diff --git a/.cvsignore b/.cvsignore index a4a33c3..8583ba8 100644 --- a/.cvsignore +++ b/.cvsignore @@ -9,3 +9,4 @@ sendmail.8.13.8.tar.gz sendmail.8.14.0.tar.gz sendmail.8.14.1.tar.gz sendmail.8.14.2.tar.gz +sendmail.8.14.3.tar.gz diff --git a/sendmail-8.13.2-smrsh-paths.patch b/sendmail-8.14.3-smrsh_paths.patch similarity index 79% rename from sendmail-8.13.2-smrsh-paths.patch rename to sendmail-8.14.3-smrsh_paths.patch index bb6b548..9240f39 100644 --- a/sendmail-8.13.2-smrsh-paths.patch +++ b/sendmail-8.14.3-smrsh_paths.patch @@ -1,6 +1,7 @@ ---- sendmail-8.13.2/smrsh/README.smrsh_paths 2003-05-26 06:30:58.000000000 +0200 -+++ sendmail-8.13.2/smrsh/README 2004-12-17 15:41:48.673691404 +0100 -@@ -6,7 +6,7 @@ +diff -up sendmail-8.14.3/smrsh/README.smrsh_paths sendmail-8.14.3/smrsh/README +--- sendmail-8.14.3/smrsh/README.smrsh_paths 2008-02-12 17:40:06.000000000 +0100 ++++ sendmail-8.14.3/smrsh/README 2008-07-15 14:40:36.000000000 +0200 +@@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, and to the software, smrsh.c, written by Eric Allman. @@ -9,14 +10,14 @@ The smrsh(8) program is intended as a replacement for /bin/sh in the program mailer definition of sendmail(8). This README file describes -@@ -56,15 +56,15 @@ +@@ -56,15 +56,15 @@ These can be added to the devtools/Site/ global M4 macro confENVDEF or the smrsh specific M4 macro conf_smrsh_ENVDEF. -As root, install smrsh in /usr/libexec. Using the Build script: +As root, install smrsh in /usr/sbin. Using the Build script: - host.domain# sh Build install + host.domain# sh ./Build install -For manual installation: install smrsh in the /usr/libexec +For manual installation: install smrsh in the /usr/sbin @@ -29,7 +30,7 @@ -@@ -86,7 +86,7 @@ +@@ -86,7 +86,7 @@ perl(1), uudecode(1) or the stream edito acceptable commands. If your platform doesn't have a default SMRSH_CMDDIR setting, you will @@ -38,7 +39,7 @@ it with the programs that your site feels are allowable for sendmail to execute. This directory is explicitly specified in the source code for smrsh, so changing this directory must be accompanied with -@@ -95,22 +95,22 @@ +@@ -95,22 +95,22 @@ a change in smrsh.c. You will have to be root to make these modifications. @@ -66,7 +67,7 @@ sendmail to use the restricted shell. Save the current sendmail.cf file prior to modifying it, as a prudent precaution. -@@ -125,7 +125,7 @@ +@@ -125,7 +125,7 @@ help to locate it. In order to configure sendmail to use smrsh, you must modify the Mprog definition in the sendmail.cf file, by replacing the /bin/sh specification @@ -75,7 +76,7 @@ As an example: -@@ -133,14 +133,14 @@ +@@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u which should be changed to: @@ -93,7 +94,7 @@ After modifying the Mprog definition in the sendmail.cf file, if a frozen -@@ -151,7 +151,7 @@ +@@ -151,7 +151,7 @@ or /etc/mail directories. The specific a search of the strings(1) output of the sendmail binary. In order to create a new frozen configuration, if it is required: @@ -102,29 +103,10 @@ Now re-start the sendmail process. An example of how to do this on a typical system follows: ---- sendmail-8.13.2/smrsh/smrsh.c.smrsh_paths 2004-08-06 20:54:22.000000000 +0200 -+++ sendmail-8.13.2/smrsh/smrsh.c 2004-12-17 15:41:48.675691131 +0100 -@@ -77,7 +77,7 @@ - # ifdef SMRSH_CMDDIR - # define CMDDIR SMRSH_CMDDIR - # else /* SMRSH_CMDDIR */ --# define CMDDIR "/usr/adm/sm.bin" -+# define CMDDIR "/etc/smrsh" - # endif /* SMRSH_CMDDIR */ - #endif /* ! CMDDIR */ - -@@ -89,7 +89,7 @@ - # ifdef