/[smecontribs]/rpms/mailman/contribs8/mailman-2.1-multimail.patch

Diff of /rpms/mailman/contribs8/mailman-2.1-multimail.patch

Parent Directory | Revision Log | View Revision Graph Revision Graph | View Patch Patch

-Revision 1.1 by unnilennium,
Tue Jul  2 20:11:40 2013 UTC
+Revision 1.2 by unnilennium,
Fri Jul 12 21:04:20 2013 UTC
 Line 1
- Mailman security is in part enforced by requiring it execute
+ --- mailman-2.1.7/configure.in.multimail        2005-08-27 03:40:15.000000000 +0200
- SGID. When the mail process or the web server attempts to execute a
+ +++ mailman-2.1.7/configure.in  2006-01-10 10:53:14.000000000 +0100
- mailman script a C program is invoked to verify the group
- permission. Mailman as it is shipped only allows one group to be
- specified at build time. For users who build and install on their own
- machine this is not a limitation. However, when making a binary
- package to be installed on an arbitrary machine it is hard to predict
- the correct group to use for that installation. Therefore this patch
- allows us to specify at build time a list of groups that will be
- iterated over, if the mailman process is executing as any of one of
- the group in the set of groups then the permission check passes. Since
- the groups we build with are limited to a small number of safe groups
- this does not lower the security much while at the same time provides
- a much more friendly way to package a binary installation that will
- run in a wider range of installations.
- It was necessary to add the macro MM_FIND_GROUP_LIST to the
- configure.in file replacing the original use of MM_FIND_GROUP_NAME,
- the former operates on a list of group names while the later on a
- single name. MM_FIND_GROUP_LIST includes a filter parameter that was
- added with the notion of supporting the with-permcheck option. If
- filter is true then only group names that exist on the build machine
- are permitted in the list, otherwise all names are permitted. However,
- note that whenever MM_FIND_GROUP_LIST is invoked it is currently
- hardcoded to disable filtering and is not tied to with-permcheck, this
- was done because of the observation that if one is passing a list of
- groups it is likely one is doing so to support installations that have
- a group not present on the build machine, but one might still want to
- take advantage of the other with-permcheck functionality.
- diff -u mailman-2.1.2/configure.in.orig mailman-2.1.2/configure.in
- --- mailman-2.1.2/configure.in.orig     2003-04-21 23:34:51.000000000 -0400
- +++ mailman-2.1.2/configure.in  2003-05-02 16:32:45.000000000 -0400
  @@ -208,26 +208,101 @@
   fi
-Line 243 
 diff -u mailman-2.1.2/configure.in.orig
+Line 212 
 diff -u mailman-2.1.2/configure.in.orig
   if test -z "$CGI_GROUP"
   then
     if test "$with_permcheck" = "yes"
- diff -u mailman-2.1.2/src/cgi-wrapper.c.orig mailman-2.1.2/src/cgi-wrapper.c
+ --- mailman-2.1.7/src/Makefile.in.multimail     2005-08-27 03:40:17.000000000 +0200
- --- mailman-2.1.2/src/cgi-wrapper.c.orig        2002-08-23 16:39:47.000000000 -0400
+ +++ mailman-2.1.7/src/Makefile.in       2006-01-10 10:53:14.000000000 +0100
- +++ mailman-2.1.2/src/cgi-wrapper.c     2003-05-02 16:28:11.000000000 -0400
+ @@ -49,9 +49,9 @@
+  SHELL=         /bin/sh
+ -MAIL_FLAGS=    -DMAIL_GROUP="\"$(MAIL_GROUP)\""
+ +MAIL_FLAGS=    -DMAIL_GROUP='$(MAIL_GROUP)'
+ -CGI_FLAGS=     -DCGI_GROUP="\"$(CGI_GROUP)\""
+ +CGI_FLAGS=     -DCGI_GROUP='$(CGI_GROUP)'
+  HELPFUL=       -DHELPFUL
+ --- mailman-2.1.7/src/common.h.multimail        2005-08-27 03:40:17.000000000 +0200
+ +++ mailman-2.1.7/src/common.h  2006-01-10 10:53:14.000000000 +0100
+ @@ -33,7 +33,7 @@
+  #define GID_T GETGROUPS_T
+  extern void fatal(const char*, int, char*, ...);
+ -extern void check_caller(const char*, const char*);
