* Set maintainership to anders@fix.no, there is no maintainer for this port.

* Add info about tlb in post-install-notes. * Add WITH_POSTFIX_APPROVE_PATCH knob to fix problem with Postfix's Delivered-To and Majordomo's approve command. * Add security fixes from PR ports/28282 with a small change, use SHA1 instead of MD5 for generating cookies. * Remove security warning, which isn't necessary anymore. PR: 28282 Submitted by: anders@fix.no
author: nsayer <nsayer@FreeBSD.org> 2001-07-23 16:14:02 +0000
committer: nsayer <nsayer@FreeBSD.org> 2001-07-23 16:14:02 +0000
commit: f6a928f16deb6b29a04d7ca45da2385ea4df147d (patch)
tree: f0bdc27b8b02715457cfe1883960db14c2f3341c /mail/majordomo/files
parent: dac91c4093ab37516fbb32cf1f4fe9f61dcd893e (diff)
download: FreeBSD-ports-f6a928f16deb6b29a04d7ca45da2385ea4df147d.zip
FreeBSD-ports-f6a928f16deb6b29a04d7ca45da2385ea4df147d.tar.gz
3 files changed, 65 insertions, 5 deletions
diff --git a/mail/majordomo/files/patch-aa b/mail/majordomo/files/patch-aa
index 09f5d07..d1cf4de 100644
--- a/mail/majordomo/files/patch-aa
+++ b/mail/majordomo/files/patch-aa
@@ -1,5 +1,5 @@
---- Makefile.orig	Wed Aug 27 08:56:21 1997
-+++ Makefile	Sat Jul 10 23:28:11 1999
+--- Makefile.orig	Tue Jan 18 15:01:17 2000
++++ Makefile	Mon Jul 23 03:35:47 2001
 @@ -13,22 +13,22 @@
  #
   
@@ -28,6 +28,18 @@
  
  # These set the permissions for all installed files and executables (except
  # the wrapper), respectively.  Some sites may wish to make these more
+@@ -40,9 +40,9 @@
+ # If your system is POSIX (e.g. Sun Solaris, SGI Irix 5 and 6, Dec Ultrix MIPS,
+ # BSDI or other 4.4-based BSD, Linux) use the following four lines.  Do not
+ # change these values!
+-WRAPPER_OWNER = root
++WRAPPER_OWNER = $(W_USER)
+ WRAPPER_GROUP = $(W_GROUP)
+-WRAPPER_MODE = 4755
++WRAPPER_MODE = 4550
+ POSIX = -DPOSIX_UID=$(W_USER) -DPOSIX_GID=$(W_GROUP)
+ # Otherwise, if your system is NOT POSIX (e.g. SunOS 4.x, SGI Irix 4,
+ # HP DomainOS) then comment out the above four lines and uncomment
 @@ -62,11 +62,11 @@
  # parent process, and without the leading "W_" in the variable names) gets
  # passed to processes run by "wrapper"
diff --git a/mail/majordomo/files/patch-bf b/mail/majordomo/files/patch-bf
index b37241a..0ad15e2 100644
--- a/mail/majordomo/files/patch-bf
+++ b/mail/majordomo/files/patch-bf
@@ -1,6 +1,14 @@
---- majordomo.orig	Wed Aug 27 23:55:29 1997
-+++ majordomo	Wed Sep 10 00:57:24 1997
-@@ -75,7 +75,7 @@
+--- majordomo.orig	Thu Jan 13 18:29:31 2000
++++ majordomo	Mon Jul 23 03:28:21 2001
+@@ -64,6 +64,7 @@
+ require "majordomo.pl";		# all sorts of general-purpose Majordomo subs
+ require "shlock.pl";		# NNTP-style file locking
+ require "config_parse.pl";	# functions to parse the config files
++use Digest::SHA1 qw( sha1_hex );
+ 
+ print STDERR "$0:  requires succeeded.  Setting defaults.\n" if $DEBUG; 
+ 
+@@ -75,7 +76,7 @@
  # Define all of the mailer properties:
  # It is possible that one or both of $sendmail_command and $bounce_mailer
  # are not defined, so we provide reasonable defaults.
@@ -9,3 +17,28 @@
    unless defined $sendmail_command;
  $bounce_mailer = "$sendmail_command -f\$sender -t"
    unless defined $bounce_mailer;
+@@ -405,9 +406,6 @@
+ 	# making the request. 
+ 	#
+ 	if (! $approved
+-	    && ! ((&addr_match($reply_to, $subscriber,
+-			       (&cf_ck_bool($clean_list,"mungedomain")
+-				? 2 : undef))))
+ 	    && (($unsub_policy =~ /confirm/)
+ 		&& (&gen_cookie($sm, $clean_list, $subscriber) ne $auth_info))) 
+ 	  { 
+@@ -1907,13 +1905,7 @@
+     # joining that goes on, we need to ignore whitespace.
+     $combined =~ s/\s//g;
+     
+-    for ($i = 0; $i < length($combined); $i++) {
+-	$cookie ^= ord(substr($combined, $i));
+-	$carry = ($cookie >> 28) & 0xf;
+-	$cookie <<= 4;
+-	$cookie |= $carry;
+-    }
+-    return (sprintf("%08x", $cookie));
++    return sha1_hex( $combined );
+ }
+ 
+ 
diff --git a/mail/majordomo/files/post-install-notes b/mail/majordomo/files/post-install-notes
index f7ed899..ded8c8b 100644
--- a/mail/majordomo/files/post-install-notes
+++ b/mail/majordomo/files/post-install-notes
@@ -28,6 +28,21 @@ manually:
 
 	  define(`ALIAS_FILE',/etc/aliases,/usr/local/majordomo/aliases.majordomo')
 
+	- consider using ports/mail/tlb to process your deliveries if you
+	  want to hide your outgoing aliases.  This way you can prevent people
+	  from evading restrictions for posting to your lists.
+
+	- the user executing the commands of your local aliases must be added
+	  to your majordom group to be able to execute the setuid wrapper
+	  script. Sendmail does this as daemon by default, which is already
+	  added. The postfix port uses nobody by default, which should be
+	  changed to another user if your users can execute commands as user
+	  nobody (Apache/CGI comes to mind). Postfix does not do initgroups()
+	  properly, so you need to chgrp the wrapper script to the
+	  default_privs user (this may apply for other MTAs as well) for it
+	  to work. It is important that you do this and not just make wrapper
+	  executable for all; you are increasing the chances of it getting
+	  exploited if you do.
 
 Enjoy Majordomo!
author	nsayer <nsayer@FreeBSD.org>	2001-07-23 16:14:02 +0000
committer	nsayer <nsayer@FreeBSD.org>	2001-07-23 16:14:02 +0000
commit	f6a928f16deb6b29a04d7ca45da2385ea4df147d (patch)
tree	f0bdc27b8b02715457cfe1883960db14c2f3341c /mail/majordomo/files
parent	dac91c4093ab37516fbb32cf1f4fe9f61dcd893e (diff)
download	FreeBSD-ports-f6a928f16deb6b29a04d7ca45da2385ea4df147d.zip FreeBSD-ports-f6a928f16deb6b29a04d7ca45da2385ea4df147d.tar.gz