rpms/spamass-milter/EL-5 spamass-milter-0.3.1-group.patch, NONE, 1.1 spamass-milter-0.3.1-popen.patch, NONE, 1.1 spamass-milter-0.3.1-prototype.patch, NONE, 1.1 spamass-milter-0.3.1-rcvd.patch, NONE, 1.1 spamass-milter.README.Postfix, NONE, 1.1 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 spamass-milter.spec, 1.11, 1.12 spamass-milter.sysconfig, 1.1, 1.2 spamass-milter.sysv, 1.1, 1.2

Mon Mar 22 16:14:49 UTC 2010

Author: pghmcfc

Update of /cvs/pkgs/rpms/spamass-milter/EL-5
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22929/EL-5

Modified Files:
	.cvsignore sources spamass-milter.spec 
	spamass-milter.sysconfig spamass-milter.sysv 
Added Files:
	spamass-milter-0.3.1-group.patch 
	spamass-milter-0.3.1-popen.patch 
	spamass-milter-0.3.1-prototype.patch 
	spamass-milter-0.3.1-rcvd.patch spamass-milter.README.Postfix 
Log Message:
* Fri Mar 12 2010 Paul Howarth <paul at city-fan.org> 0.3.1-17
- Update initscript to support running the milter as root, which is needed
  for the -x (expand aliases) option; note that the milter does not run as
  root by default
- Add patch for popen unsanitized input vulnerability
  (#572117, #572119, https://savannah.nongnu.org/bugs/?29136)
- Rebase authuser patch
- Update patch adding auth info to dummy Received-header so that it doesn't
  generate spurious warnings about missing macros (#532266), and update and
  merge the macro documentation patch into this patch
- Document patch usage in spec file


spamass-milter-0.3.1-group.patch:
 spamass-milter.1.in |    7 +++++++
 spamass-milter.cpp  |   31 ++++++++++++++++++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)

--- NEW FILE spamass-milter-0.3.1-group.patch ---
--- spamass-milter-0.3.1/spamass-milter.cpp.group	2006-03-23 22:41:36.000000000 +0100
+++ spamass-milter-0.3.1/spamass-milter.cpp	2008-06-19 18:04:05.000000000 +0200
@@ -89,6 +89,8 @@
 #endif
 #include <errno.h>
 
+#include <grp.h>
+
 // C++ includes
 #include <cstdio>
 #include <cstddef>
@@ -181,8 +183,9 @@
 main(int argc, char* argv[])
 {
    int c, err = 0;
-   const char *args = "fd:mMp:P:r:u:D:i:b:B:e:x";
+   const char *args = "fd:mMp:P:r:u:D:i:b:B:e:xg:";
    char *sock = NULL;
+   char *group = NULL;
    bool dofork = false;
    char *pidfilename = NULL;
    FILE *pidfile = NULL;
@@ -225,6 +228,9 @@
 			case 'p':
 				sock = strdup(optarg);
 				break;
+			case 'g':
+				group = strdup(optarg);
+				break;
 			case 'P':
 				pidfilename = strdup(optarg);
 				break;
@@ -284,6 +290,7 @@
       cout << "                      [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
       cout << "                      [-- spamc args ]" << endl;
       cout << "   -p socket: path to create socket" << endl;
+      cout << "   -g group: socket group (perms to 750 as well)" << endl;
       cout << "   -b bucket: redirect spam to this mail address.  The orignal" << endl;
       cout << "          recipient(s) will not receive anything." << endl;
       cout << "   -B bucket: add this mail address as a BCC recipient of spam." << endl;
@@ -350,6 +357,28 @@
 	} else {
       debug(D_MISC, "smfi_register succeeded");
    }
+
+   if(group) {
+      struct group *gr;
+
+      (void) smfi_opensocket(0);
+      gr = getgrnam(group);
+      if(gr) {
+        int rc;
+	rc = chown(sock, (uid_t)-1, gr->gr_gid);
+	if(! rc) {
+           (void) chmod(sock, 0660);
+	} else {
+      	   perror("group option, chmod");
+	   exit(EX_NOPERM);
+	}
+      } else { 
+      	perror("group option, getgrnam");
+	exit(EX_NOUSER);
+      }
+   }
+   
+
 	debug(D_ALWAYS, "spamass-milter %s starting", PACKAGE_VERSION);
 	err = smfi_main();
 	debug(D_ALWAYS, "spamass-milter %s exiting", PACKAGE_VERSION);
--- spamass-milter-0.3.1/spamass-milter.1.in.group	2008-07-03 14:11:46.000000000 +0100
+++ spamass-milter-0.3.1/spamass-milter.1.in	2008-07-03 14:18:17.000000000 +0100
@@ -13,6 +13,7 @@
 .Op Fl D Ar host
 .Op Fl e Ar defaultdomain
 .Op Fl f
+.Op Fl g Ar group
 .Op Fl i Ar networks
 .Op Fl m
 .Op Fl M
@@ -107,6 +108,12 @@
 Causes
 .Nm
 to fork into the background.
+.It Fl g Ar group
+Makes the socket for communication with the MTA group-writable (mode 0750)
+and sets the socket's group to
+.Ar group .
+This option is intended for use with MTA's like Postfix that do not run as
+root, and is incompatible with Sendmail usage.
 .It Fl i Ar networks
 Ignores messages if the originating IP is in the network(s) listed.
 The message will be passed through without calling SpamAssassin at all.

