FreeBSD Bugzilla – Attachment 169168 Details for
Bug 115957
Questionable ownership and security on mail/dspam
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
pr_115957-2016041000.patch
pr_115957-2016041000.patch (text/plain), 7.10 KB, created by
danny
on 2016-04-11 01:12:53 UTC
(
hide
)
Description:
pr_115957-2016041000.patch
Filename:
MIME Type:
Creator:
danny
Created:
2016-04-11 01:12:53 UTC
Size:
7.10 KB
patch
obsolete
>diff --git a/mail/dspam/Makefile b/mail/dspam/Makefile >index 912a694..a6595ac 100644 >--- a/mail/dspam/Makefile >+++ b/mail/dspam/Makefile >@@ -7,7 +7,7 @@ > > PORTNAME= dspam > PORTVERSION= 3.10.2 >-PORTREVISION= 1 >+PORTREVISION= 2 > CATEGORIES= mail > MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION} > >@@ -16,6 +16,9 @@ COMMENT= Bayesian spam filter > > LICENSE= AGPLv3 > >+USERS= dspam >+GROUPS= dspam >+ > OPTIONS_SUB= yes > > OPTIONS_DEFINE= SYSLOG DEBUG VERBOSE_DEBUG BNR_DEBUG PREF_EXT DAEMON \ >@@ -98,12 +101,15 @@ CONFLICTS= dspam-devel-[0-9]* > SIGNATURE_LIFE?= 15 > > _VAR_DIR= /var >+ >+RUN_DIR?= ${_VAR_DIR}/run/dspam >+ > LOG_DIR?= ${_VAR_DIR}/log/dspam > LOGFILE?= ${LOG_DIR}/dspam.log > > DSPAM_MODE?= 4510 >-DSPAM_OWNER?= root >-DSPAM_GROUP?= mail >+DSPAM_OWNER?= ${USERS} >+DSPAM_GROUP?= ${GROUPS} > > DSPAM_ETC?= ${LOCALBASE}/etc > DSPAM_HOME?= ${_VAR_DIR}/db/dspam >@@ -124,6 +130,7 @@ PLIST_SUB+= DSPAM_HOME=${DSPAM_HOME} \ > CONFIGURE_ARGS+= --sysconfdir=${DSPAM_ETC} > CONFIGURE_ARGS+= --with-logdir=${LOG_DIR} > PLIST_SUB+= LOG_DIR=${LOG_DIR} >+PLIST_SUB+= RUN_DIR=${RUN_DIR} > > CONFIGURE_ARGS+= --with-dspam-home=${DSPAM_HOME} > CONFIGURE_ARGS+= --with-dspam-home-owner=${DSPAM_HOME_OWNER} >@@ -421,6 +428,7 @@ pre-extract: > @${ECHO_CMD} "DSPAM_HOME_GROUP=${DSPAM_HOME_GROUP}" > @${ECHO_CMD} "DSPAM_HOME_MODE=${DSPAM_HOME_MODE} (default: 0770)" > @${ECHO_CMD} "LOG_DIR=${LOG_DIR} (default: ${_VAR_DIR}/log/dspam)" >+ @${ECHO_CMD} "RUN_DIR=${RUN_DIR} (default: ${_VAR_DIR}/run/dspam)" > . ifdef(WITHOUT_SYSLOG) > @${ECHO_CMD} "LOGFILE=${LOGFILE} (default: ${_VAR_DIR}/log/dspam/dspam.log)" > . endif >@@ -558,7 +566,8 @@ post-install: > ${INSTALL_DATA} ${_file}.sample ${STAGEDIR}${DSPAM_HOME} > .endfor > >- @${MKDIR} -m ${DSPAM_HOME_MODE} ${STAGEDIR}${LOG_DIR} >+ @${MKDIR} ${STAGEDIR}${RUN_DIR} >+ @${MKDIR} ${STAGEDIR}${LOG_DIR} > > @${CAT} ${WRKSRC}/README.FreeBSD > >diff --git a/mail/dspam/files/UPDATING b/mail/dspam/files/UPDATING >index dcc7e36..17808fa 100644 >--- a/mail/dspam/files/UPDATING >+++ b/mail/dspam/files/UPDATING >@@ -17,6 +17,18 @@ in the port directory: > make extract; more `find . -type f -maxdepth 2 -name UPGRADING` > > ########################################################################### >+# dspam-3.10.2_2 >+# >+ >+Port Changes: >+- Runs as dspam:dspam instead of root:mail [1] >+- Default run directory is now /var/run/dspam [1] >+- Default daemon/client communication port is now 2424 [1] >+ >+[1] Questionable ownership and security on mail/dspam (PR #115957) >+ >+ >+########################################################################### > # dspam-3.10.2 > # > >diff --git a/mail/dspam/files/dspam.in b/mail/dspam/files/dspam.in >index f6f238e..7b78617 100644 >--- a/mail/dspam/files/dspam.in >+++ b/mail/dspam/files/dspam.in >@@ -25,7 +25,7 @@ load_rc_config $name > #defaults > : ${dspam_enable="NO"} > : ${dspam_debug="NO"} >-: ${dspam_pidfile:-/var/run/dspam.pid} >+: ${dspam_pidfile:-/var/run/dspam/dspam.pid} > > command=%%PREFIX%%/bin/${name} > >diff --git a/mail/dspam/files/patch-src__client.c b/mail/dspam/files/patch-src__client.c >new file mode 100644 >index 0000000..4a3e3fd >--- /dev/null >+++ b/mail/dspam/files/patch-src__client.c >@@ -0,0 +1,11 @@ >+--- src/client.c.orig 2012-04-11 11:48:33.000000000 -0700 >++++ src/client.c 2016-04-10 15:57:58.146105267 -0700 >+@@ -304,7 +304,7 @@ >+ struct sockaddr_un saun; >+ int sockfd; >+ int yes = 1; >+- int port = 24; >++ int port = 2424; >+ int domain = 0; >+ int addr_len; >+ char *host; >diff --git a/mail/dspam/files/patch-src__daemon.c b/mail/dspam/files/patch-src__daemon.c >new file mode 100644 >index 0000000..d16cddf >--- /dev/null >+++ b/mail/dspam/files/patch-src__daemon.c >@@ -0,0 +1,11 @@ >+--- src/daemon.c.orig 2012-04-11 11:48:33.000000000 -0700 >++++ src/daemon.c 2016-04-10 15:57:50.654336293 -0700 >+@@ -97,7 +97,7 @@ >+ int domain = 0; /* listening on domain socket? */ >+ int listener; /* listener fd */ >+ int i; >+- int port = 24, queue = 32; /* default port and queue size */ >++ int port = 2424, queue = 32; /* default port and queue size */ >+ >+ signal(SIGPIPE, SIG_IGN); >+ signal(SIGINT, process_signal); >diff --git a/mail/dspam/files/patch-src__dspam.c b/mail/dspam/files/patch-src__dspam.c >deleted file mode 100644 >index 9234ef2..0000000 >--- a/mail/dspam/files/patch-src__dspam.c >+++ /dev/null >@@ -1,11 +0,0 @@ >---- src/dspam.c.orig 2012-04-11 11:48:33.000000000 -0700 >-+++ src/dspam.c 2014-09-23 19:43:09.688194417 -0700 >-@@ -4194,7 +4194,7 @@ >- >- pidfile = _ds_read_attribute(agent_config, "ServerPID"); >- if ( pidfile == NULL ) >-- pidfile = "/var/run/dspam/dspam.pid"; >-+ pidfile = "/var/run/dspam.pid"; >- >- if (pidfile) { >- FILE *file; >diff --git a/mail/dspam/files/patch-src__dspam.conf.in b/mail/dspam/files/patch-src__dspam.conf.in >index b3c48fb..51cb7d2 100644 >--- a/mail/dspam/files/patch-src__dspam.conf.in >+++ b/mail/dspam/files/patch-src__dspam.conf.in >@@ -1,5 +1,5 @@ >---- src/dspam.conf.in.orig 2014-09-18 00:33:02.874722063 -0700 >-+++ src/dspam.conf.in 2014-09-18 00:41:49.434685786 -0700 >+--- src/dspam.conf.in.orig 2012-04-11 11:48:33.000000000 -0700 >++++ src/dspam.conf.in 2016-04-10 16:27:44.179947888 -0700 > @@ -56,6 +56,7 @@ > # necessary if you plan on allowing untrusted processing. > # >@@ -35,12 +35,24 @@ > #PgSQLPort > #PgSQLUser dspam > #PgSQLPass changeme >-@@ -845,14 +846,14 @@ >+@@ -807,9 +808,9 @@ >+ # interfaces. >+ # >+ #ServerHost 127.0.0.1 >+-#ServerPort 24 >++#ServerPort 2424 >+ #ServerQueueSize 32 >+-#ServerPID /var/run/dspam.pid >++#ServerPID /var/run/dspam/dspam.pid >+ >+ # >+ # ServerMode specifies the type of LMTP server to start. This can be one of: >+@@ -845,18 +846,18 @@ > # you are running the client and server on the same machine, as it eliminates > # much of the bandwidth overhead. > # > -#ServerDomainSocketPath "/tmp/dspam.sock" >-+#ServerDomainSocketPath "/var/run/dspam.sock" >++#ServerDomainSocketPath "/var/run/dspam/dspam.sock" > > # > # Client Mode: If you are running DSPAM in client/server mode, uncomment and >@@ -48,7 +60,12 @@ > # a domain socket. > # > -#ClientHost /tmp/dspam.sock >-+#ClientHost /var/run/dspam.sock >++#ClientHost /var/run/dspam/dspam.sock > #ClientIdent "secret@Relay1" > # > #ClientHost 127.0.0.1 >+-#ClientPort 24 >++#ClientPort 2424 >+ #ClientIdent "secret@Relay1" >+ >+ # --- RABL --- >diff --git a/mail/dspam/pkg-plist b/mail/dspam/pkg-plist >index 921f30f..30e076f 100644 >--- a/mail/dspam/pkg-plist >+++ b/mail/dspam/pkg-plist >@@ -206,8 +206,9 @@ libdata/pkgconfig/dspam.pc > %%WebUI%%%%WWWDIR%%/templates/ro/nav_preferences.html > %%WebUI%%%%WWWDIR%%/templates/ro/nav_quarantine.html > %%WebUI%%%%WWWDIR%%/templates/ro/nav_viewmessage.html >-%%DSPAM_HOME%%/firstrun.txt.sample >-%%DSPAM_HOME%%/firstspam.txt.sample >-%%DSPAM_HOME%%/quarantinefull.txt.sample >+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/firstrun.txt.sample >+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/firstspam.txt.sample >+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/quarantinefull.txt.sample > @dir(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%,%%DSPAM_HOME_MODE%%) %%DSPAM_HOME%% >-@dir(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%LOG_DIR%% >+@dir(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%) %%LOG_DIR%% >+@dir(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%) %%RUN_DIR%%
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 115957
:
169168
|
169173
|
169174
|
169737
|
169822