Your message dated Sun, 18 Apr 2021 11:53:16 +0200
with message-id <[email protected]>
and subject line Re: Bug#987133: exim4: Exim 4.94's new tainting-feature will
break many running configs
has caused the Debian Bug report #987133,
regarding exim4: Exim 4.94's new tainting-feature will break many running
configs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987133
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: exim4
Version: 4.94-17
Severity: serious
Justification: The tainting-feature that has been introduced with 4.94
by upstream will break many running configurations.
Dear Maintainers,
the tainting-feature that has been introduced with 4.94 by upstream will
break many running configurations.
The feature requires "un-tainting" of all external information used in
Exim's config for security reasons. Upstream unfortunately introduces
this in a minor release and not in an Exim major release so that most of
the users will get aware of it in the moment their mailserver stops working.
@the guys already working on the issue: Please add more information and
get in touch with the Release Manager(s).
Thanks,
Paul
--- End Message ---
--- Begin Message ---
Control: tags -1 moreinfo
Control: severity -1 normal
On 2021-04-18 Paul Muster <[email protected]> wrote:
> Package: exim4
> Version: 4.94-17
> Severity: serious
> Justification: The tainting-feature that has been introduced with 4.94 by
> upstream will break many running configurations.
> Dear Maintainers,
> the tainting-feature that has been introduced with 4.94 by upstream will
> break many running configurations.
> The feature requires "un-tainting" of all external information used in
> Exim's config for security reasons. Upstream unfortunately introduces this
> in a minor release and not in an Exim major release so that most of the
> users will get aware of it in the moment their mailserver stops working.
> @the guys already working on the issue: Please add more information and get
> in touch with the Release Manager(s).
[...]
Hello,
Exim as currently in testing already contains a big fat warning and docs
in NEWS.Debian. I can try to get something added to release notes if you
think that might help.
Upstream is currently working on functionality which allows to delay
converting the configuration for a very short time. (The proposed change
*temporarily* adds a configuration option to make taint errors warnings
instead of fatal errors. This feature is going to be deprecated at
introduction and will not be present in 4.95 anymore.)
Even with the patch the thing you are worrying about ("new
tainting-feature will break many running configs") will still be present
and needs to be fixed *locally*.
I will certainly try to include this patch in bullseye if it reaches
production quality in time.
cu Andreas
--- End Message ---
