summaryrefslogtreecommitdiff
path: root/mail
diff options
context:
space:
mode:
authorNick Sayer <nsayer@FreeBSD.org>2001-07-23 16:14:02 +0000
committerNick Sayer <nsayer@FreeBSD.org>2001-07-23 16:14:02 +0000
commita7402429dc0a8777855d1f2bbf4a29a25b5af8b8 (patch)
tree3c10c934381663921df7018496ec35f7dc162305 /mail
parentRemove bross@nas.nasa.gov as MAINTAINER; mail has been bouncing for (diff)
* Set maintainership to anders@fix.no, there is no maintainer for this port.
* Add info about tlb in post-install-notes. * Add WITH_POSTFIX_APPROVE_PATCH knob to fix problem with Postfix's Delivered-To and Majordomo's approve command. * Add security fixes from PR ports/28282 with a small change, use SHA1 instead of MD5 for generating cookies. * Remove security warning, which isn't necessary anymore. PR: 28282 Submitted by: anders@fix.no
Notes
Notes: svn path=/head/; revision=45413
Diffstat (limited to 'mail')
-rw-r--r--mail/majordomo/Makefile16
-rw-r--r--mail/majordomo/files/patch-aa16
-rw-r--r--mail/majordomo/files/patch-bf39
-rw-r--r--mail/majordomo/files/post-install-notes15
-rw-r--r--mail/majordomo/scripts/createuser8
5 files changed, 83 insertions, 11 deletions
diff --git a/mail/majordomo/Makefile b/mail/majordomo/Makefile
index c0e30e5d67ba..de15479e5e5f 100644
--- a/mail/majordomo/Makefile
+++ b/mail/majordomo/Makefile
@@ -7,12 +7,14 @@
PORTNAME= majordomo
PORTVERSION= 1.94.5
+PORTREVISION= 1
CATEGORIES= mail
MASTER_SITES= ftp://ftp.greatcircle.com/pub/majordomo/1.94.5/ \
ftp://ftp.sgi.com/other/majordomo/1.94.5/
EXTRACT_SUFX= .tgz
+RUN_DEPENDS= ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1
-MAINTAINER= ports@FreeBSD.org
+MAINTAINER= anders@fix.no
# Needs to create a user and group
IS_INTERACTIVE= yes
@@ -22,9 +24,9 @@ INSTALL_TARGET= install install-wrapper
MAN1= approve.1 bounce-remind.1 digest.1
MAN8= majordomo.8
-pre-fetch:
-.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
- /usr/bin/dialog --yesno "Majordomo is unsafe to use on multi-user machines: local users can run arbitrary commands as the majordomo user. Do you wish to accept the security risk and build majordomo anyway?" 8 60 || ${FALSE}
+.if defined(WITH_POSTFIX_APPROVE_PATCH)
+post-patch:
+ @cd ${WRKSRC} && ${PATCH} < ${FILESDIR}/postfix-approve-patch 2>/dev/null
.endif
pre-configure:
@@ -32,8 +34,10 @@ pre-configure:
@ ${CP} ${FILESDIR}/aliases.majordomo ${WRKSRC}
pre-install:
- @ ${CP} ${WRKSRC}/sample.cf ${WRKSRC}/majordomo.cf
-
+ @ if test -f ${WRKSRC}/majordomo.cf; then :; else \
+ ${CP} ${WRKSRC}/sample.cf ${WRKSRC}/majordomo.cf; \
+ /usr/bin/perl ${SCRIPTDIR}/makeseed ${WRKSRC}/majordomo.cf; \
+ fi
post-install:
.for file in ${MAN1}
@ ${INSTALL_MAN} ${WRKSRC}/Doc/man/${file} ${PREFIX}/man/man1
diff --git a/mail/majordomo/files/patch-aa b/mail/majordomo/files/patch-aa
index 09f5d07f42bf..d1cf4ded20e0 100644
--- a/mail/majordomo/files/patch-aa
+++ b/mail/majordomo/files/patch-aa
@@ -1,5 +1,5 @@
---- Makefile.orig Wed Aug 27 08:56:21 1997
-+++ Makefile Sat Jul 10 23:28:11 1999
+--- Makefile.orig Tue Jan 18 15:01:17 2000
++++ Makefile Mon Jul 23 03:35:47 2001
@@ -13,22 +13,22 @@
#
@@ -28,6 +28,18 @@
# These set the permissions for all installed files and executables (except
# the wrapper), respectively. Some sites may wish to make these more
+@@ -40,9 +40,9 @@
+ # If your system is POSIX (e.g. Sun Solaris, SGI Irix 5 and 6, Dec Ultrix MIPS,
+ # BSDI or other 4.4-based BSD, Linux) use the following four lines. Do not
+ # change these values!
