From: lukasz Date: Wed, 17 May 2000 20:36:09 +0000 (+0000) Subject: *** empty log message *** X-Git-Tag: sendmail-8_11_2-1~33 X-Git-Url: http://git.pld-linux.org/?a=commitdiff_plain;h=56e8ff67bb384fd331d00d08d6869e72a41f6b51;p=packages%2Fsendmail.git *** empty log message *** Changed files: sendmail-8.10.0-makemapman.patch -> 1.1 sendmail-8.10.0-smrsh-paths.patch -> 1.1 sendmail-8.8.7-rmail.patch -> 1.1 sendmail-etc-mail-Makefile -> 1.1 --- diff --git a/sendmail-8.10.0-makemapman.patch b/sendmail-8.10.0-makemapman.patch new file mode 100644 index 0000000..fda882b --- /dev/null +++ b/sendmail-8.10.0-makemapman.patch @@ -0,0 +1,15 @@ +--- sendmail-8.10.0/makemap/makemap.8.makemapn Fri Jul 30 02:15:31 1999 ++++ sendmail-8.10.0/makemap/makemap.8 Thu Mar 9 13:16:58 2000 +@@ -40,12 +40,6 @@ + parameter. + They may be + .TP +-dbm +-DBM format maps. +-This requires the +-ndbm(3) +-library. +-.TP + btree + B-Tree format maps. + This requires the new Berkeley DB diff --git a/sendmail-8.10.0-smrsh-paths.patch b/sendmail-8.10.0-smrsh-paths.patch new file mode 100644 index 0000000..2f42a97 --- /dev/null +++ b/sendmail-8.10.0-smrsh-paths.patch @@ -0,0 +1,171 @@ +--- sendmail-8.10.0/smrsh/README.smrsh Tue Apr 27 22:26:10 1999 ++++ sendmail-8.10.0/smrsh/README Thu Mar 9 13:21:10 2000 +@@ -6,7 +6,7 @@ + intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, + and to the software, smrsh.c, written by Eric Allman. + +- ++* Modified by Red Hat Software to reflect different paths. * + + The smrsh(8) program is intended as a replacement for /bin/sh in the + program mailer definition of sendmail(8). This README file describes +@@ -46,15 +46,15 @@ + + + +-As root, install smrsh in /usr/libexec. Using the Build script: ++As root, install smrsh in /usr/sbin. Using the Build script: + + host.domain# sh Build install + +-For manual installation: install smrsh in the /usr/libexec ++For manual installation: install smrsh in the /usr/sbin + directory, with mode 511. + +- host.domain# mv smrsh /usr/libexec +- host.domain# chmod 511 /usr/libexec/smrsh ++ host.domain# mv smrsh /usr/sbin ++ host.domain# chmod 511 /usr/sbin/smrsh + + + +@@ -76,7 +76,7 @@ + acceptable commands. + + +-You will next need to create the directory /usr/adm/sm.bin and populate ++You will next need to create the directory /etc/smrsh and populate + it with the programs that your site feels are allowable for sendmail + to execute. This directory is explicitly specified in the source + code for smrsh, so changing this directory must be accompanied with +@@ -85,22 +85,22 @@ + + You will have to be root to make these modifications. + +-After creating the /usr/adm/sm.bin directory, either copy the programs ++After creating the /etc/smrsh directory, either copy the programs + to the directory, or establish links to the allowable programs from +-/usr/adm/sm.bin. Change the file permissions, so that these programs ++/etc/smrsh. Change the file permissions, so that these programs + can not be modified by non-root users. If you use links, you should + ensure that the target programs are not modifiable. + + To allow the popular vacation(1) program by creating a link in the +-/usr/adm/sm.bin directory, you should: ++/etc/smrsh directory, you should: + +- host.domain# cd /usr/adm/sm.bin ++ host.domain# cd /etc/smrsh + host.domain# ln -s /usr/ucb/vacation vacation + + + + +-After populating the /usr/adm/sm.bin directory, you can now configure ++After populating the /etc/smrsh directory, you can now configure + sendmail to use the restricted shell. Save the current sendmail.cf + file prior to modifying it, as a prudent precaution. + +@@ -115,7 +115,7 @@ + + In order to configure sendmail to use smrsh, you must modify the Mprog + definition in the sendmail.cf file, by replacing the /bin/sh specification +-with /usr/libexec/smrsh. ++with /usr/sbin/smrsh. + + As an