From klaus@winf.htu.tuwien.ac.at  Wed Apr  5 23:06:32 2000
Return-Path: <klaus@winf.htu.tuwien.ac.at>
Received: from winf.htu.tuwien.ac.at (winf.htu.tuwien.ac.at [128.130.46.50])
	by hub.freebsd.org (Postfix) with ESMTP id A910137B7EE
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  5 Apr 2000 23:06:31 -0700 (PDT)
	(envelope-from klaus@winf.htu.tuwien.ac.at)
Received: (from klaus@localhost)
	by winf.htu.tuwien.ac.at (8.9.3/8.9.3) id IAA01313;
	Thu, 6 Apr 2000 08:06:29 +0200 (CEST)
	(envelope-from klaus)
Message-Id: <200004060606.IAA01313@winf.htu.tuwien.ac.at>
Date: Thu, 6 Apr 2000 08:06:29 +0200 (CEST)
From: klaus@winf.htu.at
Sender: klaus@winf.htu.tuwien.ac.at
Reply-To: klaus@winf.htu.at
To: FreeBSD-gnats-submit@freebsd.org
Subject: majordomo port upgrade 
X-Send-Pr-Version: 3.2

>Number:         17820
>Category:       ports
>Synopsis:       majordomo port should be updated to v. 1.94.5
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    jfitz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr  5 23:10:02 PDT 2000
>Closed-Date:    Mon May 29 11:16:40 PDT 2000
>Last-Modified:  Mon May 29 11:17:58 PDT 2000
>Originator:     Klaus Brunner
>Release:        FreeBSD 3.4-STABLE i386
>Organization:
>Environment:

	

>Description:

	Majordomo 1.94.5 is a security/bugfix release which has been
	available for a few months now, yet the FreeBSD majordomo port
	is still using 1.94.4. 

>How-To-Repeat:

	

>Fix:
	
	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->jfitz 
Responsible-Changed-By: knu 
Responsible-Changed-When: Sun Apr 16 21:03:25 JST 2000 
Responsible-Changed-Why:  
Over to MAINTAINER 

From: Doug Barton <DougB@gorean.org>
To: klaus@winf.htu.at
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] Re: ports/17820: majordomo port upgrade
Date: Mon, 17 Apr 2000 00:14:02 -0700

 This is a multi-part message in MIME format.
 --------------036086A5732E78D291BFA2EA
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 
 klaus@winf.htu.at wrote:
 > 
 > >Number:         17820
 
 > >Description:
 > 
 >         Majordomo 1.94.5 is a security/bugfix release which has been
 >         available for a few months now, yet the FreeBSD majordomo port
 >         is still using 1.94.4.
 
 	Mail to -ports and MAINTAINER on this topic went unanswered on 6 April.
 The attached patch upgrades the port. Oddly enough, the md5 checksum in
 cvs is for 1.94.5, so it doesn't need to be updated. I verified the
 PLIST for the update. I regenerated the patches that had fuzz or
 offsets. I also combined the patches from patch-sec1 that had individual
 patch files already if they had fuzz. That list is:
 
 patch-ac digest
 patch-ba archive2.pl
 patch-bh request_answer
 patch-bi resend
 
 Also, the following comment from my previous post applies:
 
 The one patch that needs to be
 changed is patch-sec1. In resend there is the following:
 
 @@ -56,7 +56,7 @@  
  if ($ARGV[0] =~ /^\@/) {
      $fn = shift(@ARGV);
      $fn =~ s/^@//;
 -    open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped");
 +    sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY):
 $!\nStopped");
      undef($/); # set input field separator
      $av = <AV>;        # read whole file into string
      close(AV);
 
 This security concern seems to be adequately addressed in the new code:
 
     open(AV, "< $fn" ) || die("open(AV, \"< $fn\"): $!\nStopped");
 --------------036086A5732E78D291BFA2EA
 Content-Type: text/plain; charset=us-ascii;
  name="majordomo.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="majordomo.diff"
 
 Index: Makefile
 ===================================================================
 RCS file: /usr/ncvs/ports/mail/majordomo/Makefile,v
 retrieving revision 1.21
 diff -u -r1.21 Makefile
 --- Makefile	2000/04/13 19:59:56	1.21
 +++ Makefile	2000/04/17 05:49:07
 @@ -6,11 +6,10 @@
  #
  
