[mailman] do not set setgid bit on directories where it is not needed

Jan Kaluža jkaluza at fedoraproject.org
Thu Jul 19 09:03:20 UTC 2012 

commit 11e2d1cb6a2bc6e5b1ae426fda9a938d3a8ce703
Author: Jan Kaluza <hanzz.k at gmail.com>
Date:   Thu Jul 19 11:01:31 2012 +0200

    do not set setgid bit on directories where it is not needed

 mailman.spec |   65 +++++++++++++++++++++++++++++++++------------------------
 1 files changed, 38 insertions(+), 27 deletions(-)
---
diff --git a/mailman.spec b/mailman.spec
index 13ae336..4f6740a 100644
--- a/mailman.spec
+++ b/mailman.spec
@@ -1,7 +1,7 @@
 Summary: Mailing list manager with built in Web access
 Name: mailman
 Version: 2.1.15
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 3
 Group: Applications/Internet
 Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -30,7 +30,6 @@ Patch11: mailman-2.1.9-header-folding.patch
 Patch12: mailman-2.1.9-selinux.patch
 Patch13: mailman-2.1.9-unicode.patch
 Patch14: mailman-2.1.11-fhsinit.patch
-Patch15: mailman-2.1.13-lctype.patch
 #Patch15: mailman-2.1.11-footer.patch
 Patch17: mailman-2.1.12-mmcfg.patch
 Patch18: mailman-2.1.12-initcleanup.patch
@@ -284,12 +283,21 @@ mkdir -p $RPM_BUILD_ROOT/%{logdir}
 mkdir -p $RPM_BUILD_ROOT/%{piddir}
 mkdir -p $RPM_BUILD_ROOT/%{queuedir}
 
-install -p -D %{SOURCE9} %{buildroot}%{_sysconfdir}/tmpfiles.d/mailman.conf
+install -p -D -m644 %{SOURCE9} %{buildroot}%{_sysconfdir}/tmpfiles.d/mailman.conf
 
 # Systemd service file
 mkdir -p %{buildroot}%{_unitdir}
 install -m644 %{SOURCE10} %{buildroot}%{_unitdir}
 
+# Change permissions of directories to keep rpmlint silent
+find $RPM_BUILD_ROOT/%{mmdir} -type d -exec chmod 755 {} \;
+# There is no need for setgid bit in all files in those directories
+chmod $RPM_BUILD_ROOT/%{mmdir} -s -R
+chmod g+s $RPM_BUILD_ROOT/%{mmdir}/cgi-bin/*
+chmod $RPM_BUILD_ROOT/%{configdir} -s -R
+# Executables has to have setgid
+find $RPM_BUILD_ROOT/%{mmdir} -type f -executable -exec chmod g+s {} \;
+
 %clean
 rm -rf $RPM_BUILD_ROOT $RPM_BUILD_DIR/files.%{name}
 
@@ -382,22 +390,22 @@ exit 0
 
 %files
 %defattr(-,root,%{mmgroup})
-%attr(2755,root,%{mmgroup}) %dir %{mmdir}
+%dir %{mmdir}
 #%%{mmdir}/Mailman
-%attr(2755,root,%{mmgroup}) %{mmdir}/bin
-%attr(2755,root,%{mmgroup}) %{mmdir}/cgi-bin
+%{mmdir}/bin
+%{mmdir}/cgi-bin
 #%%{mmdir}/cron
-%attr(2755,root,%{mmgroup}) %{mmdir}/icons
-%attr(2755,root,%{mmgroup}) %{mmdir}/mail
-%attr(2755,root,%{mmgroup}) %{mmdir}/messages
-%attr(2755,root,%{mmgroup}) %{mmdir}/pythonlib
-%attr(2755,root,%{mmgroup}) %{mmdir}/scripts
+%{mmdir}/icons
+%{mmdir}/mail
+%{mmdir}/messages
+%{mmdir}/pythonlib
+%{mmdir}/scripts
 # rpmlint will complain here about config files being in /usr
 # but these are both data files -parts of mailman's web UI-
 # and config files - user can change them to match the design
 # and/or content of their web pages
-%attr(2755,root,%{mmgroup}) %config(noreplace) %{mmdir}/templates
-%attr(2755,root,%{mmgroup}) %{mmdir}/tests
+%config(noreplace) %{mmdir}/templates
+%{mmdir}/tests
 %{varmmdir}
 #cron dir minus one file which is listed later
 %{mmdir}/cron/bumpdigests
@@ -412,16 +420,16 @@ exit 0
 %{mmdir}/cron/paths.pyo
 %{mmdir}/cron/senddigests
 #Mailman dir minus one file which is listed later
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Archiver
+%{mmdir}/Mailman/Archiver
 %{mmdir}/Mailman/Autoresponder.py
 %{mmdir}/Mailman/Autoresponder.pyc
 %{mmdir}/Mailman/Autoresponder.pyo
 %{mmdir}/Mailman/Bouncer.py
 %{mmdir}/Mailman/Bouncer.pyc
 %{mmdir}/Mailman/Bouncer.pyo
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Bouncers
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Cgi
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Commands
+%{mmdir}/Mailman/Bouncers
+%{mmdir}/Mailman/Cgi
+%{mmdir}/Mailman/Commands
 %{mmdir}/Mailman/CSRFcheck.py
 %{mmdir}/Mailman/CSRFcheck.pyc
 %{mmdir}/Mailman/CSRFcheck.pyo
@@ -443,8 +451,8 @@ exit 0
 #%%{mmdir}/Mailman/Generator.py
 #%%{mmdir}/Mailman/Generator.pyc
 #%%{mmdir}/Mailman/Generator.pyo
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Gui
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Handlers
+%{mmdir}/Mailman/Gui
+%{mmdir}/Mailman/Handlers
 %{mmdir}/Mailman/htmlformat.py
 %{mmdir}/Mailman/htmlformat.pyc
 %{mmdir}/Mailman/htmlformat.pyo
@@ -463,7 +471,7 @@ exit 0
 %{mmdir}/Mailman/LockFile.py
 %{mmdir}/Mailman/LockFile.pyc
 %{mmdir}/Mailman/LockFile.pyo
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Logging
+%{mmdir}/Mailman/Logging
 %{mmdir}/Mailman/Mailbox.py
 %{mmdir}/Mailman/Mailbox.pyc
 %{mmdir}/Mailman/Mailbox.pyo
@@ -477,7 +485,7 @@ exit 0
 %{mmdir}/Mailman/Message.pyc
 %{mmdir}/Mailman/Message.pyo
 %{mmdir}/Mailman/mm_cfg.py.dist
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/MTA
+%{mmdir}/Mailman/MTA
 %{mmdir}/Mailman/OldStyleMemberships.py
 %{mmdir}/Mailman/OldStyleMemberships.pyc
 %{mmdir}/Mailman/OldStyleMemberships.pyo
@@ -487,7 +495,7 @@ exit 0
 %{mmdir}/Mailman/Post.py
 %{mmdir}/Mailman/Post.pyc
 %{mmdir}/Mailman/Post.pyo
-%attr(2755,root,%{mmgroup}) %{mmdir}/Mailman/Queue
+%{mmdir}/Mailman/Queue
 %{mmdir}/Mailman/SafeDict.py
 %{mmdir}/Mailman/SafeDict.pyc
 %{mmdir}/Mailman/SafeDict.pyo
@@ -522,21 +530,24 @@ exit 0
 %config(noreplace) %{httpdconfdir}/%{httpdconffile}
 /etc/logrotate.d/%{name}
 /etc/smrsh/%{mail_wrapper}
-%dir %attr(2775,root,%{mmgroup}) %{configdir}
+%dir %attr(755,root,%{mmgroup}) %{configdir}
 %attr(0644, root, %{mmgroup}) %config(noreplace) %verify(not md5 size mtime) %{configdir}/sitelist.cfg
 %{configdir}/mm_cfg.*
-%attr(2775,root,%{mmgroup}) %{logdir}
+%attr(775,root,%{mmgroup}) %{logdir}
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/mailman.conf
-%attr(2775,root,%{mmgroup}) %{queuedir}
+%attr(755,root,%{mmgroup}) %{queuedir}
 %attr(0644,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/cron.d/mailman
 %attr(0644,root,%{mmgroup}) %config(noreplace) %{mmdir}/cron/crontab.in
 %attr(0755,root,root) %{_bindir}/mailman-update-cfg
-%dir %attr(2775,root,%{mmgroup}) %{piddir}
-%dir %attr(2775,root,%{mmgroup}) %{lockdir}
+%dir %attr(775,root,%{mmgroup}) %{piddir}
+%dir %attr(775,root,%{mmgroup}) %{lockdir}
 # fix for security issue #459530
 %attr(2770,%{cgiuser},%{mmgroup}) %{archivesdir}/private
 
 %changelog
+* Thu Jul 19 2012 Jan Kaluza <jkaluza at redhat.com> - 3:2.1.15-2
+- do not set setgid bit on directories where it is not needed
+
 * Mon Jun 18 2012 Jan Kaluza <jkaluza at redhat.com> - 3:2.1.15-1
 - fix #822096 - update to version 2.1.15
 - fixed httpd config file to work with httpd-2.4

More information about the scm-commits mailing list