Your message dated Mon, 08 May 2017 19:18:40 +0000 with message-id <e1d7ob6-000dfd...@fasolo.debian.org> and subject line Bug#860762: fixed in courier 0.76.3-5 has caused the Debian Bug report #860762, regarding courier-mta: certificate verification failure for CNAMEs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 860762: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860762 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: courier-mta Version: 0.73.1-1.6 Severity: important Tags: fixed-upstream patch pending Hi, as Viktor Szépe recently pointed out to me, courier-mta fails to verify certificates of other MTAs using CNAMEs as their host name. With Amazon SES, Mailjet, etc. this recently became more common and therefore more important to fix. Upstream provides a fix [0] that's easy enough to backport to stretch. I haven't tried jessie, yet. Kind Regards Markus Wanner [0]: Upstream commit: Fix TLS verification when DNS lookup comes back with CNAMEs: https://github.com/svarshavchik/courier-libs/commit/5e522ab14f45c6f4f43c43e32a2f72fbf6354f1c
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: courier Source-Version: 0.76.3-5 We believe that the bug you reported is fixed in the latest version of courier, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 860...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Wanner <mar...@bluegap.ch> (supplier of updated courier package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 08 May 2017 19:16:44 +0200 Source: courier Binary: courier-base courier-maildrop courier-mlm courier-mta courier-faxmail courier-webadmin sqwebmail courier-pcp courier-pop courier-imap courier-ldap courier-doc courier-ssl courier-mta-ssl courier-pop-ssl courier-imap-ssl Architecture: source amd64 all Version: 0.76.3-5 Distribution: unstable Urgency: medium Maintainer: Markus Wanner <mar...@bluegap.ch> Changed-By: Markus Wanner <mar...@bluegap.ch> Description: courier-base - Courier mail server - base system courier-doc - Courier mail server - additional documentation courier-faxmail - Courier mail server - Fax<->mail gateway courier-imap - Courier mail server - IMAP server courier-imap-ssl - Courier mail server - IMAP over TLS [transitional] courier-ldap - Courier mail server - LDAP support courier-maildrop - Courier mail server - mail delivery agent [transitional package] courier-mlm - Courier mail server - mailing list manager courier-mta - Courier mail server - ESMTP daemon courier-mta-ssl - Courier mail server - ESMTP over TLS [transitional] courier-pcp - Courier mail server - PCP server courier-pop - Courier mail server - POP3 server courier-pop-ssl - Courier mail server - POP3 over TLS [transitional] courier-ssl - Courier mail server - TLS Support [transitional] courier-webadmin - Courier mail server - web-based administration frontend sqwebmail - Courier mail server - webmail server Closes: 847348 848978 860762 860765 860777 Changes: courier (0.76.3-5) unstable; urgency=medium . * Fix Debian patch 0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch: do not invoke 'install -b' twice from mkesmtpdcert, eliminating backup files not cleaned up by purge. Closes: #847348. * Add patch 0026-Fix-TLS-verification-for-CNAMEs.patch: correct TLS verification when DNS answers with CNAMEs. Closes: #860762. * Systemd service files: Correct delimiter of dependencies. Closes: #860765. * Fix init scripts: Add proper PIDFILE declarations to init scripts. Replace status_of_proc with a more direct call to pidofproc and simplify the courier and courierfilter init scripts. Closes: #860777. * Take over the package. Closes: #848978. Checksums-Sha1: 0411eab5ff1ea515b85b834c4e6bdee66ad3fa3a 