Debian Bug report logs - #711751
incorrectly handles folded headers

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Peter Palfrader <weasel@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: incorrectly handles folded headers

Date: Sun, 9 Jun 2013 12:49:06 +0200

[Message part 1 (text/plain, inline)]

Package: python-dkim
Version: 0.5.3-1
Severity: important
Tags: patch

Hi,

it seems that python-dkim handles folded headers incorrectly.

In partitular, attached tstmail-1 verifies correctly while tstmail-2
does not.

The diff between these is:
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:from:date:x-google-sender-auth:message-id
        :subject:to:content-type;
        bh=NRDGmXYX648Rm6cs06aAQIE77gu68nsSHYB4kAMm7QQ=;
        b=VaN3KmNPlU1uSNproy8wF+6qwTUKEcyzanoPSo/u8P0p8rtHgQpOW5/nJ+/ExQ9jKN
        FWTyZ9PLecg/0De0QYV18GQovYb3PVUCDHS7dYzfWp072lFPAhISUancFc30amzRPXcy
        J2lnvgoPcFuqDh5tLPchz8LdeIL0hMr2Xt+xEibHftqYT0JRXX4LXkZdO/b/i825qMtL
        W51wBB0V6L1ZU156A9cZWQWvwnQ/lV7PV7AwRqGbIESguRLfCbM+UIAGoCR8QtTO0lkY
-       bGqPQucn+1eZZUNsEJAWFI6eo2MmxY/FABEURGYAukaTg13UC9W+O6kGPH5iS5aRpAAT
-       eKbQ==
+       bGqPQucn+1eZZUNsEJAWFI6eo2MmxY/FABEURGYAukaTg13UC9W+O6kGPH5iS5aRpAAT eKbQ==


} weasel@valiant:~/tmp/dkimpy-0.5.3$ ./dkimverify.py < ~/tmp/tstmail-1
} signature ok
} weasel@valiant:~/tmp/dkimpy-0.5.3$ ./dkimverify.py < ~/tmp/tstmail-2
} signature verification failed


I think the problem is due to an incorrect regex for FWS in
dkim/__init__.py.  The followed patch fixes ti:
--- dkim/__init__.py.orig       2013-06-09 12:44:56.036635416 +0200
+++ dkim/__init__.py    2013-06-09 12:46:36.396127067 +0200
@@ -118,7 +118,8 @@
         lastindex[h] = i
     return sign_headers
 
-FWS = r'(?:\r?\n\s+)?'
+# FWS  =  ([*WSP CRLF] 1*WSP) /  obs-FWS ; Folding white space  [RFC5322]
+FWS = r'(?:(?:\s*\r?\n)?\s+)?'
 RE_BTAG = re.compile(r'([;\s]b'+FWS+r'=)(?:'+FWS+r'[a-zA-Z0-9+/=])*(?:\r?\n\Z)?')
 
 def hash_headers(hasher, canonicalize_headers, headers, include_headers,


That is, FWS is one or more whitespaces with one *optional* linebreak.

Maybe this could even be fixed in Debian stable?

Cheers,
weasel

[tstmail-1 (text/plain, attachment)]

[tstmail-2 (text/plain, attachment)]

Message #10 received at 711751@bugs.debian.org (full text, mbox, reply):

From: Scott Kitterman <debian@kitterman.com>

To: 711751@bugs.debian.org

Subject: Patch looks good

Date: Sun, 09 Jun 2013 22:15:14 -0400

[Message part 1 (text/plain, inline)]

Will upload the fix for this soon, either as part of a new upstream release or 
a new Debian revision.

Scott K

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 711751-close@bugs.debian.org (full text, mbox, reply):

