Update to sendmail 8.12.1.

A potential security problem has been uncovered in 8.12.0 which might
be exploited locally by malicious users to gain access to the client
mail queue.  However, as long as the MTA accepts local connections,
the possible consequences of this potential local exploit are small.
Notice: some operating systems don't provide a way to completely drop
privileges from a set-group-ID program.  In that case sendmail refuses
to run if unsafe options are given.

1 files changed, 3 insertions, 2 deletions

diff --git a/gnu/usr.sbin/sendmail/vacation/vacation.c b/gnu/usr.sbin/sendmail/vacation/vacation.c
index 582b839be74..25ea7f6b9b3 100644
--- a/gnu/usr.sbin/sendmail/vacation/vacation.c
+++ b/gnu/usr.sbin/sendmail/vacation/vacation.c
@@ -20,7 +20,7 @@ SM_IDSTR(copyright,
 	The Regents of the University of California.  All rights reserved.\n\
      Copyright (c) 1983 Eric P. Allman.  All rights reserved.\n")
 
-SM_IDSTR(id, "@(#)$Sendmail: vacation.c,v 8.127 2001/09/08 01:21:15 gshapiro Exp $")
+SM_IDSTR(id, "@(#)$Sendmail: vacation.c,v 8.130 2001/09/18 21:45:35 gshapiro Exp $")
 
 
 #include <ctype.h>
@@ -994,7 +994,8 @@ sendmessage(myname, msgfn, emptysender)
 	}
 	/* check return status of the following calls? XXX */
 	(void) close(pvect[0]);
-	if ((sfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, (void *)pvect[1],
+	if ((sfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
+			      (void *) &(pvect[1]),
 			      SM_IO_WRONLY, NULL)) != NULL)
 	{
 		(void) sm_io_fprintf(sfp, SM_TIME_DEFAULT, "To: %s\n", From);