attempts to bind to wrong interface for CNAME-to-A-only MX when ipv6 available

Bug #1223633 reported by Kees Cook on 2013-09-11
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sendmail (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
Saucy
Undecided
Unassigned

Bug Description

When sendmail is configured with both IPv4 and IPv6 interfaces, it can fail to deliver to any hosts that have a CNAME as an MX record that resolves only to an A record with no AAAA record.

An existing example of this is here:
http://serverfault.com/questions/482035/sendmail-issue-with-ipv6

IMPACT: if ipv6 is routable, sendmail suddenly cannot deliver email to a subset of servers with slightly misconfigured MX records.

TEST CASE:
- bring up routable ipv6 interface
- install and configure sendmail-bin
- Run "date | sendmail -v -Am -d61.14 -d16.14 <email address hidden>"
- observe failure "makeconnection: cannot bind [IPv6:nnnnn....]: Address family not supported by protocol"

REGRESSION POTENTIAL: low. This is an upstream patch backported specifically for this version of sendmail. Proper operation is trivially verifiable.

Kees Cook (kees) wrote :

Working with upstream, the cause of the bug was tracked down, and the following patch solves the issue.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sendmail - 8.14.4-2.1ubuntu4

---------------
sendmail (8.14.4-2.1ubuntu4) saucy; urgency=low

  * conf.c-ipv6.patch: fix A-only MX CNAME interface binding issues
    when using IPv6 (LP: #1223633).
 -- Kees Cook <email address hidden> Tue, 10 Sep 2013 19:30:55 -0700

Changed in sendmail (Ubuntu Saucy):
status: New → Fix Released

Thanks for uploading the fix for this bug report to -proposed. However, when reviewing the package in -proposed and the details of this bug report I noticed that the bug description is missing information required for the SRU process. You can find full details at http://wiki.ubuntu.com/StableReleaseUpdates#Procedure but essentially this bug is missing some of the following: a statement of impact, a test case and details regarding the regression potential. Thanks in advance!

Kees Cook (kees) on 2013-09-19
description: updated

Hello Kees, or anyone else affected,

Accepted sendmail into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/sendmail/8.14.4-2ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sendmail (Ubuntu Precise):
status: New → Fix Committed
tags: added: verification-needed
Kees Cook (kees) wrote :

This seems to work for me. Thanks!

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sendmail - 8.14.4-2ubuntu2.1

---------------
sendmail (8.14.4-2ubuntu2.1) precise-proposed; urgency=low

  * raise-max-daemons.patch: raise the hard-coded limit of the number of
    listening daemons. Without this, IPv6 is hard (LP: #1223636).
  * conf.c-ipv6.patch: fix A-only MX CNAME interface binding issues
    when using IPv6 (LP: #1223633).
 -- Kees Cook <email address hidden> Sat, 07 Sep 2013 09:31:47 -0700

Changed in sendmail (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for sendmail has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers