Version in base suite: 2.9.1-0+deb10u1

Base version: spf-engine_2.9.1-0+deb10u1
Target version: spf-engine_2.9.2-0+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/spf-engine/spf-engine_2.9.1-0+deb10u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/s/spf-engine/spf-engine_2.9.2-0+deb10u1.dsc

 CHANGES                      |   10 ++++++++++
 PKG-INFO                     |    2 +-
 debian/changelog             |   16 ++++++++++++++++
 policyd-spf.conf.5           |    3 ++-
 setup.py                     |    2 +-
 spf_engine.egg-info/PKG-INFO |    2 +-
 spf_engine/milter_spf.py     |    5 ++---
 spf_engine/policyd_spf.py    |    2 +-
 spf_engine/util.py           |   10 ----------
 9 files changed, 34 insertions(+), 18 deletions(-)

diff -Nru spf-engine-2.9.1/CHANGES spf-engine-2.9.2/CHANGES
--- spf-engine-2.9.1/CHANGES	2019-10-07 00:31:00.000000000 +0000
+++ spf-engine-2.9.2/CHANGES	2019-11-23 00:01:08.000000000 +0000
@@ -4,6 +4,16 @@
 #   ! = Changed something significant, or removed a feature
 #   * = Fixed a bug, or made a minor improvement
 
+--- 2.9.2 (1019-11-22)
+  * Add mention in policyd-spf.conf (5) in the TestOnly entry that to get both
+    TestOnly behavior and no header field appended, Header_Type = None also
+    needs to be set (LP: #1849994)
+  * Milter: Move drop_privileges before Milter.runmilter and delete
+    own_socketfile so that the milter interface runs as the correct user
+    without race conditions about changing ownership of the socket file when
+    it hasn't been created yet (When the milter is started, it will create the
+    socket based on uMask, so we don't need to manually change it)
+
 --- 2.9.1 (2019-10-06)
   * Use /run instead of /var/run
   * Fix-up sysv init so it works
diff -Nru spf-engine-2.9.1/PKG-INFO spf-engine-2.9.2/PKG-INFO
--- spf-engine-2.9.1/PKG-INFO	2019-10-07 00:31:42.000000000 +0000
+++ spf-engine-2.9.2/PKG-INFO	2019-11-23 00:01:59.000000000 +0000
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: spf-engine
-Version: 2.9.1
+Version: 2.9.2
 Summary: SPF processing for Postfix (and Sendmail)
 Home-page: https://launchpad.net/spf-engine
 Author: Scott Kitterman
diff -Nru spf-engine-2.9.1/debian/changelog spf-engine-2.9.2/debian/changelog
--- spf-engine-2.9.1/debian/changelog	2019-10-14 23:04:55.000000000 +0000
+++ spf-engine-2.9.2/debian/changelog	2020-01-14 16:41:17.000000000 +0000
@@ -1,3 +1,19 @@
+spf-engine (2.9.2-0+deb10u1) buster; urgency=medium
+
+  * New upstream bugfix release:
+  * Improve documentation based on user feedbacK:
+    Add mention in policyd-spf.conf (5) in the TestOnly entry that to get both
+    TestOnly behavior and no header field appended, Header_Type = None also
+    needs to be set (LP: #1849994)
+  * Fix priviledge managment at startup so Unix sockets work:
+    Milter: Move drop_privileges before Milter.runmilter and delete
+    own_socketfile so that the milter interface runs as the correct user
+    without race conditions about changing ownership of the socket file when
+    it hasn't been created yet (When the milter is started, it will create the
+    socket based on uMask, so we don't need to manually change it)
+
+ -- Scott Kitterman <scott@kitterman.com>  Tue, 14 Jan 2020 11:41:17 -0500
+
 spf-engine (2.9.1-0+deb10u1) buster; urgency=medium
 
   * New upstream bugfix release
diff -Nru spf-engine-2.9.1/policyd-spf.conf.5 spf-engine-2.9.2/policyd-spf.conf.5
--- spf-engine-2.9.1/policyd-spf.conf.5	2019-02-08 02:09:08.000000000 +0000
+++ spf-engine-2.9.2/policyd-spf.conf.5	2019-10-27 01:08:05.000000000 +0000
@@ -212,7 +212,8 @@
 The policy server can operate in a test only mode. This allows you to see the
 potential impact of SPF checking in your mail logs without rejecting mail.
 Headers are prepended in messages, but message delivery is not affected. This
-mode is not enabled by default.  To enable it, set TestOnly = 0.  
+mode is not enabled by default.  To enable it, set TestOnly = 0.  If you want
+test operation with no header added, also set Header_Type = None. 
 
