Bug#968236: marked as done (davmail: Cannot restrict access to private keys for SSL)

Wed, 12 Aug 2020 01:51:46 -0700 

Your message dated Wed, 12 Aug 2020 08:49:03 +0000
with message-id <[email protected]>
and subject line Bug#968236: fixed in davmail 5.5.1.3299-3
has caused the Debian Bug report #968236,
regarding davmail: Cannot restrict access to private keys for SSL
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
968236: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968236
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: davmail
Version: 5.5.1.3299-2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>

Davmail seems to run with systemd's DynamicUser configuration. That means 
that the user the daemon runs with is not known before runtime. Therefore
I cannot give specific permissions to the private keys for SSL. See the
excerpt from the configuration file /etc/davmail.properties below. I
use davmail.ssl.keystoreFile to set the file with the certificate and
the private key. I have to give o+r permissions to make this work,
because I cannot change the ownership to the user davmail uses.

I also suspect that the following error has to do with the same problem:

Aug 11 14:21:52 delta davmail[167802]: 2020-08-11 14:21:52,294 ERROR [main] 
davmail  - Unable to set log file path

The log file directive in /etc/davmail.properties is also printed below.
I use davmail.logFilePath to set the log path. But I cannot give the
daemon the right permissions to the /var/log path, because the user is
not known before runtime due to the DynamicUser configuration.

Is there a solution or should DynamicUser be turned off as it was before?

Best,
Christoph


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages davmail depends on:
ii  adduser                                           3.118
ii  default-jre-headless [java9-runtime-headless]     2:1.11-72
ii  init-system-helpers                               1.58
ii  jarwrapper                                        0.75
ii  libcommons-codec-java                             1.14-1
ii  libcommons-httpclient-java                        3.1-15
ii  libcommons-logging-java                           1.2-2
ii  libhtmlcleaner-java                               2.24-1
ii  libhttpclient-java                                4.5.11-1
ii  libjackrabbit-java                                2.18.0+r2.14.6-1
ii  libjcifs-java                                     1.3.19-2
ii  libjettison-java                                  1.4.0-1
ii  liblog4j1.2-java                                  1.2.17-9
ii  libmail-java                                      1.6.5-1
ii  libservlet-api-java                               4.0.1-2
ii  libslf4j-java                                     1.7.25-3
ii  libstax2-api-java                                 4.1-1
ii  libwoodstox-java                                  1:6.2.0-1
ii  logrotate                                         3.16.0-3
ii  lsb-base                                          11.1.0
ii  openjdk-11-jre-headless [java9-runtime-headless]  11.0.8+10-1

davmail recommends no packages.

Versions of packages davmail suggests:
ii  libopenjfx-java         11.0.7+0-2
pn  libswt-cairo-gtk-4-jni  <none>
pn  libswt-gtk2-4-jni       <none>

-- Configuration Files:
/etc/davmail.properties changed:
davmail.ssl.keystoreType=PKCS12
davmail.ssl.keystoreFile=/etc/ssl/ServerCA/apache.cert.subaltnames.pkcs12
davmail.logFilePath=/var/log/davmail.log

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: davmail
Source-Version: 5.5.1.3299-3
Done: Alexandre Rossi <[email protected]>

We believe that the bug you reported is fixed in the latest version of
davmail, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexandre Rossi <[email protected]> (supplier of updated davmail 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 12 Aug 2020 10:23:31 +0200
Source: davmail
Architecture: source
Version: 5.5.1.3299-3
Distribution: unstable
Urgency: medium
Maintainer: Alexandre Rossi <[email protected]>
Changed-By: Alexandre Rossi <[email protected]>
Closes: 968236
Changes:
 davmail (5.5.1.3299-3) unstable; urgency=medium
 .
   * move conf to /etc/davmail dir
   * startup script that copies keystoreFile to StateDirectory (Closes: #968236)
Checksums-Sha1:
 da945fa5f66057df4d6eeabb2a37387739c71b3a 2339 davmail_5.5.1.3299-3.dsc
 5cdde5de6d5b61c472af63dc6f65e51174868465 12200 
davmail_5.5.1.3299-3.debian.tar.xz
 4987d9a47f47885212f00ce741171a3b58ab5266 15010 
davmail_5.5.1.3299-3_amd64.buildinfo
Checksums-Sha256:
 1b8e7fd658584859f6854093c9ba5ea89b3a404c3d33c286feb5f1b6cddb9d22 2339 
davmail_5.5.1.3299-3.dsc
 17f7e39dfc0b9060c16de9141941771363f0acd1ef2e475b0a7c3400c656398b 12200 
davmail_5.5.1.3299-3.debian.tar.xz
 6a118f2a3d9a16fff2e61018e7733a084bd39d8ff9f36725d86214ab04286905 15010 
davmail_5.5.1.3299-3_amd64.buildinfo
Files:
 84e211e07e00713e0db5826309a76c1e 2339 net optional davmail_5.5.1.3299-3.dsc
 53127b10875ee195157e63396d34a785 12200 net optional 
davmail_5.5.1.3299-3.debian.tar.xz
 ec6dd42c2d6ce9f9f37eff0815b11fb8 15010 net optional 
davmail_5.5.1.3299-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqURFrS/GV/h4cdpsWI+eupOKFo8FAl8zqLkACgkQWI+eupOK
Fo/DYBAAxUYejzk5D8uzHLAE1uYapuYHrW+n7aH1e0utoFKVdJiulla/6jnli4HK
xDUnnUOkXN1pBO64k9R1dZpNzdpqMIPgTziITMas262Bn2I9+yZeJpvTIRGV7jIc
Q1Q5TyO0OwpmtrRr924Yr/VWOGzAaz/3/OWJWYM7baWEgRG3+Y/Hc5weEHQNafEx
aRARvG8fglaqxMnbxuAA/1p7ZJdq52deQdPH6q3dmkEccv2OBuLSAzUyPy/mmqzq
Xcls/30YY88eqL9Fr4vDCKUphXfkEkT6Kg9XQXttGEedxxtkgPifok0BAI9IqnUl
IG/77i5GsareKMrGmwxSoU4b94iITFuJKtrquWxSijohItL9LJrwzcHD5ypqogO4
i5vgVqE41kTfMjyUF1rK5fpujxd+muvbaRfEE5LmyycHXsDTmtrYocYj9+n0GKnh
qVRxetUBvs7YD5L4jOmP2bJQIcx+c+0ZSDi7PkweITNKX4jqQkmhBf4UEjw11tJ6
aZN6+MA3TPbT8VIgRT8ALjJ50ynsQ4gyuqjZDBVDSi2i5oM2ekpxNxuR/o0aDAuR
O567y8vyVGUks/9cPpx1MO5khfnHVaHBf6KMMN3nMTLRd340dO7CYqb2YH+pQCLE
4Zz6U1HYE7mua62BzqFiBCPhEfC5j5pHQyBSrg5Pl+2Y4n+EJT4=
=a51I
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to