Package: courier-imap-ssl
Version: 4.15-1.5
Severity: normal
Dear Maintainer,
When trying to implement workaround for POODLE[1], which means setting
IMAPDSSLSTART to NO, courier-imap-ssl won't start.
The fix is easy to implement: add
case "$IMAPDSTARTTLS" in
[yY]*)START=yes;;
esac
in /etc/init.d/courier-imap-ssl (right after the identical section for
IMAPDSSLSTART).
[1]
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (900, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages courier-imap-ssl depends on:
ii courier-imap 4.15-1.5
ii courier-ssl 0.73.1-1.5
ii debconf 1.5.53
ii openssl 1.0.1j-1
courier-imap-ssl recommends no packages.
Versions of packages courier-imap-ssl suggests:
pn courier-doc <none>
ii mutt [imap-client] 1.5.23-1.1
-- Configuration Files:
/etc/courier/imapd-ssl changed:
SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/courier/imapd-ssl.pid
MAXDAEMONS=40
MAXPERIP=40
SSLLOGGEROPTS="-name=imapd-ssl"
IMAPDSSLSTART=NO
IMAPDSTARTTLS=YES
IMAP_TLS_REQUIRED=1
COURIERTLS=/usr/bin/couriertls
TLS_PROTOCOL="TLS1"
TLS_STARTTLS_PROTOCOL="TLS1"
TLS_CIPHER_LIST="TLSv1:HIGH:!SSLv3:!SSLv2:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
TLS_KX_LIST=ALL
TLS_COMPRESSION=ALL
TLS_CERTS=X509
TLS_CERTFILE=/etc/courier/imapd.pem
TLS_TRUSTCERTS=/etc/ssl/certs
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir
/etc/courier/imapd.cnf [Errno 2] No such file or directory:
u'/etc/courier/imapd.cnf'
/etc/init.d/courier-imap-ssl changed:
prefix="/usr"
exec_prefix=${prefix}
sysconfdir="/etc/courier"
bindir="${exec_prefix}/bin"
sbindir="${exec_prefix}/sbin"
libexecdir="${prefix}/lib/courier"
TCPD=${sbindir}/couriertcpd
DAEMONPROG=${sbindir}/imapd
DAEMON=imapd-ssl
PROGRAM="Courier IMAP-SSL server"
if ! [ -x "${bindir}/imapd" ]; then
exit 0
fi
. /lib/lsb/init-functions
if ! [ -x $TCPD ]; then
log_action_msg "$PROGRAM: ERROR - $TCPD missing"
exit 1
fi
if ! [ -f ${sysconfdir}/imapd ]; then
log_action_msg "$PROGRAM: ERROR - imapd configuration file missing"
exit 1
fi
if ! [ -f ${sysconfdir}/imapd-ssl ]; then
log_action_msg "$PROGRAM: ERROR - imapd-ssl configuration file missing"
exit 1
fi
if [ -z "$MAILDIRPATH" ]; then
MAILDIRPATH=Maildir
fi
. ${sysconfdir}/imapd
. ${sysconfdir}/imapd-ssl
if [ -z "$IMAP_UMASK" ]; then
IMAP_UMASK=022
fi
if ! [ -x $COURIERTLS ]; then
log_action_msg "$PROGRAM: ERROR - $COURIERTLS missing"
exit 1
fi
START=no
case "$IMAPDSSLSTART" in
[yY]*)START=yes;;
esac
case "$IMAPDSTARTTLS" in
[yY]*)START=yes;;
esac
case "$1" in
start)
if [ "$START" = "yes" ]; then
log_daemon_msg "Starting $PROGRAM" "$DAEMON"
umask $IMAP_UMASK
ulimit -v $IMAP_ULIMITD
/usr/bin/env - /bin/sh -c " . ${sysconfdir}/imapd ; \
. ${sysconfdir}/imapd-ssl ; \
IMAP_TLS=1 ; export IMAP_TLS ; \
`sed -n '/^#/d;/=/p' <${sysconfdir}/imapd | \
sed 's/=.*//;s/^/export /;s/$/;/'`
`sed -n '/^#/d;/=/p' <${sysconfdir}/imapd-ssl | \
sed 's/=.*//;s/^/export /;s/$/;/'`
PROXY_HOSTNAME=$PROXY_HOSTNAME ; \
/usr/sbin/courierlogger -pid=$SSLPIDFILE -start $SSLLOGGEROPTS \
$TCPD -address=$SSLADDRESS \
-maxprocs=$MAXDAEMONS -maxperip=$MAXPERIP \
$TCPDOPTS \
$SSLPORT $COURIERTLS -server -tcpd \
${libexecdir}/courier/imaplogin \
${bindir}/imapd $MAILDIRPATH"
log_end_msg 0
fi
;;
stop)
log_daemon_msg "Stopping $PROGRAM" "$DAEMON"
/usr/sbin/courierlogger -pid=$SSLPIDFILE -stop
log_end_msg 0
;;
restart | force-reload)
$0 stop
$0 start
;;
status)
status_of_proc -p $SSLPIDFILE $DAEMON "$PROGRAM" && exit 0 || exit $?
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload}" >&2
exit 2
;;
esac
exit 0
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
