[tw] - new version 8.13.2

.cvsignore

@@ -1 +1,2 @@
 sendmail.8.13.1.tar.gz
+sendmail.8.13.2.tar.gz

sendmail-8.13.2-smrsh-paths.patch

@@ -0,0 +1,179 @@
+--- sendmail-8.13.2/smrsh/README.smrsh_paths	2003-05-26 06:30:58.000000000 +0200
++++ sendmail-8.13.2/smrsh/README	2004-12-17 15:41:48.673691404 +0100
+@@ -6,7 +6,7 @@
+ intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
+ and to the software, smrsh.c, written by Eric Allman.
+ 
+-
++* Modified by Red Hat, Inc., to reflect different paths. *
+ 
+ The smrsh(8) program is intended as a replacement for /bin/sh in the
+ program mailer definition of sendmail(8).  This README file describes
+@@ -56,15 +56,15 @@
+ global M4 macro confENVDEF or the smrsh specific M4 macro
+ conf_smrsh_ENVDEF.
+ 
+-As root, install smrsh in /usr/libexec.  Using the Build script:
++As root, install smrsh in /usr/sbin.  Using the Build script:
+ 
+ 	host.domain# sh Build install
+ 
+-For manual installation: install smrsh in the /usr/libexec
++For manual installation: install smrsh in the /usr/sbin
+ directory, with mode 511.
+ 
+-	host.domain# mv smrsh /usr/libexec
+-	host.domain# chmod 511 /usr/libexec/smrsh
++	host.domain# mv smrsh /usr/sbin
++	host.domain# chmod 511 /usr/sbin/smrsh
+ 
+ 
+ 
+@@ -86,7 +86,7 @@
+ acceptable commands.
+ 
+ If your platform doesn't have a default SMRSH_CMDDIR setting, you will
+-next need to create the directory /usr/adm/sm.bin and populate
++next need to create the directory /etc/smrsh and populate
+ it with the programs that your site feels are allowable for sendmail
+ to execute.   This directory is explicitly specified in the source
+ code for smrsh, so changing this directory must be accompanied with
+@@ -95,22 +95,22 @@
+ 
+ You will have to be root to make these modifications.
+ 
+-After creating the /usr/adm/sm.bin directory, either copy the programs
++After creating the /etc/smrsh directory, either copy the programs
+ to the directory, or establish links to the allowable programs from
+-/usr/adm/sm.bin.  Change the file permissions, so that these programs
++/etc/smrsh.  Change the file permissions, so that these programs
+ can not be modified by non-root users.  If you use links, you should
+ ensure that the target programs are not modifiable.
+ 
+ To allow the popular vacation(1) program by creating a link in the
+-/usr/adm/sm.bin directory, you should:
++/etc/smrsh directory, you should:
+ 
+-	host.domain# cd /usr/adm/sm.bin
++	host.domain# cd /etc/smrsh
+ 	host.domain# ln -s /usr/ucb/vacation vacation
+ 
+ 
+ 
+ 
+-After populating the /usr/adm/sm.bin directory, you can now configure
++After populating the /etc/smrsh directory, you can now configure
+ sendmail to use the restricted shell.  Save the current sendmail.cf
+ file prior to modifying it, as a prudent precaution.
+ 
+@@ -125,7 +125,7 @@
+ 
+ In order to configure sendmail to use smrsh, you must modify the Mprog
+ definition in the sendmail.cf file, by replacing the /bin/sh specification
+-with /usr/libexec/smrsh.
++with /usr/sbin/smrsh.
+ 
+ As an example:
+ 
+@@ -133,14 +133,14 @@
+ Mprog,	P=/bin/sh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+ 
+ which should be changed to:
+-Mprog,	P=/usr/libexec/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+-          ^^^^^^^^^^^^^^^^^^
++Mprog,	P=/usr/sbin/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
++         ^^^^^^^^^^^^^^^^
+ 
+ A more generic line may be:
+ Mprog,		P=/bin/sh, F=lsDFM, A=sh -c $u
+ 
+ and should be changed to;
+-Mprog,		P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u
++Mprog,		P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
+ 
+ 
+ After modifying the Mprog definition in the sendmail.cf file, if a frozen
+@@ -151,7 +151,7 @@
+ a search of the strings(1) output of the sendmail binary.
+ 
+ In order to create a new frozen configuration, if it is required:
+-	host.domain# /usr/lib/sendmail -bz
++	host.domain# /usr/sbin/sendmail -bz
+ 
+ Now re-start the sendmail process.  An example of how to do this on
+ a typical system follows:
+--- sendmail-8.13.2/smrsh/smrsh.c.smrsh_paths	2004-08-06 20:54:22.000000000 +0200
++++ sendmail-8.13.2/smrsh/smrsh.c	2004-12-17 15:41:48.675691131 +0100
+@@ -77,7 +77,7 @@
+ # ifdef SMRSH_CMDDIR
+ #  define CMDDIR	SMRSH_CMDDIR
+ # else /* SMRSH_CMDDIR */
+-#  define CMDDIR	"/usr/adm/sm.bin"
++#  define CMDDIR	"/etc/smrsh"
+ # endif /* SMRSH_CMDDIR */
+ #endif /* ! CMDDIR */
+ 
+@@ -89,7 +89,7 @@
+ # ifdef SMRSH_PATH
+ #  define PATH		SMRSH_PATH
+ # else /* SMRSH_PATH */
+-#  define PATH		"/bin:/usr/bin:/usr/ucb"
++#  define PATH		"/bin:/usr/bin"
+ # endif /* SMRSH_PATH */
+ #endif /* ! PATH */
+ 
+--- sendmail-8.13.2/smrsh/smrsh.8.smrsh_paths	2004-08-06 05:55:35.000000000 +0200
++++ sendmail-8.13.2/smrsh/smrsh.8	2004-12-17 15:42:56.785371918 +0100
+@@ -39,7 +39,7 @@
+ .I smrsh
+ limits programs to be in a single directory,
+ by default
+-/usr/adm/sm.bin,
++/etc/smrsh,
+ allowing the system administrator to choose the set of acceptable commands,
+ and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
+ It also rejects any commands with the characters
+@@ -56,10 +56,10 @@
+ and
+ ``vacation''
+ all actually forward to
+-``/usr/adm/sm.bin/vacation''.
++``/etc/smrsh/vacation''.
+ .PP
+ System administrators should be conservative about populating
+-the sm.bin directory.
++the /etc/smrsh directory.
+ For example, a reasonable additions is
+ .IR vacation (1),
+ and the like.
+@@ -68,7 +68,7 @@
+ (such as
+ .IR perl (1))
+ in the
+-sm.bin
++/etc/smrsh
+ directory.
+ Note that this does not restrict the use of shell or perl scripts
+ in the sm.bin directory (using the ``#!'' syntax);
+@@ -79,20 +79,7 @@
+ .IR procmail (1)
+ allows users to run arbitrary programs in their
+ .IR procmailrc (5).
+-.SH COMPILATION
+-Compilation should be trivial on most systems.
+-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
+-to adjust the default search path
+-(defaults to ``/bin:/usr/bin:/usr/ucb'')
+-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
+-to change the default program directory
+-(defaults to ``/usr/adm/sm.bin'').
+ .SH FILES
+-/usr/adm/sm.bin \- default directory for restricted programs on most OSs
+-.PP
+-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris
+-.PP
+-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD
+-
++/etc/smrsh \- directory for restricted programs
+ .SH SEE ALSO
+ sendmail(8)

