* Set maintainership to anders@fix.no, there is no maintainer for this port.

* Add info about tlb in post-install-notes.
* Add WITH_POSTFIX_APPROVE_PATCH knob to fix problem with Postfix's
Delivered-To and Majordomo's approve command.
* Add security fixes from PR ports/28282 with a small change, use SHA1
instead of MD5 for generating cookies.
* Remove security warning, which isn't necessary anymore.

PR:		28282
Submitted by:	anders@fix.no

mail/majordomo/Makefile

@@ -7,12 +7,14 @@
 
 PORTNAME=	majordomo
 PORTVERSION=	1.94.5
+PORTREVISION=	1
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.greatcircle.com/pub/majordomo/1.94.5/ \
 		ftp://ftp.sgi.com/other/majordomo/1.94.5/
 EXTRACT_SUFX=   .tgz
+RUN_DEPENDS=	${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	anders@fix.no
 
 # Needs to create a user and group
 IS_INTERACTIVE= yes
@@ -22,9 +24,9 @@ INSTALL_TARGET=	install install-wrapper
 MAN1=		approve.1 bounce-remind.1 digest.1
 MAN8=		majordomo.8
 
-pre-fetch:
-.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
-	/usr/bin/dialog --yesno "Majordomo is unsafe to use on multi-user machines: local users can run arbitrary commands as the majordomo user. Do you wish to accept the security risk and build majordomo anyway?" 8 60 || ${FALSE}
+.if defined(WITH_POSTFIX_APPROVE_PATCH)
+post-patch:
+	@cd ${WRKSRC} && ${PATCH} < ${FILESDIR}/postfix-approve-patch 2>/dev/null
 .endif
 
 pre-configure:
@@ -32,8 +34,10 @@ pre-configure:
 		@ ${CP} ${FILESDIR}/aliases.majordomo ${WRKSRC}
 
 pre-install:
-		@ ${CP} ${WRKSRC}/sample.cf ${WRKSRC}/majordomo.cf
-
+		@ if test -f ${WRKSRC}/majordomo.cf; then :; else \
+			${CP} ${WRKSRC}/sample.cf ${WRKSRC}/majordomo.cf; \
+			/usr/bin/perl ${SCRIPTDIR}/makeseed ${WRKSRC}/majordomo.cf; \
+		fi
 post-install:
 .for file in ${MAN1}
 	@ ${INSTALL_MAN} ${WRKSRC}/Doc/man/${file} ${PREFIX}/man/man1

mail/majordomo/files/patch-aa

@@ -1,5 +1,5 @@
---- Makefile.orig	Wed Aug 27 08:56:21 1997
-+++ Makefile	Sat Jul 10 23:28:11 1999
+--- Makefile.orig	Tue Jan 18 15:01:17 2000
++++ Makefile	Mon Jul 23 03:35:47 2001
 @@ -13,22 +13,22 @@
  #
   
@@ -28,6 +28,18 @@
  
  # These set the permissions for all installed files and executables (except
  # the wrapper), respectively.  Some sites may wish to make these more
+@@ -40,9 +40,9 @@
+ # If your system is POSIX (e.g. Sun Solaris, SGI Irix 5 and 6, Dec Ultrix MIPS,
+ # BSDI or other 4.4-based BSD, Linux) use the following four lines.  Do not
+ # change these values!
+-WRAPPER_OWNER = root
++WRAPPER_OWNER = $(W_USER)
+ WRAPPER_GROUP = $(W_GROUP)
+-WRAPPER_MODE = 4755
++WRAPPER_MODE = 4550
+ POSIX = -DPOSIX_UID=$(W_USER) -DPOSIX_GID=$(W_GROUP)
+ # Otherwise, if your system is NOT POSIX (e.g. SunOS 4.x, SGI Irix 4,
+ # HP DomainOS) then comment out the above four lines and uncomment
 @@ -62,11 +62,11 @@
  # parent process, and without the leading "W_" in the variable names) gets
  # passed to processes run by "wrapper"

mail/majordomo/files/patch-bf

@@ -1,6 +1,14 @@
---- majordomo.orig	Wed Aug 27 23:55:29 1997
-+++ majordomo	Wed Sep 10 00:57:24 1997
-@@ -75,7 +75,7 @@
+--- majordomo.orig	Thu Jan 13 18:29:31 2000
++++ majordomo	Mon Jul 23 03:28:21 2001
+@@ -64,6 +64,7 @@
+ require "majordomo.pl";		# all sorts of general-purpose Majordomo subs
+ require "shlock.pl";		# NNTP-style file locking
+ require "config_parse.pl";	# functions to parse the config files
++use Digest::SHA1 qw( sha1_hex );
+ 
+ print STDERR "$0:  requires succeeded.  Setting defaults.\n" if $DEBUG; 
+ 
+@@ -75,7 +76,7 @@
  # Define all of the mailer properties:
  # It is possible that one or both of $sendmail_command and $bounce_mailer
  # are not defined, so we provide reasonable defaults.
@@ -9,3 +17,28 @@
    unless defined $sendmail_command;
  $bounce_mailer = "$sendmail_command -f\$sender -t"
    unless defined $bounce_mailer;
+@@ -405,9 +406,6 @@
+ 	# making the request. 
+ 	#
+ 	if (! $approved
+-	    && ! ((&addr_match($reply_to, $subscriber,
+-			       (&cf_ck_bool($clean_list,"mungedomain")
+-				? 2 : undef))))
+ 	    && (($unsub_policy =~ /confirm/)
+ 		&& (&gen_cookie($sm, $clean_list, $subscriber) ne $auth_info))) 
+ 	  { 
+@@ -1907,13 +1905,7 @@
+     # joining that goes on, we need to ignore whitespace.
+     $combined =~ s/\s//g;
+     
+-    for ($i = 0; $i < length($combined); $i++) {
+-	$cookie ^= ord(substr($combined, $i));
+-	$carry = ($cookie >> 28) & 0xf;
+-	$cookie <<= 4;
+-	$cookie |= $carry;
+-    }
+-    return (sprintf("%08x", $cookie));
++    return sha1_hex( $combined );
+ }
+ 
+ 

mail/majordomo/files/post-install-notes

@@ -28,6 +28,21 @@ manually:
 
 	  define(`ALIAS_FILE',/etc/aliases,/usr/local/majordomo/aliases.majordomo')
 
+	- consider using ports/mail/tlb to process your deliveries if you
+	  want to hide your outgoing aliases.  This way you can prevent people
+	  from evading restrictions for posting to your lists.
+
+	- the user executing the commands of your local aliases must be added
+	  to your majordom group to be able to execute the setuid wrapper
+	  script. Sendmail does this as daemon by default, which is already
+	  added. The postfix port uses nobody by default, which should be
+	  changed to another user if your users can execute commands as user
+	  nobody (Apache/CGI comes to mind). Postfix does not do initgroups()
+	  properly, so you need to chgrp the wrapper script to the
+	  default_privs user (this may apply for other MTAs as well) for it
+	  to work. It is important that you do this and not just make wrapper
+	  executable for all; you are increasing the chances of it getting
+	  exploited if you do.
 
 Enjoy Majordomo!
 

mail/majordomo/scripts/createuser

@@ -59,3 +59,11 @@ if( $result ) {
 	print "Failed to add/modify user majordom!\n";
 	exit 1;
 }
+
+## Add daemon to majordom group, to allow sendmail to call wrapper
+## via direct pipes in /etc/mail/aliases
+$result = system( "pw groupmod majordom -m daemon" );
+if( $result ) {
+	print "Failed to add/modify user majordom!\n";
+	exit 1;
+}