From a7402429dc0a8777855d1f2bbf4a29a25b5af8b8 Mon Sep 17 00:00:00 2001 From: Nick Sayer Date: Mon, 23 Jul 2001 16:14:02 +0000 Subject: [PATCH] * Set maintainership to anders@fix.no, there is no maintainer for this port. * Add info about tlb in post-install-notes. * Add WITH_POSTFIX_APPROVE_PATCH knob to fix problem with Postfix's Delivered-To and Majordomo's approve command. * Add security fixes from PR ports/28282 with a small change, use SHA1 instead of MD5 for generating cookies. * Remove security warning, which isn't necessary anymore. PR: 28282 Submitted by: anders@fix.no --- mail/majordomo/Makefile | 16 ++++++---- mail/majordomo/files/patch-aa | 16 ++++++++-- mail/majordomo/files/patch-bf | 39 +++++++++++++++++++++++-- mail/majordomo/files/post-install-notes | 15 ++++++++++ mail/majordomo/scripts/createuser | 8 +++++ 5 files changed, 83 insertions(+), 11 deletions(-) diff --git a/mail/majordomo/Makefile b/mail/majordomo/Makefile index c0e30e5d67ba..de15479e5e5f 100644 --- a/mail/majordomo/Makefile +++ b/mail/majordomo/Makefile @@ -7,12 +7,14 @@ PORTNAME= majordomo PORTVERSION= 1.94.5 +PORTREVISION= 1 CATEGORIES= mail MASTER_SITES= ftp://ftp.greatcircle.com/pub/majordomo/1.94.5/ \ ftp://ftp.sgi.com/other/majordomo/1.94.5/ EXTRACT_SUFX= .tgz +RUN_DEPENDS= ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1 -MAINTAINER= ports@FreeBSD.org +MAINTAINER= anders@fix.no # Needs to create a user and group IS_INTERACTIVE= yes @@ -22,9 +24,9 @@ INSTALL_TARGET= install install-wrapper MAN1= approve.1 bounce-remind.1 digest.1 MAN8= majordomo.8 -pre-fetch: -.if !defined(BATCH) && !defined(PACKAGE_BUILDING) - /usr/bin/dialog --yesno "Majordomo is unsafe to use on multi-user machines: local users can run arbitrary commands as the majordomo user. Do you wish to accept the security risk and build majordomo anyway?" 8 60 || ${FALSE} +.if defined(WITH_POSTFIX_APPROVE_PATCH) +post-patch: + @cd ${WRKSRC} && ${PATCH} < ${FILESDIR}/postfix-approve-patch 2>/dev/null .endif pre-configure: @@ -32,8 +34,10 @@ pre-configure: @ ${CP} ${FILESDIR}/aliases.majordomo ${WRKSRC} pre-install: - @ ${CP} ${WRKSRC}/sample.cf ${WRKSRC}/majordomo.cf - + @ if test -f ${WRKSRC}/majordomo.cf; then :; else \ + ${CP} ${WRKSRC}/sample.cf ${WRKSRC}/majordomo.cf; \ + /usr/bin/perl ${SCRIPTDIR}/makeseed ${WRKSRC}/majordomo.cf; \ + fi post-install: .for file in ${MAN1} @ ${INSTALL_MAN} ${WRKSRC}/Doc/man/${file} ${PREFIX}/man/man1 diff --git a/mail/majordomo/files/patch-aa b/mail/majordomo/files/patch-aa index 09f5d07f42bf..d1cf4ded20e0 100644 --- a/mail/majordomo/files/patch-aa +++ b/mail/majordomo/files/patch-aa @@ -1,5 +1,5 @@ ---- Makefile.orig Wed Aug 27 08:56:21 1997 -+++ Makefile Sat Jul 10 23:28:11 1999 +--- Makefile.orig Tue Jan 18 15:01:17 2000 ++++ Makefile Mon Jul 23 03:35:47 2001 @@ -13,22 +13,22 @@ # @@ -28,6 +28,18 @@ # These set the permissions for all installed files and executables (except # the wrapper), respectively. Some sites may wish to make these more +@@ -40,9 +40,9 @@ + # If your system is POSIX (e.g. Sun Solaris, SGI Irix 5 and 6, Dec Ultrix MIPS, + # BSDI or other 4.4-based BSD, Linux) use the following four lines. Do not + # change these values! +-WRAPPER_OWNER = root ++WRAPPER_OWNER = $(W_USER) + WRAPPER_GROUP = $(W_GROUP) +-WRAPPER_MODE = 4755 ++WRAPPER_MODE = 4550 + POSIX = -DPOSIX_UID=$(W_USER) -DPOSIX_GID=$(W_GROUP) + # Otherwise, if your system is NOT POSIX (e.g. SunOS 4.x, SGI Irix 4, + # HP DomainOS) then comment out the above four lines and uncomment @@ -62,11 +62,11 @@ # parent process, and without the leading "W_" in the variable names) gets # passed to processes run by "wrapper" diff --git a/mail/majordomo/files/patch-bf b/mail/majordomo/files/patch-bf index b37241a86702..0ad15e2446b6 100644 --- a/mail/majordomo/files/patch-bf +++ b/mail/majordomo/files/patch-bf @@ -1,6 +1,14 @@ ---- majordomo.orig Wed Aug 27 23:55:29 1997 -+++ majordomo Wed Sep 10 00:57:24 1997 -@@ -75,7 +75,7 @@ +--- majordomo.orig Thu Jan 13 18:29:31 2000 ++++ majordomo Mon Jul 23 03:28:21 2001 +@@ -64,6 +64,7 @@ + require "majordomo.pl"; # all sorts of general-purpose Majordomo subs + require "shlock.pl"; # NNTP-style file locking + require "config_parse.pl"; # functions to parse the config files ++use Digest::SHA1 qw( sha1_hex ); + + print STDERR "$0: requires succeeded. Setting defaults.\n" if $DEBUG; + +@@ -75,7 +76,7 @@ # Define all of the mailer properties: # It is possible that one or both of $sendmail_command and $bounce_mailer # are not defined, so we provide reasonable defaults. @@ -9,3 +17,28 @@ unless defined $sendmail_command; $bounce_mailer = "$sendmail_command -f\$sender -t" unless defined $bounce_mailer; +@@ -405,9 +406,6 @@ + # making the request. + # + if (! $approved +- && ! ((&addr_match($reply_to, $subscriber, +- (&cf_ck_bool($clean_list,"mungedomain") +- ? 2 : undef)))) + && (($unsub_policy =~ /confirm/) + && (&gen_cookie($sm, $clean_list, $subscriber) ne $auth_info))) + { +@@ -1907,13 +1905,7 @@ + # joining that goes on, we need to ignore whitespace. + $combined =~ s/\s//g; + +- for ($i = 0; $i < length($combined); $i++) { +- $cookie ^= ord(substr($combined, $i)); +- $carry = ($cookie >> 28) & 0xf; +- $cookie <<= 4; +- $cookie |= $carry; +- } +- return (sprintf("%08x", $cookie)); ++ return sha1_hex( $combined ); + } + + diff --git a/mail/majordomo/files/post-install-notes b/mail/majordomo/files/post-install-notes index f7ed89958395..ded8c8baac8b 100644 --- a/mail/majordomo/files/post-install-notes +++ b/mail/majordomo/files/post-install-notes @@ -28,6 +28,21 @@ manually: define(`ALIAS_FILE',/etc/aliases,/usr/local/majordomo/aliases.majordomo') + - consider using ports/mail/tlb to process your deliveries if you + want to hide your outgoing aliases. This way you can prevent people + from evading restrictions for posting to your lists. + + - the user executing the commands of your local aliases must be added + to your majordom group to be able to execute the setuid wrapper + script. Sendmail does this as daemon by default, which is already + added. The postfix port uses nobody by default, which should be + changed to another user if your users can execute commands as user + nobody (Apache/CGI comes to mind). Postfix does not do initgroups() + properly, so you need to chgrp the wrapper script to the + default_privs user (this may apply for other MTAs as well) for it + to work. It is important that you do this and not just make wrapper + executable for all; you are increasing the chances of it getting + exploited if you do. Enjoy Majordomo! diff --git a/mail/majordomo/scripts/createuser b/mail/majordomo/scripts/createuser index f755b0b04d92..ac9675afdbce 100644 --- a/mail/majordomo/scripts/createuser +++ b/mail/majordomo/scripts/createuser @@ -59,3 +59,11 @@ if( $result ) { print "Failed to add/modify user majordom!\n"; exit 1; } + +## Add daemon to majordom group, to allow sendmail to call wrapper +## via direct pipes in /etc/mail/aliases +$result = system( "pw groupmod majordom -m daemon" ); +if( $result ) { + print "Failed to add/modify user majordom!\n"; + exit 1; +}