exim4 upload to stable (dovecot stability / and optionally spf quoting)

Andreas Metzler ametzler at downhill.at.eu.org
Mon Jan 7 06:52:03 UTC 2013


On 2013-01-06 "Adam D. Barratt" <adam at adam-barratt.org.uk> wrote:
> On Sat, 2013-01-05 at 14:20 +0100, Andreas Metzler wrote:
> > | Dovecot: robustness; better msg on missing mech.
[...]
>> On top of this I would like to discuss whether it is acceptable to fix
>> http://bugs.debian.org/697057 in stable, too. [ I definitily want o
>> get the fix into testing - #697444.] The Debian configuration
>> optionally allows to use spfquery to run SPF-checks on incoming mail.
>> Due to insufficient quoting it is possible to pass on arbitrary
>> arguments to spfquery and therefore bypass SPF checks. The fix is not
>> invasive, but it changes dpkg conffiles.

> How likely is it that users will have modified the conffile in question?
[...]

Hello,

Quite likely. The two dpkg-conffiles which will end up being modified are
/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt and
/etc/exim4/exim4.conf.template. Everybody who is using non-split[1]
configuration and who has modified the dpkg-conffile (there is
basically only a single relevant one) will see the prompt.  OTOH even for
split-config the ACL section is one of the first candidates for local
modifications.

cu andreas

[1] We provide two different ways to configure exim with debconf. One
uses /etc/exim4/exim4.conf.template as basis, the other one uses
multiple small files in /etc/exim4/conf.d/. The latter possibility
minimizes conffile prompts, while being more fragile. non-split config
is the default.
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Pkg-exim4-maintainers mailing list