sendmail erratum, June 6, 2014

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

sendmail erratum, June 6, 2014

Ted Unangst-6
Please note that we're having an issue with cvsync and some of the
mirrors at this time, so cvs up -rOPENBSD_5_5 may not be a reliable
way to update. Sorry about that. Please use the patches on ftp.

OpenBSD 5.4 is also affected.

untrusted comment: signature from openbsd 5.5 base secret key

OpenBSD 5.5 errata 7, June 6, 2014: Sendmail was not properly closing file
descriptions before executing programs. This could enable local users to
interfere with an open SMTP connection.

Apply patch using:

    signify -Vep /etc/signify/ -x 007_sendmail.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install sendmail:
        cd gnu/usr.sbin/sendmail
        make obj
        make depend
        make install

Index: gnu/usr.sbin/sendmail/sendmail/conf.c
RCS file: /cvs/src/gnu/usr.sbin/sendmail/sendmail/conf.c,v
retrieving revision 1.37
diff -u -p -r1.37 conf.c
--- gnu/usr.sbin/sendmail/sendmail/conf.c 7 Feb 2014 21:25:00 -0000 1.37
+++ gnu/usr.sbin/sendmail/sendmail/conf.c 5 Jun 2014 10:15:53 -0000
@@ -5309,8 +5309,8 @@ closefd_walk(lowest, fd)
-sm_close_on_exec(highest, lowest)
- int highest, lowest;
+sm_close_on_exec(lowest, highest)
+ int lowest, highest;
  (void) fdwalk(closefd_walk, &lowest);