Focal Fossa: postfix configure-instance script typos

Bug #1872288 reported by Dr. Uwe Meyer-Gruhl
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postfix (Ubuntu)
Fix Released
Critical
Lucas Kanashiro

Bug Description

Description: Ubuntu Focal Fossa (development branch)
Release: 20.04

Postfix 3.4.10-1

There are some typos that have crept into /usr/lib/postfix/configure-instance.sh which keep the postfix chroot environment from working.

In the script, there are two sections that copy the SSL certificate paths (often /etc/ssl/certs) into the chroot environment (/var/spool/postscript). This is needed for any chrooted postfix daemon to find the CA certificates.

If "smtp_tls_CApath" is not copied to /var/spool/postfix, you will experience errors like:

Apr 12 12:27:44 venus postfix/smtp[23477]: certificate verification failed for mx.xyz.de[8.8.8.8]:587: untrusted issuer /O=Digital Signature Trust Co./CN=DST Root CA X3
Apr 12 12:27:44 venus postfix/smtp[23477]: 529761C123E: to=<email address hidden>, relay=mx.xyz.de[8.8.8.8]:587, delay=4024, delays=4024/0.02/0.11/0, dsn=4.7.5, status=deferred (Server certificate not trusted)

This is rendering TLS essentially unusable.

At the start of each section, a variable named "ca_path" ist defined and should be used thereafter. Alas, the variable is misspelled "sca_path" throughout the first section (starting at line 47) and "dca_path" throughout the second section (starting at line 79). This results in the certificates not being copied.

Related branches

Revision history for this message
Dr. Uwe Meyer-Gruhl (meyergru) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Patch for /usr/lib/postfix/configure-instance.sh (Focal Fossa 20.04)" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Scott Kitterman (kitterman) wrote :

This is fixed in the Debian postfix git repository, but not uploaded yet. Please use this approach vice what's in the patch.

https://salsa.debian.org/postfix-team/postfix-dev/-/commit/b8e0b846e34eeaaa2315ead2304824b21b01fe7a

Revision history for this message
Dr. Uwe Meyer-Gruhl (meyergru) wrote :

I hope that the upstream patch will be in time for Focal Fossa finalisation.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks a lot Uwe (for the report) and Scott (for pointing to the Debian change already in git).

Changed in postfix (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
tags: added: server-next
tags: added: rls-ff-incoming
Changed in postfix (Ubuntu):
assignee: nobody → Lucas Kanashiro (lucaskanashiro)
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :
Changed in postfix (Ubuntu):
status: Triaged → In Progress
Changed in postfix (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postfix - 3.4.10-1ubuntu1

---------------
postfix (3.4.10-1ubuntu1) focal; urgency=medium

  * d/configure-instance.sh: fix typo in tls_CApath copying (LP: #1872288)

 -- Lucas Kanashiro <email address hidden> Thu, 16 Apr 2020 14:48:33 -0300

Changed in postfix (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.