example: + +@@ -123,14 +123,14 @@ + Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u + + which should be changed to: +-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u ++Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u + ^^^^^^^^^^^^^^^^^^ + + A more generic line may be: + Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u + + and should be changed to; +-Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u ++Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u + + + After modifying the Mprog definition in the sendmail.cf file, if a frozen +@@ -141,7 +141,7 @@ + a search of the strings(1) output of the sendmail binary. + + In order to create a new frozen configuration, if it is required: +- host.domain# /usr/lib/sendmail -bz ++ host.domain# /usr/sbin/sendmail -bz + + Now re-start the sendmail process. An example of how to do this on + a typical system follows: +--- sendmail-8.10.0/smrsh/smrsh.8.smrsh Tue Jun 15 00:50:19 1999 ++++ sendmail-8.10.0/smrsh/smrsh.8 Thu Mar 9 13:21:40 2000 +@@ -38,7 +38,7 @@ + Briefly, + .I smrsh + limits programs to be in the directory +-/usr/adm/sm.bin, ++/etc/smrsh, + allowing the system administrator to choose the set of acceptable commands, + and to the shell builtin commands ``exec'', ``exit'', and ``echo''. + It also rejects any commands with the characters +@@ -55,10 +55,10 @@ + and + ``vacation'' + all actually forward to +-``/usr/adm/sm.bin/vacation''. ++``/etc/smrsh/vacation''. + .PP + System administrators should be conservative about populating +-/usr/adm/sm.bin. ++/etc/smrsh + Reasonable additions are + .IR vacation (1), + .IR procmail (1), +@@ -68,20 +68,12 @@ + (such as + .IR perl (1)) + in the +-sm.bin ++/etc/smrsh + directory. + Note that this does not restrict the use of shell or perl scripts +-in the sm.bin directory (using the ``#!'' syntax); ++in the /etc/smrsh directory (using the ``#!'' syntax); + it simply disallows execution of arbitrary programs. +-.SH COMPILATION +-Compilation should be trivial on most systems. +-You may need to use \-DPATH=\e"\fIpath\fP\e" +-to adjust the default search path +-(defaults to ``/bin:/usr/bin:/usr/ucb'') +-and/or \-DCMDBIN=\e"\fIdir\fP\e" +-to change the default program directory +-(defaults to ``/usr/adm/sm.bin''). + .SH FILES +-/usr/adm/sm.bin \- directory for restricted programs ++/etc/smrsh \- directory for restricted programs + .SH SEE ALSO + sendmail(8) +--- sendmail-8.10.0/smrsh/smrsh.c.smrsh2 Tue Oct 26 22:49:51 1999 ++++ sendmail-8.10.0/smrsh/smrsh.c Thu Mar 9 13:28:37 2000 +@@ -76,7 +76,7 @@ + + /* directory in which all commands must reside */ + #ifndef CMDDIR +-# define CMDDIR "/usr/adm/sm.bin" ++# define CMDDIR "/etc/smrsh" + #endif /* ! CMDDIR */ + + /* characters disallowed in the shell "-c" argument */ +@@ -84,7 +84,7 @@ + + /* default search path */ + #ifndef PATH +-# define PATH "/bin:/usr/bin:/usr/ucb" ++# define PATH "/bin:/usr/bin:" + #endif /* ! PATH */ + + #ifndef __P diff --git a/sendmail-8.8.7-rmail.patch b/sendmail-8.8.7-rmail.patch new file mode 100644 index 0000000..35472cd --- /dev/null +++ b/sendmail-8.8.7-rmail.patch @@ -0,0 +1,10 @@ +--- sendmail-8.8.7/rmail/rmail.c.rmail Mon Feb 9 14:30:13 1998 ++++ sendmail-8.8.7/rmail/rmail.c Mon Feb 9 14:30:42 1998 +@@ -232,7 +232,6 @@ + i = 0; + args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */ + args[i++] = "-oee"; /* No errors, just status. */ +- args[i++] = "-odq"; /* Queue it, don't try to deliver. */ + args[i++] = "-oi"; /* Ignore '.' on a line by itself. */ + + /* set from system and protocol used */ diff --git a/sendmail-etc-mail-Makefile b/sendmail-etc-mail-Makefile new file mode 100644 index 0000000..60f5c56 --- /dev/null +++ b/sendmail-etc-mail-Makefile @@ -0,0 +1,11 @@ + + +all: virtusertable.db access.db domaintable.db mailertable.db + +%.db : % + @makemap hash $@ < $< + + +clean: + @rm -f *.db *~ +