Overview
Request 72244 accepted
- Update to sendmail 8.14.5
* Do not cache SMTP extensions across connections as the cache is
based on hostname which may not be a unique identifier for a
server, i.e., different machines may have the same hostname but
provide different SMTP extensions. Problem noted by Jim Hermann.
* Avoid an out-of-bounds access in case a resolver reply for a DNS
map lookup returns a size larger than 1K. Based on a patch
from Dr. Werner Fink of SuSE.
* If a job is aborted using the interrupt signal (e.g., control-C
from the keyboard), perform minimal cleanup to avoid invoking
functions that are not signal-safe. Note: in previous versions
the mail might have been queued up already and would be
delivered subsequently, now an interrupt will always remove the
queue files and thus prevent delivery.
* Per RFC 6176, when operating as a TLS client, do not offer SSLv2.
* Since TLS session resumption is never used as a client, disable
use of RFC 4507-style session tickets.
* Work around gcc4 versions which reverse 25 years of history and
no longer align char buffers on the stack, breaking calls to
resolver functions on strict alignment platforms.
Found by Stuart Henderson of OpenBSD.
* Read at most two AUTH lines from a server greeting (up to two
lines are read because servers may use "AUTH mechs" and
"AUTH=mechs"). Otherwise a malicious server may exhaust the
memory of the client. Bug report by Nils of MWR InfoSecurity.
* Avoid triggering an assertion in the OpenLDAP code when the
connection to an LDAP server is lost while making a query.
Problem noted and patch provided by Andy Fiddaman.
* If ConnectOnlyTo is set and sendmail is compiled with NETINET6
it would try to use an IPv6 address if an IPv4 (or unparseable)
- Created by WernerFink
- In state accepted
Request History
WernerFink created request
- Update to sendmail 8.14.5
* Do not cache SMTP extensions across connections as the cache is
based on hostname which may not be a unique identifier for a
server, i.e., different machines may have the same hostname but
provide different SMTP extensions. Problem noted by Jim Hermann.
* Avoid an out-of-bounds access in case a resolver reply for a DNS
map lookup returns a size larger than 1K. Based on a patch
from Dr. Werner Fink of SuSE.
* If a job is aborted using the interrupt signal (e.g., control-C
from the keyboard), perform minimal cleanup to avoid invoking
functions that are not signal-safe. Note: in previous versions
the mail might have been queued up already and would be
delivered subsequently, now an interrupt will always remove the
queue files and thus prevent delivery.
* Per RFC 6176, when operating as a TLS client, do not offer SSLv2.
* Since TLS session resumption is never used as a client, disable
use of RFC 4507-style session tickets.
* Work around gcc4 versions which reverse 25 years of history and
no longer align char buffers on the stack, breaking calls to
resolver functions on strict alignment platforms.
Found by Stuart Henderson of OpenBSD.
* Read at most two AUTH lines from a server greeting (up to two
lines are read because servers may use "AUTH mechs" and
"AUTH=mechs"). Otherwise a malicious server may exhaust the
memory of the client. Bug report by Nils of MWR InfoSecurity.
* Avoid triggering an assertion in the OpenLDAP code when the
connection to an LDAP server is lost while making a query.
Problem noted and patch provided by Andy Fiddaman.
* If ConnectOnlyTo is set and sendmail is compiled with NETINET6
it would try to use an IPv6 address if an IPv4 (or unparseable)
coolo approved review
Builds for repo openSUSE_Factory
Output of check script (non-fatal):
- package has sendmail-rpmlintrc: (unchanged)
saschpe accepted request
Accepted submit request 72244 from user coolo
licensedigger accepted review
{"approve": "preliminary, version number changed"}
coolo accepted review
Builds for repo openSUSE_Factory
Output of check script (non-fatal):
- package has sendmail-rpmlintrc: (unchanged)
