diff options
| -rw-r--r-- | mail/distribute/Makefile | 8 | ||||
| -rw-r--r-- | mail/majordomo/MESSAGE | 10 | ||||
| -rw-r--r-- | mail/majordomo/Makefile | 34 | ||||
| -rw-r--r-- | mail/majordomo/distinfo | 14 | ||||
| -rw-r--r-- | mail/majordomo/patches/patch-aa | 10 | ||||
| -rw-r--r-- | mail/majordomo/patches/patch-ab | 28 | ||||
| -rw-r--r-- | mail/majordomo/patches/patch-af | 36 | ||||
| -rw-r--r-- | mail/majordomo/patches/patch-ag | 30 | ||||
| -rw-r--r-- | mail/majordomo/patches/patch-ah | 29 | ||||
| -rw-r--r-- | mail/majordomo/patches/patch-ai | 13 | ||||
| -rw-r--r-- | mk/defaults/mk.conf | 19 |
11 files changed, 166 insertions, 65 deletions
diff --git a/mail/distribute/Makefile b/mail/distribute/Makefile index 81d697e19b2..4623ccf2262 100644 --- a/mail/distribute/Makefile +++ b/mail/distribute/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.23 2010/02/04 01:57:26 joerg Exp $ +# $NetBSD: Makefile,v 1.24 2011/01/29 17:16:33 spz Exp $ DISTNAME= distribute-2.1-pl19 PKGNAME= distribute-2.1.26 @@ -28,9 +28,9 @@ DIST_SUBDIR= distribute PATCH_DIST_STRIP= -p1 # customize below if you would like to -# mail/majordomo likes this -MAJORDOMO_DIR= /home/majordom -MAJORDOMO_LIST_DIR= ${MAJORDOMO_DIR}/lists +# this needs to be the same as majordomo uses +MAJORDOMO_HOMEDIR?= ${VARBASE}/majordomo +MAJORDOMO_LIST_DIR= ${MAJORDOMO_HOMEDIR}/lists # just as example, you may disagree with these MAILINGLIST_DIR= /var/mail-list ARCHIVE_DIR= /var/spool/mail-list diff --git a/mail/majordomo/MESSAGE b/mail/majordomo/MESSAGE index a52bb2083dc..926454a9dd9 100644 --- a/mail/majordomo/MESSAGE +++ b/mail/majordomo/MESSAGE @@ -1,5 +1,5 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.6 2010/10/30 23:48:35 spz Exp $ +$NetBSD: MESSAGE,v 1.7 2011/01/29 17:16:33 spz Exp $ Before you can use Majordomo, you will need to complete a few steps manually: @@ -54,5 +54,13 @@ manually: - add entries in /etc/newsyslog.conf to rotate the log in ${HOME}/Log if necessary. ++++++++++++++++++++++++++++ UPDATERS NOTICE +++++++++++++++++++++++++++++++ + +for resend, archive, request-answer and medit, the environment setting for +majordomo.cf now overrides the value given on the command line with -C; +this is a cheap (and ugly) fix for a vulnerability. Since that environment +variable is compiled into the wrapper program, the listed perl programs +will be locked to ${MAJORDOMO_CF} when started via the wrapper. + Enjoy Majordomo! =========================================================================== diff --git a/mail/majordomo/Makefile b/mail/majordomo/Makefile index e34bed327f0..282c720a1f3 100644 --- a/mail/majordomo/Makefile +++ b/mail/majordomo/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.40 2010/11/10 07:51:36 spz Exp $ +# $NetBSD: Makefile,v 1.41 2011/01/29 17:16:33 spz Exp $ DISTNAME= majordomo-1.94.5 -PKGREVISION= 10 +PKGREVISION= 11 CATEGORIES= mail MASTER_SITES= ftp://ftp.sgi.com/other/majordomo/1.94.5/ \ ftp://ftp-europe.sgi.com/other/majordomo/1.94.5/ @@ -71,15 +71,15 @@ USERGROUP_PHASE= configure PKG_GROUPS= ${MAJORDOMO_GROUP} PKG_USERS= ${MAJORDOMO_USER}:${MAJORDOMO_GROUP} OWN_DIRS_PERMS+= ${MAJORDOMO_HOMEDIR} \ - ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0775 + ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0755 OWN_DIRS_PERMS+= ${MAJORDOMO_HOMEDIR}/archives \ - ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0775 + ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0755 OWN_DIRS_PERMS+= ${MAJORDOMO_HOMEDIR}/digests \ - ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0775 + ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0755 OWN_DIRS_PERMS+= ${MAJORDOMO_HOMEDIR}/lists \ - ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0775 + ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0755 OWN_DIRS_PERMS+= ${MAJORDOMO_TMPDIR} \ - ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0775 + ${MAJORDOMO_USER} ${MAJORDOMO_GROUP} 0755 CONFIGURE_SED= -e "s|@PREFIX@|${PREFIX}|g" \ -e "s|@PERL@|${PERL5}|g" \ @@ -126,28 +126,28 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/Doc/${file} ${DESTDIR}${DOCDIR}/${file} .endfor ${INSTALL_DATA} ${WRKSRC}/post-install-notes ${DESTDIR}${DOCDIR}/post-install-notes - ${INSTALL} -d -m 775 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} ${DESTDIR}${EXAMPLEDIR} + ${INSTALL} -d -m 755 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} ${DESTDIR}${EXAMPLEDIR} .for dir in ${EXDIRS} - ${INSTALL} -d -m 775 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} ${DESTDIR}${EXAMPLEDIR}/${dir} + ${INSTALL} -d -m 755 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} ${DESTDIR}${EXAMPLEDIR}/${dir} .endfor - ${INSTALL_DATA} -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ - ${WRKSRC}/aliases.majordomo ${DESTDIR}${EXAMPLEDIR}/aliases.majordomo - ${INSTALL_DATA} -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ + ${INSTALL_DATA} ${WRKSRC}/aliases.majordomo \ + ${DESTDIR}${EXAMPLEDIR}/aliases.majordomo + ${INSTALL} -m 644 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ ${FILESDIR}/keep_me ${DESTDIR}${EXAMPLEDIR}/archives/example-l/.keep_me - ${INSTALL_DATA} -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ + ${INSTALL} -m 644 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ ${FILESDIR}/keep_me ${DESTDIR}${EXAMPLEDIR}/digests/example-l-digest/.keep_me .for file in ${EXFILES} - ${INSTALL_DATA} -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ + ${INSTALL} -m 644 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ ${FILESDIR}/${file} ${DESTDIR}${EXAMPLEDIR}/lists/${file} .endfor .for file in ${EXLISTS} - ${INSTALL} -m 664 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ + ${INSTALL} -m 644 -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ /dev/null ${DESTDIR}${EXAMPLEDIR}/lists/${file} .endfor ${LN} -sf example-l.info ${DESTDIR}${EXAMPLEDIR}/lists/example-l-digest.info ${LN} -sf example-l.passwd ${DESTDIR}${EXAMPLEDIR}/lists/example-l-digest.passwd - ${INSTALL_DATA} -o ${MAJORDOMO_USER} -g ${MAJORDOMO_GROUP} \ - ${WRKSRC}/majordomo.cf ${DESTDIR}${EXAMPLEDIR}/majordomo.cf + ${INSTALL_DATA} ${WRKSRC}/majordomo.cf \ + ${DESTDIR}${EXAMPLEDIR}/majordomo.cf # verify installation; requires interaction test: install diff --git a/mail/majordomo/distinfo b/mail/majordomo/distinfo index 87a070b1e51..6d008586d5c 100644 --- a/mail/majordomo/distinfo +++ b/mail/majordomo/distinfo @@ -1,17 +1,17 @@ -$NetBSD: distinfo,v 1.12 2010/11/10 07:51:36 spz Exp $ +$NetBSD: distinfo,v 1.13 2011/01/29 17:16:33 spz Exp $ SHA1 (majordomo-1.94.5.tgz) = 44b18c7b9133f2cd992f6e718551d613d9d45c00 RMD160 (majordomo-1.94.5.tgz) = 7f6b48fb5cc5b23948133658b055588d0d6608c4 Size (majordomo-1.94.5.tgz) = 312244 bytes -SHA1 (patch-aa) = 884e1ffa5e8cebef17328d0e6d5a7dc498ba72c0 -SHA1 (patch-ab) = 68bdbd77029ebd8f113c492e50e60aa7efb35de9 +SHA1 (patch-aa) = 2be639e71d75780f82d2d6364431d7d40d97ba94 +SHA1 (patch-ab) = eca7461ea2f092130a50a89888f98fe45d1ddf79 SHA1 (patch-ac) = bea997e785b2656b1660a11efce759a56a700ab2 SHA1 (patch-ad) = 65370547240539128a405484e98c7ed15a869464 SHA1 (patch-ae) = 3957e2725fdf1e693236a9517e6e24ed61c0691e -SHA1 (patch-af) = b4a50a472a16eead08c189f68d47d2cf136308c6 -SHA1 (patch-ag) = b469a639270d369732e75e6ae4df7f559e9c436e -SHA1 (patch-ah) = 666b52100cb50a948c145da0ba83c197386cbd1e -SHA1 (patch-ai) = 530a33b788960f288eaa5c065b26fe27b5ed8c7e +SHA1 (patch-af) = 4637ede790e48be99ef4ee6883057dd9c47051b1 +SHA1 (patch-ag) = 3e89057efe5d76700d773759bff8e9d2be207a99 +SHA1 (patch-ah) = 2a5a36c0c4a0612342c7156ee949a26eaeaf133f +SHA1 (patch-ai) = 50d29659f54c86be1c6f6d93732419f1bac8c435 SHA1 (patch-aj) = 2185ba182561ca3e003fa0879e696092c3b237fd SHA1 (patch-ak) = b33b0fc9e013642cc842c6d7ee70f590281764ae SHA1 (patch-al) = 776088c5916b1b0516e8abaecd69870ba57f4a76 diff --git a/mail/majordomo/patches/patch-aa b/mail/majordomo/patches/patch-aa index 89f298e355d..5706558e458 100644 --- a/mail/majordomo/patches/patch-aa +++ b/mail/majordomo/patches/patch-aa @@ -1,4 +1,4 @@ -$NetBSD: patch-aa,v 1.5 2010/10/30 23:48:36 spz Exp $ +$NetBSD: patch-aa,v 1.6 2011/01/29 17:16:33 spz Exp $ warp the Makefile template to fit into pkgsrc @@ -40,15 +40,17 @@ warp the Makefile template to fit into pkgsrc EXEC_MODE = 755 HOME_MODE = 751 -@@ -41,7 +43,7 @@ HOME_MODE = 751 +@@ -41,8 +43,8 @@ HOME_MODE = 751 # BSDI or other 4.4-based BSD, Linux) use the following four lines. Do not # change these values! WRAPPER_OWNER = root -WRAPPER_GROUP = $(W_GROUP) +-WRAPPER_MODE = 4755 +WRAPPER_GROUP = $(W_MAJORDOMO_GROUP) - WRAPPER_MODE = 4755 ++WRAPPER_MODE = 4555 POSIX = -DPOSIX_UID=$(W_USER) -DPOSIX_GID=$(W_GROUP) # Otherwise, if your system is NOT POSIX (e.g. SunOS 4.x, SGI Irix 4, + # HP DomainOS) then comment out the above four lines and uncomment @@ -62,11 +64,14 @@ POSIX = -DPOSIX_UID=$(W_USER) -DPOSIX_GI # parent process, and without the leading "W_" in the variable names) gets # passed to processes run by "wrapper" @@ -83,7 +85,7 @@ warp the Makefile template to fit into pkgsrc shlock.pl config-test archive2.pl digest -INSTALL_FLAGS = -O $(W_USER) -g $(W_GROUP) -+INSTALL_FLAGS = -O $(W_MAJORDOMO_USER) -g $(W_MAJORDOMO_GROUP) ++INSTALL_FLAGS = -O root -g $(W_MAJORDOMO_GROUP) default: @echo "make what?" diff --git a/mail/majordomo/patches/patch-ab b/mail/majordomo/patches/patch-ab index faf6a3ee621..7843e957e05 100644 --- a/mail/majordomo/patches/patch-ab +++ b/mail/majordomo/patches/patch-ab @@ -1,10 +1,30 @@ -$NetBSD: patch-ab,v 1.1.1.1 1999/06/08 17:51:26 bad Exp $ +$NetBSD: patch-ab,v 1.2 2011/01/29 17:16:33 spz Exp $ ---- ./archive2.pl.orig Wed Aug 27 09:07:44 1997 -+++ ./archive2.pl Tue Jun 8 10:55:12 1999 -@@ -61,4 +61,5 @@ +--- archive2.pl.orig 2000-01-07 11:00:49.000000000 +0000 ++++ archive2.pl +@@ -47,19 +47,23 @@ + # Change directory to our home + chdir($ENV{'HOME'}) if $ENV{'HOME'}; + +-# Read and execute the .cf file +-$cf = $ENV{"MAJORDOMO_CF"} || "/etc/majordomo.cf"; ++# Read and execute the .cf file. For security reasons, let the environment win ++$cf = "/etc/majordomo.cf"; + if ($ARGV[0] eq "-C") { + $cf = $ARGV[1]; + shift(@ARGV); + shift(@ARGV); + } ++if ($ENV{"MAJORDOMO_CF"}) { ++ $cf = $ENV{"MAJORDOMO_CF"}; ++} + if (! -r $cf) { + die("$cf not readable; stopped"); + } + require "$cf"; # All these should be in the standard PERL library +unshift(@INC, $bindir); unshift(@INC, $homedir); require "ctime.pl"; # To get MoY definitions for month abbrevs + require "majordomo_version.pl"; # What version of Majordomo is this? diff --git a/mail/majordomo/patches/patch-af b/mail/majordomo/patches/patch-af index d2f283ffef0..4dfda5aa649 100644 --- a/mail/majordomo/patches/patch-af +++ b/mail/majordomo/patches/patch-af @@ -1,8 +1,34 @@ -$NetBSD: patch-af,v 1.4 2010/10/30 23:48:36 spz Exp $ +$NetBSD: patch-af,v 1.5 2011/01/29 17:16:33 spz Exp $ ---- majordomo.orig Sat Nov 27 17:28:39 1999 -+++ majordomo Sat Nov 27 17:29:16 1999 -@@ -58,6 +58,7 @@ +--- majordomo.orig 2000-01-13 17:29:31.000000000 +0000 ++++ majordomo +@@ -24,8 +24,11 @@ + # The mj_ prefix is reserved for tools that are part of majordomo proper. + $main'program_name = 'mj_majordomo';#'; + +-# Read and execute the .cf file +-$cf = $ENV{"MAJORDOMO_CF"} || "/etc/majordomo.cf"; ++# Read and execute the .cf file. for security reasons, make the env value win ++# (the wrapper will set the env value and setuid to majordomo. If you want ++# to test a config and are properly authorized, su to the majordomo user ++# and don't use the wrapper ++$cf = "/etc/majordomo.cf"; + + while ($ARGV[0]) { # parse for config file or default list + if ($ARGV[0] =~ /^-C$/i) { # sendmail v8 clobbers case +@@ -40,6 +43,11 @@ while ($ARGV[0]) { # parse for config fi + die "Unknown argument $ARGV[0]\n"; + } + } ++ ++if ($ENV{"MAJORDOMO_CF"}) { ++ $cf = $ENV{"MAJORDOMO_CF"}; ++} ++ + if (! -r $cf) { + die("$cf not readable; stopped"); + } +@@ -58,6 +66,7 @@ if (! -t STDERR) { print STDERR "$0: starting\n" if $DEBUG; # All these should be in the standard PERL library @@ -10,7 +36,7 @@ $NetBSD: patch-af,v 1.4 2010/10/30 23:48:36 spz Exp $ unshift(@INC, $homedir); require "ctime.pl"; # To get MoY definitions for month abbrevs require "majordomo_version.pl"; # What version of Majordomo is this? -@@ -1138,7 +1139,7 @@ +@@ -1095,7 +1104,7 @@ sub do_mkdigest { # The password is valid, so run digest open(DIGEST, diff --git a/mail/majordomo/patches/patch-ag b/mail/majordomo/patches/patch-ag index d68b1a67c4e..ccdfd01f6b8 100644 --- a/mail/majordomo/patches/patch-ag +++ b/mail/majordomo/patches/patch-ag @@ -1,10 +1,32 @@ -$NetBSD: patch-ag,v 1.1.1.1 1999/06/08 17:51:26 bad Exp $ +$NetBSD: patch-ag,v 1.2 2011/01/29 17:16:33 spz Exp $ ---- ./medit.orig Mon Apr 28 12:38:05 1997 -+++ ./medit Tue Jun 8 10:55:13 1999 -@@ -30,4 +30,5 @@ +--- medit.orig 1997-04-28 18:38:05.000000000 +0000 ++++ medit +@@ -16,19 +16,25 @@ + # set our path explicitly + $ENV{'PATH'} = "/bin:/usr/bin:/usr/ucb"; + +-# Read and execute the .cf file +-$cf = $ENV{"MAJORDOMO_CF"} || "/etc/majordomo.cf"; ++# Read and execute the .cf file. Let the environment variable win ++$cf = "/etc/majordomo.cf"; + if ($ARGV[0] eq "-C") { + $cf = $ARGV[1]; + shift(@ARGV); + shift(@ARGV); + } ++ ++if ($ENV{"MAJORDOMO_CF"}) { ++ $cf = $ENV{"MAJORDOMO_CF"}; ++} ++ + if (! -r $cf) { + die("$cf not readable; stopped"); + } + require "$cf"; # All these should be in the standard PERL library +unshift(@INC, $bindir); unshift(@INC, $homedir); require "shlock.pl"; # NNTP-style file locking + require "majordomo.pl"; diff --git