spamass-milter-0.3.1-popen.patch:
 spamass-milter.cpp |  162 +++++++++++++++++++++++++++--------------------------
 spamass-milter.h   |    1 
 2 files changed, 86 insertions(+), 77 deletions(-)

--- NEW FILE spamass-milter-0.3.1-popen.patch ---
Index: spamass-milter.cpp
===================================================================
RCS file: /cvsroot/spamass-milt/spamass-milt/spamass-milter.cpp,v
retrieving revision 1.91
diff -u -r1.91 spamass-milter.cpp
--- spamass-milter.cpp	24 Jul 2006 19:59:17 -0000	1.91
+++ spamass-milter.cpp	10 Mar 2010 18:52:22 -0000
@@ -171,10 +171,6 @@
 bool flag_expand = false;	/* alias/virtusertable expansion */
 bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
 
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
-#endif
-
 // {{{ main()
 
 int
@@ -461,59 +457,24 @@
 			   send another copy.  The milter API will not let you send the
 			   message AND return a failure code to the sender, so this is
 			   the only way to do it. */
-#if defined(__FreeBSD__)
-			int rv;
-#endif
-			
-#if defined(HAVE_ASPRINTF)
-			char *buf;
-#else
-			char buf[1024];
-#endif
-			char *fmt="%s \"%s\"";
+			char *popen_argv[3];
 			FILE *p;
 
-#if defined(HAVE_ASPRINTF)
-			asprintf(&buf, fmt, SENDMAIL, spambucket);
-#else
-#if defined(HAVE_SNPRINTF)
-			snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket);
-#else
-			/* XXX possible buffer overflow here */
-			sprintf(buf, fmt, SENDMAIL, spambucket);
-#endif
-#endif
-
-			debug(D_COPY, "calling %s", buf);
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-			rv = pthread_mutex_lock(&popen_mutex);
-			if (rv)
-			{
-				debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
-				abort();
-			}		
-#endif
-			p = popen(buf, "w");
+			popen_argv[0] = SENDMAIL;
+			popen_argv[1] = spambucket;
+			popen_argv[2] = NULL;
+			
+			debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
+			p = popenv(popen_argv, "w");
 			if (!p)
 			{
-				debug(D_COPY, "popen failed(%s).  Will not send a copy to spambucket", strerror(errno));
+				debug(D_COPY, "popenv failed(%s).  Will not send a copy to spambucket", strerror(errno));
 			} else
 			{
 				// Send message provided by SpamAssassin
 				fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
-				pclose(p); p = NULL;
+				fclose(p); p = NULL;
 			}
-#if defined(__FreeBSD__)
-			rv = pthread_mutex_unlock(&popen_mutex);
-			if (rv)
-			{
-				debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
-				abort();
-			}		
-#endif
-#if defined(HAVE_ASPRINTF)
-			free(buf);
-#endif 
 		}
 		return SMFIS_REJECT;
 	}
@@ -842,30 +803,19 @@
 		/* open a pipe to sendmail so we can do address expansion */
 
 		char buf[1024];
-		char *fmt="%s -bv \"%s\" 2>&1";
-
-#if defined(HAVE_SNPRINTF)
-		snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
-#else
-		/* XXX possible buffer overflow here */
-		sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
-#endif
+		char *popen_argv[4];
+		
+		popen_argv[0] = SENDMAIL;
+		popen_argv[1] = "-bv";
+		popen_argv[2] = envrcpt[0];
+		popen_argv[3] = NULL;
 
