rpms/spamass-milter/F-13 spamass-milter-0.3.1-popen.patch, NONE, 1.1 spamass-milter-0.3.1-prototype.patch, NONE, 1.1 spamass-milter-0.3.1-authuser.patch, 1.1, 1.2 spamass-milter-0.3.1-bits.patch, 1.1, 1.2 spamass-milter.spec, 1.22, 1.23 spamass-milter.sysconfig, 1.1, 1.2 spamass-milter.sysv, 1.4, 1.5 spamass-milter-0.3.1-macros.patch, 1.1, NONE
Paul Howarth
pghmcfc at fedoraproject.org
Mon Mar 22 16:14:52 UTC 2010
- Previous message: rpms/spamass-milter/F-12 spamass-milter-0.3.1-popen.patch, NONE, 1.1 spamass-milter-0.3.1-prototype.patch, NONE, 1.1 spamass-milter-0.3.1-authuser.patch, 1.1, 1.2 spamass-milter-0.3.1-bits.patch, 1.1, 1.2 spamass-milter.spec, 1.22, 1.23 spamass-milter.sysconfig, 1.1, 1.2 spamass-milter.sysv, 1.4, 1.5 spamass-milter-0.3.1-macros.patch, 1.1, NONE
- Next message: rpms/spamass-milter/devel spamass-milter-0.3.1-popen.patch, NONE, 1.1 spamass-milter-0.3.1-prototype.patch, NONE, 1.1 spamass-milter-0.3.1-authuser.patch, 1.1, 1.2 spamass-milter-0.3.1-bits.patch, 1.1, 1.2 spamass-milter.spec, 1.22, 1.23 spamass-milter.sysconfig, 1.1, 1.2 spamass-milter.sysv, 1.4, 1.5 spamass-milter-0.3.1-macros.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pghmcfc
Update of /cvs/pkgs/rpms/spamass-milter/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22929/F-13
Modified Files:
spamass-milter-0.3.1-authuser.patch
spamass-milter-0.3.1-bits.patch spamass-milter.spec
spamass-milter.sysconfig spamass-milter.sysv
Added Files:
spamass-milter-0.3.1-popen.patch
spamass-milter-0.3.1-prototype.patch
Removed Files:
spamass-milter-0.3.1-macros.patch
Log Message:
* Fri Mar 12 2010 Paul Howarth <paul at city-fan.org> 0.3.1-17
- Update initscript to support running the milter as root, which is needed
for the -x (expand aliases) option; note that the milter does not run as
root by default
- Add patch for popen unsanitized input vulnerability
(#572117, #572119, https://savannah.nongnu.org/bugs/?29136)
- Rebase authuser patch
- Update patch adding auth info to dummy Received-header so that it doesn't
generate spurious warnings about missing macros (#532266), and update and
merge the macro documentation patch into this patch
- Document patch usage in spec file
spamass-milter-0.3.1-popen.patch:
spamass-milter.cpp | 162 +++++++++++++++++++++++++++--------------------------
spamass-milter.h | 1
2 files changed, 86 insertions(+), 77 deletions(-)
--- NEW FILE spamass-milter-0.3.1-popen.patch ---
Index: spamass-milter.cpp
===================================================================
RCS file: /cvsroot/spamass-milt/spamass-milt/spamass-milter.cpp,v
retrieving revision 1.91
diff -u -r1.91 spamass-milter.cpp
--- spamass-milter.cpp 24 Jul 2006 19:59:17 -0000 1.91
+++ spamass-milter.cpp 10 Mar 2010 18:52:22 -0000
@@ -171,10 +171,6 @@
bool flag_expand = false; /* alias/virtusertable expansion */
bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
-#endif
-
// {{{ main()
int
@@ -461,59 +457,24 @@
send another copy. The milter API will not let you send the
message AND return a failure code to the sender, so this is
the only way to do it. */
-#if defined(__FreeBSD__)
- int rv;
-#endif
-
-#if defined(HAVE_ASPRINTF)
- char *buf;
-#else
- char buf[1024];
-#endif
- char *fmt="%s \"%s\"";
+ char *popen_argv[3];
FILE *p;
-#if defined(HAVE_ASPRINTF)
- asprintf(&buf, fmt, SENDMAIL, spambucket);
-#else
-#if defined(HAVE_SNPRINTF)
- snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket);
-#else
- /* XXX possible buffer overflow here */
- sprintf(buf, fmt, SENDMAIL, spambucket);
-#endif
-#endif
-
- debug(D_COPY, "calling %s", buf);
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- rv = pthread_mutex_lock(&popen_mutex);
- if (rv)
- {
- debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
- abort();
- }
-#endif
- p = popen(buf, "w");
+ popen_argv[0] = SENDMAIL;
+ popen_argv[1] = spambucket;
+ popen_argv[2] = NULL;
+
+ debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
+ p = popenv(popen_argv, "w");
if (!p)
{
- debug(D_COPY, "popen failed(%s). Will not send a copy to spambucket", strerror(errno));
+ debug(D_COPY, "popenv failed(%s). Will not send a copy to spambucket", strerror(errno));
} else
{
// Send message provided by SpamAssassin
fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
- pclose(p); p = NULL;
+ fclose(p); p = NULL;
}
-#if defined(__FreeBSD__)
- rv = pthread_mutex_unlock(&popen_mutex);
- if (rv)
- {
- debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
- abort();
- }
-#endif
-#if defined(HAVE_ASPRINTF)
- free(buf);
-#endif
}
return SMFIS_REJECT;
}
@@ -842,30 +803,19 @@
/* open a pipe to sendmail so we can do address expansion */
char buf[1024];
- char *fmt="%s -bv \"%s\" 2>&1";
-
-#if defined(HAVE_SNPRINTF)
- snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
-#else
- /* XXX possible buffer overflow here */
- sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
-#endif
+ char *popen_argv[4];
+
+ popen_argv[0] = SENDMAIL;
+ popen_argv[1] = "-bv";
+ popen_argv[2] = envrcpt[0];
+ popen_argv[3] = NULL;
- debug(D_RCPT, "calling %s", buf);
+ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- rv = pthread_mutex_lock(&popen_mutex);
- if (rv)
- {
- debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
- abort();
- }
-#endif
-
- p = popen(buf, "r");
+ p = popenv(popen_argv, "r");
if (!p)
{
- debug(D_RCPT, "popen failed(%s). Will not expand aliases", strerror(errno));
+ debug(D_RCPT, "popenv failed(%s). Will not expand aliases", strerror(errno));
assassin->expandedrcpt.push_back(envrcpt[0]);
} else
{
@@ -890,16 +840,8 @@
assassin->expandedrcpt.push_back(p+7);
}
}
- pclose(p); p = NULL;
+ fclose(p); p = NULL;
}
-#if defined(__FreeBSD__)
- rv = pthread_mutex_unlock(&popen_mutex);
- if (rv)
- {
- debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
- abort();
- }
-#endif
} else
{
assassin->expandedrcpt.push_back(envrcpt[0]);
@@ -2157,5 +2099,71 @@
warnedmacro = true;
}
+/*
+ untrusted-argument-safe popen function - only supports "r" and "w" modes
+ for simplicity, and always reads stdout and stderr in "r" mode. Call
+ fclose to close the FILE.
+*/
+FILE *popenv(char *const argv[], const char *type)
+{
+ FILE *iop;
+ int pdes[2];
+ int save_errno;
+ if ((*type != 'r' && *type != 'w') || type[1])
+ {
+ errno = EINVAL;
+ return (NULL);
+ }
+ if (pipe(pdes) < 0)
+ return (NULL);
+ switch (fork()) {
+
+ case -1: /* Error. */
+ save_errno = errno;
+ (void)close(pdes[0]);
+ (void)close(pdes[1]);
+ errno = save_errno;
+ return (NULL);
+ /* NOTREACHED */
+ case 0: /* Child. */
+ if (*type == 'r') {
+ /*
+ * The dup2() to STDIN_FILENO is repeated to avoid
+ * writing to pdes[1], which might corrupt the
+ * parent's copy. This isn't good enough in
+ * general, since the exit() is no return, so
+ * the compiler is free to corrupt all the local
+ * variables.