  PORTNAME=	majordomo
 -PORTVERSION= 	1.94.4
 +PORTVERSION= 	1.94.5
  CATEGORIES=	mail
 -MASTER_SITES=	ftp://ftp.sgi.com/other/majordomo/1.94.4/ \
 -		ftp://ftp-europe.sgi.com/other/majordomo/1.94.4/
 -#		ftp://ftp.greatcircle.com/pub/majordomo/1.94.3/ \
 +MASTER_SITES=	ftp://ftp.greatcircle.com/pub/majordomo/1.94.5/ \
 +		ftp://ftp.sgi.com/other/majordomo/1.94.5/
  EXTRACT_SUFX=   .tgz
  
  MAINTAINER=	jfitz@FreeBSD.org
 Index: patches/patch-ac
 ===================================================================
 RCS file: /usr/ncvs/ports/mail/majordomo/patches/patch-ac,v
 retrieving revision 1.5
 diff -u -r1.5 patch-ac
 --- patches/patch-ac	1997/09/10 02:52:45	1.5
 +++ patches/patch-ac	2000/04/17 06:16:55
 @@ -1,15 +1,33 @@
 ---- digest.orig	Wed Aug 27 23:42:52 1997
 -+++ digest	Wed Sep 10 00:56:12 1997
 -@@ -314,7 +314,7 @@
 +--- digest.Dist	Fri Jan  7 03:04:34 2000
 ++++ digest	Sun Apr 16 23:15:49 2000
 +@@ -323,8 +323,24 @@
   	    } else {
   		# Read and execute the .cf file
   		$cf = $opt_c || $ENV{"MAJORDOMO_CF"} || 
  -		    "/etc/majordomo.cf";
 +-		require "$cf";
  +		    "%%PREFIX%%/majordomo/majordomo.cf";
 - 		require "$cf";
 ++
 ++if (not sysopen CONFIG,$cf,O_RDONLY)
 ++{
 ++  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 ++}
 ++elsif ((stat CONFIG)[4] != $>)
 ++{
 ++  die qq|Config file "$cf" not owned by effective UID.\n|;
 ++}
 ++elsif (eval(join '',<CONFIG>),$@)
 ++{
 ++  die qq|Unable to eval "$cf": $@.\n|;
 ++}
 ++else
 ++{
 ++  close CONFIG;
 ++}
   
   		chdir($homedir);
 -@@ -326,7 +326,7 @@
 + 
 +@@ -335,7 +351,7 @@
   # Define all of the mailer properties:
   # It is possible that one or both of $sendmail_command and $bounce_mailer
   # are not defined, so we provide reasonable defaults.
 Index: patches/patch-ba
 ===================================================================
 RCS file: /usr/ncvs/ports/mail/majordomo/patches/patch-ba,v
 retrieving revision 1.2
 diff -u -r1.2 patch-ba
 --- patches/patch-ba	1997/09/10 02:52:48	1.2
 +++ patches/patch-ba	2000/04/17 06:16:27
 @@ -1,6 +1,33 @@
 ---- archive2.pl.orig	Thu Aug 28 00:07:44 1997
 -+++ archive2.pl	Wed Sep 10 00:57:13 1997
 -@@ -88,7 +88,7 @@
 +--- archive2.pl.Dist	Fri Jan  7 03:00:49 2000
 ++++ archive2.pl	Sun Apr 16 23:15:49 2000
 +@@ -54,10 +54,23 @@
 +     shift(@ARGV); 
 +     shift(@ARGV); 
 + }
 +-if (! -r $cf) {
 +-    die("$cf not readable; stopped");
 ++
 ++if (not sysopen CONFIG,$cf,O_RDONLY)
 ++{
 ++  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 ++}
 ++elsif ((stat CONFIG)[4] != $>)
 ++{
 ++  die qq|Config file "$cf" not owned by effective UID.\n|;
 ++}
 ++elsif (eval(join '',<CONFIG>),$@)
 ++{
 ++  die qq|Unable to eval "$cf": $@.\n|;
 ++}
 ++else
 ++{
 ++  close CONFIG;
 + }
 +-require "$cf";
 + 
 + # All these should be in the standard PERL library
 + unshift(@INC, $homedir);
 +@@ -88,7 +101,7 @@
       exit 1;
   }
   
