From ba31b453e608d941ea1f28318962ab7f1975759d Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Fri, 17 Dec 2004 14:52:48 +0000 Subject: [PATCH] [tw] - new version 8.13.2 --- .cvsignore | 1 + sendmail-8.13.2-smrsh-paths.patch | 179 ++++++++++++++++++++++++++++++ sendmail.spec | 13 ++- sources | 2 +- 4 files changed, 188 insertions(+), 7 deletions(-) create mode 100644 sendmail-8.13.2-smrsh-paths.patch diff --git a/.cvsignore b/.cvsignore index f8fe832..539b5f6 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1,2 @@ sendmail.8.13.1.tar.gz +sendmail.8.13.2.tar.gz diff --git a/sendmail-8.13.2-smrsh-paths.patch b/sendmail-8.13.2-smrsh-paths.patch new file mode 100644 index 0000000..bb6b548 --- /dev/null +++ b/sendmail-8.13.2-smrsh-paths.patch @@ -0,0 +1,179 @@ +--- sendmail-8.13.2/smrsh/README.smrsh_paths 2003-05-26 06:30:58.000000000 +0200 ++++ sendmail-8.13.2/smrsh/README 2004-12-17 15:41:48.673691404 +0100 +@@ -6,7 +6,7 @@ + intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, + and to the software, smrsh.c, written by Eric Allman. + +- ++* Modified by Red Hat, Inc., to reflect different paths. * + + The smrsh(8) program is intended as a replacement for /bin/sh in the + program mailer definition of sendmail(8). This README file describes +@@ -56,15 +56,15 @@ + global M4 macro confENVDEF or the smrsh specific M4 macro + conf_smrsh_ENVDEF. + +-As root, install smrsh in /usr/libexec. Using the Build script: ++As root, install smrsh in /usr/sbin. Using the Build script: + + host.domain# sh Build install + +-For manual installation: install smrsh in the /usr/libexec ++For manual installation: install smrsh in the /usr/sbin + directory, with mode 511. + +- host.domain# mv smrsh /usr/libexec +- host.domain# chmod 511 /usr/libexec/smrsh ++ host.domain# mv smrsh /usr/sbin ++ host.domain# chmod 511 /usr/sbin/smrsh + + + +@@ -86,7 +86,7 @@ + acceptable commands. + + If your platform doesn't have a default SMRSH_CMDDIR setting, you will +-next need to create the directory /usr/adm/sm.bin and populate ++next need to create the directory /etc/smrsh and populate + it with the programs that your site feels are allowable for sendmail + to execute. This directory is explicitly specified in the source + code for smrsh, so changing this directory must be accompanied with +@@ -95,22 +95,22 @@ + + You will have to be root to make these modifications. + +-After creating the /usr/adm/sm.bin directory, either copy the programs ++After creating the /etc/smrsh directory, either copy the programs + to the directory, or establish links to the allowable programs from +-/usr/adm/sm.bin. Change the file permissions, so that these programs ++/etc/smrsh. Change the file permissions, so that these programs + can not be modified by non-root users. If you use links, you should + ensure that the target programs are not modifiable. + + To allow the popular vacation(1) program by creating a link in the +-/usr/adm/sm.bin directory, you should: ++/etc/smrsh directory, you should: + +- host.domain# cd /usr/adm/sm.bin ++ host.domain# cd /etc/smrsh + host.domain# ln -s /usr/ucb/vacation vacation + + + + +-After populating the /usr/adm/sm.bin directory, you can now configure ++After populating the /etc/smrsh directory, you can now configure + sendmail to use the restricted shell. Save the current sendmail.cf + file prior to modifying it, as a prudent precaution. + +@@ -125,7 +125,7 @@ + + In order to configure sendmail to use smrsh, you must modify the Mprog + definition in the sendmail.cf file, by replacing the /bin/sh specification +-with /usr/libexec/smrsh. ++with /usr/sbin/smrsh. + + As an example: + +@@ -133,14 +133,14 @@ + Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u + + which should be changed to: +-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u +- ^^^^^^^^^^^^^^^^^^ ++Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u ++ ^^^^^^^^^^^^^^^^ + + A more generic line may be: + Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u + + and should be changed to; +-Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u ++Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u + + + After modifying the Mprog definition in the sendmail.cf file, if a frozen +@@ -151,7 +151,7 @@ + a search of the strings(1) output of the sendmail binary. + + In order to create a new frozen configuration, if it is required: +- host.domain# /usr/lib/sendmail -bz ++ host.domain# /usr/sbin/sendmail -bz + + Now re-start the sendmail process. An example of how to do this on + a typical system follows: +--- sendmail-8.13.2/smrsh/smrsh.c.smrsh_paths 2004-08-06 20:54:22.000000000 +0200 ++++ sendmail-8.13.2/smrsh/smrsh.c 2004-12-17 15:41:48.675691131 +0100 +@@ -77,7 +77,7 @@ + # ifdef SMRSH_CMDDIR + # define CMDDIR SMRSH_CMDDIR + # else /* SMRSH_CMDDIR */ +-# define CMDDIR "/usr/adm/sm.bin" ++# define CMDDIR "/etc/smrsh" + # endif /* SMRSH_CMDDIR */ + #endif /* ! CMDDIR */ + +@@ -89,7 +89,7 @@ + # ifdef SMRSH_PATH + # define PATH SMRSH_PATH + # else /* SMRSH_PATH */ +-# define PATH "/bin:/usr/bin:/usr/ucb" ++# define PATH "/bin:/usr/bin" + # endif /* SMRSH_PATH */ + #endif /* ! PATH */ + +--- sendmail-8.13.2/smrsh/smrsh.8.smrsh_paths 2004-08-06 05:55:35.000000000 +0200 ++++ sendmail-8.13.2/smrsh/smrsh.8 2004-12-17 15:42:56.785371918 +0100 +@@ -39,7 +39,7 @@ + .I smrsh + limits programs to be in a single directory, + by default +-/usr/adm/sm.bin, ++/etc/smrsh, + allowing the system administrator to choose the set of acceptable commands, + and to the shell builtin commands ``exec'', ``exit'', and ``echo''. + It also rejects any commands with the characters +@@ -56,10 +56,10 @@ + and + ``vacation'' + all actually forward to +-``/usr/adm/sm.bin/vacation''. ++``/etc/smrsh/vacation''. + .PP + System administrators should be conservative about populating +-the sm.bin directory. ++the /etc/smrsh directory. + For example, a reasonable additions is + .IR vacation (1), + and the like. +@@ -68,7 +68,7 @@ + (such as + .IR perl (1)) + in the +-sm.bin ++/etc/smrsh + directory. + Note that this does not restrict the use of shell or perl scripts + in the sm.bin directory (using the ``#!'' syntax); +@@ -79,20 +79,7 @@ + .IR procmail (1) + allows users to run arbitrary programs in their + .IR procmailrc (5). +-.SH COMPILATION +-Compilation should be trivial on most systems. +-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e" +-to adjust the default search path +-(defaults to ``/bin:/usr/bin:/usr/ucb'') +-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e" +-to change the default program directory +-(defaults to ``/usr/adm/sm.bin''). + .SH FILES +-/usr/adm/sm.bin \- default directory for restricted programs on most OSs +-.PP +-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris +-.PP +-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD +- ++/etc/smrsh \- directory for restricted programs + .SH SEE ALSO + sendmail(8) diff --git a/sendmail.spec b/sendmail.spec index e6568a2..7203196 100644 --- a/sendmail.spec +++ b/sendmail.spec @@ -17,8 +17,8 @@ Summary: A widely used Mail Transport Agent (MTA). Name: sendmail -Version: 8.13.1 -Release: 2.2 +Version: 8.13.2 +Release: 1 License: Sendmail Group: System Environment/Daemons Provides: smtpdaemon @@ -35,14 +35,13 @@ Source8: sendmail.pam Source9: sendmail-8.12.5-newconfig.readme Source11: Sendmail-sasl2.conf Patch3: sendmail-8.12.2-makemapman.patch -Patch4: sendmail-8.12.11-smrsh-paths.patch +Patch4: sendmail-8.13.2-smrsh-paths.patch Patch5: sendmail-8.12.2-movefiles.patch Patch7: sendmail-8.13.0-pid.patch Patch9: sendmail-8.12.7-hesiod.patch Patch10: sendmail-8.12.7-manpage.patch -Patch11: sendmail-8.13.0-dynamic.patch +Patch11: sendmail-8.13.2-dynamic.patch Patch12: sendmail-8.13.0-cyrus.patch -Patch13: sendmail-8.13.1-errata_cataddr.patch Buildroot: %{_tmppath}/%{name}-root BuildRequires: tcp_wrappers BuildRequires: db4-devel @@ -134,7 +133,6 @@ your sendmail.cf file. %patch10 -p1 -b .manpage %patch11 -p1 -b .dynamic %patch12 -p1 -b .cyrus -%patch13 -p1 -b .errata_cataddr %build # generate redhat config file @@ -570,6 +568,9 @@ exit 0 %{_docdir}/sendmail %changelog +* Fri Dec 17 2004 Thomas Woerner 8.13.2-1 +- new version 8.13.2 + * Thu Nov 11 2004 Jeff Johnson 8.13.1-2.2 - rebuild against db-4.3.21. diff --git a/sources b/sources index eb4e834..3f8423e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5407db289086261d7e7a09920d2ea14e sendmail.8.13.1.tar.gz +0331828b9dcf7aa20e02992502c6f41f sendmail.8.13.2.tar.gz