+ */
+ (void)close(pdes[0]);
+ (void)dup2(pdes[1], STDOUT_FILENO);
+ (void)dup2(pdes[1], STDERR_FILENO);
+ if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
+ (void)close(pdes[1]);
+ }
+ } else {
+ if (pdes[0] != STDIN_FILENO) {
+ (void)dup2(pdes[0], STDIN_FILENO);
+ (void)close(pdes[0]);
+ }
+ (void)close(pdes[1]);
+ }
+ execv(argv[0], argv);
+ exit(127);
+ /* NOTREACHED */
+ }
+
+ /* Parent; assume fdopen can't fail. */
+ if (*type == 'r') {
+ iop = fdopen(pdes[0], type);
+ (void)close(pdes[1]);
+ } else {
+ iop = fdopen(pdes[1], type);
+ (void)close(pdes[0]);
+ }
+
+ return (iop);
+}
+
// }}}
// vim6:ai:noexpandtab
Index: spamass-milter.h
===================================================================
RCS file: /cvsroot/spamass-milt/spamass-milt/spamass-milter.h,v
retrieving revision 1.23
diff -u -r1.23 spamass-milter.h
--- spamass-milter.h 7 Apr 2005 02:04:24 -0000 1.23
+++ spamass-milter.h 10 Mar 2010 18:52:22 -0000
@@ -186,5 +186,6 @@
void parse_debuglevel(char* string);
char *strlwr(char *str);
void warnmacro(char *macro, char *scope);
+FILE *popenv(char *const argv[], const char *type);
#endif
spamass-milter-0.3.1-prototype.patch:
spamass-milter.cpp | 2 ++
1 file changed, 2 insertions(+)
--- NEW FILE spamass-milter-0.3.1-prototype.patch ---
Tentative upstream patch (spamass-milter-0.3.1-popen.patch)
for #572119 is missing a function prototype for the new
popenv() function.
--- spamass-milter-0.3.1/spamass-milter.cpp 2010-03-18 15:41:48.289366915 +0000
+++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-18 15:45:26.753239751 +0000
@@ -127,6 +127,8 @@
#define INADDR_LOOPBACK 0x7F000001
#endif
+FILE *popenv(char *const argv[], const char *type);
+
// }}}
static const char Id[] = "$Id: spamass-milter.cpp,v 1.90 2006/03/23 21:41:36 dnelson Exp $";
spamass-milter-0.3.1-authuser.patch:
spamass-milter.1.in | 3 +++
spamass-milter.cpp | 26 ++++++++++++++++++++++++--
2 files changed, 27 insertions(+), 2 deletions(-)
Index: spamass-milter-0.3.1-authuser.patch
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter-0.3.1-authuser.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- spamass-milter-0.3.1-authuser.patch 24 Apr 2009 16:01:25 -0000 1.1
+++ spamass-milter-0.3.1-authuser.patch 22 Mar 2010 16:14:51 -0000 1.2
@@ -1,14 +1,14 @@
---- spamass-milter-0.3.1/spamass-milter.cpp.ori 2009-04-20 21:11:55.000000000 -0500
-+++ spamass-milter-0.3.1/spamass-milter.cpp 2009-04-20 21:14:20.000000000 -0500
+--- spamass-milter-0.3.1/spamass-milter.cpp.authuser 2010-03-18 15:38:38.414240811 +0000
++++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-18 15:39:27.751241308 +0000
@@ -172,6 +172,7 @@
bool flag_full_email = false; /* pass full email address to spamc */
bool flag_expand = false; /* alias/virtusertable expansion */
bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */
+bool ignore_authenticated_senders = false; /* authenticated users bypass spam checks */
- #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
-@@ -183,7 +184,7 @@
+ // {{{ main()
+
+@@ -179,7 +180,7 @@
main(int argc, char* argv[])
{
int c, err = 0;
@@ -17,7 +17,7 @@
char *sock = NULL;
char *group = NULL;
bool dofork = false;
-@@ -216,6 +217,10 @@
+@@ -212,6 +213,10 @@
