[Bug 673814] [NEW] Sync sendmail 8.14.4-2 (main) from Debian unstable (main)

Angel Abad angelabad at gmail.com
Thu Nov 11 00:17:12 UTC 2010 

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/sendmail
 status new
 importance wishlist
 subscribe ubuntu-sponsors
 done

Please sync sendmail 8.14.4-2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:

The unique diff with Debian package is the use of DEB_BUILD_HARDENING=1
in debian/rules

The original maintainer sais that this isnt necessary because the
package is already hardened with debian/rules options. You can
see at BTS bug:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542739

I think the best option is to sync this package.

Thanks!

Changelog entries since current natty version 8.14.3-9.4ubuntu1:

sendmail (8.14.4-2) unstable; urgency=high

  * Actually get the DHCP config files installed :(    Closes: #602252

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Wed, 03 Nov 2010
22:05:00 -0000

sendmail (8.14.4-1) unstable; urgency=high

  * Long past due

  * Re-enable libdb-dev, db4.8 working again

  * New upstream
    + Null checking in certificate CN (CVE-2009-4565)
    + Queue identifier int overflow
    + Handle malformed DNS replies
    + milter segfault/Dos fixes

  * Acknowledge NMUs - thanks !
    + rmail conflicts with masqmail
    + move dhcp hooks from /etc/dhcp3 to /etc/dhcp
    + CVE-2009-4565

  * Correct issues with NMUs
    + Differing buildinfo.gz (all the same file) Closes: #597779

  * Outstanding bugs:
    + Milter segfaults/Remote DoS?    Closes: #527862
    + invoke.rc conditional           Closes: #553135
    + We already harden               Closes: #542739
    + Queue aging                     Closes: #583108
    + mail.local use of lockf         Closes: #513298
    + init.d use of ps                Closes: #510679
    + remove access on purge          Closes: #589810

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Mon, 11 Sep 2010
17:53:00 -0000

sendmail (8.14.4-0) private; urgency=low

  * Start of another round of lintian cleanups
    + remove /var/run files from package (they're created as needed)
  * Drop back to db4.7 - 4.8 is broken

  * New upstream
    + Null checking in certificate CN
    + Queue identifier int overflow
    + Handle malformed DNS replices
    + DSA/DH parm length increase (Debian did that long ago)

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Thu, 31 Dec 2009
00:20:00 -0000

sendmail (8.14.3-10) unstable; urgency=low

  * Support parms on runq (Now, Verbose, or any valid sendmail option: -v)
  * Remove old & uneeded patch ldap_url_search
  * remove obsolete crap from /usr/share/bug/sendmail/script  Closes: #530992

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Mon, 09 Mar 2009
18:25:00 -0000

sendmail (8.14.3.Gamma0-0) private; urgency=low
 
  * New upstream Gamma
  * refit patches

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Thu, 17 Apr 2008
05:18:00 -0000

sendmail (8.14.3.Beta1-0) private; urgency=low

  * New upstream Beta
  * refit patches

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Sun, 06 Apr 2008
16:57:00 -0000

sendmail (8.14.3.Beta0-0) private; urgency=low

  * New upstream Beta
  * refit patches

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Wed, 05 Mar 2008
05:39:00 -0000

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzbNgYACgkQCY2uR+47wnn49wCcC18GhMYoeXBhqkw0gY4jneHZ
K3YAn1tv/9wjKr/2x0+b+NGsXmVGgAwe
=PeJB
-----END PGP SIGNATURE-----

** Affects: sendmail (Ubuntu)
     Importance: Wishlist
         Status: New

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-4565

-- 
Sync sendmail 8.14.4-2 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/673814
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.

Status in “sendmail” package in Ubuntu: New

Bug description:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/sendmail
 status new
 importance wishlist
 subscribe ubuntu-sponsors
 done

Please sync sendmail 8.14.4-2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:

The unique diff with Debian package is the use of DEB_BUILD_HARDENING=1
in debian/rules

The original maintainer sais that this isnt necessary because the
package is already hardened with debian/rules options. You can
see at BTS bug:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542739

I think the best option is to sync this package.

Thanks!

Changelog entries since current natty version 8.14.3-9.4ubuntu1:

sendmail (8.14.4-2) unstable; urgency=high

  * Actually get the DHCP config files installed :(    Closes: #602252

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Wed, 03 Nov 2010 22:05:00 -0000

sendmail (8.14.4-1) unstable; urgency=high

  * Long past due

  * Re-enable libdb-dev, db4.8 working again

  * New upstream
    + Null checking in certificate CN (CVE-2009-4565)
    + Queue identifier int overflow
    + Handle malformed DNS replies
    + milter segfault/Dos fixes

  * Acknowledge NMUs - thanks !
    + rmail conflicts with masqmail
    + move dhcp hooks from /etc/dhcp3 to /etc/dhcp
    + CVE-2009-4565

  * Correct issues with NMUs
    + Differing buildinfo.gz (all the same file) Closes: #597779

  * Outstanding bugs:
    + Milter segfaults/Remote DoS?    Closes: #527862
    + invoke.rc conditional           Closes: #553135
    + We already harden               Closes: #542739
    + Queue aging                     Closes: #583108
    + mail.local use of lockf         Closes: #513298
    + init.d use of ps                Closes: #510679
    + remove access on purge          Closes: #589810

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Mon, 11 Sep 2010 17:53:00 -0000

sendmail (8.14.4-0) private; urgency=low

  * Start of another round of lintian cleanups
    + remove /var/run files from package (they're created as needed)
  * Drop back to db4.7 - 4.8 is broken

  * New upstream
    + Null checking in certificate CN
    + Queue identifier int overflow
    + Handle malformed DNS replices
    + DSA/DH parm length increase (Debian did that long ago)

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Thu, 31 Dec 2009 00:20:00 -0000

sendmail (8.14.3-10) unstable; urgency=low

  * Support parms on runq (Now, Verbose, or any valid sendmail option: -v)
  * Remove old & uneeded patch ldap_url_search
  * remove obsolete crap from /usr/share/bug/sendmail/script  Closes: #530992

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Mon, 09 Mar 2009 18:25:00 -0000

sendmail (8.14.3.Gamma0-0) private; urgency=low
 
  * New upstream Gamma
  * refit patches

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Thu, 17 Apr 2008 05:18:00 -0000

sendmail (8.14.3.Beta1-0) private; urgency=low

  * New upstream Beta
  * refit patches

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Sun, 06 Apr 2008 16:57:00 -0000

sendmail (8.14.3.Beta0-0) private; urgency=low

  * New upstream Beta
  * refit patches

 -- Richard A Nelson (Rick) <cowboy at debian.org>  Wed, 05 Mar 2008 05:39:00 -0000

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzbNgYACgkQCY2uR+47wnn49wCcC18GhMYoeXBhqkw0gY4jneHZ
K3YAn1tv/9wjKr/2x0+b+NGsXmVGgAwe
=PeJB
-----END PGP SIGNATURE-----

More information about the Ubuntu-sponsors mailing list