+ +extern void check_caller(const char* ident, const char**, size_t);
+  extern int run_script(const char*, int, char**, char**);
+  /* Global variable used as a flag. */
+ @@ -51,7 +51,7 @@
+  #define MAIL_USAGE_ERROR 5
+  #define MAIL_ILLEGAL_COMMAND 6
+  #define ADDALIAS_USAGE_ERROR 7
+ -#define GROUP_NAME_NOT_FOUND 8
+ +#define GROUP_ID_NOT_FOUND 8
+  /*
+ --- mailman-2.1.7/src/cgi-wrapper.c.multimail   2005-08-27 03:40:17.000000000 +0200
+ +++ mailman-2.1.7/src/cgi-wrapper.c     2006-01-10 10:53:14.000000000 +0100
  @@ -28,11 +28,11 @@
   /* Group name that CGI scripts run as.  See your web server's documentation
    * for details.
-Line 269 
 diff -u mailman-2.1.2/src/cgi-wrapper.c.
+Line 271 
 diff -u mailman-2.1.2/src/cgi-wrapper.c.
           /* For these CGI programs, we can ignore argc and argv since they
            * don't contain anything useful.  `script' will always be the driver
- diff -u mailman-2.1.2/src/common.c.orig mailman-2.1.2/src/common.c
+ --- mailman-2.1.7/src/common.c.multimail        2005-12-30 19:50:08.000000000 +0100
- --- mailman-2.1.2/src/common.c.orig     2002-09-04 21:29:57.000000000 -0400
+ +++ mailman-2.1.7/src/common.c  2006-01-10 11:01:43.000000000 +0100
- +++ mailman-2.1.2/src/common.c  2003-05-02 16:28:11.000000000 -0400
+ @@ -117,13 +117,14 @@
- @@ -116,13 +116,14 @@
   /* Is the parent process allowed to call us?
    */
   void
-Line 280 
 diff -u mailman-2.1.2/src/common.c.orig
+Line 281 
 diff -u mailman-2.1.2/src/common.c.orig
  +check_caller(const char* ident, const char** parentgroups, size_t numgroups)
   {
           GID_T mygid = getgid();
-         struct group *mygroup = getgrgid(mygid);
+          struct group *mygroup = getgrgid(mygid);
-         char* option;
+          char* option;
-         char* server;
+          char* server;
-         char* wrapper;
+          char* wrapper;
  +       int i;
-         if (running_as_cgi) {
+          if (running_as_cgi) {
-                 option = "--with-cgi-gid";
+                  option = "--with-cgi-gid";
- @@ -136,22 +137,45 @@
+ @@ -136,28 +137,46 @@
-         }
+                  wrapper = "mail";
+          }
-         if (!mygroup)
- -               fatal(ident, GROUP_NAME_NOT_FOUND,
+ -        if (!mygroup)
- -                     "Failure to find group name %s.  Try adding this group\n"
+ -                fatal(ident, GROUP_NAME_NOT_FOUND,
- -                     "to your system, or re-run configure, providing an\n"
+ -                      "Failure to find group name for GID %d.  Mailman\n"
- -                     "existing group name with the command line option %s.",
+ -                      "expected the %s wrapper to be executed as group\n"
- -                     parentgroup, option);
+ -                      "\"%s\", but the system's %s server executed the\n"
+ -                      "wrapper as GID %d for which the name could not be\n"
+ -                      "found.  Try adding GID %d to your system as \"%s\",\n"
+ -                      "or tweak your %s server to run the wrapper as group\n"
+ -                      "\"%s\".",
+ -                      mygid, wrapper, parentgroup, server, mygid, mygid,
+ -                      parentgroup, server, parentgroup);
+ +       if (!mygroup)
  +               fatal(ident, GROUP_ID_NOT_FOUND,
  +                     "Failure to lookup via getgrgid() the group info for group id %d that this Mailman %s wrapper is executing under.\n"
  +                     "This is probably due to an incorrectly configured system and is not a Mailman problem",
-Line 326 
 diff -u mailman-2.1.2/src/common.c.orig
+Line 334 
 diff -u mailman-2.1.2/src/common.c.orig
  -        if (strcmp(parentgroup, mygroup->gr_name))
                   fatal(ident, GROUP_MISMATCH,