debug(D_MISC, "Parsing ignore list");
parse_networklist(optarg, &ignorenets);
break;
@@ -28,7 +28,7 @@
case 'm':
dontmodifyspam = true;
smfilter.xxfi_flags &= ~SMFIF_CHGBODY;
-@@ -286,7 +291,7 @@
+@@ -282,7 +287,7 @@
cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl;
cout << "SpamAssassin Sendmail Milter Plugin" << endl;
cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
@@ -37,7 +37,7 @@
cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
cout << " [-- spamc args ]" << endl;
cout << " -p socket: path to create socket" << endl;
-@@ -301,6 +306,7 @@
+@@ -297,6 +302,7 @@
cout << " -f: fork into background" << endl;
cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl;
cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
@@ -45,7 +45,7 @@
cout << " -m: don't modify body, Content-type: or Subject:" << endl;
cout << " -M: don't modify the message at all" << endl;
cout << " -P pidfile: Put processid in pidfile" << endl;
-@@ -812,6 +818,22 @@
+@@ -773,6 +779,22 @@
}
/* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */
@@ -68,9 +68,8 @@
debug(D_FUNC, "mlfi_envfrom: enter");
try {
// launch new SpamAssassin
-
---- spamass-milter-0.3.1/spamass-milter.1.in.ori 2009-04-20 21:11:55.000000000 -0500
-+++ spamass-milter-0.3.1/spamass-milter.1.in 2009-04-20 21:17:36.000000000 -0500
+--- spamass-milter-0.3.1/spamass-milter.1.in.authuser 2010-03-18 15:38:38.407240309 +0000
++++ spamass-milter-0.3.1/spamass-milter.1.in 2010-03-18 15:38:38.417240342 +0000
@@ -15,6 +15,7 @@
.Op Fl f
.Op Fl g Ar group
spamass-milter-0.3.1-bits.patch:
README | 20 ++++++-
spamass-milter.cpp | 134 ++++++++++++++++++++++++++++++++++++++---------------
spamass-milter.h | 8 +--
3 files changed, 119 insertions(+), 43 deletions(-)
Index: spamass-milter-0.3.1-bits.patch
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter-0.3.1-bits.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- spamass-milter-0.3.1-bits.patch 24 Apr 2009 16:01:25 -0000 1.1
+++ spamass-milter-0.3.1-bits.patch 22 Mar 2010 16:14:51 -0000 1.2
@@ -1,54 +1,202 @@
---- spamass-milter-0.3.1/spamass-milter.cpp.orig 2009-04-20 21:29:57.000000000 -0500
-+++ spamass-milter-0.3.1/spamass-milter.cpp 2009-04-20 22:07:51.000000000 -0500
-@@ -975,7 +975,9 @@
+diff -up spamass-milter-0.3.1/README.bits spamass-milter-0.3.1/README
+--- spamass-milter-0.3.1/README.bits 2010-03-22 14:50:10.404092602 +0000
++++ spamass-milter-0.3.1/README 2010-03-22 14:51:26.198958883 +0000
+@@ -54,15 +54,27 @@ Now you need to make sendmail use the pl
+ configuring sendmail through m4 & the sendmail.mc files. In this case
+ adding the lines
+
+-INPUT_MAIL_FILTER(`spamassassin', `S=unix:%{_localstatedir}/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
+-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
+-
++INPUT_MAIL_FILTER(`spamassassin', `S=unix:%{_localstatedir}/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
++define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
++
+ should do the trick. Of course you need to modify the path of the
+ socket if you put another one into the startup script. The timeouts
+ have been increased somewhat because SpamAssassin may chew on it for a
+ little while on a slow machine.
+
++If you are using multiple milter mail filters on your mail server, you may
++have overridden the default values of some of the confMILTER_MACROS_*
++macros whilst configuring the other filters. You need to ensure that at
++least the following values are present:
++
++confMILTER_MACROS_CONNECT must include the {j} and {_} macros
++(all included by default)
++
++confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen} and {auth_ssf}
++macros (all included by default)
++
++confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros
++
+ Now recreate sendmail.cf, restart sendmail and experiment around a bit
+ with the setup to make sure it is working.
+
+diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spamass-milter.cpp
+--- spamass-milter-0.3.1/spamass-milter.cpp.bits 2010-03-22 14:50:10.433025554 +0000
++++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-22 14:53:16.528833350 +0000
+@@ -736,6 +736,7 @@ sfsistat
+ mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr)
+ {
+ struct context *sctx;
++ const char *macro_j, *macro__;
+ int rv;
+
+ debug(D_FUNC, "mlfi_connect: enter");
+@@ -753,8 +754,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
+ }
+ sctx->assassin = NULL;
+ sctx->helo = NULL;
+-
+- /* store a pointer to it with setpriv */
++ sctx->our_fqdn = NULL;
++ sctx->sender_address = NULL;
++ sctx->queueid = NULL;
++ sctx->auth_authen = NULL;
++ sctx->auth_ssf = NULL;
++
++ /* store our FQDN */
++ macro_j = smfi_getsymval(ctx, "j");
++ if (!macro_j)
++ {
++ macro_j = "localhost";
++ warnmacro("j", "CONNECT");
++ }
++ sctx->our_fqdn = strdup(macro_j);
++
++ /* store the validated sending site's address */
++ macro__ = smfi_getsymval(ctx, "_");
++ if (!macro__)
++ {
++ macro__ = "unknown";
++ warnmacro("_", "CONNECT");
++ }
++ sctx->sender_address = strdup(macro__);
++
++ /* store a pointer to our private data with setpriv */
+ rv = smfi_setpriv(ctx, sctx);
+ if (rv != MI_SUCCESS)
+ {
+@@ -803,7 +827,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ {
+ SpamAssassin* assassin;
+ struct context *sctx = (struct context *)smfi_getpriv(ctx);
+- char *queueid;
++ const char *queueid, *macro_auth_ssf, *macro_auth_authen;
+
+ if (sctx == NULL)
+ {
+@@ -829,17 +853,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+
+ // remember the MAIL FROM address
+ assassin->set_from(string(envfrom[0]));
+-
++
++ // remember the queueid for this message
+ queueid=smfi_getsymval(ctx,"i");
+ if (!queueid)
+ {
+ queueid="unknown";
+ warnmacro("i", "ENVFROM");
+ }
+- assassin->queueid = queueid;
+-
++ sctx->queueid = strdup(queueid);
+ debug(D_MISC, "queueid=%s", queueid);
+
++ // remember the SMTP AUTH login name
++ macro_auth_authen = smfi_getsymval(ctx, "{auth_authen}");
++ if (!macro_auth_authen)
++ {
++ macro_auth_authen = "";
++ // Don't issue a warning for the auth_authen macro as
++ // it is likely to be unset much of the time - it's
++ // only set if the client has authenticated.
++ //
++ // Similarly, we only issue warnings for the other
++ // auth-related macros if {auth_authen) is available.