 Note: This option was previously named defaultSeedOnly.  This is still
 accepted, but logs an error.
diff -Nru spf-engine-2.9.1/setup.py spf-engine-2.9.2/setup.py
--- spf-engine-2.9.1/setup.py	2019-02-02 02:29:44.000000000 +0000
+++ spf-engine-2.9.2/setup.py	2019-10-27 01:15:11.000000000 +0000
@@ -5,7 +5,7 @@
 DESC = """SPF (Sender Policy Framework) processing engine for Postfix policy server and Milter implemented in Python."""
 
 setup(name='spf-engine',
-    version='2.9.1',
+    version='2.9.2',
     description='SPF processing for Postfix (and Sendmail)',
     long_description=DESC,
     author='Scott Kitterman',
diff -Nru spf-engine-2.9.1/spf_engine/milter_spf.py spf-engine-2.9.2/spf_engine/milter_spf.py
--- spf-engine-2.9.1/spf_engine/milter_spf.py	2019-02-02 02:30:24.000000000 +0000
+++ spf-engine-2.9.2/spf_engine/milter_spf.py	2019-10-27 01:15:59.000000000 +0000
@@ -40,7 +40,7 @@
 from spf_engine.util import own_socketfile
 from spf_engine.util import fold
 
-__version__ = "2.9.1"
+__version__ = "2.9.2"
 FWS = re.compile(r'\r?\n[ \t]+')
 
 
@@ -231,9 +231,8 @@
     syslog.syslog('pyspf-milter started:{0} user:{1}'
                   .format(pid, milterconfig.get('UserID')))
     sys.stdout.flush()
-    Milter.runmilter(miltername, socketname, 240)
-    own_socketfile(milterconfig)
     drop_privileges(milterconfig)
+    Milter.runmilter(miltername, socketname, 240)
 
 if __name__ == "__main__":
     main()
diff -Nru spf-engine-2.9.1/spf_engine/policyd_spf.py spf-engine-2.9.2/spf_engine/policyd_spf.py
--- spf-engine-2.9.1/spf_engine/policyd_spf.py	2019-02-02 02:30:04.000000000 +0000
+++ spf-engine-2.9.2/spf_engine/policyd_spf.py	2019-10-27 01:15:38.000000000 +0000
@@ -24,7 +24,7 @@
 '''
 
 def main():
-    __version__ = "2.9.1"
+    __version__ = "2.9.2"
 
     import syslog
     import os
diff -Nru spf-engine-2.9.1/spf_engine/util.py spf-engine-2.9.2/spf_engine/util.py
--- spf-engine-2.9.1/spf_engine/util.py	2019-02-01 18:22:20.000000000 +0000
+++ spf-engine-2.9.2/spf_engine/util.py	2019-10-27 01:14:23.000000000 +0000
@@ -124,13 +124,3 @@
     return pid
 
 
-def own_socketfile(milterconfig):
-    """If socket is Unix socket, chown to UserID before dropping privileges"""
-    import os
-    user, group = user_group(milterconfig.get('UserID'))
-    if milterconfig.get('Socket')[:1] == '/':
-        os.chown(milterconfig.get('Socket')[1:], user, group)
-    if milterconfig.get('Socket')[:6] == "local:":
-        os.chown(milterconfig.get('Socket')[6:], user, group)
-
-
diff -Nru spf-engine-2.9.1/spf_engine.egg-info/PKG-INFO spf-engine-2.9.2/spf_engine.egg-info/PKG-INFO
--- spf-engine-2.9.1/spf_engine.egg-info/PKG-INFO	2019-10-07 00:31:42.000000000 +0000
+++ spf-engine-2.9.2/spf_engine.egg-info/PKG-INFO	2019-11-23 00:01:59.000000000 +0000
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: spf-engine
-Version: 2.9.1
+Version: 2.9.2
 Summary: SPF processing for Postfix (and Sendmail)
 Home-page: https://launchpad.net/spf-engine
 Author: Scott Kitterman