[Bug 828047] [NEW] postfix init script copies smtp_tls_CApath /etc/ssl/certs to /var/spool/postfix/etc/ssl/certs/etc/ssl/certs

William Shallum william at shallum.net
Wed Aug 17 14:19:48 UTC 2011 

Public bug reported:

The postfix init script copies the files in smtp_tls_CApath to a
location within the chroot using this line of code:

find "$ca_path" -print0 | cpio -0pdL "$dest_dir"

where ca_path=$(postconf -h smtp_tls_CApath) and
dest_dir="$queue_dir/${ca_path#/}"

When smtp_tls_CApath=/etc/ssl/certs this copies the certificates into
/var/spool/postfix/etc/ssl/certs/etc/ssl/certs instead of
/var/spool/postfix/etc/ssl/certs, causing certificate verification to
fail. I suggest using some other method of copying the certificates.

PS: the part that copies the smtp_tls_CAfile below also seems a bit odd,
why is it using ca_path when calculating dest_dir? Have not checked if
this is really a bug as I don't use the smtp_tls_CAfile setting.

    if test -f "$ca_file"; then
      dest_dir="$queue_dir/${ca_path#/}"
      mkdir --parent "$dest_dir"
      cp -L "$ca_file" "$dest_dir"
    fi


ProblemType: Bug
Architecture: i386
Date: Wed Aug 17 09:59:32 2011
Dependencies:
 adduser 3.112ubuntu1
 base-files 5.0.0ubuntu20.10.04.4
 base-passwd 3.5.22
 coreutils 7.4-2ubuntu3
 debconf 1.5.28ubuntu4
 debconf-i18n 1.5.28ubuntu4
 debianutils 3.2.2
 dpkg 1.15.5.6ubuntu4.5
 findutils 4.4.2-1ubuntu1
 gcc-4.4-base 4.4.3-4ubuntu5
 libacl1 2.2.49-2
 libattr1 1:2.4.44-1
 libc-bin 2.11.1-0ubuntu7.8
 libc6 2.11.1-0ubuntu7.8
 libdb4.8 4.8.24-1ubuntu1
 libgcc1 1:4.4.3-4ubuntu5
 liblocale-gettext-perl 1.05-6
 libncurses5 5.7+20090803-2ubuntu3
 libpam-modules 1.1.1-2ubuntu5.3
 libpam0g 1.1.1-2ubuntu5.3
 libsasl2-2 2.1.23.dfsg1-5ubuntu1
 libselinux1 2.0.89-4
 libssl0.9.8 0.9.8k-7ubuntu8.6
 libstdc++6 4.4.3-4ubuntu5
 libtext-charwidth-perl 0.04-6
 libtext-iconv-perl 1.7-2
 libtext-wrapi18n-perl 0.06-7
 lsb-base 4.0-0ubuntu8
 lzma 4.43-14ubuntu2
 ncurses-bin 5.7+20090803-2ubuntu3
 netbase 4.35ubuntu3
 openssl 0.9.8k-7ubuntu8.6
 passwd 1:4.1.4.2-1ubuntu2.2
 perl-base 5.10.1-8ubuntu2.1
 sed 4.2.1-6
 sensible-utils 0.0.1ubuntu3
 ssl-cert 1.0.23ubuntu2
 tzdata 2011g-0ubuntu0.10.04
 zlib1g 1:1.2.3.3.dfsg-15ubuntu1
DistroRelease: Ubuntu 10.04
Package: postfix 2.8.1-1~lucid1
PackageArchitecture: i386
ProcEnviron: SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-33.70-generic-pae 2.6.32.41+drm33.18
SourcePackage: postfix
Tags: lucid
Uname: Linux 2.6.32-33-generic-pae i686

** Affects: postfix (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/828047

Title:
  postfix init script copies smtp_tls_CApath /etc/ssl/certs to
  /var/spool/postfix/etc/ssl/certs/etc/ssl/certs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/828047/+subscriptions

More information about the Ubuntu-server-bugs mailing list