diff options
author | wjv <wjv@FreeBSD.org> | 2002-05-09 20:50:27 +0800 |
---|---|---|
committer | wjv <wjv@FreeBSD.org> | 2002-05-09 20:50:27 +0800 |
commit | 5b776eeb51375e5ec57a2198ce174df9101726f9 (patch) | |
tree | 83fba40694ade1c0ac60cf7b753c09ea03969518 /mail | |
parent | f86f9ad7d528f0154c7b2ff552e6e23235f92b1b (diff) | |
download | freebsd-ports-graphics-5b776eeb51375e5ec57a2198ce174df9101726f9.tar.gz freebsd-ports-graphics-5b776eeb51375e5ec57a2198ce174df9101726f9.tar.zst freebsd-ports-graphics-5b776eeb51375e5ec57a2198ce174df9101726f9.zip |
- Work around a very obscure but potentially severe security problem.
Should a user...
- use su(1) or sudo to gain root privileges in such a way that his own
environment is maintained, and
- should that user have the variable USERNAME defined in his environment to
point to his own username (not entirely unlikely), and
- should the user install the Mailman port and immediately deinstall it,
... his own userid will be deleted by $PKGDEINSTALL.
The short-term fix implemented here is to munge the names of the variables
used by the port's Makefile.
- Correctly list image directory in $PLIST, even if the user changes it from
the default.
- Add a WITH_APACHE2 knob and document it.
- Bump PORTREVISION
Submitted by: Volker Stolz <vs@lambda.foldr.org> (security issue)
Diffstat (limited to 'mail')
-rw-r--r-- | mail/mailman/Makefile | 42 | ||||
-rw-r--r-- | mail/mailman/files/pkg-opts | 13 | ||||
-rw-r--r-- | mail/mailman/pkg-plist | 11 |
3 files changed, 37 insertions, 29 deletions
diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile index 11700064824..f5e98215af8 100644 --- a/mail/mailman/Makefile +++ b/mail/mailman/Makefile @@ -7,6 +7,7 @@ PORTNAME= mailman PORTVERSION= 2.0.10 +PORTREVISION= 1 CATEGORIES= mail MASTER_SITES= http://www.list.org/ \ ${MASTER_SITE_GNU} \ @@ -16,12 +17,17 @@ EXTRACT_SUFX= .tgz MAINTAINER= wjv@FreeBSD.org +.if defined(WITH_APACHE2) +RUN_DEPENDS= ${LOCALBASE}/sbin/httpd:${PORTSDIR}/www/apache2 +.else RUN_DEPENDS= ${LOCALBASE}/sbin/httpd:${PORTSDIR}/www/apache13 +.endif HAS_CONFIGURE= yes USE_PYTHON= yes CONFIGURE_ARGS= --prefix=${MAILMANDIR} --with-python=${PYTHON_CMD} \ - --with-username=${USERNAME} --with-groupname=${GROUPNAME} \ + --with-username=${MM_USERNAME} \ + --with-groupname=${MM_GROUPNAME} \ --with-mail-gid=${MAIL_GID} --with-cgi-gid=${CGI_GID} PKGOPTS= ${FILESDIR}/pkg-opts @@ -31,26 +37,26 @@ PKGOPTS= ${FILESDIR}/pkg-opts # build time. Getting the values of some of them right is crucial! # Perform a "make options" to see more information on these variables. # -USERNAME?= mailman -USERID?= 91 -GROUPNAME?= ${USERNAME} -GROUPID?= ${USERID} -MMDIR?= mailman +MM_USERNAME?= mailman +MM_USERID?= 91 +MM_GROUPNAME?= ${MM_USERNAME} +MM_GROUPID?= ${MM_USERID} +MM_DIR?= mailman .if ${OSVERSION} >= 450000 MAIL_GID?= 26 .else MAIL_GID?= 1 .endif CGI_GID?= 80 -IMGDIR= ${PREFIX}/www/icons +IMGDIR= www/icons # # End of user-configurable variables. -MAILMANDIR= ${PREFIX}/${MMDIR} +MAILMANDIR= ${PREFIX}/${MM_DIR} PKGMESSAGE= ${WRKDIR}/pkg-message PKGINSTALL= ${WRKDIR}/pkg-install PKGDEINSTALL= ${WRKDIR}/pkg-deinstall -PLIST_SUB= MMDIR=${MMDIR} MMGRP=${GROUPNAME} +PLIST_SUB= MMDIR=${MM_DIR} MMGRP=${MM_GROUPNAME} IMGDIR=${IMGDIR} options: @ ${ECHO_MSG} "===> Build options for ${PKGNAME}:" @@ -66,16 +72,17 @@ post-extract: .endif pre-configure: - @ ${SED} -e 's#%%USER%%#${USERNAME}#g' -e 's#%%UID%%#${USERID}#g' \ - -e 's#%%GROUP%%#${GROUPNAME}#g' -e 's#%%GID%%#${GROUPID}#g' \ + @ ${SED} \ + -e 's#%%USER%%#${MM_USERNAME}#g' -e 's#%%UID%%#${MM_USERID}#g' \ + -e 's#%%GROUP%%#${MM_GROUPNAME}#g' -e 's#%%GID%%#${MM_GROUPID}#g' \ -e 's#%%MAILMANDIR%%#${MAILMANDIR}#g' pkg-install > \ ${PKGINSTALL} # Mailman's configure script needs the "mailman" user/group to exist. @ ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL post-configure: - @ ${SED} -e 's#%%USER%%#${USERNAME}#g' \ - -e 's#%%GROUP%%#${GROUPNAME}#g' \ + @ ${SED} -e 's#%%USER%%#${MM_USERNAME}#g' \ + -e 's#%%GROUP%%#${MM_GROUPNAME}#g' \ -e 's#%%PYTHON_CMD%%#${PYTHON_CMD}#g' \ -e 's#%%MAILMANDIR%%#${MAILMANDIR}#g' pkg-deinstall > \ ${PKGDEINSTALL} @@ -89,12 +96,13 @@ post-install: .for dir in cron scripts @ ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${MAILMANDIR}/${dir} .endfor - @ ${CHGRP} -R ${GROUPNAME} ${MAILMANDIR} - @ ${MKDIR} ${IMGDIR} + @ ${CHGRP} -R ${MM_GROUPNAME} ${MAILMANDIR} + @ ${MKDIR} ${PREFIX}/${IMGDIR} .for imgfile in mailman.jpg PythonPowered.png gnu-head-tiny.jpg - @ ${CP} ${MAILMANDIR}/icons/${imgfile} ${IMGDIR} + @ ${CP} ${MAILMANDIR}/icons/${imgfile} ${PREFIX}/${IMGDIR} .endfor - @ uudecode -p ${FILESDIR}/powerlogo.gif.uue > ${IMGDIR}/powerlogo.gif + @ uudecode -p ${FILESDIR}/powerlogo.gif.uue > \ + ${PREFIX}/${IMGDIR}/powerlogo.gif .if !defined(NOPORTDOCS) @ ${MKDIR} ${DOCSDIR} .for docfile in BUGS FAQ INSTALL NEWS README* UPGRADING diff --git a/mail/mailman/files/pkg-opts b/mail/mailman/files/pkg-opts index b2270cac3f6..6ddc1312ede 100644 --- a/mail/mailman/files/pkg-opts +++ b/mail/mailman/files/pkg-opts @@ -2,13 +2,13 @@ # Multi-line/long description (optional). # Multi-line/long description lines must start with whitespace! # -USERNAME|mailman|The username of the Mailman user -USERID|92|The user ID of the Mailman user +MM_USERNAME|mailman|The username of the Mailman user +MM_USERID|92|The user ID of the Mailman user It is recommended that you do not change this option. -GROUPNAME|mailman|The group to which the Mailman user will belong -GROUPID|92|The group ID for the Mailman user +MM_GROUPNAME|mailman|The group to which the Mailman user will belong +MM_GROUPID|92|The group ID for the Mailman user It is recommended that you do not change this option. -MMDIR|mailman|Mailman will be installed in ${PREFIX}/${MMDIR} +MM_DIR|mailman|Mailman will be installed in ${PREFIX}/${MM_DIR} MAIL_GID|26|The group id under which your MTA performs mail delivery Getting the value of MAIL_GID right is crucial to getting Mailman to work with your MTA. By default this port works with sendmail. If @@ -25,4 +25,5 @@ CGI_GID|80|The group id under which your web server executes CGI scripts By default, this port works with the current port of Apache. If your WWW server executes CGI scripts under a different GID, you'll have to set this at build time. -IMGDIR|${PREFIX}/www/data/icons|The directory where icon images will be installed +IMGDIR|www/icons|Icon images will be installed in ${PREFIX}/${IMGDIR} +WITH_APACHE2|undefined|Port depends on Apache 2.x if defined, not 1.3.x diff --git a/mail/mailman/pkg-plist b/mail/mailman/pkg-plist index 1a1cb15ae73..edb004acb7a 100644 --- a/mail/mailman/pkg-plist +++ b/mail/mailman/pkg-plist @@ -8,6 +8,10 @@ @exec mkdir -p %D/%%MMDIR%%/logs && chmod 2775 %D/%%MMDIR%%/logs @exec mkdir -p %D/%%MMDIR%%/qfiles && chmod 2775 %D/%%MMDIR%%/qfiles @exec mkdir -p %D/%%MMDIR%%/spam && chmod 2775 %D/%%MMDIR%%/spam +%%IMGDIR%%/PythonPowered.png +%%IMGDIR%%/gnu-head-tiny.jpg +%%IMGDIR%%/mailman.jpg +%%IMGDIR%%/powerlogo.gif %%MMDIR%%/Mailman/Archiver/Archiver.py %%MMDIR%%/Mailman/Archiver/Archiver.pyc %%MMDIR%%/Mailman/Archiver/HyperArch.py @@ -297,10 +301,6 @@ %%PORTDOCS%%share/doc/mailman/README.QMAIL %%PORTDOCS%%share/doc/mailman/README.SENDMAIL %%PORTDOCS%%share/doc/mailman/UPGRADING -www/icons/PythonPowered.png -www/icons/gnu-head-tiny.jpg -www/icons/mailman.jpg -www/icons/powerlogo.gif @dirrm %%MMDIR%%/templates @dirrm %%MMDIR%%/scripts @dirrm %%MMDIR%%/mail @@ -317,8 +317,6 @@ www/icons/powerlogo.gif @dirrm %%MMDIR%%/Mailman/Bouncers @dirrm %%MMDIR%%/Mailman/Archiver %%PORTDOCS%%@dirrm share/doc/mailman -@unexec rmdir %D/www/icons 2>/dev/null || true -@unexec rmdir %D/www 2>/dev/null || true @unexec rmdir %D/%%MMDIR%%/spam 2>/dev/null || true @unexec rmdir %D/%%MMDIR%%/qfiles 2>/dev/null || true @unexec rmdir %D/%%MMDIR%%/logs 2>/dev/null || true @@ -329,3 +327,4 @@ www/icons/powerlogo.gif @unexec rmdir %D/%%MMDIR%%/archives 2>/dev/null || true @unexec rmdir %D/%%MMDIR%%/Mailman 2>/dev/null || true @unexec rmdir %D/%%MMDIR%%/ 2>/dev/null || true +@unexec rmdir %D/%%IMGDIR%% 2>/dev/null || true |