group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #36147
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
This bug was fixed in the package postfix - 3.4.13-0ubuntu1
---------------
postfix (3.4.13-0ubuntu1) focal; urgency=medium
* New upstream release: 3.4.13
- Workaround for broken DANE support after an incompatible change in
GLIBC 2.31 (LP: #1868955)
- Fix "postfix tls deploy-server-cert", now it handles a missing optional
argument (LP: #1881196)
* Drop patch 80_glibc2.30-ftbfs.diff. This patch is not needed anymore and
it does not cleanly apply to this new upstream release.
-- Lucas Kanashiro <kanashiro@xxxxxxxxxx> Fri, 19 Jun 2020 14:11:03
-0300
** Changed in: postfix (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1881196
Title:
[SRU] postfix tls deploy-server-cert fails with "can't shift that
many"
Status in postfix package in Ubuntu:
Fix Released
Status in postfix source package in Xenial:
Triaged
Status in postfix source package in Bionic:
Triaged
Status in postfix source package in Eoan:
Triaged
Status in postfix source package in Focal:
Fix Released
Bug description:
[Impact]
"postfix tls deploy-server-cert" did not handle a missing optional
argument which makes users get a "can't shift that many..." error.
In this SRU we are proposing a microrelease update in Focal from
version 3.4.10 to 3.4.13 since the changes are self contained.
Moreover, there is a Postfix SRU exception which allows microreleases
if the bug is fixed in the current development series:
https://wiki.ubuntu.com/StableReleaseUpdates#Postfix
And according to the described process there is no need to define a
Test Case and a Regression Potential sections. Upstream has been doing
a good work regarding those stable version bug fixes.
Here is the upstream changelog change between 3.4.10 and 3.4.13:
20200416
Workaround for broken builds after an incompatible change
in GCC 10. Files: makedefs, Makefile.in.
Workaround for broken DANE support after an incompatible
change in GLIBC 2.31. This avoids the need for new options
in /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c.
20200419
Bugfix: segfault in the tlsproxy client role when the server
role was disabled. This typically happens on systems that
do not receive mail, after configuring connection reuse for
outbound TLS. Found during program maintenance. File:
tlsproxy/tlsproxy.c.
20200420
Noise suppression: shut up a compiler that special-cases
string literals. Viktor Dukhovni. File milter/milter.c.
20200422
Security: disable DANE support on Alpine Linux because
libc-musl provides no indication whether DNS responses are
authentic. This broke DANE support without a clear explanation.
File: makedefs.
20200505
Noise suppression: shut up a compiler that special-cases
string literals. Viktor Dukhovni. File smtpd/smtpd_check.c.
20200509
Bugfix (introduced: Postfix 3.5): maillog_file_rotate_suffix
default value used the minute instead of the month. Reported
by Larry Stone. Files: conf/postfix-tls-script,
proto/MAILLOG_README.html, proto/postconf.proto.
global/mail_params.h, postfix/postfix.c.
20200510
Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by
initializing the ICU library before making the chroot()
call. Files: util/midna_domain.[hc], global/mail_params.c.
20200511
Noise suppression: avoid "SSL_Shutdown:shutdown while in
init" warnings. File: tls/tls_session.c.
20200515
Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL
client caused a false 'lost connection' error for an SMTP
over TLS session in the same Postfix process. Reported by
Alexander Vasarab, diagnosed by Viktor Dukhovni. File:
tls/tls_bio_ops.c.
Bugfix (introduced: Postfix 2.8): a TLS error for one TLS
session may cause a false 'lost connection' error for a
concurrent TLS session in the same tlsproxy process. File:
tlsproxy/tlsproxy.c.
20200530
Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert"
did not handle a missing optional argument. File:
conf/postfix-tls-script.
20200610
Bugfix (introduced: Postfix 3.4): in the Postfix SMTP server,
the SNI callback reported an error when it was called a
second time. This happened after the server-side TLS engine
sent a TLSv1.3 HelloRetryRequest (HRR) to a remote SMTP
client. Reported by Ján Máté, fixed by Viktor Dukhovni.
File: tls/tls_misc.c.
This new microrelease fixes the dane issue and the build against GCC
10 which makes us drop a patch applied in version 3.4.7-1
(80_glibc2.30-ftbfs.diff).
[Original Description]
lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04
postfix:
Installed: 3.3.0-1ubuntu0.2
Candidate: 3.3.0-1ubuntu0.2
Version table:
*** 3.3.0-1ubuntu0.2 500
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
100 /var/lib/dpkg/status
3.3.0-1 500
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
Attempting to deploy server certificates with
postfix tls deploy-server-cert certificate.crt keyfile.key
Expected to deploy new certificates
What happened - command fails with
/usr/lib/postfix/sbin/postfix-tls-script: 780: shift: can't shift that many
The issue appears to be that the function "deploy-server-cert" in
/usr/lib/postfix/sbin/postfix-tls-script expects that there will be
three arguments:
/usr/lib/postfix/sbin/postfix-tls-script line 777
deploy_server_cert() {
certfile=$1; shift
keyfile=$1; shift
deploy=$1; shift
...
This works when the function is called by the function new_server_cert, which calls the function with the arguments:
deploy_server_cert "${certfile}" "${keyfile}" "${deploy}" || return 1
But when this function is invoked directly in line 1154, it is called with only 2 arguments
deploy_server_cert "${certfile}" "${keyfile}" || exit 1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions
