[sendmail/f19] Properly set the close-on-exec flag for file descriptors

Jaroslav Škarvada jskarvad at fedoraproject.org
Wed Jun 4 15:29:59 UTC 2014 

commit d792e2b6695e2490cd492dbd61729830dfe533b9
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date:   Wed Jun 4 17:30:04 2014 +0200

    Properly set the close-on-exec flag for file descriptors
    
      (by close-on-exec patch)
      Resolves: CVE-2014-3956

 sendmail-8.14.9-close-on-exec.patch |   14 ++++++++++++++
 sendmail.spec                       |   10 +++++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/sendmail-8.14.9-close-on-exec.patch b/sendmail-8.14.9-close-on-exec.patch
new file mode 100644
index 0000000..74b872e
--- /dev/null
+++ b/sendmail-8.14.9-close-on-exec.patch
@@ -0,0 +1,14 @@
+diff -pruN -I '\$\(Id\|Date\|Revision\):' sendmail-8.14.8/sendmail/conf.c sendmail-8.14.9/sendmail/conf.c
+--- sendmail-8.14.8/sendmail/conf.c	2014-01-08 10:03:14.000000000 -0700
++++ sendmail-8.14.9/sendmail/conf.c	2014-05-20 11:24:39.000000000 -0600
+@@ -5309,8 +5309,8 @@ closefd_walk(lowest, fd)
+ */
+ 
+ void
+-sm_close_on_exec(highest, lowest)
+-	int highest, lowest;
++sm_close_on_exec(lowest, highest)
++	int lowest, highest;
+ {
+ #if HASFDWALK
+ 	(void) fdwalk(closefd_walk, &lowest);
diff --git a/sendmail.spec b/sendmail.spec
index 69a260c..12529ff 100644
--- a/sendmail.spec
+++ b/sendmail.spec
@@ -23,7 +23,7 @@
 Summary: A widely used Mail Transport Agent (MTA)
 Name: sendmail
 Version: 8.14.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: Sendmail
 Group: System Environment/Daemons
 URL: http://www.sendmail.org/
@@ -97,6 +97,8 @@ Patch23: sendmail-8.14.4-sasl2-in-etc.patch
 # add QoS support, patch from Philip Prindeville <philipp at fedoraproject.org>
 # upstream reserved option ID 0xe7 for testing of this new feature, #576643
 Patch25: sendmail-8.14.7-qos.patch
+# CVE-2014-3956
+Patch26: sendmail-8.14.9-close-on-exec.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: tcp_wrappers-devel
 BuildRequires: libdb-devel
@@ -218,6 +220,7 @@ cp devtools/M4/UNIX/{,shared}library.m4
 %patch22 -p1 -b .libdb5
 %patch23 -p1 -b .sasl2-in-etc
 %patch25 -p1 -b .qos
+%patch26 -p1 -b .CVE-2014-3956
 
 for f in RELEASE_NOTES contrib/etrn.0; do
 	iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@@ -706,6 +709,11 @@ fi
 %{_initrddir}/sendmail
 
 %changelog
+* Wed Jun  4 2014 Jaroslav Škarvada <jskarvad at redhat.com> - 8.14.7-2
+- Properly set the close-on-exec flag for file descriptors
+  (by close-on-exec patch)
+  Resolves: CVE-2014-3956
+
 * Sun Apr 21 2013 Robert Scheck <robert at fedoraproject.org> - 8.14.7-1
 - Upgrade to 8.14.7

More information about the scm-commits mailing list