From ac7cef1dc3559ac1a4b4197b50c05be5d08cacce Mon Sep 17 00:00:00 2001
From: Andreas Beckmann <anbe@debian.org>
Date: Fri, 23 May 2014 19:32:23 +0200
Subject: properly set the close-on-exec flag before executing mailers

backported from 8.14.9:
SECURITY: Properly set the close-on-exec flag for file descriptors
	(except stdin, stdout, and stderr) before executing mailers.
---
 debian/changelog                               |  2 ++
 debian/patches/8.14/8.14.4/close_on_exec.patch | 13 +++++++++++++
 debian/patches/8.14/8.14.4/series              |  1 +
 3 files changed, 16 insertions(+)
 create mode 100644 debian/patches/8.14/8.14.4/close_on_exec.patch

diff --git a/debian/changelog b/debian/changelog
index 9dd0505..5fdb06f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,8 @@ sendmail (8.14.4-6) UNRELEASED; urgency=medium
   * Apply manpage corrections from Ubuntu.  (Closes: #747551)
   * libmilter-assert.patch: Fix an incorrect assertion in libmilter,
     cherry-picked from sendmail 8.14.7.  (LP: #1299571)
+  * close_on_exec.patch: Properly set the close-on-exec flag for file
+    descriptors before executing mailers, cherry-picked from sendmail 8.14.9.
   * libmilter: Convert into a 'Multi-Arch: same' package.
   * libmilter: Add symbols control file.
   * libmilter-dev: Move static libraries from /usr/lib/libmilter to /usr/lib.
diff --git a/debian/patches/8.14/8.14.4/close_on_exec.patch b/debian/patches/8.14/8.14.4/close_on_exec.patch
new file mode 100644
index 0000000..f19a984
--- /dev/null
+++ b/debian/patches/8.14/8.14.4/close_on_exec.patch
@@ -0,0 +1,13 @@
+--- sendmail-8.14.8/sendmail/conf.c	2014-01-08 18:03:14.000000000 +0100
++++ sendmail-8.14.9/sendmail/conf.c	2014-05-20 19:24:39.000000000 +0200
+@@ -5309,8 +5309,8 @@
+ */
+ 
+ void
+-sm_close_on_exec(highest, lowest)
+-	int highest, lowest;
++sm_close_on_exec(lowest, highest)
++	int lowest, highest;
+ {
+ #if HASFDWALK
+ 	(void) fdwalk(closefd_walk, &lowest);
diff --git a/debian/patches/8.14/8.14.4/series b/debian/patches/8.14/8.14.4/series
index 7c05e53..6de1aa7 100644
--- a/debian/patches/8.14/8.14.4/series
+++ b/debian/patches/8.14/8.14.4/series
@@ -21,3 +21,4 @@ ssl_op_no_tlsv1_x.patch
 install_static_libs.patch
 shared_libmilter.patch
 libmilter-assert.patch
+close_on_exec.patch
-- 
cgit v1.2.3