+-WRAPPER_OWNER = root
++WRAPPER_OWNER = $(W_USER)
+ WRAPPER_GROUP = $(W_GROUP)
+-WRAPPER_MODE = 4755
++WRAPPER_MODE = 4550
+ POSIX = -DPOSIX_UID=$(W_USER) -DPOSIX_GID=$(W_GROUP)
+ # Otherwise, if your system is NOT POSIX (e.g. SunOS 4.x, SGI Irix 4,
+ # HP DomainOS) then comment out the above four lines and uncomment
@@ -62,11 +62,11 @@
# parent process, and without the leading "W_" in the variable names) gets
# passed to processes run by "wrapper"
diff --git a/mail/majordomo/files/patch-bf b/mail/majordomo/files/patch-bf
index b37241a86702..0ad15e2446b6 100644
--- a/mail/majordomo/files/patch-bf
+++ b/mail/majordomo/files/patch-bf
@@ -1,6 +1,14 @@
---- majordomo.orig Wed Aug 27 23:55:29 1997
-+++ majordomo Wed Sep 10 00:57:24 1997
-@@ -75,7 +75,7 @@
+--- majordomo.orig Thu Jan 13 18:29:31 2000
++++ majordomo Mon Jul 23 03:28:21 2001
+@@ -64,6 +64,7 @@
+ require "majordomo.pl"; # all sorts of general-purpose Majordomo subs
+ require "shlock.pl"; # NNTP-style file locking
+ require "config_parse.pl"; # functions to parse the config files
++use Digest::SHA1 qw( sha1_hex );
+
+ print STDERR "$0: requires succeeded. Setting defaults.\n" if $DEBUG;
+
+@@ -75,7 +76,7 @@
# Define all of the mailer properties:
# It is possible that one or both of $sendmail_command and $bounce_mailer
# are not defined, so we provide reasonable defaults.
@@ -9,3 +17,28 @@
unless defined $sendmail_command;
$bounce_mailer = "$sendmail_command -f\$sender -t"
unless defined $bounce_mailer;
+@@ -405,9 +406,6 @@
+ # making the request.
+ #
+ if (! $approved
+- && ! ((&addr_match($reply_to, $subscriber,
+- (&cf_ck_bool($clean_list,"mungedomain")
+- ? 2 : undef))))
+ && (($unsub_policy =~ /confirm/)
+ && (&gen_cookie($sm, $clean_list, $subscriber) ne $auth_info)))
+ {
+@@ -1907,13 +1905,7 @@
+ # joining that goes on, we need to ignore whitespace.
+ $combined =~ s/\s//g;
+
+- for ($i = 0; $i < length($combined); $i++) {
+- $cookie ^= ord(substr($combined, $i));
+- $carry = ($cookie >> 28) & 0xf;
+- $cookie <<= 4;
+- $cookie |= $carry;
+- }
+- return (sprintf("%08x", $cookie));
++ return sha1_hex( $combined );
+ }
+
+
diff --git a/mail/majordomo/files/post-install-notes b/mail/majordomo/files/post-install-notes
index f7ed89958395..ded8c8baac8b 100644
--- a/mail/majordomo/files/post-install-notes
+++ b/mail/majordomo/files/post-install-notes
@@ -28,6 +28,21 @@ manually:
define(`ALIAS_FILE',/etc/aliases,/usr/local/majordomo/aliases.majordomo')
+ - consider using ports/mail/tlb to process your deliveries if you
+ want to hide your outgoing aliases. This way you can prevent people
+ from evading restrictions for posting to your lists.
+
+ - the user executing the commands of your local aliases must be added
+ to your majordom group to be able to execute the setuid wrapper
+ script. Sendmail does this as daemon by default, which is already
+ added. The postfix port uses nobody by default, which should be
+ changed to another user if your users can execute commands as user
+ nobody (Apache/CGI comes to mind). Postfix does not do initgroups()
+ properly, so you need to chgrp the wrapper script to the
+ default_privs user (this may apply for other MTAs as well) for it
+ to work. It is important that you do this and not just make wrapper
+ executable for all; you are increasing the chances of it getting
+ exploited if you do.
Enjoy Majordomo!
diff --git a/mail/majordomo/scripts/createuser b/mail/majordomo/scripts/createuser
index f755b0b04d92..ac9675afdbce 100644
--- a/mail/majordomo/scripts/createuser
+++ b/mail/majordomo/scripts/createuser
@@ -59,3 +59,11 @@ if( $result ) {
print "Failed to add/modify user majordom!\n";
exit 1;
}
+
+## Add daemon to majordom group, to allow sendmail to call wrapper
+## via direct pipes in /etc/mail/aliases
+$result = system( "pw groupmod majordom -m daemon" );
+if( $result ) {
+ print "Failed to add/modify user majordom!\n";
+ exit 1;
+}