 Index: patches/patch-bh
 ===================================================================
 RCS file: /usr/ncvs/ports/mail/majordomo/patches/patch-bh,v
 retrieving revision 1.2
 diff -u -r1.2 patch-bh
 --- patches/patch-bh	1997/09/10 02:52:55	1.2
 +++ patches/patch-bh	2000/04/17 06:17:25
 @@ -1,6 +1,33 @@
 ---- request-answer.orig	Tue Dec 10 01:50:20 1996
 -+++ request-answer	Wed Sep 10 00:57:36 1997
 -@@ -43,7 +43,7 @@
 +--- request-answer.Dist	Fri Jan  7 03:10:18 2000
 ++++ request-answer	Sun Apr 16 23:15:50 2000
 +@@ -20,10 +20,23 @@
 +     shift(@ARGV); 
 +     shift(@ARGV); 
 + }
 +-if (! -r $cf) {
 +-    die("$cf not readable; stopped");
 ++
 ++if (not sysopen CONFIG,$cf,O_RDONLY)
 ++{
 ++  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 ++}
 ++elsif ((stat CONFIG)[4] != $>)
 ++{
 ++  die qq|Config file "$cf" not owned by effective UID.\n|;
 ++}
 ++elsif (eval(join '',<CONFIG>),$@)
 ++{
 ++  die qq|Unable to eval "$cf": $@.\n|;
 ++}
 ++else
 ++{
 ++  close CONFIG;
 + }
 +-require "$cf";
 + 
 + chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
 + unshift(@INC, $homedir);
 +@@ -51,7 +64,7 @@
   # Define all of the mailer properties:
   # It is possible that one or both of $sendmail_command and $bounce_mailer
   # are not defined, so we provide reasonable defaults.
 Index: patches/patch-bi
 ===================================================================
 RCS file: /usr/ncvs/ports/mail/majordomo/patches/patch-bi,v
 retrieving revision 1.2
 diff -u -r1.2 patch-bi
 --- patches/patch-bi	1997/09/10 02:52:57	1.2
 +++ patches/patch-bi	2000/04/17 06:17:38
 @@ -1,6 +1,34 @@
 ---- resend.orig	Wed Aug 27 23:59:24 1997
 -+++ resend	Wed Sep 10 00:57:38 1997
 -@@ -111,7 +111,7 @@
 +--- resend.Dist	Fri Jan  7 07:32:39 2000
 ++++ resend	Sun Apr 16 23:15:50 2000
 +@@ -84,11 +84,23 @@
 + # Despite not having a place to send the remains of the body,
 + # it would be nice to send a message to root or postmaster, at least...
 + #
 +-if (! -r $cf) {
 +-    die("$cf not readable; stopped");
 +-}
 + 
 +-require "$cf";
 ++if (not sysopen CONFIG,$cf,O_RDONLY)
 ++{
 ++  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 ++}
 ++elsif ((stat CONFIG)[4] != $>)
 ++{
 ++  die qq|Config file "$cf" not owned by effective UID.\n|;
 ++}
 ++elsif (eval(join '',<CONFIG>),$@)
 ++{
 ++  die qq|Unable to eval "$cf": $@.\n|;
 ++}
 ++else
 ++{
 ++  close CONFIG;
 ++}
 + 
 + chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
 + 
 +@@ -111,7 +123,7 @@
   # XXX It is possible that owner-$opt_l won't be the right address, but we
   # have little choice.  Sending the bounces to $whoami_owner is an option,
   # but might not clearly indicate the list name.
 @@ -9,7 +37,7 @@
   $bounce_mailer = $bounce_mailer || "$sendmail_command -f\$sender -t";
   &set_mail_from("owner-$opt_l");
   &set_mail_sender("owner-$opt_l");
 -@@ -924,7 +924,7 @@
 +@@ -936,7 +948,7 @@
       else {
   	# Painful, but we have to provide some kind of backwards
   	# compatibility and this is what 1.93 used
 Index: patches/patch-sec1
 ===================================================================
 RCS file: /usr/ncvs/ports/mail/majordomo/patches/patch-sec1,v
 retrieving revision 1.1
 diff -u -r1.1 patch-sec1
 --- patches/patch-sec1	2000/01/05 09:59:39	1.1
 +++ patches/patch-sec1	2000/04/17 06:20:21
 @@ -1,32 +1,3 @@
 ---- archive2.pl	Mon Jan  3 14:35:32 2000
 -+++ archive2.pl.new	Mon Jan  3 14:36:16 2000
 -@@ -54,10 +54,23 @@
 -     shift(@ARGV);
 -     shift(@ARGV);
 - }
 --if (! -r $cf) {
 --    die("$cf not readable; stopped");
 -+
 -+if (not sysopen CONFIG,$cf,O_RDONLY)
 -+{
 -+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 - }
 --require "$cf";
 -+elsif ((stat CONFIG)[4] != $>)
 -+{
 -+  die qq|Config file "$cf" not owned by effective UID.\n|;
 -+}
 -+elsif (eval(join '',<CONFIG>),$@)
 -+{
 -+  die qq|Unable to eval "$cf": $@.\n|;
 -+}
 -+else
 -+{
 -+  close CONFIG;
 -+}
 -
 - # All these should be in the standard PERL library
 - unshift(@INC, $homedir);
  --- bounce-remind	Mon Jan  3 14:35:32 2000
  +++ bounce-remind.new	Mon Jan  3 14:38:16 2000
  @@ -24,10 +24,23 @@
 @@ -84,33 +55,6 @@
   }
   
