On 2013-01-06 "Adam D. Barratt" <[email protected]> wrote: > On Sat, 2013-01-05 at 14:20 +0100, Andreas Metzler wrote: > > | Dovecot: robustness; better msg on missing mech. [...] >> On top of this I would like to discuss whether it is acceptable to fix >> http://bugs.debian.org/697057 in stable, too. [ I definitily want o >> get the fix into testing - #697444.] The Debian configuration >> optionally allows to use spfquery to run SPF-checks on incoming mail. >> Due to insufficient quoting it is possible to pass on arbitrary >> arguments to spfquery and therefore bypass SPF checks. The fix is not >> invasive, but it changes dpkg conffiles.
> How likely is it that users will have modified the conffile in question? [...] Hello, Quite likely. The two dpkg-conffiles which will end up being modified are /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt and /etc/exim4/exim4.conf.template. Everybody who is using non-split[1] configuration and who has modified the dpkg-conffile (there is basically only a single relevant one) will see the prompt. OTOH even for split-config the ACL section is one of the first candidates for local modifications. cu andreas [1] We provide two different ways to configure exim with debconf. One uses /etc/exim4/exim4.conf.template as basis, the other one uses multiple small files in /etc/exim4/conf.d/. The latter possibility minimizes conffile prompts, while being more fragile. non-split config is the default. -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
