[Bug 1021719] Review Request: opensmtpd - Minimalistic but powerful smtp server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1021719



--- Comment #13 from Kevin Fenzi <kevin@xxxxxxxxx> ---
All the issues from comment 11 appear fixed. ;) 

However, I see a few new rpmlint complaints: 

opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/sbin/smtpctl
opensmtpd.i686: E: missing-call-to-chdir-with-chroot
/usr/libexec/opensmtpd/queue-ram
opensmtpd.i686: E: missing-call-to-chdir-with-chroot
/usr/libexec/opensmtpd/scheduler-stub
opensmtpd.i686: E: missing-call-to-chdir-with-chroot
/usr/libexec/opensmtpd/scheduler-ram
opensmtpd.i686: E: missing-call-to-chdir-with-chroot
/usr/libexec/opensmtpd/queue-null
opensmtpd.i686: E: missing-call-to-chdir-with-chroot
/usr/libexec/opensmtpd/queue-stub
opensmtpd.i686: E: missing-call-to-chdir-with-chroot /usr/sbin/smtpd

$ rpmlint -I missing-call-to-chdir-with-chroot
missing-call-to-chdir-with-chroot:
This executable appears to call chroot without using chdir to change the
current directory. This is likely an error and permits an attacker to break
out of the chroot by using fchdir. While that's not always a security issue,
this has to be checked.

Could you ask upstream on this? 

Also, a nitpick: 

opensmtpd.i686: W: incoherent-version-in-changelog 5.4.1p1-1.denf
['5.4.1p1-1.fc21', '5.4.1p1-1']

drop the 'denf' in changelogs?

We are getting close here. ;)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review





[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]