aboutsummaryrefslogtreecommitdiff
path: root/mail
diff options
context:
space:
mode:
Diffstat (limited to 'mail')
-rw-r--r--mail/dspam/Makefile57
-rw-r--r--mail/dspam/files/UPDATING13
-rw-r--r--mail/dspam/files/dspam.in4
-rw-r--r--mail/dspam/files/patch-src__Makefile.in6
-rw-r--r--mail/dspam/files/patch-src__client.c22
-rw-r--r--mail/dspam/files/patch-src__daemon.c22
-rw-r--r--mail/dspam/files/patch-src__dspam.c11
-rw-r--r--mail/dspam/files/patch-src__dspam.conf.in35
-rw-r--r--mail/dspam/pkg-plist24
9 files changed, 148 insertions, 46 deletions
diff --git a/mail/dspam/Makefile b/mail/dspam/Makefile
index da98675d186f..a4d4964a49bf 100644
--- a/mail/dspam/Makefile
+++ b/mail/dspam/Makefile
@@ -7,7 +7,7 @@
PORTNAME= dspam
PORTVERSION= 3.10.2
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= mail
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
@@ -16,13 +16,16 @@ COMMENT= Bayesian spam filter
LICENSE= AGPLv3
+USERS= dspam
+GROUPS= dspam
+
OPTIONS_SUB= yes
OPTIONS_DEFINE= SYSLOG DEBUG VERBOSE_DEBUG BNR_DEBUG PREF_EXT DAEMON \
CLAMAV CLAMAV_LOCAL EXTERNAL_LOOKUP \
USER_HOMEDIR TRUSTED_USERS VIRT_USERS LONG_USERNAMES \
LARGE_SCALE DOMAIN_SCALE NICESENDMAIL POSTFIX_MBC \
- QMAIL WEBUI LIGHTTPD DOCS EXAMPLES
+ QMAIL WEBUI LIGHTTPD DOCS EXAMPLES SETUID
OPTIONS_MULTI= DB
OPTIONS_MULTI_DB= HASH MYSQL MYSQL_COMPRESS MYSQL_LOCAL \
@@ -70,6 +73,7 @@ POSTFIX_MBC_DESC= Dspam as mailbox_command in Postfix
QMAIL_DESC= Play nice with Qmail mail server
WEBUI_DESC= Install WebUI (RUN_DEPEND on Apache/Lighttpd)
LIGHTTPD_DESC= RUN_DEPEND on Lighttpd instead of Apache
+SETUID_DESC= Run as root:mail with setuid (insecure)
MAKE_JOBS_UNSAFE= yes
USES= perl5 libtool shebangfix
@@ -97,13 +101,24 @@ CONFLICTS= dspam-devel-[0-9]*
SIGNATURE_LIFE?= 15
+.include <bsd.port.options.mk>
+
_VAR_DIR= /var
+
+RUN_DIR?= ${_VAR_DIR}/run/dspam
+
LOG_DIR?= ${_VAR_DIR}/log/dspam
LOGFILE?= ${LOG_DIR}/dspam.log
-DSPAM_MODE?= 4510
+.if ${PORT_OPTIONS:MSETUID}
DSPAM_OWNER?= root
DSPAM_GROUP?= mail
+DSPAM_MODE?= 4510
+.else
+DSPAM_OWNER?= ${USERS}
+DSPAM_GROUP?= ${GROUPS}
+DSPAM_MODE?= 0555
+.endif
DSPAM_ETC?= ${LOCALBASE}/etc
DSPAM_HOME?= ${_VAR_DIR}/db/dspam
@@ -124,6 +139,7 @@ PLIST_SUB+= DSPAM_HOME=${DSPAM_HOME} \
CONFIGURE_ARGS+= --sysconfdir=${DSPAM_ETC}
CONFIGURE_ARGS+= --with-logdir=${LOG_DIR}
PLIST_SUB+= LOG_DIR=${LOG_DIR}
+PLIST_SUB+= RUN_DIR=${RUN_DIR}
CONFIGURE_ARGS+= --with-dspam-home=${DSPAM_HOME}
CONFIGURE_ARGS+= --with-dspam-home-owner=${DSPAM_HOME_OWNER}
@@ -148,7 +164,6 @@ _SED_SCRIPT= -e 's,%%DOCSDIR%%,${DOCSDIR},g' \
-e 's,%%_VAR_DIR%%,${_VAR_DIR},g' \
-e '/^%%FreeBSD/D'
-.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MSYSLOG}
CONFIGURE_ARGS+= --enable-syslog
@@ -178,6 +193,8 @@ CONFIGURE_ARGS+= --enable-daemon
USE_RC_SUBR= ${PORTNAME}
_SED_SCRIPT+= -e 's,%%DAEMON%%,,g'
SUB_LIST+= DSPAM_HOME=${DSPAM_HOME}
+SUB_LIST+= DSPAM_OWNER=${DSPAM_OWNER}
+SUB_LIST+= DSPAM_GROUP=${DSPAM_GROUP}
.else
_SED_SCRIPT+= -e '/%%DAEMON%%/D'
.endif
@@ -217,15 +234,19 @@ _DBDRV:= ${_DBDRV:S/pgsql_drv,//}
.if ${PORT_OPTIONS:MSQLITE3}
USES+= sqlite:3
_DBDRV_COUNT:= ${_DBDRV_COUNT}o
+PLIST_SUB+= SQLITE3=""
.else
_DBDRV:= ${_DBDRV:S/sqlite3_drv,//}
+PLIST_SUB+= SQLITE3="@comment "
.endif
.if ${PORT_OPTIONS:MSQLITE2}
USES+= sqlite:2
_DBDRV_COUNT:= ${_DBDRV_COUNT}o
+PLIST_SUB+= SQLITE2=""
.else
_DBDRV:= ${_DBDRV:S/sqlite_drv,//}
+PLIST_SUB+= SQLITE2="@comment "
.endif
.if ${USES:Msqlite*}
@@ -246,7 +267,7 @@ PLIST_SUB+= HASH="@comment "
.endif
.if ${PORT_OPTIONS:MMYSQL}
-USE_MYSQL= yes
+USES+= mysql
CONFIGURE_ARGS+= --with-mysql-includes=${LOCALBASE}/include/mysql \
--with-mysql-libraries=${LOCALBASE}/lib/mysql
PLIST_SUB+= MYSQL=""
@@ -255,7 +276,7 @@ _DBDRV_COUNT:= ${_DBDRV_COUNT}o
CONFIGURE_ARGS+= --enable-client-compression
. endif
. if ${PORT_OPTIONS:MMYSQL_LOCAL}
-USE_MYSQL= server
+WANT_MYSQL= server
SUB_LIST+= MYSQL=mysql
. else
SUB_LIST+= MYSQL=
@@ -274,6 +295,14 @@ PLIST_SUB+= DYNAMIC=""
PLIST_SUB+= DYNAMIC="@comment "
.endif
+.if %{PORT_OPTIONS:MSETUID}
+PLIST_SUB+= SETUID=""
+PLIST_SUB+= NOSETUID="@comment "
+.else
+PLIST_SUB+= SETUID="@comment "
+PLIST_SUB+= NOSETUID=""
+.endif
+
.if ${PORT_OPTIONS:MEXTERNAL_LOOKUP}
CONFIGURE_ARGS+= --enable-external-lookup
USE_OPENLDAP= YES
@@ -421,6 +450,7 @@ pre-extract:
@${ECHO_CMD} "DSPAM_HOME_GROUP=${DSPAM_HOME_GROUP}"
@${ECHO_CMD} "DSPAM_HOME_MODE=${DSPAM_HOME_MODE} (default: 0770)"
@${ECHO_CMD} "LOG_DIR=${LOG_DIR} (default: ${_VAR_DIR}/log/dspam)"
+ @${ECHO_CMD} "RUN_DIR=${RUN_DIR} (default: ${_VAR_DIR}/run/dspam)"
. ifdef(WITHOUT_SYSLOG)
@${ECHO_CMD} "LOGFILE=${LOGFILE} (default: ${_VAR_DIR}/log/dspam/dspam.log)"
. endif
@@ -448,24 +478,24 @@ post-patch:
${WRKSRC}/src/tools/dspam_notify.in
pre-configure:
-.if ${PORT_OPTIONS:MVIRT_USERS} && !( defined(USE_MYSQL) || \
+.if ${PORT_OPTIONS:MVIRT_USERS} && !( ${PORT_OPTIONS:MMYSQL} || \
${PORT_OPTIONS:MPGSQL} || ${PORT_OPTIONS:MHASH} )
@${ECHO_CMD} "You need MySQL, POSTGRESQL or HASH for virtual users."