++ //
++ // warnmacro("auth_authen", "ENVFROM");
++ }
++ sctx->auth_authen = strdup(macro_auth_authen);
++
++ // remember the SASL cipher bits
++ macro_auth_ssf = smfi_getsymval(ctx, "{auth_ssf}");
++ if (!macro_auth_ssf)
++ {
++ macro_auth_ssf = "";
++ if (strlen(macro_auth_authen)) {
++ warnmacro("auth_ssf", "ENVFROM");
++ }
++ }
++ sctx->auth_ssf = strdup(macro_auth_ssf);
++
+ // tell Milter to continue
+ debug(D_FUNC, "mlfi_envfrom: exit");
+
+@@ -953,7 +1004,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
*/
const char *macro_b, *macro_i, *macro_j, *macro_r,
- *macro_s, *macro_v, *macro_Z, *macro__;
+ *macro_s, *macro_v, *macro_Z, *macro__,
-+ *macro_auth_ssf, *macro_auth_authen, *macro_auth_author,
-+ *macro_auth_type;
++ *macro_auth_ssf, *macro_auth_authen;
char date[32];
/* RFC 822 date. */
-@@ -1013,6 +1015,36 @@
+@@ -968,20 +1020,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ }
+
+ /* queue ID */
+- macro_i = smfi_getsymval(ctx, "i");
+- if (!macro_i)
+- {
+- macro_i = "unknown";
+- warnmacro("i", "ENVRCPT");
+- }
++ macro_i = sctx->queueid;
+
+- /* FQDN of this site */
+- macro_j = smfi_getsymval(ctx, "j");
+- if (!macro_j)
+- {
+- macro_j = "localhost";
+- warnmacro("j", "ENVRCPT");
+- }
++ /* FQDN */
++ macro_j = sctx->our_fqdn;
++
++ /* Sender address */
++ macro__ = sctx->sender_address;
+
+ /* Protocol used to receive the message */
+ macro_r = smfi_getsymval(ctx, "r");
+@@ -990,7 +1035,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ macro_r = "SMTP";
warnmacro("r", "ENVRCPT");
}
-
-+ /* Authenticated bits Information */
-+ macro_auth_ssf = smfi_getsymval(ctx, "{auth_ssf}");
-+ if (!macro_auth_ssf)
-+ {
-+ macro_auth_ssf = "";
-+ warnmacro("auth_ssf", "ENVRCPT");
-+ }
-+
-+ macro_auth_authen = smfi_getsymval(ctx, "{auth_authen}");
-+ if (!macro_auth_authen)
-+ {
-+ macro_auth_authen = "";
-+ warnmacro("auth_authen", "ENVRCPT");
-+ }
-+
-+ macro_auth_author = smfi_getsymval(ctx, "{auth_author}");
-+ if (!macro_auth_author)
-+ {
-+ macro_auth_author = "";
-+ warnmacro("auth_author", "ENVRCPT");
-+ }
-+
-+ macro_auth_type = smfi_getsymval(ctx, "{auth_type}");
-+ if (!macro_auth_type)
-+ {
-+ macro_auth_type = "";
-+ warnmacro("auth_type", "ENVRCPT");
-+ }
-+
-+
+-
++
++ /* SMTP AUTH details */
++ macro_auth_authen = sctx->auth_authen;
++ macro_auth_ssf = sctx->auth_ssf;
++
/* Sendmail currently cannot pass us the {s} macro, but
I do not know why. Leave this in for the day sendmail is
fixed. Until that day, use the value remembered by
-@@ -1051,11 +1083,21 @@
+@@ -1018,22 +1067,24 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ warnmacro("Z", "ENVRCPT");
+ }
+
+- /* Validated sending site's address */
+- macro__ = smfi_getsymval(ctx, "_");
+- if (!macro__)
+- {
+- macro__ = "unknown";
+- warnmacro("_", "ENVRCPT");
+- }
+-
assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
@@ -75,3 +223,58 @@
} else
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
+@@ -1279,16 +1330,27 @@ mlfi_close(SMFICTX* ctx)
+ {
+ struct context *sctx;
+ debug(D_FUNC, "mlfi_close");
+-
++
+ sctx = (struct context*)smfi_getpriv(ctx);
+ if (sctx == NULL)
+ return SMFIS_ACCEPT;
+
+ if (sctx->helo)
+ free(sctx->helo);