a/mail/majordomo/patches/patch-ah b/mail/majordomo/patches/patch-ah index f4ce9534e87..66d13029620 100644 --- a/mail/majordomo/patches/patch-ah +++ b/mail/majordomo/patches/patch-ah @@ -1,10 +1,31 @@ -$NetBSD: patch-ah,v 1.1.1.1 1999/06/08 17:51:26 bad Exp $ +$NetBSD: patch-ah,v 1.2 2011/01/29 17:16:33 spz Exp $ ---- ./request-answer.orig Mon Dec 9 09:50:20 1996 -+++ ./request-answer Tue Jun 8 10:55:13 1999 -@@ -27,4 +27,5 @@ +--- request-answer.orig 2000-01-07 11:10:18.000000000 +0000 ++++ request-answer +@@ -13,19 +13,24 @@ + # PATH it is set in the wrapper, so there is no need to set it here. + #$ENV{'PATH'} = "/bin:/usr/bin:/usr/ucb"; + +-# Read and execute the .cf file +-$cf = $ENV{"MAJORDOMO_CF"} || "/etc/majordomo.cf"; ++# Read and execute the .cf file. For security reasons, let the environment win ++$cf = "/etc/majordomo.cf"; + if ($ARGV[0] eq "-C") { + $cf = $ARGV[1]; + shift(@ARGV); + shift(@ARGV); + } ++if ($ENV{"MAJORDOMO_CF"}) { ++ $cf = $ENV{"MAJORDOMO_CF"}; ++} ++ + if (! -r $cf) { + die("$cf not readable; stopped"); + } + require "$cf"; chdir($homedir) || die("Can't chdir(\"$homedir\"): $!"); +unshift(@INC, $bindir); unshift(@INC, $homedir); require "shlock.pl"; + require "majordomo.pl"; diff --git a/mail/majordomo/patches/patch-ai b/mail/majordomo/patches/patch-ai index aa612588008..270e1f9ec11 100644 --- a/mail/majordomo/patches/patch-ai +++ b/mail/majordomo/patches/patch-ai @@ -1,7 +1,18 @@ -$NetBSD: patch-ai,v 1.2 2010/11/09 07:09:59 spz Exp $ +$NetBSD: patch-ai,v 1.3 2011/01/29 17:16:33 spz Exp $ --- resend.orig 2000-01-07 15:32:39.000000000 +0000 +++ resend +@@ -78,8 +78,8 @@ if (! defined($opt_l)) { + die("resend: must specify '-l list'"); + } + +-# Read and execute the .cf file +-$cf = $opt_C || $opt_c || $ENV{"MAJORDOMO_CF"} || "/etc/majordomo.cf"; ++# Read and execute the .cf file. For security reasons, let the environment win ++$cf = $ENV{"MAJORDOMO_CF"} || $opt_C || $opt_c || "/etc/majordomo.cf"; + + # Despite not having a place to send the remains of the body, + # it would be nice to send a message to root or postmaster, at least... @@ -92,6 +92,7 @@ require "$cf"; chdir($homedir) || die("Can't chdir(\"$homedir\"): $!"); diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf index 1835c74e7be..017bebb0986 100644 --- a/mk/defaults/mk.conf +++ b/mk/defaults/mk.conf @@ -1,4 +1,4 @@ -# $NetBSD: mk.conf,v 1.197 2010/12/25 08:51:41 adam Exp $ +# $NetBSD: mk.conf,v 1.198 2011/01/29 17:16:32 spz Exp $ # # This file provides default values for variables that may be overridden @@ -1239,20 +1239,11 @@ MAILAGENT_ORGANIZATION?= Example Company # Possible: valid hostname/email addresses/any company name # Defaults: see above -MAJORDOMO_GROUP?= majordom -# Used by the majordomo package as the groupid majordomo runs at. -# Possible: any -# Default: majordom - -MAJORDOMO_TMPDIR?= ${VARBASE}/tmp -# Used by the majordomo package as the directory to store temp files. +MAJORDOMO_HOMEDIR?= ${VARBASE}/majordomo +# Used by the majordomo package as the directory the lists dir is in +# also used by the distribute package # Possible: any directory. -# Default: ${VARBASE}/tmp - -MAJORDOMO_USER?= majordom -# Used by majordomo package as the userid majordomo runs at. -# Possible: any -# Default: majordom +# Default: ${VARBASE}/majordomo #MAKEINFO_ARGS?= # flags to be passed to makeinfo(1), if any. Warning: only use if you |