diff --git a/sendmail-8.14.9-close-on-exec.patch b/sendmail-8.14.9-close-on-exec.patch new file mode 100644 index 0000000..74b872e --- /dev/null +++ b/sendmail-8.14.9-close-on-exec.patch @@ -0,0 +1,14 @@ +diff -pruN -I '\$\(Id\|Date\|Revision\):' sendmail-8.14.8/sendmail/conf.c sendmail-8.14.9/sendmail/conf.c +--- sendmail-8.14.8/sendmail/conf.c 2014-01-08 10:03:14.000000000 -0700 ++++ sendmail-8.14.9/sendmail/conf.c 2014-05-20 11:24:39.000000000 -0600 +@@ -5309,8 +5309,8 @@ closefd_walk(lowest, fd) + */ + + void +-sm_close_on_exec(highest, lowest) +- int highest, lowest; ++sm_close_on_exec(lowest, highest) ++ int lowest, highest; + { + #if HASFDWALK + (void) fdwalk(closefd_walk, &lowest); diff --git a/sendmail.spec b/sendmail.spec index 69a260c..12529ff 100644 --- a/sendmail.spec +++ b/sendmail.spec @@ -23,7 +23,7 @@ Summary: A widely used Mail Transport Agent (MTA) Name: sendmail Version: 8.14.7 -Release: 1%{?dist} +Release: 2%{?dist} License: Sendmail Group: System Environment/Daemons URL: http://www.sendmail.org/ @@ -97,6 +97,8 @@ Patch23: sendmail-8.14.4-sasl2-in-etc.patch # add QoS support, patch from Philip Prindeville # upstream reserved option ID 0xe7 for testing of this new feature, #576643 Patch25: sendmail-8.14.7-qos.patch +# CVE-2014-3956 +Patch26: sendmail-8.14.9-close-on-exec.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: tcp_wrappers-devel BuildRequires: libdb-devel @@ -218,6 +220,7 @@ cp devtools/M4/UNIX/{,shared}library.m4 %patch22 -p1 -b .libdb5 %patch23 -p1 -b .sasl2-in-etc %patch25 -p1 -b .qos +%patch26 -p1 -b .CVE-2014-3956 for f in RELEASE_NOTES contrib/etrn.0; do iconv -f iso8859-1 -t utf8 -o ${f}{_,} && @@ -706,6 +709,11 @@ fi %{_initrddir}/sendmail %changelog +* Wed Jun 4 2014 Jaroslav Škarvada - 8.14.7-2 +- Properly set the close-on-exec flag for file descriptors + (by close-on-exec patch) + Resolves: CVE-2014-3956 + * Sun Apr 21 2013 Robert Scheck - 8.14.7-1 - Upgrade to 8.14.7