[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Status/Wheezy" by WolfgangSchweer

Thu May 18 15:19:15 UTC 2017

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Status/Wheezy" page has been changed by WolfgangSchweer:
https://wiki.debian.org/DebianEdu/Status/Wheezy?action=diff&rev1=122&rev2=123

Comment:
add instructions for exim4 security fix.

  == Known problems in edu0 we might fix ==

   * installation on too small disk, fixed in wheezy-test images? (please comment)
+  * With the security update for exim4 (fixing CVE-2016-1531), the Exim environment is purged. To be still able to use Kerberos authentication, the environment has to be created inside the runtime chroot. Also, the configuration file needs one additional line.
+    Use this script to create the environment:
+ {{{
+  #!/bin/bash
+  #
+  # Create Kerberos environment for exim4 chroot. This is needed
+  # to cope with the exim4 security fix for CVE-2016-1531. 
+  set -e
+  DIR="/var/lib/exim4/etc"
+  FILE="krb5.keytab.smtp"
+  if [ ! -f $DIR/$FILE ]; then
+      if [ ! -d $DIR ] ; then
+          mkdir $DIR
+      fi
+  fi
+  cp /etc/$FILE $DIR
+  chown Debian-exim:Debian-exim $DIR/$FILE
+  echo "Successfully created the Exim4 environment."
+ }}}
+    Add a line to /etc/exim4/exim-ldap-server-v4.conf after the line containing {{{# LDAP server info}}}:
+       {{{keep_environment = KRB5_KTNAME : PWD : ^LDAP}}}
+    Run {{{service exim4 restart}}}.
+ 
   * With the re-rename of Iceweasel to Firefox in Wheezy (via security update), the setting of the Iceweasel default homepage and the feature to configure this URL in LDAP is gone (DebianBug:827448). As a workaround this script might be used (on tjener) until a proper fix is available:
  {{{
  !#!/bin/sh