sendmail.spec

@@ -17,8 +17,8 @@
 
 Summary: A widely used Mail Transport Agent (MTA).
 Name: sendmail
-Version: 8.13.1
-Release: 2.2
+Version: 8.13.2
+Release: 1
 License: Sendmail
 Group: System Environment/Daemons
 Provides: smtpdaemon
@@ -35,14 +35,13 @@ Source8: sendmail.pam
 Source9: sendmail-8.12.5-newconfig.readme
 Source11: Sendmail-sasl2.conf
 Patch3: sendmail-8.12.2-makemapman.patch
-Patch4: sendmail-8.12.11-smrsh-paths.patch
+Patch4: sendmail-8.13.2-smrsh-paths.patch
 Patch5: sendmail-8.12.2-movefiles.patch
 Patch7: sendmail-8.13.0-pid.patch
 Patch9: sendmail-8.12.7-hesiod.patch
 Patch10: sendmail-8.12.7-manpage.patch
-Patch11: sendmail-8.13.0-dynamic.patch
+Patch11: sendmail-8.13.2-dynamic.patch
 Patch12: sendmail-8.13.0-cyrus.patch
-Patch13: sendmail-8.13.1-errata_cataddr.patch
 Buildroot: %{_tmppath}/%{name}-root
 BuildRequires: tcp_wrappers
 BuildRequires: db4-devel
@@ -134,7 +133,6 @@ your sendmail.cf file.
 %patch10 -p1 -b .manpage
 %patch11 -p1 -b .dynamic
 %patch12 -p1 -b .cyrus
-%patch13 -p1 -b .errata_cataddr
 
 %build
 # generate redhat config file
@@ -570,6 +568,9 @@ exit 0
 %{_docdir}/sendmail
 
 %changelog
+* Fri Dec 17 2004 Thomas Woerner <twoerner@redhat.com> 8.13.2-1
+- new version 8.13.2
+
 * Thu Nov 11 2004 Jeff Johnson <jbj@jbj.org> 8.13.1-2.2
 - rebuild against db-4.3.21.
 

sources

@@ -1 +1 @@
-5407db289086261d7e7a09920d2ea14e  sendmail.8.13.1.tar.gz
+0331828b9dcf7aa20e02992502c6f41f  sendmail.8.13.2.tar.gz