[mailman] do not set setgid bit on directories where it is not needed
Jan Kaluža
jkaluza at fedoraproject.org
Thu Jul 19 09:03:20 UTC 2012
commit 11e2d1cb6a2bc6e5b1ae426fda9a938d3a8ce703
Author: Jan Kaluza <hanzz.k at gmail.com>
Date: Thu Jul 19 11:01:31 2012 +0200
do not set setgid bit on directories where it is not needed
mailman.spec | 65 +++++++++++++++++++++++++++++++++------------------------
1 files changed, 38 insertions(+), 27 deletions(-)
---
diff --git a/mailman.spec b/mailman.spec
index 13ae336..4f6740a 100644
--- a/mailman.spec
+++ b/mailman.spec
@@ -1,7 +1,7 @@
Summary: Mailing list manager with built in Web access
Name: mailman
Version: 2.1.15
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 3
Group: Applications/Internet
Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -30,7 +30,6 @@ Patch11: mailman-2.1.9-header-folding.patch
Patch12: mailman-2.1.9-selinux.patch
Patch13: mailman-2.1.9-unicode.patch
Patch14: mailman-2.1.11-fhsinit.patch
-Patch15: mailman-2.1.13-lctype.patch
#Patch15: mailman-2.1.11-footer.patch
Patch17: mailman-2.1.12-mmcfg.patch
Patch18: mailman-2.1.12-initcleanup.patch
@@ -284,12 +283,21 @@ mkdir -p $RPM_BUILD_ROOT/%{logdir}
mkdir -p $RPM_BUILD_ROOT/%{piddir}
mkdir -p $RPM_BUILD_ROOT/%{queuedir}
-install -p -D %{SOURCE9} %{buildroot}%{_sysconfdir}/tmpfiles.d/mailman.conf
+install -p -D -m644 %{SOURCE9} %{buildroot}%{_sysconfdir}/tmpfiles.d/mailman.conf
# Systemd service file
mkdir -p %{buildroot}%{_unitdir}
install -m644 %{SOURCE10} %{buildroot}%{_unitdir}
+# Change permissions of directories to keep rpmlint silent
+find $RPM_BUILD_ROOT/%{mmdir} -type d -exec chmod 755 {} \;
+# There is no need for setgid bit in all files in those directories
+chmod $RPM_BUILD_ROOT/%{mmdir} -s -R
+chmod g+s $RPM_BUILD_ROOT/%{mmdir}/cgi-bin/*
+chmod $RPM_BUILD_ROOT/%{configdir} -s -R
+# Executables has to have setgid
+find $RPM_BUILD_ROOT/%{mmdir} -type f -executable -exec chmod g+s {} \;
+
%clean
rm -rf $RPM_BUILD_ROOT $RPM_BUILD_DIR/files.%{name}
@@ -382,22 +390,22 @@ exit 0
%files
%defattr(-,root,%{mmgroup})
-%attr(2755,root,%{mmgroup}) %dir %{mmdir}
+%dir %{mmdir}
#%%{mmdir}/Mailman
-%attr(2755,root,%{mmgroup}) %{mmdir}/bin
-%attr(2755,root,%{mmgroup}) %{mmdir}/cgi-bin
+%{mmdir}/bin
+%{mmdir}/cgi-bin
#%%{mmdir}/cron
-%attr(2755,root,%{mmgroup}) %{mmdir}/icons
-%attr(2755,root,%{mmgroup}) %{mmdir}/mail
-%attr(2755,root,%{mmgroup}) %{mmdir}/messages
-%attr(2755,root,%{mmgroup}) %{mmdir}/pythonlib
-%attr(2755,root,%{mmgroup}) %{mmdir}/scripts
+%{mmdir}/icons
+%{mmdir}/mail
+%{mmdir}/messages
+%{mmdir}/pythonlib
+%{mmdir}/scripts
# rpmlint will complain here about config files being in /usr
# but these are both data files -parts of mailman's web UI-
# and config files - user can change them to match the design
# and/or content of their web pages
-%attr(2755,root,%{mmgroup}) %config(noreplace) %{mmdir}/templates
-%attr(2755,root,%{mmgroup}) %{mmdir}/tests
+%config(noreplace) %{mmdir}/templates
+%{mmdir}/tests
%{varmmdir}
#cron dir minus one file which is listed later
%{mmdir}/cron/bumpdigests
@@ -412,16 +420,16 @@ exit 0
%{mmdir}/cron/paths.pyo
%{mmdir}/cron/senddigests
#Mailman dir minus one file which is listed later
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Archiver