-		debug(D_RCPT, "calling %s", buf);
+		debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
 
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-		rv = pthread_mutex_lock(&popen_mutex);
-		if (rv)
-		{
-			debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
-			abort();
-		}		
-#endif
-
-		p = popen(buf, "r");
+		p = popenv(popen_argv, "r");
 		if (!p)
 		{
-			debug(D_RCPT, "popen failed(%s).  Will not expand aliases", strerror(errno));
+			debug(D_RCPT, "popenv failed(%s).  Will not expand aliases", strerror(errno));
 			assassin->expandedrcpt.push_back(envrcpt[0]);
 		} else
 		{
@@ -890,16 +840,8 @@
 					assassin->expandedrcpt.push_back(p+7);
 				}
 			}
-			pclose(p); p = NULL;
+			fclose(p); p = NULL;
 		}
-#if defined(__FreeBSD__)
-		rv = pthread_mutex_unlock(&popen_mutex);
-		if (rv)
-		{
-			debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
-			abort();
-		}		
-#endif
 	} else
 	{
 		assassin->expandedrcpt.push_back(envrcpt[0]);
@@ -2157,5 +2099,71 @@
 	warnedmacro = true;
 }
 
+/*
+   untrusted-argument-safe popen function - only supports "r" and "w" modes
+   for simplicity, and always reads stdout and stderr in "r" mode.  Call
+   fclose to close the FILE.
+*/
+FILE *popenv(char *const argv[], const char *type)
+{
+	FILE *iop;
+	int pdes[2];
+	int save_errno;
+	if ((*type != 'r' && *type != 'w') || type[1])
+	{
+		errno = EINVAL;
+		return (NULL);
+	}
+	if (pipe(pdes) < 0)
+		return (NULL);
+	switch (fork()) {
+	
+	case -1:			/* Error. */
+		save_errno = errno;
+		(void)close(pdes[0]);
+		(void)close(pdes[1]);
+		errno = save_errno;
+		return (NULL);
+		/* NOTREACHED */
+	case 0:				/* Child. */
+		if (*type == 'r') {
+			/*
+			 * The dup2() to STDIN_FILENO is repeated to avoid
+			 * writing to pdes[1], which might corrupt the
+			 * parent's copy.  This isn't good enough in
+			 * general, since the exit() is no return, so
+			 * the compiler is free to corrupt all the local
+			 * variables.
+			 */
+			(void)close(pdes[0]);
+			(void)dup2(pdes[1], STDOUT_FILENO);
+			(void)dup2(pdes[1], STDERR_FILENO);
+			if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
+				(void)close(pdes[1]);
+			} 
+		} else {
+			if (pdes[0] != STDIN_FILENO) {
+				(void)dup2(pdes[0], STDIN_FILENO);
+				(void)close(pdes[0]);
+			}
+			(void)close(pdes[1]);
+		}
+		execv(argv[0], argv);
+		exit(127);
+		/* NOTREACHED */
+	}
+
+	/* Parent; assume fdopen can't fail. */
+	if (*type == 'r') {
+		iop = fdopen(pdes[0], type);
+		(void)close(pdes[1]);
+	} else {
+		iop = fdopen(pdes[1], type);
+		(void)close(pdes[0]);
+	}
+
+	return (iop);
+}
+
 // }}}
 // vim6:ai:noexpandtab
Index: spamass-milter.h
===================================================================
RCS file: /cvsroot/spamass-milt/spamass-milt/spamass-milter.h,v
retrieving revision 1.23
diff -u -r1.23 spamass-milter.h
--- spamass-milter.h	7 Apr 2005 02:04:24 -0000	1.23
+++ spamass-milter.h	10 Mar 2010 18:52:22 -0000
@@ -186,5 +186,6 @@
 void parse_debuglevel(char* string);
 char *strlwr(char *str);
 void warnmacro(char *macro, char *scope);
+FILE *popenv(char *const argv[], const char *type);
 
 #endif

spamass-milter-0.3.1-prototype.patch:
 spamass-milter.cpp |    2 ++
 1 file changed, 2 insertions(+)

--- NEW FILE spamass-milter-0.3.1-prototype.patch ---
Tentative upstream patch (spamass-milter-0.3.1-popen.patch)
for #572119 is missing a function prototype for the new
popenv() function.