++ if (sctx->our_fqdn)
++ free(sctx->our_fqdn);
++ if (sctx->sender_address)
++ free(sctx->sender_address);
++ if (sctx->queueid)
++ free(sctx->queueid);
++ if (sctx->auth_authen)
++ free(sctx->auth_authen);
++ if (sctx->auth_ssf)
++ free(sctx->auth_ssf);
++
+ free(sctx);
+ smfi_setpriv(ctx, NULL);
+-
++
+ return SMFIS_ACCEPT;
+ }
+
+diff -up spamass-milter-0.3.1/spamass-milter.h.bits spamass-milter-0.3.1/spamass-milter.h
+--- spamass-milter-0.3.1/spamass-milter.h.bits 2006-03-23 22:07:55.000000000 +0000
++++ spamass-milter-0.3.1/spamass-milter.h 2010-03-22 14:51:52.766971871 +0000
+@@ -154,9 +154,6 @@ public:
+ // List of recipients after alias/virtusertable expansion
+ list <string> expandedrcpt;
+
+- // the sendmail queue id for this message; used for logging
+- string queueid;
+-
+ // Process handling variables
+ pid_t pid;
+ int pipe_io[2][2];
+@@ -167,6 +164,11 @@ struct context
+ {
+ struct in_addr connect_ip; // remote IP address
+ char *helo;
++ char *our_fqdn;
++ char *sender_address;
++ char *queueid;
++ char *auth_authen;
++ char *auth_ssf;
+ SpamAssassin *assassin; // pointer to the SA object if we're processing a message
+ };
+
Index: spamass-milter.spec
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -p -r1.22 -r1.23
--- spamass-milter.spec 11 Aug 2009 13:52:57 -0000 1.22
+++ spamass-milter.spec 22 Mar 2010 16:14:52 -0000 1.23
@@ -1,7 +1,7 @@
Summary: Milter (mail filter) for spamassassin
Name: spamass-milter
Version: 0.3.1
-Release: 16%{?dist}
+Release: 17%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://savannah.nongnu.org/projects/spamass-milt/
@@ -11,11 +11,12 @@ Source2: spamass-milter.sysv
Source3: spamass-milter.sysconfig
Source4: spamass-milter.README.Postfix
Patch0: spamass-milter-0.3.1-pathnames.patch
-Patch1: spamass-milter-0.3.1-macros.patch
Patch2: spamass-milter-0.3.1-group.patch
Patch3: spamass-milter-0.3.1-rcvd.patch
Patch4: spamass-milter-0.3.1-bits.patch
-Patch5: spamass-milter-0.3.1-authuser.patch
+Patch5: spamass-milter-0.3.1-popen.patch
+Patch6: spamass-milter-0.3.1-prototype.patch
+Patch7: spamass-milter-0.3.1-authuser.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: spamassassin, sendmail-devel
Requires: spamassassin, /usr/sbin/sendmail
@@ -46,12 +47,31 @@ socket to communicate with the Postfix M
%prep
%setup -q
+
+# Local patch for initscript and socket paths
%patch0 -p1 -b .pathnames
-%patch1 -p1 -b .macros
+
+# Add -g option for group-writable socket for Postfix support (#452248)
%patch2 -p1 -b .group
+
+# Fix Received-header generation (#496763)
%patch3 -p1 -b .rcvd
+
+# Add authentication info to dummy Received-header (#496769)
%patch4 -p1 -b .bits
-%patch5 -p1 -b .authuser
+
+# Preliminary upstream patch for input validation bug letting
+# remote users execute arbitrary code (#572117, #572119)
+# https://savannah.nongnu.org/bugs/?29136
+%patch5 -p0 -b .popen
+
+# Add function prototype missing from patch5
+%patch6 -p1 -b .proto
+
+# Add -I option to ignore (don't check) mail from authenticated users
+# (#437506, #496767) https://savannah.nongnu.org/bugs/?21046
+%patch7 -p1 -b .authuser
+
%{__cp} -p %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} .
