DKIM verification failure for unfolded headers due to bad regex
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dkimpy (Debian) |
Fix Released
|
Unknown
|
|||
dkimpy (Ubuntu) |
Fix Released
|
High
|
Scott Kitterman | ||
Precise |
Fix Released
|
High
|
Scott Kitterman | ||
Quantal |
Fix Released
|
High
|
Scott Kitterman | ||
Raring |
Fix Released
|
High
|
Scott Kitterman |
Bug Description
An incorrect regex in all dkimpy 0.5 versions (and probably earlier ones, but didn't check) causes any header unfolding to break signature verification. This is incorrect based on the DKIM spec and has cause real world verification failures when procmail is used in the mail delivery process.
[Impact]
* See above. This may cause messages to be sent to a spam folder when they shouldn't or deleted. This is effectively a data loss bug.
* The only change is a fixed regex that solves the problem.
[Test Case]
* Install python-dkim from the release or updates pocket (depends on which release) and download the two messages attached to the bug. Then run the dkimverify script on the two of them. The first will pass, the second won't (but should):
$ dkimverify <mail1
signature ok
$ dkimverify <mail2
signature verification failed
* Install the updated packages from -proposed and repeat. Both messages should verify now:
$ dkimverify <mail1
signature ok
$ dkimverify <mail2
signature ok
[Regression Potential]
* Regression potential is nil. The regex change that was proposed by the bug reporter has been reviewed by three upstream developers and no regression was shown when the upstream test suite is run.
summary: |
- Improver verification failure for unfolded headers due to bad regex + DKIM verification failure for unfolded headers due to bad regex |
Changed in dkimpy (Debian): | |
status: | Unknown → Fix Released |
Fixed for saucy in 0.5.4-1 sync'ed from Debian.