Bug#699591: exim4 upload to stable (dovecot stability / and optionally spf quoting)
Control: tags -1 + confirmed
On Sun, 2014-07-13 at 14:00 +0200, Andreas Metzler wrote:
> On 2014-07-08 "Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:
> > On Sun, 2013-02-24 at 14:58 +0100, Andreas Metzler wrote:
> >> On 2013-02-17 "Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:
> [...]
> >> I have just setup a test system in my squeeze chroot, using dovecot
> >> with passdb passwd-file as authentication source. It worked for me. I
> >> have tried AUTH PLAIN, CRAM-MD5 and DIGEST-MD5.
>
> >> However I do not know whether any systematic testing was done.
>
> >>>> On top of this I would like to discuss whether it is acceptable to fix
> >>>> http://bugs.debian.org/697057 in stable, too. [ I definitily want o
> >>>> get the fix into testing - #697444.] The Debian configuration
> >>>> optionally allows to use spfquery to run SPF-checks on incoming mail.
> >>>> Due to insufficient quoting it is possible to pass on arbitrary
> >>>> arguments to spfquery and therefore bypass SPF checks. The fix is not
> >>>> invasive, but it changes dpkg conffiles.
>
> > We're now within a few days of closing uploads for the final point
> > release of squeeze. Is this still something you'd like to fix there?
>
> Yes, I would still like to upload this.
Okay, thanks for the confirmation.
The window for getting the fix in to the point release officially closes
today; is that likely to be doable?
Assuming that the diff would consist of the patch from
http://git.exim.org/exim.git/commit/3f1df0e341c4ddc4add38fa97d9d34972655a6c7 and that from https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;filename=quoteit.diff;att=1;bug=697057 , please feel free to upload as 4.72-6+squeeze4.
Regards,
Adam
Reply to: