From b451433c45a1ca5893da87bd249ac4c80c79626d Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Jun 19 2006 16:10:07 +0000 Subject: i[tw] - new version 8.13.7 (#195282) - fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by malformed multipart messages (#195776) --- diff --git a/.cvsignore b/.cvsignore index 26fa5e5..e1a3df9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -4,3 +4,4 @@ sendmail.8.13.3.tar.gz sendmail.8.13.4.tar.gz sendmail.8.13.5.tar.gz sendmail.8.13.6.tar.gz +sendmail.8.13.7.tar.gz diff --git a/sendmail-8.13.7-pid.patch b/sendmail-8.13.7-pid.patch new file mode 100644 index 0000000..321fa93 --- /dev/null +++ b/sendmail-8.13.7-pid.patch @@ -0,0 +1,20 @@ +--- sendmail-8.13.7/cf/cf/submit.mc.pid 2006-04-05 07:54:41.000000000 +0200 ++++ sendmail-8.13.7/cf/cf/submit.mc 2006-06-19 18:07:11.000000000 +0200 +@@ -15,12 +15,16 @@ + # + + divert(0)dnl +-VERSIONID(`$Id: sendmail-8.13.7-pid.patch,v 1.1 2006/06/19 16:10:07 twoerner Exp $') ++include(`/usr/share/sendmail-cf/m4/cf.m4')dnl ++VERSIONID(`linux setup')dnl + define(`confCF_VERSION', `Submit')dnl + define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining + define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet + define(`confTIME_ZONE', `USE_TZ')dnl + define(`confDONT_INIT_GROUPS', `True')dnl ++define(`confPID_FILE', `/var/run/sm-client.pid')dnl ++dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl ++FEATURE(`use_ct_file')dnl + dnl + dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] + FEATURE(`msp', `[127.0.0.1]')dnl diff --git a/sendmail.spec b/sendmail.spec index c750bee..a939a3c 100644 --- a/sendmail.spec +++ b/sendmail.spec @@ -17,7 +17,7 @@ Summary: A widely used Mail Transport Agent (MTA). Name: sendmail -Version: 8.13.6 +Version: 8.13.7 Release: 1 License: Sendmail Group: System Environment/Daemons @@ -37,7 +37,7 @@ Source11: Sendmail-sasl2.conf Patch3: sendmail-8.12.2-makemapman.patch Patch4: sendmail-8.13.2-smrsh-paths.patch Patch5: sendmail-8.12.2-movefiles.patch -Patch7: sendmail-8.13.0-pid.patch +Patch7: sendmail-8.13.7-pid.patch Patch9: sendmail-8.12.7-hesiod.patch Patch10: sendmail-8.12.7-manpage.patch Patch11: sendmail-8.13.6-dynamic.patch @@ -47,6 +47,7 @@ BuildRequires: tcp_wrappers BuildRequires: db4-devel BuildRequires: hesiod-devel BuildRequires: groff +BuildRequires: m4 PreReq: /usr/sbin/alternatives Provides: %{_sbindir}/sendmail %{_bindir}/mailq %{_bindir}/newaliases Provides: %{_bindir}/rmail %{_mandir}/man1/mailq.1.gz @@ -577,6 +578,11 @@ exit 0 %{_docdir}/sendmail %changelog +* Mon Jun 19 2006 Thomas Woerner 8.13.7-1 +- new version 8.13.7 (#195282) +- fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by + malformed multipart messages (#195776) + * Wed Mar 22 2006 Thomas Woerner 8.13.6-1 - new version 8.13.6 (fixes VU#834865) - dropped libmilter-sigwait patch (fixed in 8.13.6) diff --git a/sources b/sources index 456e4a7..b2e7b31 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -f4550d8dcc55771f4a81e999c7d6df20 sendmail.8.13.5.tar.gz -484cca51f74b5e562b3cf119ceb2f900 sendmail.8.13.6.tar.gz +5327e065cb0c1919122c8cecbeddbc28 sendmail.8.13.7.tar.gz