@${FALSE}
.endif
-.if ${PORT_OPTIONS:MPREF_EXT} && !( defined(USE_MYSQL) || \
+.if ${PORT_OPTIONS:MPREF_EXT} && !( ${PORT_OPTIONS:MMYSQL} || \
${PORT_OPTIONS:MPGSQL} )
@${ECHO_CMD} "You need MySQL or Postgres for preferences extension"
@${FALSE}
.endif
-.if ${PORT_OPTIONS:MDAEMON} && !( defined(USE_MYSQL) || \
+.if ${PORT_OPTIONS:MDAEMON} && !( ${PORT_OPTIONS:MMYSQL} || \
${PORT_OPTIONS:MPGSQL} || ${PORT_OPTIONS:MHASH} )
@${ECHO_CMD} "You need MySQL, PostgreSQL or Hash for Daemon mode, because multithreading support is needed"
@${FALSE}
.endif
-.if ${PORT_OPTIONS:MEXTERNAL_LOOKUP} && !( defined(USE_MYSQL) || \
+.if ${PORT_OPTIONS:MEXTERNAL_LOOKUP} && !( ${PORT_OPTIONS:MMYSQL} || \
${PORT_OPTIONS:MPGSQL} || ${PORT_OPTIONS:MSQLITE*} )
- @${ECHO_CMD} "You need MySQL, Postgres or SQLITE for EXTERNAL_LOOKUP."
+ @${ECHO_CMD} "You need MySQL, Postgres or SQLite for EXTERNAL_LOOKUP."
@${FALSE}
.endif
.if ${PORT_OPTIONS:MUSER_HOMEDIR} && ${PORT_OPTIONS:MWEBUI}
@@ -490,7 +520,7 @@ post-install:
${RM} -R ${STAGEDIR}${PREFIX}/lib/pkgconfig || true
.if ${PORT_OPTIONS:MEXAMPLES}
-.ifdef(USE_MYSQL)
+.if ${PORT_OPTIONS:MMYSQL}
@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/mysql
cd ${WRKSRC}/src/tools.mysql_drv && \
${INSTALL_DATA} mysql_objects-4.1.sql \
@@ -558,7 +588,8 @@ post-install:
${INSTALL_DATA} ${_file}.sample ${STAGEDIR}${DSPAM_HOME}
.endfor
- @${MKDIR} -m ${DSPAM_HOME_MODE} ${STAGEDIR}${LOG_DIR}
+ @${MKDIR} ${STAGEDIR}${RUN_DIR}
+ @${MKDIR} ${STAGEDIR}${LOG_DIR}
@${CAT} ${WRKSRC}/README.FreeBSD
diff --git a/mail/dspam/files/UPDATING b/mail/dspam/files/UPDATING
index 04ed4d35dddb..2baf17d716d4 100644
--- a/mail/dspam/files/UPDATING
+++ b/mail/dspam/files/UPDATING
@@ -17,6 +17,19 @@ in the port directory:
make extract; more `find . -type f -maxdepth 2 -name UPGRADING`
###########################################################################
+# dspam-3.10.2_2
+#
+
+Port Changes:
+- Runs as dspam:dspam instead of root:mail [1]
+- Default run directory is now /var/run/dspam [1]
+- Default daemon/client communication port is now 2424 [1]
+- New SETUID option to enable old insecure behavior [1]
+
+[1] Questionable ownership and security on mail/dspam (PR #115957)
+
+
+###########################################################################
# dspam-3.10.2
#
diff --git a/mail/dspam/files/dspam.in b/mail/dspam/files/dspam.in
index bab6ec7dc541..9c17ae47eb19 100644
--- a/mail/dspam/files/dspam.in
+++ b/mail/dspam/files/dspam.in
@@ -25,7 +25,9 @@ load_rc_config $name