--- spamass-milter-0.3.1/spamass-milter.cpp	2010-03-18 15:41:48.289366915 +0000
+++ spamass-milter-0.3.1/spamass-milter.cpp	2010-03-18 15:45:26.753239751 +0000
@@ -127,6 +127,8 @@
 #define INADDR_LOOPBACK 0x7F000001
 #endif
 
+FILE *popenv(char *const argv[], const char *type);
+
 // }}} 
 
 static const char Id[] = "$Id: spamass-milter.cpp,v 1.90 2006/03/23 21:41:36 dnelson Exp $";

spamass-milter-0.3.1-rcvd.patch:
 spamass-milter.cpp |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE spamass-milter-0.3.1-rcvd.patch ---
--- spamass-milter-0.3.1/spamass-milter.cpp.ori	2006-03-23 15:41:36.000000000 -0600
+++ spamass-milter-0.3.1/spamass-milter.cpp	2009-04-20 20:03:31.000000000 -0500
@@ -1002,9 +1002,9 @@
 
 		assassin->output((string)
 			"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
-			"by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
+			"by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
 			macro_b+"\r\n\t"+
-			"(envelope-from "+assassin->from()+"\r\n");
+			"(envelope-from "+assassin->from()+")\r\n");
 
 	} else
 		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");


--- NEW FILE spamass-milter.README.Postfix ---
Installing the spamass-milter-postfix package changes the default behaviour
of the spamass-milter initscript to be more Postfix-friendly, i.e.:

   The Unix-domain socket used for MTA communication is changed to
   %{_localstatedir}/run/spamass-milter/postfix/sock, and that socket is
   writable by the postfix group.

To configure Postfix to use the milter, add to /etc/postfix/main.cf:

  smtpd_milters = unix:%{_localstatedir}/run/spamass-milter/postfix/sock

For further information, see:
http://www.postfix.org/MILTER_README.html


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/EL-5/.cvsignore,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- .cvsignore	6 Apr 2006 13:10:15 -0000	1.3
+++ .cvsignore	22 Mar 2010 16:14:46 -0000	1.4
@@ -1 +1 @@
-spamass-milter-0.3.1.tar.gz
+spamass-milter-0.3.1.tar.bz2


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/EL-5/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- sources	6 Apr 2006 13:10:15 -0000	1.3
+++ sources	22 Mar 2010 16:14:47 -0000	1.4
@@ -1 +1 @@
-ca6bf6a9c88db74a6bfea41f499c0ba6  spamass-milter-0.3.1.tar.gz
+5f3a441de032c7c044cbb7b922311f1b  spamass-milter-0.3.1.tar.bz2


Index: spamass-milter.spec
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/EL-5/spamass-milter.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- spamass-milter.spec	12 Oct 2007 12:22:04 -0000	1.11
+++ spamass-milter.spec	22 Mar 2010 16:14:48 -0000	1.12
@@ -1,40 +1,84 @@
-Summary:	Sendmail milter for spamassassin
+Summary:	Milter (mail filter) for spamassassin
 Name:		spamass-milter
 Version:	0.3.1
-Release:	5%{?dist}
+Release:	17%{?dist}
 License:	GPLv2+
 Group:		System Environment/Daemons
 URL:		http://savannah.nongnu.org/projects/spamass-milt/
-Source0:	http://savannah.nongnu.org/download/spamass-milt/spamass-milter-%{version}.tar.gz
+Source0:	http://savannah.nongnu.org/download/spamass-milt/spamass-milter-%{version}.tar.bz2
 Source1:	spamass-milter-wrapper
 Source2:	spamass-milter.sysv
 Source3:	spamass-milter.sysconfig
+Source4:	spamass-milter.README.Postfix
 Patch0:		spamass-milter-0.3.1-pathnames.patch
+Patch2:		spamass-milter-0.3.1-group.patch
+Patch3:		spamass-milter-0.3.1-rcvd.patch
+Patch4:		spamass-milter-0.3.1-bits.patch
+Patch5:		spamass-milter-0.3.1-popen.patch
+Patch6:		spamass-milter-0.3.1-prototype.patch
+Patch7:		spamass-milter-0.3.1-authuser.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	spamassassin, sendmail-devel
-Requires:	spamassassin, sendmail
+Requires:	spamassassin, /usr/sbin/sendmail
 
-Requires(pre): shadow-utils
+Requires(pre): /usr/bin/getent, /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/usermod
 Requires(post): /sbin/chkconfig
-Requires(post): /sbin/service
-Requires(preun): /sbin/chkconfig
-Requires(preun): /sbin/service
-Requires(postun): /sbin/service
+Requires(preun): /sbin/chkconfig, initscripts
+Requires(postun): initscripts
 
 %description
-A Sendmail milter (Mail Filter) application that pipes incoming mail
-(including things received by rmail/UUCP) through SpamAssassin, a highly
-customizable spam filter.
+A milter (Mail Filter) application that pipes incoming mail (including things
+received by rmail/UUCP) through SpamAssassin, a highly customizable spam
+filter. A milter-compatible MTA such as Sendmail or Postfix is required.
+
+%package postfix
+Summary:	Postfix support for spamass-milter
+Group:		System Environment/Daemons
+Requires:	%{name} = %{version}-%{release}
+Requires(pre):	postfix
+Requires(post):	shadow-utils, %{name} = %{version}-%{release}
+%if 0%{?fedora} > 9
+BuildArch:	noarch
+%endif
+
+%description postfix
+This package adds support for running spamass-milter using a Unix-domain
+socket to communicate with the Postfix MTA.
 
 %prep
 %setup -q
+
+# Local patch for initscript and socket paths
 %patch0 -p1 -b .pathnames
-%{__cp} -p %{SOURCE1} %{SOURCE2} %{SOURCE3} .
+
+# Add -g option for group-writable socket for Postfix support (#452248)
+%patch2 -p1 -b .group
+
+# Fix Received-header generation (#496763)
+%patch3 -p1 -b .rcvd
+
+# Add authentication info to dummy Received-header (#496769)
+%patch4 -p1 -b .bits
+
+# Preliminary upstream patch for input validation bug letting
+# remote users execute arbitrary code (#572117, #572119)
+# https://savannah.nongnu.org/bugs/?29136
+%patch5 -p0 -b .popen
+
+# Add function prototype missing from patch5
+%patch6 -p1 -b .proto
+
+# Add -I option to ignore (don't check) mail from authenticated users
+# (#437506, #496767) https://savannah.nongnu.org/bugs/?21046
+%patch7 -p1 -b .authuser
+
+%{__cp} -p %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} .
 %{__sed} -i -e 's|%%{_localstatedir}|%{_localstatedir}|g;
 		s|%%{_initrddir}|%{_initrddir}|g;
 		s|%%{_sysconfdir}|%{_sysconfdir}|g;
 		s|%%{_sbindir}|%{_sbindir}|g;' \
-	spamass-milter.{sysv,sysconfig} README
+	spamass-milter.{README.Postfix,sysv,sysconfig} README
+%{__mv} spamass-milter.README.Postfix README.Postfix
 
 %build
 export SENDMAIL=/usr/sbin/sendmail
@@ -47,14 +91,18 @@ export SENDMAIL=/usr/sbin/sendmail
 
 %{__install} -m 755 -D spamass-milter.sysv %{buildroot}%{_initrddir}/spamass-milter
 %{__install} -m 644 -D spamass-milter.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/spamass-milter
-%{__install} -m 700 -d %{buildroot}%{_localstatedir}/run/spamass-milter
+%{__install} -m 755 -d %{buildroot}%{_localstatedir}/lib/spamass-milter
+%{__install} -m 711 -d %{buildroot}%{_localstatedir}/run/spamass-milter
+%{__install} -m 750 -d %{buildroot}%{_localstatedir}/run/spamass-milter/postfix
 %{__install} -m 755 spamass-milter-wrapper %{buildroot}%{_sbindir}/spamass-milter-wrapper
 
