[sendmail/f19] Properly set the close-on-exec flag for file descriptors
Jaroslav Škarvada
jskarvad at fedoraproject.org
Wed Jun 4 15:29:59 UTC 2014
commit d792e2b6695e2490cd492dbd61729830dfe533b9
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date: Wed Jun 4 17:30:04 2014 +0200
Properly set the close-on-exec flag for file descriptors
(by close-on-exec patch)
Resolves: CVE-2014-3956
sendmail-8.14.9-close-on-exec.patch | 14 ++++++++++++++
sendmail.spec | 10 +++++++++-
2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/sendmail-8.14.9-close-on-exec.patch b/sendmail-8.14.9-close-on-exec.patch
new file mode 100644
index 0000000..74b872e
--- /dev/null
+++ b/sendmail-8.14.9-close-on-exec.patch
@@ -0,0 +1,14 @@
+diff -pruN -I '\$\(Id\|Date\|Revision\):' sendmail-8.14.8/sendmail/conf.c sendmail-8.14.9/sendmail/conf.c
+--- sendmail-8.14.8/sendmail/conf.c 2014-01-08 10:03:14.000000000 -0700
++++ sendmail-8.14.9/sendmail/conf.c 2014-05-20 11:24:39.000000000 -0600
+@@ -5309,8 +5309,8 @@ closefd_walk(lowest, fd)
+ */
+
+ void
+-sm_close_on_exec(highest, lowest)
+- int highest, lowest;
++sm_close_on_exec(lowest, highest)
++ int lowest, highest;
+ {
+ #if HASFDWALK
+ (void) fdwalk(closefd_walk, &lowest);
diff --git a/sendmail.spec b/sendmail.spec
index 69a260c..12529ff 100644
--- a/sendmail.spec
+++ b/sendmail.spec
@@ -23,7 +23,7 @@
Summary: A widely used Mail Transport Agent (MTA)
Name: sendmail
Version: 8.14.7
-Release: 1%{?dist}
+Release: 2%{?dist}
License: Sendmail
Group: System Environment/Daemons
URL: http://www.sendmail.org/
@@ -97,6 +97,8 @@ Patch23: sendmail-8.14.4-sasl2-in-etc.patch
# add QoS support, patch from Philip Prindeville <philipp at fedoraproject.org>
# upstream reserved option ID 0xe7 for testing of this new feature, #576643
Patch25: sendmail-8.14.7-qos.patch
+# CVE-2014-3956
+Patch26: sendmail-8.14.9-close-on-exec.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcp_wrappers-devel
BuildRequires: libdb-devel
@@ -218,6 +220,7 @@ cp devtools/M4/UNIX/{,shared}library.m4
%patch22 -p1 -b .libdb5
%patch23 -p1 -b .sasl2-in-etc
%patch25 -p1 -b .qos
+%patch26 -p1 -b .CVE-2014-3956
for f in RELEASE_NOTES contrib/etrn.0; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@@ -706,6 +709,11 @@ fi
%{_initrddir}/sendmail
%changelog
+* Wed Jun 4 2014 Jaroslav Škarvada <jskarvad at redhat.com> - 8.14.7-2
+- Properly set the close-on-exec flag for file descriptors
+ (by close-on-exec patch)
+ Resolves: CVE-2014-3956
+
* Sun Apr 21 2013 Robert Scheck <robert at fedoraproject.org> - 8.14.7-1
- Upgrade to 8.14.7
More information about the scm-commits
mailing list