3759 courier_0.76.3-5.dsc 4ebca15e1df65c217be0162278e4c58c4cfa8791 96112 courier_0.76.3-5.debian.tar.xz 4f7de30aaddcf216dd0c5a2e2121cbf1604368d9 372348 courier-doc_0.76.3-5_all.deb d96eea5da912eb365081d103b5a7efae0fb22333 91720 courier-imap-ssl_4.17.2+0.76.3-5_all.deb 5d53157044fe2ce61a32d9e1c6075a2c20841ea1 92210 courier-maildrop_2.8.4+0.76.3-5_all.deb e78a82177f2cafc7e355d4ec956966267643aa55 91694 courier-mta-ssl_0.76.3-5_all.deb c8515b8a5ebc039e2fb2a7e761dc345ebb8aabc3 91708 courier-pop-ssl_0.76.3-5_all.deb fd0c703ffcd5400dbefedeec7751493a568cdf4d 91534 courier-ssl_0.76.3-5_all.deb Checksums-Sha256: 014692dc471e4cda3edc374b7dfbaeddbb5e666cda620d9daebbe2adc456706e 3759 courier_0.76.3-5.dsc 67c923c8d00e9a690e981af4ca610e47c8898bd7bd2aac754a8e13bff0d393a6 96112 courier_0.76.3-5.debian.tar.xz e180e548d5ec2440a83a97df8528df00cb1836687caf7d577fb824dc7a1b3e0d 372348 courier-doc_0.76.3-5_all.deb af912c10640b8ad8c975f7bd60a6b6d2c09a2764d630b467bff281ccfa663032 91720 courier-imap-ssl_4.17.2+0.76.3-5_all.deb 85d11b4228b4a80008939fb8702e29e374d7507f2d0a74fa9aff0c7ffb0a7f24 92210 courier-maildrop_2.8.4+0.76.3-5_all.deb 9ccdb78348d62017b5794533b9ae98782c57ee19cdb68af94b540046ae4cd7b1 91694 courier-mta-ssl_0.76.3-5_all.deb 7e5ac3f42433ff4076dd36576cbd2e78048a36da302da3b15fe113bdbeeca882 91708 courier-pop-ssl_0.76.3-5_all.deb b6836e8e051d52f3c14da5081379b1ca3ab19b8f61c662e2cc8a3298c0b948ac 91534 courier-ssl_0.76.3-5_all.deb Files: e26b97ffc89b28f1c6d61c1caaeace59 3759 mail optional courier_0.76.3-5.dsc 822d6b1c284b88aad49c38e50b723e6e 96112 mail optional courier_0.76.3-5.debian.tar.xz 1defd52d9b0665037908abcaee0c0de7 372348 doc optional courier-doc_0.76.3-5_all.deb 9c577ac7e0aefc3355230b0a4a00075c 91720 oldlibs extra courier-imap-ssl_4.17.2+0.76.3-5_all.deb befda4c31b79c41b57f975fb068eac36 92210 oldlibs extra courier-maildrop_2.8.4+0.76.3-5_all.deb 94cd017ccef21ae0d48b32d8495e0120 91694 oldlibs extra courier-mta-ssl_0.76.3-5_all.deb bf3403140eab5d64e21a59a3869eeaa2 91708 oldlibs extra courier-pop-ssl_0.76.3-5_all.deb bd8514da034b5280295ffa5b514caf7e 91534 oldlibs extra courier-ssl_0.76.3-5_all.deb -----BEGIN PGP SIGNATURE----- iQQzBAEBCAAdFiEE7WdiNgeE4zHiUwPWAlr+layd8xsFAlkQwAcACgkQAlr+layd 8xt+Nx//VBAyBlGFgQm/7ohMu/ZeyNzh8dIyIm+LOb60ipAaQasScod2f1M3BEhJ fXHQiDIhF4FaE+0qiuOhwWNViBOg5xLh1wPorgRThaXmAKq7p0MRtAqjJAgci7Iy vW2AJe4fBaCQ6zdjZKcSD0hJ1/vFy6EqD5WiBZ0PyjatwWvG4zq64fF6qAPXY/hk 0wpB52cyNvVur7LToIuD4MyNAcWbdmDeUGTDYNy/oQvazj9YGTnHXO6HyxE/NCu5 PySCAx398ALdiGd4fEDNQouclU/Jkz4LZogvDq0jRu2BHB16XDSZ69XZjNHlwrR/ Yd4pG0jtyv2l93cTgnZyXRv7w/diynqzubYkOvMP47Jmqq9imsTSk3pCxJS5o5zv Pad27ZWXLnUNxslsrCbRqrRxT+W3wvOkABjtEfoMR8R0gdZc+Qio8fECTDPMVNLD hHgQwCpg68zkVyQF6LyA03bJ28LqC7os8aq2Rfq0QkQcm227eD8jyoRg/yqKDpJ+ kcWmg63gNAew/kTfe0vP4PDQXGe3RT3hEls4hOFdklBXNMv3DfVyBanhfBnz340W tPbECd5OhPT6Zv6kHVUbGbBAP4d4XHyyAf7J8UDYcE0sIZfeqddXMdDF9eV4/9ix MAh50mTDiSYD300C2BfCXlCTUOP92N5E9FjGGoAEN5w7pGElKLJJVYnWjHaBr5N6 Rk49VbLheGm+kwD830LpVvzGJTXRcRY8f0ltZ0BUYsLDGJ3koAeuxF5fEqalFAMQ lTyzJlEaTaURHBMDYyTUbqSPj4ZN1yPfeBvi1Ho3+aofB2ZR8raa/qbIpA1dYK4R 5m9Lfv7fG6i10s0Yc+wR9TU9Gzg1l054sPb3cXN7CiFn5tOMoIDFzvIzCDBBY/jQ QI4k+NFhydZAkZaI4vkQX+xhKqE/hINK/p/QgzLsMdinx2CzyYGH73Jy0Y+5CN/G l2SgTLH11ZD+pk1n2/GXdjhCcrYMIlw/Zs1D2kDP95acNerE/G4seVnSNwh/+s7/ GP7WwVleMgawK2GThX8QUf7m2TA9Y1wx7Qa1Q8mMblisFI6jSsindPTY/ykFto6C H7lb1Ig5j+jTsP0L7hT1JGQWy43N5GDVOYCG2WSo9G4+UDftd2a288hQFJmp9cfu HdV3UeG0Ykc5k8T0tKnPJpnS0OKKKABzgyacxTNKx+PvmIABH0y8c8rYeY9zd51J X3pVDctYtHA9N7KKH3nWQdiTrJrvfAW/QQcd3P6AC7HV5MVcJMRgP1urVZHCmEIx 6yonsl4i9u9PdCmlVEVcFuScn+d13N9U7MEOAlaFb7yEO7Sy/KiW1IVC1OejUu29 hRXFgLOpj58cCxy/sLJEJ3z2aiWL5w== =WKHX -----END PGP SIGNATURE-----
--- End Message ---