 %pre
 /usr/bin/getent group sa-milt >/dev/null || /usr/sbin/groupadd -r sa-milt
 /usr/bin/getent passwd sa-milt >/dev/null || \
-	/usr/sbin/useradd -r -g sa-milt -d %{_localstatedir}/run/spamass-milter \
+	/usr/sbin/useradd -r -g sa-milt -d %{_localstatedir}/lib/spamass-milter \
 		-s /sbin/nologin -c "SpamAssassin Milter" sa-milt
+# Fix homedir for upgrades
+/usr/sbin/usermod --home %{_localstatedir}/lib/spamass-milter sa-milt &>/dev/null
 exit 0
 
 %post
@@ -62,12 +110,18 @@ exit 0
 
 %preun
 if [ $1 -eq 0 ]; then
-	/sbin/service spamass-milter stop &>/dev/null || :
+	%{_initrddir}/spamass-milter stop &>/dev/null || :
 	/sbin/chkconfig --del spamass-milter || :
 fi
 
 %postun
-/sbin/service spamass-milter condrestart &>/dev/null || :
+%{_initrddir}/spamass-milter condrestart &>/dev/null || :
+
+%post postfix
+# This is needed because the milter needs to "give away" the MTA communication
+# socket to the postfix group, and it needs to be a member of the group to do
+# that.
+/usr/sbin/usermod -a -G postfix sa-milt || :
 
 %clean
 %{__rm} -rf %{buildroot}
@@ -80,9 +134,78 @@ fi
 %{_initrddir}/spamass-milter
 %{_sbindir}/spamass-milter
 %{_sbindir}/spamass-milter-wrapper
+%dir %attr(-,sa-milt,sa-milt) %{_localstatedir}/lib/spamass-milter/
 %dir %attr(-,sa-milt,sa-milt) %{_localstatedir}/run/spamass-milter/
 
+%files postfix
+%defattr(-,root,root,-)
+%doc README.Postfix
+%dir %attr(-,sa-milt,postfix) %{_localstatedir}/run/spamass-milter/postfix/
+
 %changelog
+* Fri Mar 12 2010 Paul Howarth <paul at city-fan.org> 0.3.1-17
+- Update initscript to support running the milter as root, which is needed
+  for the -x (expand aliases) option; note that the milter does not run as
+  root by default
+- Add patch for popen unsanitized input vulnerability
+  (#572117, #572119, https://savannah.nongnu.org/bugs/?29136)
+- Rebase authuser patch
+- Update patch adding auth info to dummy Received-header so that it doesn't
+  generate spurious warnings about missing macros (#532266), and update and
+  merge the macro documentation patch into this patch
+- Document patch usage in spec file
+
+* Tue Aug 11 2009 Paul Howarth <paul at city-fan.org> 0.3.1-16
+- Switch to bzipped source tarball
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> 0.3.1-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Fri Apr 24 2009 Paul Howarth <paul at city-fan.org> 0.3.1-14
+- Fix Received-header generation (#496763)
+- Add authentication info to dummy Received-header (#496769)
+- Add option to skip checks for authenticated senders (#437506, #496767)
+  (thanks to Habeeb J. Dihu for the reports and patches)
+
+* Wed Mar 18 2009 Paul Howarth <paul at city-fan.org> 0.3.1-13
+- Call initscripts directly instead of via /sbin/service and fine-tune scriptlet
+  dependencies
+- Change sa-milt user's home directory from
+  %%{_localstatedir}/run/spamass-milter to %%{_localstatedir}/lib/spamass-milter
+  so as to retain directory contents across a reboot (#489995), and fix the home
+  directory of any existing sa-milt account on upgrades
+
+* Fri Feb 27 2009 Paul Howarth <paul at city-fan.org> 0.3.1-12
+- Subpackage for postfix is now noarch for Fedora 10 onwards
+- Fix scriptlet deps to ensure that sa-milt user exists before we attempt to
+  add it to the postfix group
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> 0.3.1-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb 13 2009 Paul Howarth <paul at city-fan.org> 0.3.1-10
+- Rebuild for shared libmilter in Fedora 11 development
+
+* Thu Jul  3 2008 Paul Howarth <paul at city-fan.org> 0.3.1-9
+- Require /usr/sbin/sendmail (for -b/-B/-x options) rather than sendmail pkg
+- Make summary and description less Sendmail-specific
+- Add patch to support group-writable socket for MTA communication, needed
+  to be able to use a Unix-domain socket with Postfix (#452248)
+- Add subpackage with group-writable directory for Postfix support
+- Tweak initscript to change default options when Postfix socket directory is
+  present
+- Document additional ENVRCPT macros to provide
+
+* Tue May 20 2008 Paul Howarth <paul at city-fan.org> 0.3.1-8
+- Fix initscript failure to start with SELinux in enforcing mode (#447247)
+  (needs selinux-policy >= 3.3.1-55 on F9)
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> 0.3.1-7
+- Autorebuild for GCC 4.3
+
+* Mon Feb 18 2008 Paul Howarth <paul at city-fan.org> 0.3.1-6
+- Rebuild with gcc 4.3.0 for Fedora 9
+
 * Fri Oct 12 2007 Paul Howarth <paul at city-fan.org> 0.3.1-5
 - Split initscript and config out from being here documents in the spec and
   have them as separate source files instead


