This patch replaces the following patches:

1281, 1471, 1639, 1780, 2231, 3260

This patch has no known incompatiblities with other patches.

This patch fixes the following bugs:

356996 - sendmail dumps core in very bad way
367577 - SECURITY HOLE with rmail
389520 - When /var/mail is nfs mounted, mail files are created with incorrect
                ownership
443335 - Sendmail load average calculation
498861 - /bin/rmail is setuid and has security vulnerabilities
553016 - Sendmail 8.6.12 has security/nuisance holes
614246 - Parse0 ruleset missing, breaks 2231 anti-spam feature
615170 - sendmail 8.8.8 patch2231 has a possbile bad exit-op?
615458 - patch 2231 configmail script is broken
615834 - another /usr/sbin/mailx buffer overrun
617068 - New /usr/bin/mail from patch 2231 has security vulnerability
617435 - Sendmail security patches make usernames case sensitive through sendmail
                

1. Patch SG0003348 Release Note

       This release note describes patch SG0003348 to IRIX 6.2

       Patch SG0003348 replaces patches(es) 1281, 1471, 1639, 1780,
       2231, and 3260.

       This patch contains bug fixes for all hardware platforms.

       This patch contains bug fixes for IRIX on a system running
       IRIX 6.2 The software cannot be installed on other
       configurations.

       This patch contains fixes for the following bugs in IRIX 6.2
       Bug numbers from Silicon Graphics bug tracking system are
       included for reference.

       Bugs fixed by patch SG0003348

          o Bug 615834 - Security vulnerability in Mail

          o Bug 614246 - parse0 ruleset missing from antispam
            support

          o Bug 617435 - Sendmail delivery is case sensitive

          o Bug 617068 - /bin/mail security vulnerability

          o Bug 615170 - configmail script required patched nawk

          o Bug 615458 - configmail script required patched grep

       Replaces and rolls up Patch 2231, which fixed:

          o Bug 498861 - Similar to bug 367577.

          o Bug 553016 - Sendmail versions 8.6.x has security
            holes.   The recommended solution is to upgrade to the
            current version of sendmail.

       Replaces and rolls up Patch 1780, which fixed:

          o Bug 443335 - sendmail load average calculation


       Replaces and rolls up Patch 1639, which fixed:

          o Bug 389520 - When /var/mail is nfs mounted, mail files
            are created with incorrect ownership.

       Replaces and rolls up Patch 1471, which fixed:

          o Bug 356996 - sendmail core dumps

       Replaces and rolls up Patch 1281, which fixed:

          o Bug 367577 - There is a security hole in rmail which
            allows user to read any file that is readable by the
            group "mail". This is typically exploited to access
            other user's mailbox.

       This patch release includes these subsystems:

          o patchSG0003348.eoe_sw.unix

          o patchSG0003348.eoe_man.unix

       Because you want to install only the patches for problems
       you have encountered, patch software is not installed by
       default.  After reading the descriptions of the bugs fixed
       in this patch (see Section 1.3), determine the patches that
       meet your specific needs.

       If, after reading Sections 1.1 and 1.2 of these release
       notes, you are unsure whether your hardware and software
       meet the requirements for installing a particular patch, run
       inst.  The inst program does not allow you to install
       patches that are incompatible with your hardware or
       software.

       Patch software is installed like any other Silicon Graphics
       software product.  Follow the instructions in your Software
       Installation Administrator's Guide to bring up the miniroot
       form of the software installation tools.

       Follow these steps to select a patch for installation:

         1.  At the Inst> prompt, type

             install patchSGxxxxxxx


             where xxxxxxx is the patch number.

         2.  Initiate the installation sequence. Type

             Inst> go

         3.  You may find that two patches have been marked as
             incompatible.  (The installation tools reject an
             installation request if an incompatibility is
             detected.)  If this occurs, you must deselect one of
             the patches.

             Inst> keep patchSGxxxxxxx

             where xxxxxxx is the patch number.

         4.  After completing the installation process, exit the
             inst program by typing

             Inst> quit

       To remove a patch, use the versions remove command as you
       would for any other software subsystem.  The removal process
       reinstates the original version of software unless you have
       specifically removed the patch history from your system.

       versions remove patchSGxxxxxxx

       where xxxxxxx is the patch number.

       To keep a patch but increase your disk space, use the
       versions removehist command to remove the patch history.

       versions removehist patchSGxxxxxxx

       where xxxxxxx is the patch number.

No Requirements Information Available.

These checksums help to provide a 'signature' for the patch inst image which can be used to authenticate other inst images. You can obtain this kind of output by running sum -r on the image (from the command line):

25807      4   patchSG0003348
01364     69   patchSG0003348.eoe_man
42080    910   patchSG0003348.eoe_sw
43633      7   patchSG0003348.idb

The following lists the files which get installed from each subsystem in the patch:

patchSG0003348.eoe_man.unix

usr/share/catman/a_man/cat1/canonhost.z
usr/share/catman/a_man/cat1/configmail.z
usr/share/catman/a_man/cat1/mailstats.z
usr/share/catman/a_man/cat1/makemap.z
usr/share/catman/a_man/cat1/sendmail.z
usr/share/catman/u_man/cat1/Mail.z

patchSG0003348.eoe_sw.unix

etc/aliases
etc/sendmail.cf
etc/sendmail.hf
usr/bin/mail
usr/bin/rmail
usr/bsd/mailstats
usr/bsd/makemap
usr/etc/configmail
usr/lib/Mail.help
usr/lib/Mail.help.~
usr/lib/Mail.rc
usr/lib/sendmail
usr/relnotes/patchSG0003348/TC
usr/relnotes/patchSG0003348/ch1.z
usr/sbin/Mail
usr/sbin/canonhost
usr/sbin/fmt
usr/sbin/vacation

Download Server	File Name	Date Added	Size	Download
download.sgi.com	patchSG0003348.tar	15-Sep-1998	513 K	FTP	HTTP
download.sgi.com	patchSG0003348.tardist	15-Sep-1998	513 K	FTP	HTTP
FTP = download using FTP protocol HTTP = download using HTTP protocol = store in your basket for downloading later