#defaults
: ${dspam_enable="NO"}
: ${dspam_debug="NO"}
-: ${dspam_pidfile:-/var/run/dspam.pid}
+: ${dspam_pidfile:-/var/run/dspam/dspam.pid}
+: ${dspam_user="%%DSPAM_OWNER%%"}
+: ${dspam_group="%%DSPAM_GROUP%%"}
command=%%PREFIX%%/bin/${name}
diff --git a/mail/dspam/files/patch-src__Makefile.in b/mail/dspam/files/patch-src__Makefile.in
index d4c6c5894e95..42e057050c4e 100644
--- a/mail/dspam/files/patch-src__Makefile.in
+++ b/mail/dspam/files/patch-src__Makefile.in
@@ -1,6 +1,6 @@
---- src/Makefile.in.orig 2014-05-14 17:35:13.000000000 -0300
-+++ src/Makefile.in 2014-05-14 17:35:48.000000000 -0300
-@@ -1117,11 +1117,11 @@
+--- src/Makefile.in.orig 2012-04-23 17:53:45 UTC
++++ src/Makefile.in
+@@ -1249,11 +1249,11 @@ install-exec-hook:
mkdir -p $(DESTDIR)$(sysconfdir); \
chmod 755 $(DESTDIR)$(sysconfdir); \
fi
diff --git a/mail/dspam/files/patch-src__client.c b/mail/dspam/files/patch-src__client.c
new file mode 100644
index 000000000000..e960ce553c41
--- /dev/null
+++ b/mail/dspam/files/patch-src__client.c
@@ -0,0 +1,22 @@
+--- src/client.c.orig 2012-04-11 18:48:33 UTC
++++ src/client.c
+@@ -304,7 +304,7 @@ int client_connect(AGENT_CTX *ATX, int f
+ struct sockaddr_un saun;
+ int sockfd;
+ int yes = 1;
+- int port = 24;
++ int port = 2424;
+ int domain = 0;
+ int addr_len;
+ char *host;
+--- src/client.c.orig 2012-04-11 18:48:33 UTC
++++ src/client.c
+@@ -304,7 +304,7 @@ int client_connect(AGENT_CTX *ATX, int f
+ struct sockaddr_un saun;
+ int sockfd;
+ int yes = 1;
+- int port = 24;
++ int port = 2424;
+ int domain = 0;
+ int addr_len;
+ char *host;
diff --git a/mail/dspam/files/patch-src__daemon.c b/mail/dspam/files/patch-src__daemon.c
new file mode 100644
index 000000000000..3fee692297c2
--- /dev/null
+++ b/mail/dspam/files/patch-src__daemon.c
@@ -0,0 +1,22 @@
+--- src/daemon.c.orig 2012-04-11 18:48:33 UTC
++++ src/daemon.c
+@@ -97,7 +97,7 @@ int daemon_listen(DRIVER_CTX *DTX) {
+ int domain = 0; /* listening on domain socket? */
+ int listener; /* listener fd */
+ int i;
+- int port = 24, queue = 32; /* default port and queue size */
++ int port = 2424, queue = 32; /* default port and queue size */
+
+ signal(SIGPIPE, SIG_IGN);
+ signal(SIGINT, process_signal);
+--- src/daemon.c.orig 2012-04-11 18:48:33 UTC
++++ src/daemon.c
+@@ -97,7 +97,7 @@ int daemon_listen(DRIVER_CTX *DTX) {
+ int domain = 0; /* listening on domain socket? */
+ int listener; /* listener fd */
+ int i;
+- int port = 24, queue = 32; /* default port and queue size */
++ int port = 2424, queue = 32; /* default port and queue size */
+
+ signal(SIGPIPE, SIG_IGN);
+ signal(SIGINT, process_signal);
diff --git a/mail/dspam/files/patch-src__dspam.c b/mail/dspam/files/patch-src__dspam.c
deleted file mode 100644
index 9234ef2a52cb..000000000000
--- a/mail/dspam/files/patch-src__dspam.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/dspam.c.orig 2012-04-11 11:48:33.000000000 -0700
-+++ src/dspam.c 2014-09-23 19:43:09.688194417 -0700
-@@ -4194,7 +4194,7 @@
-
- pidfile = _ds_read_attribute(agent_config, "ServerPID");
- if ( pidfile == NULL )
-- pidfile = "/var/run/dspam/dspam.pid";
-+ pidfile = "/var/run/dspam.pid";
-
- if (pidfile) {
- FILE *file;
diff --git a/mail/dspam/files/patch-src__dspam.conf.in b/mail/dspam/files/patch-src__dspam.conf.in
index b3c48fb130bd..cc9897cff25c 100644
--- a/mail/dspam/files/patch-src__dspam.conf.in
+++ b/mail/dspam/files/patch-src__dspam.conf.in
@@ -1,6 +1,6 @@
---- src/dspam.conf.in.orig 2014-09-18 00:33:02.874722063 -0700
-+++ src/dspam.conf.in 2014-09-18 00:41:49.434685786 -0700
-@@ -56,6 +56,7 @@
+--- src/dspam.conf.in.orig 2012-04-11 18:48:33 UTC
++++ src/dspam.conf.in
+@@ -56,6 +56,7 @@ TrustedDeliveryAgent "@delivery_agent@"
# necessary if you plan on allowing untrusted processing.
#
#UntrustedDeliveryAgent "/usr/bin/procmail -d %u"
@@ -8,7 +8,7 @@
#
# SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or LMTP
-@@ -350,7 +351,7 @@
+@@ -350,7 +351,7 @@ AllowOverride notifications
# Storage driver settings: Specific to a particular storage driver. Uncomment
# the configuration specific to your installation, if applicable.
#
@@ -17,7 +17,7 @@
#MySQLPort
#MySQLUser dspam
#MySQLPass changeme
-@@ -361,7 +362,7 @@
+@@ -361,7 +362,7 @@ AllowOverride notifications
# If you are using replication for clustering, you can also specify a separate
# server to perform all writes to.
#
@@ -26,7 +26,7 @@
#MySQLWritePort
#MySQLWriteUser dspam
#MySQLWritePass changeme
-@@ -406,7 +407,7 @@
+@@ -406,7 +407,7 @@ AllowOverride notifications
# in /var/run/postgresql/.s.PGSQL.5432 specify just the path where the socket
# resits (without .s.PGSQL.5432).
@@ -35,12 +35,24 @@
#PgSQLPort
#PgSQLUser dspam
#PgSQLPass changeme
-@@ -845,14 +846,14 @@
+@@ -807,9 +808,9 @@ Opt out
+ # interfaces.
+ #
+ #ServerHost 127.0.0.1
+-#ServerPort 24
++#ServerPort 2424
+ #ServerQueueSize 32
+-#ServerPID /var/run/dspam.pid
++#ServerPID /var/run/dspam/dspam.pid
+
+ #
+ # ServerMode specifies the type of LMTP server to start. This can be one of:
+@@ -845,18 +846,18 @@ Opt out
# you are running the client and server on the same machine, as it eliminates
# much of the bandwidth overhead.
#
-#ServerDomainSocketPath "/tmp/dspam.sock"
-+#ServerDomainSocketPath "/var/run/dspam.sock"
++#ServerDomainSocketPath "/var/run/dspam/dspam.sock"
#
# Client Mode: If you are running DSPAM in client/server mode, uncomment and
@@ -48,7 +60,12 @@
# a domain socket.
#
-#ClientHost /tmp/dspam.sock
-+#ClientHost /var/run/dspam.sock
++#ClientHost /var/run/dspam/dspam.sock
#ClientIdent "secret@Relay1"
#
#ClientHost 127.0.0.1
+-#ClientPort 24
++#ClientPort 2424
+ #ClientIdent "secret@Relay1"
+
+ # --- RABL ---
diff --git a/mail/dspam/pkg-plist b/mail/dspam/pkg-plist
index 921f30ff7541..7d541ee82625 100644
--- a/mail/dspam/pkg-plist
+++ b/mail/dspam/pkg-plist
@@ -2,7 +2,8 @@
%%HASH%%bin/csscompress
%%HASH%%bin/cssconvert
%%HASH%%bin/cssstat
-@(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%,%%DSPAM_MODE%%) bin/dspam
+%%SETUID%%@(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%,%%DSPAM_MODE%%) bin/dspam
+%%NOSETUID%%bin/dspam
bin/dspamc
bin/dspam_2sql
bin/dspam_admin
@@ -65,10 +66,14 @@ man/man3/libdspam.3.gz
%%DYNAMIC%%%%PGSQL%%lib/dspam/libpgsql_drv.so
%%DYNAMIC%%%%PGSQL%%lib/dspam/libpgsql_drv.so.7
%%DYNAMIC%%%%PGSQL%%lib/dspam/libpgsql_drv.so.7.0.0
-%%DYNAMIC%%%%SQLITE%%lib/dspam/libsqlite3_drv.a
-%%DYNAMIC%%%%SQLITE%%lib/dspam/libsqlite3_drv.so
-%%DYNAMIC%%%%SQLITE%%lib/dspam/libsqlite3_drv.so.7
-%%DYNAMIC%%%%SQLITE%%lib/dspam/libsqlite3_drv.so.7.0.0
+%%DYNAMIC%%%%SQLITE2%%lib/dspam/libsqlite_drv.so.7.0.0
+%%DYNAMIC%%%%SQLITE2%%lib/dspam/libsqlite_drv.a
+%%DYNAMIC%%%%SQLITE2%%lib/dspam/libsqlite_drv.so
+%%DYNAMIC%%%%SQLITE2%%lib/dspam/libsqlite_drv.so.7
+%%DYNAMIC%%%%SQLITE3%%lib/dspam/libsqlite3_drv.a
+%%DYNAMIC%%%%SQLITE3%%lib/dspam/libsqlite3_drv.so
+%%DYNAMIC%%%%SQLITE3%%lib/dspam/libsqlite3_drv.so.7
+%%DYNAMIC%%%%SQLITE3%%lib/dspam/libsqlite3_drv.so.7.0.0
libdata/pkgconfig/dspam.pc
%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
%%PORTDOCS%%%%DOCSDIR%%/LICENSE
@@ -206,8 +211,9 @@ libdata/pkgconfig/dspam.pc
%%WebUI%%%%WWWDIR%%/templates/ro/nav_preferences.html
%%WebUI%%%%WWWDIR%%/templates/ro/nav_quarantine.html
%%WebUI%%%%WWWDIR%%/templates/ro/nav_viewmessage.html
-%%DSPAM_HOME%%/firstrun.txt.sample
-%%DSPAM_HOME%%/firstspam.txt.sample
-%%DSPAM_HOME%%/quarantinefull.txt.sample
+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/firstrun.txt.sample
+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/firstspam.txt.sample
+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/quarantinefull.txt.sample
@dir(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%,%%DSPAM_HOME_MODE%%) %%DSPAM_HOME%%
-@dir(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%LOG_DIR%%
+@dir(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%) %%LOG_DIR%%
+@dir(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%) %%RUN_DIR%%