exim4-base: Bad parameter handling of exim4_refresh_gnutls-params

emfau at t-online.de emfau at t-online.de
Wed Jan 7 00:52:29 UTC 2009 

Severity: normal

Package: exim4-base
Version: 4.63-17

This is probably not a problem for "normal" usage of the package, but there is 
an error in the way exim4_refresh_gnutls-params handles input parameters. When 
specifying a configuration file as argument it will be correctly processed

   CONF_FILE=/etc/exim4/configure
   if [ $# -gt 0 ] ; then
     CONF_FILE=$1
   fi

but later on the line

   TIMEOUT=${1:-1800}

will also evaluate to the configuration file's full path. As a consequence

   /usr/share/exim4/timeout.pl "$TIMEOUT" /usr/bin/openssl gendh 1024 \
   	> "$tempgnutls" 2> /dev/null

will silently fail and no update of the TLS parameters ever happens.

An easy fix for my case is below, but my patch might be inappropriate as this 
will produce an error for all invocations of using exim4_refresh_gnutls-params 
specifying only a timeout.

--- exim4_refresh_gnutls-params.orig    2009-01-07 00:10:19.639332073 +0100
+++ exim4_refresh_gnutls-params 2009-01-07 00:10:46.172990323 +0100
@@ -9,6 +9,7 @@
  CONF_FILE=/etc/exim4/configure
  if [ $# -gt 0 ] ; then
         CONF_FILE=$1
+       shift
  fi

  # regenerate $EXIM4_SPOOLDIR/gnutls-params

-- Package-specific info:
Exim version 4.63 #1 built 20-Jan-2007 10:42:32
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September  6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages 
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch 
ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/submission/configure
--?

As the machine running the exim installation is a production box and has no 
reportbug installed I tried to manually create the proper format for the bug 
report, so please excuse me if it is important details.

Michael

More information about the Pkg-exim4-maintainers mailing list