+%{mmdir}/Mailman/Archiver
%{mmdir}/Mailman/Autoresponder.py
%{mmdir}/Mailman/Autoresponder.pyc
%{mmdir}/Mailman/Autoresponder.pyo
%{mmdir}/Mailman/Bouncer.py
%{mmdir}/Mailman/Bouncer.pyc
%{mmdir}/Mailman/Bouncer.pyo
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Bouncers
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Cgi
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Commands
+%{mmdir}/Mailman/Bouncers
+%{mmdir}/Mailman/Cgi
+%{mmdir}/Mailman/Commands
%{mmdir}/Mailman/CSRFcheck.py
%{mmdir}/Mailman/CSRFcheck.pyc
%{mmdir}/Mailman/CSRFcheck.pyo
@@ -443,8 +451,8 @@ exit 0
#%%{mmdir}/Mailman/Generator.py
#%%{mmdir}/Mailman/Generator.pyc
#%%{mmdir}/Mailman/Generator.pyo
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Gui
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Handlers
+%{mmdir}/Mailman/Gui
+%{mmdir}/Mailman/Handlers
%{mmdir}/Mailman/htmlformat.py
%{mmdir}/Mailman/htmlformat.pyc
%{mmdir}/Mailman/htmlformat.pyo
@@ -463,7 +471,7 @@ exit 0
%{mmdir}/Mailman/LockFile.py
%{mmdir}/Mailman/LockFile.pyc
%{mmdir}/Mailman/LockFile.pyo
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Logging
+%{mmdir}/Mailman/Logging
%{mmdir}/Mailman/Mailbox.py
%{mmdir}/Mailman/Mailbox.pyc
%{mmdir}/Mailman/Mailbox.pyo
@@ -477,7 +485,7 @@ exit 0
%{mmdir}/Mailman/Message.pyc
%{mmdir}/Mailman/Message.pyo
%{mmdir}/Mailman/mm_cfg.py.dist
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/MTA
+%{mmdir}/Mailman/MTA
%{mmdir}/Mailman/OldStyleMemberships.py
%{mmdir}/Mailman/OldStyleMemberships.pyc
%{mmdir}/Mailman/OldStyleMemberships.pyo
@@ -487,7 +495,7 @@ exit 0
%{mmdir}/Mailman/Post.py
%{mmdir}/Mailman/Post.pyc
%{mmdir}/Mailman/Post.pyo
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Queue
+%{mmdir}/Mailman/Queue
%{mmdir}/Mailman/SafeDict.py
%{mmdir}/Mailman/SafeDict.pyc
%{mmdir}/Mailman/SafeDict.pyo
@@ -522,21 +530,24 @@ exit 0
%config(noreplace) %{httpdconfdir}/%{httpdconffile}
/etc/logrotate.d/%{name}
/etc/smrsh/%{mail_wrapper}
-%dir %attr(2775,root,%{mmgroup}) %{configdir}
+%dir %attr(755,root,%{mmgroup}) %{configdir}
%attr(0644, root, %{mmgroup}) %config(noreplace) %verify(not md5 size mtime) %{configdir}/sitelist.cfg
%{configdir}/mm_cfg.*
-%attr(2775,root,%{mmgroup}) %{logdir}
+%attr(775,root,%{mmgroup}) %{logdir}
%config(noreplace) %{_sysconfdir}/tmpfiles.d/mailman.conf
-%attr(2775,root,%{mmgroup}) %{queuedir}
+%attr(755,root,%{mmgroup}) %{queuedir}
%attr(0644,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/cron.d/mailman
%attr(0644,root,%{mmgroup}) %config(noreplace) %{mmdir}/cron/crontab.in
%attr(0755,root,root) %{_bindir}/mailman-update-cfg
-%dir %attr(2775,root,%{mmgroup}) %{piddir}
-%dir %attr(2775,root,%{mmgroup}) %{lockdir}
+%dir %attr(775,root,%{mmgroup}) %{piddir}
+%dir %attr(775,root,%{mmgroup}) %{lockdir}
# fix for security issue #459530
%attr(2770,%{cgiuser},%{mmgroup}) %{archivesdir}/private
%changelog
+* Thu Jul 19 2012 Jan Kaluza <jkaluza at redhat.com> - 3:2.1.15-2
+- do not set setgid bit on directories where it is not needed
+
* Mon Jun 18 2012 Jan Kaluza <jkaluza at redhat.com> - 3:2.1.15-1
- fix #822096 - update to version 2.1.15
- fixed httpd config file to work with httpd-2.4
More information about the scm-commits
mailing list