SMRSH_PATH - # define PATH SMRSH_PATH - # else /* SMRSH_PATH */ --# define PATH "/bin:/usr/bin:/usr/ucb" -+# define PATH "/bin:/usr/bin" - # endif /* SMRSH_PATH */ - #endif /* ! PATH */ - ---- sendmail-8.13.2/smrsh/smrsh.8.smrsh_paths 2004-08-06 05:55:35.000000000 +0200 -+++ sendmail-8.13.2/smrsh/smrsh.8 2004-12-17 15:42:56.785371918 +0100 -@@ -39,7 +39,7 @@ +diff -up sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths sendmail-8.14.3/smrsh/smrsh.8 +--- sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths 2004-08-06 05:55:35.000000000 +0200 ++++ sendmail-8.14.3/smrsh/smrsh.8 2008-07-15 14:38:07.000000000 +0200 +@@ -39,7 +39,7 @@ Briefly, .I smrsh limits programs to be in a single directory, by default @@ -133,7 +115,7 @@ allowing the system administrator to choose the set of acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''. It also rejects any commands with the characters -@@ -56,10 +56,10 @@ +@@ -56,10 +56,10 @@ so forwarding to ``/usr/ucb/vacation'', and ``vacation'' all actually forward to @@ -146,7 +128,7 @@ For example, a reasonable additions is .IR vacation (1), and the like. -@@ -68,7 +68,7 @@ +@@ -68,7 +68,7 @@ never include any shell or shell-like pr (such as .IR perl (1)) in the @@ -155,7 +137,7 @@ directory. Note that this does not restrict the use of shell or perl scripts in the sm.bin directory (using the ``#!'' syntax); -@@ -79,20 +79,7 @@ +@@ -79,20 +79,7 @@ is a very bad idea. .IR procmail (1) allows users to run arbitrary programs in their .IR procmailrc (5). @@ -177,3 +159,24 @@ +/etc/smrsh \- directory for restricted programs .SH SEE ALSO sendmail(8) +diff -up sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths sendmail-8.14.3/smrsh/smrsh.c +--- sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths 2004-08-06 20:54:22.000000000 +0200 ++++ sendmail-8.14.3/smrsh/smrsh.c 2008-07-15 14:38:07.000000000 +0200 +@@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20 + # ifdef SMRSH_CMDDIR + # define CMDDIR SMRSH_CMDDIR + # else /* SMRSH_CMDDIR */ +-# define CMDDIR "/usr/adm/sm.bin" ++# define CMDDIR "/etc/smrsh" + # endif /* SMRSH_CMDDIR */ + #endif /* ! CMDDIR */ + +@@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20 + # ifdef SMRSH_PATH + # define PATH SMRSH_PATH + # else /* SMRSH_PATH */ +-# define PATH "/bin:/usr/bin:/usr/ucb" ++# define PATH "/bin:/usr/bin" + # endif /* SMRSH_PATH */ + #endif /* ! PATH */ + diff --git a/sendmail.spec b/sendmail.spec index 46172a1..7e9dcb5 100644 --- a/sendmail.spec +++ b/sendmail.spec @@ -14,8 +14,8 @@ Summary: A widely used Mail Transport Agent (MTA) Name: sendmail -Version: 8.14.2 -Release: 5%{?dist} +Version: 8.14.3 +Release: 1%{?dist} License: Sendmail Group: System Environment/Daemons URL: http://www.sendmail.org/ @@ -36,7 +36,7 @@ Source15: sendmail-etc-mail-mailertable Source16: sendmail-etc-mail-trusted-users Source17: sendmail-etc-mail-virtusertable Patch3: sendmail-8.14.0-makemapman.patch -Patch4: sendmail-8.13.2-smrsh-paths.patch +Patch4: sendmail-8.14.3-smrsh_paths.patch Patch5: sendmail-8.12.2-movefiles.patch Patch7: sendmail-8.13.7-pid.patch Patch9: sendmail-8.12.7-hesiod.patch @@ -539,6 +539,9 @@ exit 0 %changelog +* Tue Jul 22 2008 Thomas Woerner 8.14.3-1 +- new version 8.14.3 + * Thu Jul 10 2008 Tom "spot" Callaway 8.14.2-5 - rebuild against db4-4.7 diff --git a/sources b/sources index 1ee317c..e42d9d8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1c1472365344ca8061d6453c43c9a831 sendmail.8.14.2.tar.gz +a5ee5d26e1f546a2da5fb9a513bd6bce sendmail.8.14.3.tar.gz