- -                     "Group mismatch error.  Mailman expected the %s\n"
+ -                      "Group mismatch error.  Mailman expected the %s\n"
- -                     "wrapper script to be executed as group \"%s\", but\n"
+ -                      "wrapper script to be executed as group \"%s\", but\n"
- -                     "the system's %s server executed the %s script as\n"
+ -                      "the system's %s server executed the %s script as\n"
- -                     "group \"%s\".  Try tweaking the %s server to run the\n"
+ -                      "group \"%s\".  Try tweaking the %s server to run the\n"
- -                     "script as group \"%s\", or re-run configure, \n"
+ -                      "script as group \"%s\", or re-run configure, \n"
- -                     "providing the command line option `%s=%s'.",
+ -                      "providing the command line option `%s=%s'.",
- -                     wrapper, parentgroup, server, wrapper, mygroup->gr_name,
+ -                      wrapper, parentgroup, server, wrapper, mygroup->gr_name,
- -                     server, parentgroup, option, mygroup->gr_name);
+ -                      server, parentgroup, option, mygroup->gr_name);
  +                     "Group mismatch error. Mailman expected the %s wrapper script to be\n"
  +                     "executed as one of the following groups:\n"
  +                     "[%s],\n"
-Line 348 
 diff -u mailman-2.1.2/src/common.c.orig
+Line 356 
 diff -u mailman-2.1.2/src/common.c.orig
   }
- diff -u mailman-2.1.2/src/common.h.orig mailman-2.1.2/src/common.h
+ --- mailman-2.1.7/src/mail-wrapper.c.multimail  2005-08-27 03:40:17.000000000 +0200
- --- mailman-2.1.2/src/common.h.orig     2002-10-21 14:48:03.000000000 -0400
+ +++ mailman-2.1.7/src/mail-wrapper.c    2006-01-10 10:53:14.000000000 +0100
- +++ mailman-2.1.2/src/common.h  2003-05-02 16:28:11.000000000 -0400
- @@ -33,7 +33,7 @@
-  #define GID_T GETGROUPS_T
-  extern void fatal(const char*, int, char*, ...);
- -extern void check_caller(const char*, const char*);
- +extern void check_caller(const char* ident, const char**, size_t);
-  extern int run_script(const char*, int, char**, char**);
-  /* Global variable used as a flag. */
- @@ -51,7 +51,7 @@
-  #define MAIL_USAGE_ERROR 5
-  #define MAIL_ILLEGAL_COMMAND 6
-  #define ADDALIAS_USAGE_ERROR 7
- -#define GROUP_NAME_NOT_FOUND 8
- +#define GROUP_ID_NOT_FOUND 8
-  /*
- diff -u mailman-2.1.2/src/mail-wrapper.c.orig mailman-2.1.2/src/mail-wrapper.c
- --- mailman-2.1.2/src/mail-wrapper.c.orig       2002-08-23 16:40:27.000000000 -0400
- +++ mailman-2.1.2/src/mail-wrapper.c    2003-05-02 16:28:11.000000000 -0400
  @@ -23,9 +23,9 @@
   /* Group name that your mail programs run as.  See your mail server's
    * documentation for details.
-Line 393 
 diff -u mailman-2.1.2/src/mail-wrapper.c
+Line 379 
 diff -u mailman-2.1.2/src/mail-wrapper.c
           /* If we got here, everything must be OK */
           status = run_script(argv[1], argc, argv, env);
- diff -u mailman-2.1.2/src/Makefile.in.orig mailman-2.1.2/src/Makefile.in
- --- mailman-2.1.2/src/Makefile.in.orig  2003-03-31 14:27:14.000000000 -0500
- +++ mailman-2.1.2/src/Makefile.in       2003-05-02 16:28:11.000000000 -0400
- @@ -49,9 +49,9 @@
-  SHELL=         /bin/sh
- -MAIL_FLAGS=    -DMAIL_GROUP="\"$(MAIL_GROUP)\""
- +MAIL_FLAGS=    -DMAIL_GROUP='$(MAIL_GROUP)'
- -CGI_FLAGS=     -DCGI_GROUP="\"$(CGI_GROUP)\""
- +CGI_FLAGS=     -DCGI_GROUP='$(CGI_GROUP)'
-  HELPFUL=       -DHELPFUL

 Legend:



Removed lines/characters
 


Changed lines/characters


 
Added lines/characters
 Legend:



Removed lines/characters
 


Changed lines/characters


 
Added lines/characters
-Removed lines/characters
+Added lines/characters

admin@koozali.org	ViewVC Help
Powered by ViewVC 1.2.1