bsd-mailx no longer supports sendmail options, thus breaking existing scripts (like Bootmail)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bsd-mailx (Debian) |
Fix Released
|
Unknown
|
|||
bsd-mailx (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
The security update of bsd-mailx (8.1.2-
This breaks any script that supplies classic sendmail options like -F or -f on the mail commandline. A prominent example is Bootmail, which calls mailx in the following way:
print_mail_text | sed -e "s/[^[:print:]]//g" | rootsign | mail -s "$subject" "$recipients" -- -F "Bootmail" -f "$FROM_MAIL"
Here the options -F and -f are used to set the From: header in the resulting mail message. This is now broken and results in error messages like these in /var/log/mail.log (on systems that run Postfix):
Jan 26 16:20:09 example01 postfix/
Is this change going to stay for good? In that case we need to report a bug against the Bootmail package (and probably quite a few others) to change the mail commandline to use the "-a" commandline switch for specifying additional mail headers.
I find it disconcerting that a security update completely removes functionality that has been available and expected for many years without providing a proper compatibility layer. Is this really the way to do this?
CVE References
description: | updated |
Changed in bsd-mailx (Debian): | |
status: | Unknown → New |
Changed in bsd-mailx (Debian): | |
status: | New → Fix Released |
Relevant links:
http:// www.ubuntu. com/usn/ usn-2455- 1/ people. canonical. com/~ubuntu- security/ cve/2014/ CVE-2014- 7844.html
http://