%{__sed} -i -e 's|%%{_localstatedir}|%{_localstatedir}|g;
s|%%{_initrddir}|%{_initrddir}|g;
@@ -123,6 +143,18 @@ fi
%dir %attr(-,sa-milt,postfix) %{_localstatedir}/run/spamass-milter/postfix/
%changelog
+* Fri Mar 12 2010 Paul Howarth <paul at city-fan.org> 0.3.1-17
+- Update initscript to support running the milter as root, which is needed
+ for the -x (expand aliases) option; note that the milter does not run as
+ root by default
+- Add patch for popen unsanitized input vulnerability
+ (#572117, #572119, https://savannah.nongnu.org/bugs/?29136)
+- Rebase authuser patch
+- Update patch adding auth info to dummy Received-header so that it doesn't
+ generate spurious warnings about missing macros (#532266), and update and
+ merge the macro documentation patch into this patch
+- Document patch usage in spec file
+
* Tue Aug 11 2009 Paul Howarth <paul at city-fan.org> 0.3.1-16
- Switch to bzipped source tarball
Index: spamass-milter.sysconfig
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter.sysconfig,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- spamass-milter.sysconfig 12 Oct 2007 11:29:06 -0000 1.1
+++ spamass-milter.sysconfig 22 Mar 2010 16:14:52 -0000 1.2
@@ -1,6 +1,13 @@
### Override for your different local config
#SOCKET=%{_localstatedir}/run/spamass-milter/spamass-milter.sock
+### For security reasons it is best to run the milter as a non-root user
+###
+### However, if you need to use the -x option to expand aliases to get
+### the username(s) to pass to spamc, the milter needs to run as root
+### since "sendmail -bv <rcpt_address>" only works as root
+#RUN_AS_USER=sa-milt
+
### Standard parameters for spamass-milter are:
### -P %{_localstatedir}/run/spamass-milter.pid (PID file)
###
Index: spamass-milter.sysv
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter.sysv,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- spamass-milter.sysv 18 Mar 2009 16:11:19 -0000 1.4
+++ spamass-milter.sysv 22 Mar 2010 16:14:52 -0000 1.5
@@ -24,6 +24,7 @@
# Default variables
PATH=/sbin:/bin:/usr/sbin:/usr/bin
+RUN_AS_USER=sa-milt
SOCKET="%{_localstatedir}/run/spamass-milter/spamass-milter.sock"
SOCKET_OPTIONS=""
EXTRA_FLAGS=""
@@ -49,12 +50,15 @@ prog="spamass-milter"
desc="SpamAssassin milter"
pidfile=%{_localstatedir}/run/spamass-milter.pid
+# Fix ownership of socket directory if necessary
+chown ${RUN_AS_USER} %{_localstatedir}/run/spamass-milter
+
start() {
echo -n $"Starting ${desc} (${prog}): "
touch ${pidfile}
- chown sa-milt:sa-milt ${pidfile}
+ chown ${RUN_AS_USER} ${pidfile}
[ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile}
- daemon --user sa-milt %{_sbindir}/${prog}-wrapper ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} ${EXTRA_FLAGS}
+ daemon --user ${RUN_AS_USER} %{_sbindir}/${prog}-wrapper ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} ${EXTRA_FLAGS}
RETVAL=$?
echo
if [ ${RETVAL} -eq 0 ]; then
--- spamass-milter-0.3.1-macros.patch DELETED ---
- Previous message: rpms/spamass-milter/F-12 spamass-milter-0.3.1-popen.patch, NONE, 1.1 spamass-milter-0.3.1-prototype.patch, NONE, 1.1 spamass-milter-0.3.1-authuser.patch, 1.1, 1.2 spamass-milter-0.3.1-bits.patch, 1.1, 1.2 spamass-milter.spec, 1.22, 1.23 spamass-milter.sysconfig, 1.1, 1.2 spamass-milter.sysv, 1.4, 1.5 spamass-milter-0.3.1-macros.patch, 1.1, NONE
- Next message: rpms/spamass-milter/devel spamass-milter-0.3.1-popen.patch, NONE, 1.1 spamass-milter-0.3.1-prototype.patch, NONE, 1.1 spamass-milter-0.3.1-authuser.patch, 1.1, 1.2 spamass-milter-0.3.1-bits.patch, 1.1, 1.2 spamass-milter.spec, 1.22, 1.23 spamass-milter.sysconfig, 1.1, 1.2 spamass-milter.sysv, 1.4, 1.5 spamass-milter-0.3.1-macros.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list