Bug#646508: dovecot-core: Do not modify symlinked certificates.

Michael Kuhn Mon, 24 Oct 2011 09:39:21 -0700

Package: dovecot-core
Version: 1:2.0.15-1ubuntu1~oneiric1
Severity: normal
Tags: patch


On my server, the Dovecot certificates are actually symlinks to globally
installed ones. The upgrade to version 2.0.15 changed the groups and
permissions of the global certificates, causing several other daemons to
not start, because they could not read the certificates anymore.

I am attaching a simple patch for dovecot-core.postinst that should fix
the problem.

-- Package-specific info:

-- System Information:
Debian Release: wheezy/sid
  APT prefers oneiric-updates
  APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 
'oneiric')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-12-server (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dovecot-core depends on:
ii  adduser          3.112+nmu1ubuntu5       add and remove users and groups
ii  libbz2-1.0       1.0.5-6ubuntu1          high-quality block-sorting file co
ii  libc6            2.13-20ubuntu5          Embedded GNU C Library: Shared lib
ii  libpam-runtime   1.1.3-2ubuntu1          Runtime support for the PAM librar
ii  libpam0g         1.1.3-2ubuntu1          Pluggable Authentication Modules l
ii  libssl1.0.0      1.0.0e-2ubuntu4         SSL shared libraries
ii  lsb-base         4.0-0ubuntu16           Linux Standard Base 4.0 init scrip
ii  openssl          1.0.0e-2ubuntu4         Secure Socket Layer (SSL) binary a
ii  ssl-cert         1.0.28                  simple debconf wrapper for OpenSSL
ii  ucf              3.0025+nmu2ubuntu1      Update Configuration File: preserv
ii  upstart [upstart 1.3-0ubuntu10           event-based init daemon
ii  zlib1g           1:1.2.3.4.dfsg-3ubuntu3 compression library - runtime

Versions of packages dovecot-core recommends:
ii  ntpdate        1:4.2.6.p2+dfsg-1ubuntu12 client for setting system time fro

Versions of packages dovecot-core suggests:
pn  dovecot-gssap <none>                     (no description available)
ii  dovecot-imapd 1:2.0.15-1ubuntu1~oneiric1 secure IMAP server that supports m
pn  dovecot-ldap  <none>                     (no description available)
pn  dovecot-lmtpd <none>                     (no description available)
ii  dovecot-manag 1:2.0.15-1ubuntu1~oneiric1 secure ManageSieve server for Dove
pn  dovecot-mysql <none>                     (no description available)
pn  dovecot-pgsql <none>                     (no description available)
ii  dovecot-pop3d 1:2.0.15-1ubuntu1~oneiric1 secure POP3 server that supports m
ii  dovecot-sieve 1:2.0.15-1ubuntu1~oneiric1 sieve filters support for Dovecot
pn  dovecot-solr  <none>                     (no description available)
pn  dovecot-sqlit <none>                     (no description available)
ii  ntp           1:4.2.6.p2+dfsg-1ubuntu12  Network Time Protocol daemon and u
ii  ufw           0.30.1-2ubuntu1            program for managing a Netfilter f

Versions of packages dovecot-core is related to:
ii  dovecot-core  1:2.0.15-1ubuntu1~oneiric1 secure mail server that supports m
pn  dovecot-dbg   <none>                     (no description available)
pn  dovecot-dev   <none>                     (no description available)
pn  dovecot-gssap <none>                     (no description available)
ii  dovecot-imapd 1:2.0.15-1ubuntu1~oneiric1 secure IMAP server that supports m
pn  dovecot-ldap  <none>                     (no description available)
pn  dovecot-lmtpd <none>                     (no description available)
ii  dovecot-manag 1:2.0.15-1ubuntu1~oneiric1 secure ManageSieve server for Dove
pn  dovecot-mysql <none>                     (no description available)
pn  dovecot-pgsql <none>                     (no description available)
ii  dovecot-pop3d 1:2.0.15-1ubuntu1~oneiric1 secure POP3 server that supports m
ii  dovecot-sieve 1:2.0.15-1ubuntu1~oneiric1 sieve filters support for Dovecot
pn  dovecot-sqlit <none>                     (no description available)

-- no debconf information

>From 4b050451ac5e42eff4931b76d70aa0529ee8f1a8 Mon Sep 17 00:00:00 2001
From: Michael Kuhn <sur...@ikkoku.de>
Date: Mon, 24 Oct 2011 11:24:36 +0200
Subject: [PATCH] Do not modify symlinked certificates.

---
 debian/dovecot-core.postinst |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/debian/dovecot-core.postinst b/debian/dovecot-core.postinst
index 4b5753d..2dbaf25 100644
--- a/debian/dovecot-core.postinst
+++ b/debian/dovecot-core.postinst
@@ -148,10 +148,12 @@ root@$MAILNAME
   ucfr dovecot-core $SSL_CERT
   ucfr dovecot-core $SSL_KEY
 
-  chown root:dovecot $SSL_CERT || true
-  chmod 0644 $SSL_CERT || true
-  chown root:dovecot $SSL_KEY || true
-  chmod 0600 $SSL_KEY || true
+  if [ ! -h $SSL_CERT ] && [ ! -h $SSL_KEY ]; then
+    chown root:dovecot $SSL_CERT || true
+    chmod 0644 $SSL_CERT || true
+    chown root:dovecot $SSL_KEY || true
+    chmod 0600 $SSL_KEY || true
+  fi
 
 fi
 
-- 
1.7.7

Bug#646508: dovecot-core: Do not modify symlinked certificates.

Reply via email to