[exim] Warnings even in testing modes (Was: Security release…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Old-Topics: Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.2, 4.86.2, 4.87 RC5
Subject: [exim] Warnings even in testing modes (Was: Security release for CVE-2016-1531: 4.84.2, 4.85.2, ) 4.86.2, 4.87 RC5
Andreas M. Kirchwitz <amk@???> (Mo 07 Mär 2016 02:03:52 CET):
> Heiko Schlittermann <hs@???> wrote:
>
> > New options
> > -----------
> >
> > We had to introduce two new configuration options:
> >
> >     keep_environment =
> >     add_environment =

> >
> > [...]
> >
> > ** THIS MAY BREAK your existing installation **
> >
> > If both options are not used in the configuration, Exim issues a warning
> > on startup. This warning disappears if at least one of these options is
> > used (even if set to an empty value).
>
> Thanks for the security updates! Highly appreciated.
>
> Unfortunately, it looks like this warning message also has the
> potential to break existing installations because
>
>       "<eximbin> -C /dev/null -bP <configvar>"

>
> is sometimes used to get preconfigured configuration settings.


Yes, I agree. I'm working on a solution for this issue.
It will make it into 4.87, hopefully.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -