[SRU] postfix tls deploy-server-cert fails with "can't shift that many"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Lucas Kanashiro | ||
Bionic |
Fix Released
|
Undecided
|
Lucas Kanashiro | ||
Eoan |
Won't Fix
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Lucas Kanashiro |
Bug Description
[Impact]
"postfix tls deploy-server-cert" did not handle a missing optional argument which makes users get a "can't shift that many..." error.
In order to fix the issue the following upstream patch is going to be backported to Bionic and Xenial:
20200530
Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert"
did not handle a missing optional argument. File:
conf/postfix-
[Test Case]
Install postfix and try to deploy a server certificate:
$ lxc launch ubuntu-daily:bionic postfix-cert
$ lxc shell postfix-cert
# apt-get update && apt-get upgrade -y
# apt install postfix ssl-cert
# postfix tls deploy-server-cert /etc/ssl/
/usr/lib/
If you try the commands above in a Xenial container you'll get the same error.
[Regression Potential]
The proposed change is one line and self contained, so no regression is expected. But if a regression is going to happen it will be in the "postfix tls deploy-server-cert" command.
[Original Description]
lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04
postfix:
Installed: 3.3.0-1ubuntu0.2
Candidate: 3.3.0-1ubuntu0.2
Version table:
*** 3.3.0-1ubuntu0.2 500
500 http://
100 /var/lib/
3.3.0-1 500
500 http://
Attempting to deploy server certificates with
postfix tls deploy-server-cert certificate.crt keyfile.key
Expected to deploy new certificates
What happened - command fails with
/usr/
The issue appears to be that the function "deploy-
/usr/lib/
deploy_
certfile=$1; shift
keyfile=$1; shift
deploy=$1; shift
...
This works when the function is called by the function new_server_cert, which calls the function with the arguments:
deploy_
But when this function is invoked directly in line 1154, it is called with only 2 arguments
deploy_
Related branches
- Canonical Server: Pending requested
-
Diff: 795 lines (+249/-88)32 files modifiedHISTORY (+81/-0)
Makefile.in (+1/-1)
README_FILES/MAILLOG_README (+1/-1)
RELEASE_NOTES (+8/-0)
conf/postfix-tls-script (+1/-1)
debian/changelog (+19/-0)
debian/patches/series (+0/-1)
debian/postfix.postinst (+1/-1)
dev/null (+0/-51)
html/MAILLOG_README.html (+1/-1)
html/postconf.5.html (+1/-1)
html/postfix.1.html (+1/-1)
makedefs (+14/-1)
man/man1/postfix.1 (+1/-1)
man/man5/postconf.5 (+1/-1)
proto/MAILLOG_README.html (+1/-1)
proto/postconf.proto (+1/-1)
src/dns/dns.h (+4/-0)
src/dns/dns_lookup.c (+5/-2)
src/dns/dns_str_resflags.c (+6/-0)
src/global/mail_params.c (+2/-0)
src/global/mail_params.h (+1/-1)
src/global/mail_version.h (+2/-2)
src/milter/milter.c (+5/-5)
src/postfix/postfix.c (+1/-1)
src/smtpd/smtpd_check.c (+8/-8)
src/tls/tls_bio_ops.c (+7/-0)
src/tls/tls_misc.c (+21/-0)
src/tls/tls_session.c (+1/-1)
src/tlsproxy/tlsproxy.c (+26/-4)
src/util/midna_domain.c (+26/-0)
src/util/midna_domain.h (+1/-0)
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 48 lines (+26/-0)3 files modifieddebian/changelog (+6/-0)
debian/patches/fix_tls_deploy-server-cert.patch (+19/-0)
debian/patches/series (+1/-0)
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
- Canonical Server Core Reviewers: Pending requested
-
Diff: 48 lines (+26/-0)3 files modifieddebian/changelog (+6/-0)
debian/patches/fix_tls_deploy-server-cert.patch (+19/-0)
debian/patches/series (+1/-0)
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 775 lines (+241/-87)31 files modifiedHISTORY (+81/-0)
Makefile.in (+1/-1)
README_FILES/MAILLOG_README (+1/-1)
RELEASE_NOTES (+8/-0)
conf/postfix-tls-script (+1/-1)
debian/changelog (+12/-0)
debian/patches/series (+0/-1)
dev/null (+0/-51)
html/MAILLOG_README.html (+1/-1)
html/postconf.5.html (+1/-1)
html/postfix.1.html (+1/-1)
makedefs (+14/-1)
man/man1/postfix.1 (+1/-1)
man/man5/postconf.5 (+1/-1)
proto/MAILLOG_README.html (+1/-1)
proto/postconf.proto (+1/-1)
src/dns/dns.h (+4/-0)
src/dns/dns_lookup.c (+5/-2)
src/dns/dns_str_resflags.c (+6/-0)
src/global/mail_params.c (+2/-0)
src/global/mail_params.h (+1/-1)
src/global/mail_version.h (+2/-2)
src/milter/milter.c (+5/-5)
src/postfix/postfix.c (+1/-1)
src/smtpd/smtpd_check.c (+8/-8)
src/tls/tls_bio_ops.c (+7/-0)
src/tls/tls_misc.c (+21/-0)
src/tls/tls_session.c (+1/-1)
src/tlsproxy/tlsproxy.c (+26/-4)
src/util/midna_domain.c (+26/-0)
src/util/midna_domain.h (+1/-0)
tags: | added: server-next |
Changed in postfix (Ubuntu Xenial): | |
status: | New → Triaged |
Changed in postfix (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in postfix (Ubuntu Eoan): | |
status: | New → Triaged |
Changed in postfix (Ubuntu Focal): | |
status: | New → Triaged |
Changed in postfix (Ubuntu): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
status: | Confirmed → In Progress |
Changed in postfix (Ubuntu Focal): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
status: | Triaged → In Progress |
description: | updated |
summary: |
- postfix tls deploy-server-cert fails with "can't shift that many" + [SRU] postfix tls deploy-server-cert fails with "can't shift that many" |
tags: |
added: verification-done removed: verification-needed |
Changed in postfix (Ubuntu Eoan): | |
status: | Triaged → Won't Fix |
Changed in postfix (Ubuntu Xenial): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in postfix (Ubuntu Bionic): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in postfix (Ubuntu Xenial): | |
status: | Triaged → In Progress |
Changed in postfix (Ubuntu Bionic): | |
status: | Triaged → In Progress |
description: | updated |
I agree that it seems to miss an argument in the call from deploy-server-cert.
I have compared the versions up to the much more recent 3.5.2-1 but the situation is the same.
Reproducing this doesn't need a lot of pre-setup: certs/ssl- cert-snakeoil. pem /etc/ssl/ private/ ssl-cert- snakeoil. key
$ apt install postfix ssl-cert
$ postfix tls deploy-server-cert /etc/ssl/