Index: spamass-milter.sysconfig
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/EL-5/spamass-milter.sysconfig,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- spamass-milter.sysconfig	12 Oct 2007 12:22:04 -0000	1.1
+++ spamass-milter.sysconfig	22 Mar 2010 16:14:48 -0000	1.2
@@ -1,6 +1,13 @@
 ### Override for your different local config
 #SOCKET=%{_localstatedir}/run/spamass-milter/spamass-milter.sock
 
+### For security reasons it is best to run the milter as a non-root user
+###
+### However, if you need to use the -x option to expand aliases to get
+### the username(s) to pass to spamc, the milter needs to run as root
+### since "sendmail -bv <rcpt_address>" only works as root
+#RUN_AS_USER=sa-milt
+
 ### Standard parameters for spamass-milter are:
 ### -P %{_localstatedir}/run/spamass-milter.pid (PID file)
 ###


Index: spamass-milter.sysv
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/EL-5/spamass-milter.sysv,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- spamass-milter.sysv	12 Oct 2007 12:22:04 -0000	1.1
+++ spamass-milter.sysv	22 Mar 2010 16:14:48 -0000	1.2
@@ -24,14 +24,24 @@
 
 # Default variables
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
+RUN_AS_USER=sa-milt
 SOCKET="%{_localstatedir}/run/spamass-milter/spamass-milter.sock"
+SOCKET_OPTIONS=""
 EXTRA_FLAGS=""
 SYSCONFIG="%{_sysconfdir}/sysconfig/spamass-milter"
 
+# If Postfix support package is installed, use a postfix-group-writable
+# socket for communication with the MTA
+if [ -d %{_localstatedir}/run/spamass-milter/postfix ]; then
+	SOCKET="%{_localstatedir}/run/spamass-milter/postfix/sock"
+	SOCKET_OPTIONS="-g postfix"
+fi
+
 # Read configuration
 source %{_initrddir}/functions
-source %{_sysconfdir}/sysconfig/network
-[ -r "${SYSCONFIG}" ] && source "${SYSCONFIG}"
+for configfile in %{_sysconfdir}/sysconfig/network "${SYSCONFIG}"; do
+	[ -r "${configfile}" ] && source "${configfile}"
+done
 
 [ -x %{_sbindir}/spamass-milter ] || exit 5
 
@@ -40,11 +50,15 @@ prog="spamass-milter"
 desc="SpamAssassin milter"
 pidfile=%{_localstatedir}/run/spamass-milter.pid
 
+# Fix ownership of socket directory if necessary
+chown ${RUN_AS_USER} %{_localstatedir}/run/spamass-milter
+
 start() {
 	echo -n $"Starting ${desc} (${prog}): "
 	touch ${pidfile}
-	chown sa-milt:sa-milt ${pidfile}
-	daemon --user sa-milt %{_sbindir}/${prog}-wrapper -p ${SOCKET} -P ${pidfile} ${EXTRA_FLAGS}
+	chown ${RUN_AS_USER} ${pidfile}
+	[ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile}
+	daemon --user ${RUN_AS_USER} %{_sbindir}/${prog}-wrapper ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} ${EXTRA_FLAGS}
 	RETVAL=$?
 	echo
 	if [ ${RETVAL} -eq 0 ]; then

