),
+     ] if x]
+-    sig = "DKIM-Signature: " + "; ".join("%s=%s" % x for x in sigfields)
+ 
+-    sig = fold(sig)
++    sig_value = fold("; ".join("%s=%s" % x for x in sigfields))
++    dkim_header = canonicalize[0].canonicalize_headers([
++        ['DKIM-Signature', ' ' + sig_value]])[0]
++    # the dkim sig is hashed with no trailing crlf, even if the
++    # canonicalization algorithm would add one.
++    if dkim_header[1][-2:] == '\r\n':
++        dkim_header = (dkim_header[0], dkim_header[1][:-2])
++    sign_headers.append(dkim_header)
+ 
+     if debuglog is not None:
+-        print >>debuglog, "sign headers:", sign_headers + [("DKIM-Signature", " "+"; ".join("%s=%s" % x for x in sigfields))]
++        print >>debuglog, "sign headers:", sign_headers
+     h = hashlib.sha256()
+     for x in sign_headers:
+         h.update(x[0])
+         h.update(":")
+         h.update(x[1])
+-    h.update(sig)
+     d = h.digest()
+     if debuglog is not None:
+         print >>debuglog, "sign digest:", " ".join("%02x" % ord(x) for x in d)
+@@ -392,9 +397,9 @@
+     if len(dinfo)+3 > modlen:
+         raise ParameterError("Hash too large for modulus")
+     sig2 = int2str(pow(str2int("\x00\x01"+"\xff"*(modlen-len(dinfo)-3)+"\x00"+dinfo), pk['privateExponent'], pk['modulus']), modlen)
+-    sig += base64.b64encode(''.join(sig2))
++    sig_value += base64.b64encode(''.join(sig2))
+ 
+-    return sig + "\r\n"
++    return 'DKIM-Signature: ' + sig_value + "\r\n"
+ 
+ def verify(message, debuglog=None):
+     """Verify a DKIM signature on an RFC822 formatted message.

Modified: packages/pydkim/trunk/debian/patches/series
===================================================================
--- packages/pydkim/trunk/debian/patches/series	2011-03-06 20:53:10 UTC (rev 16014)
+++ packages/pydkim/trunk/debian/patches/series	2011-03-07 05:23:30 UTC (rev 16015)
@@ -1 +1,3 @@
 adjust-setup.py.patch
+relaxed-canonicalization.patch
+fix-key-record-validation.patch

More information about the Python-modules-commits mailing list