From: Scott Kitterman <scott@kitterman.com>

To: 711751-close@bugs.debian.org

Subject: Bug#711751: fixed in dkimpy 0.5.4-1

Date: Mon, 10 Jun 2013 03:18:11 +0000

Source: dkimpy
Source-Version: 0.5.4-1

We believe that the bug you reported is fixed in the latest version of
dkimpy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711751@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <scott@kitterman.com> (supplier of updated dkimpy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 09 Jun 2013 22:51:55 -0400
Source: dkimpy
Binary: python-dkim python3-dkim
Architecture: source all
Version: 0.5.4-1
Distribution: unstable
Urgency: medium
Maintainer: Scott Kitterman <scott@kitterman.com>
Changed-By: Scott Kitterman <scott@kitterman.com>
Description: 
 python-dkim - Python module for DKIM signing and verification
 python3-dkim - Python 3 module for DKIM signing and verification
Closes: 711751
Changes: 
 dkimpy (0.5.4-1) unstable; urgency=medium
 .
   * Urgency medium for important bug fix
 .
   [ Jakub Wilk ]
   * Use canonical URIs for Vcs-* fields.
 .
   [ Scott Kitterman ]
   * New upstream release
     - Fixes Gmail signature verification failures due to improper FWS regular
       expression - Thanks to Peter Palfrader (weasel) for the patch
       (Closes: #711751)
   * Drop --no-compile from debian/rules so byte compilation gets tested during
     build
   * Bump minimum dephelper version to 8.1 and debian/compat to 8 for
     build-{arch,indep} support
   * Bump standards version to 3.9.4 without further change
Checksums-Sha1: 
 454fd461adf9e2ed3d463cd5f79bcd947a1bb1dd 1347 dkimpy_0.5.4-1.dsc
 668e7b4512c6c0676f5dc4d47922cf289a06b8f8 62879 dkimpy_0.5.4.orig.tar.gz
 1abb08c2b6fb8c92727e9410a5d388c93efc13e4 3829 dkimpy_0.5.4-1.diff.gz
 704619040628cc30e3ccf1b2949b74b24e14803f 34430 python-dkim_0.5.4-1_all.deb
 8168183a102b076d78dd6ad6e075a131ff409bf3 28320 python3-dkim_0.5.4-1_all.deb
Checksums-Sha256: 
 6984edd3de5f0c42d24a747af3a5705bdb90350400c71b87d191906315c213d2 1347 dkimpy_0.5.4-1.dsc
 973b043d9b7993a15468dbef0a4c0e8d16db95a68144473d8cd141de9e6cf5a8 62879 dkimpy_0.5.4.orig.tar.gz
 f68a580d73f1c965eedc6ffa4c73704ddc6e0aab4d15696afb7d976e0c655644 3829 dkimpy_0.5.4-1.diff.gz
 19a4aea9d8c00cd143b3317e0161bba99bcf7154b1e54bec62bea74968bde532 34430 python-dkim_0.5.4-1_all.deb
 ed89bdc78a316ed5fee1d1d8bbc767990cf799869d66de6c945773bb32e064bd 28320 python3-dkim_0.5.4-1_all.deb
Files: 
 d59bab776a98764ec3a340bace259813 1347 python optional dkimpy_0.5.4-1.dsc
 75f461f48369621c70bcceb6976c6a0b 62879 python optional dkimpy_0.5.4.orig.tar.gz
 e50bf0325bf09a10ee04f29ab6fc4cae 3829 python optional dkimpy_0.5.4-1.diff.gz
 00c265cc135e971f9e469c2abbc2b1f2 34430 python optional python-dkim_0.5.4-1_all.deb
 3d851cb7a7673dee3890274ac2f9d2a8 28320 python optional python3-dkim_0.5.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlG1RQUACgkQHajaM93NaGoXhQCcC04dH/PkuQ0EkXURPPQ+pws4
EIsAoJbGjMtRrw7vPOmM/t4UdLMRSd18
=LvIE
-----END PGP SIGNATURE-----

Message #22 received at 711751-close@bugs.debian.org (full text, mbox, reply):

From: Scott Kitterman <scott@kitterman.com>

To: 711751-close@bugs.debian.org

Subject: Bug#711751: fixed in dkimpy 0.5.3-1+deb7u1

Date: Sun, 16 Jun 2013 19:47:06 +0000

Source: dkimpy
Source-Version: 0.5.3-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
dkimpy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711751@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <scott@kitterman.com> (supplier of updated dkimpy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 09 Jun 2013 23:31:12 -0400
Source: dkimpy
Binary: python-dkim python3-dkim
Architecture: source all
Version: 0.5.3-1+deb7u1
Distribution: wheezy
Urgency: low
Maintainer: Scott Kitterman <scott@kitterman.com>
Changed-By: Scott Kitterman <scott@kitterman.com>
Description: 
 python-dkim - Python module for DKIM signing and verification
 python3-dkim - Python 3 module for DKIM signing and verification
Closes: 711751
Changes: 
 dkimpy (0.5.3-1+deb7u1) wheezy; urgency=low
 .
   * Fix Gmail signature verification failures due to improper FWS regular
     expression - Thanks to Peter Palfrader (weasel) for the patch
     (Closes: #711751)
Checksums-Sha1: 
 5238f54cf6048aa4c33690e62427970fa2405818 1371 dkimpy_0.5.3-1+deb7u1.dsc
 7de40dc4c80e0671a248a4db0c9557e23ad600b1 3872 dkimpy_0.5.3-1+deb7u1.diff.gz
 012387fe04c41c6b82ff66e9f8ab9d3df0b22fbe 33850 python-dkim_0.5.3-1+deb7u1_all.deb
 c10f9534508d5db5224cbe47fe26652b1e4c4371 27618 python3-dkim_0.5.3-1+deb7u1_all.deb
Checksums-Sha256: 
 7a9f193197ddb8ed98dfd101232ac98438222dbbbd58198091eab306d896bc5f 1371 dkimpy_0.5.3-1+deb7u1.dsc
 f6c453e5cb06a3d5c10a8adb35a5c54efb163684c679020cf37f81de318cc975 3872 dkimpy_0.5.3-1+deb7u1.diff.gz
 0123ce9d15eec604c8f6570ddf0b12d9cccba1b9d2d802039f0445a4818d2f69 33850 python-dkim_0.5.3-1+deb7u1_all.deb
 f9298d3e0d5ccb7b70c902ac38b1719c467709875db4d0136116bb9eaa48b5aa 27618 python3-dkim_0.5.3-1+deb7u1_all.deb
Files: 
 823d0f33e5f726ec7e727df0d342fe97 1371 python optional dkimpy_0.5.3-1+deb7u1.dsc
 fd09f65a789b92fabc68a8cb92ba45ea 3872 python optional dkimpy_0.5.3-1+deb7u1.diff.gz
 8730f97365b2094e00326fcb97e70c46 33850 python optional python-dkim_0.5.3-1+deb7u1_all.deb
 2869f2ce4e225e4fc275cd51a75c56e8 27618 python optional python3-dkim_0.5.3-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlG1S1AACgkQHajaM93NaGrGTgCdHw3qz6N2QP2CevZ7w6ZvYWrd
eREAn0MhRgUP7QwIe9HO0LqqO85cWxqe
=LijI
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.