   foreach (@requires) {
 ---- digest.orig	Wed Jan  5 01:44:09 2000
 -+++ digest	Wed Jan  5 01:45:38 2000
 -@@ -315,7 +315,23 @@
 - 		# Read and execute the .cf file
 - 		$cf = $opt_c || $ENV{"MAJORDOMO_CF"} || 
 - 		    "%%PREFIX%%/majordomo/majordomo.cf";
 --		require "$cf";
 -+
 -+if (not sysopen CONFIG,$cf,O_RDONLY)
 -+{
 -+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 -+}
 -+elsif ((stat CONFIG)[4] != $>)
 -+{
 -+  die qq|Config file "$cf" not owned by effective UID.\n|;
 -+}
 -+elsif (eval(join '',<CONFIG>),$@)
 -+{
 -+  die qq|Unable to eval "$cf": $@.\n|;
 -+}
 -+else
 -+{
 -+  close CONFIG;
 -+}
 - 
 - 		chdir($homedir);
 - 
  --- majordomo	Mon Jan  3 13:37:13 2000
  +++ majordomo.new	Mon Jan  3 14:15:29 2000
  @@ -40,11 +40,23 @@
 @@ -141,71 +85,3 @@
  
   # Go to the home directory specified by the .cf file
   chdir("$homedir") || die "chdir to $homedir failed, $!\n";
 ---- request-answer	Mon Jan  3 14:35:32 2000
 -+++ request-answer.new	Mon Jan  3 15:09:02 2000
 -@@ -20,10 +20,23 @@
 -     shift(@ARGV);
 -     shift(@ARGV);
 - }
 --if (! -r $cf) {
 --    die("$cf not readable; stopped");
 -+
 -+if (not sysopen CONFIG,$cf,O_RDONLY)
 -+{
 -+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 - }
 --require "$cf";
 -+elsif ((stat CONFIG)[4] != $>)
 -+{
 -+  die qq|Config file "$cf" not owned by effective UID.\n|;
 -+}
 -+elsif (eval(join '',<CONFIG>),$@)
 -+{
 -+  die qq|Unable to eval "$cf": $@.\n|;
 -+}
 -+else
 -+{
 -+  close CONFIG;
 -+}
 -
 - chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
 - unshift(@INC, $homedir);
 ---- resend	Mon Jan  3 15:14:49 2000
 -+++ resend.new	Mon Jan  3 15:16:01 2000
 -@@ -56,7 +56,7 @@
 - if ($ARGV[0] =~ /^\@/) {
 -     $fn = shift(@ARGV);
 -     $fn =~ s/^@//;
 --    open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped");
 -+    sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped");
 -     undef($/);	# set input field separator
 -     $av = <AV>;	# read whole file into string
 -     close(AV);
 -@@ -84,11 +84,23 @@
 - # Despite not having a place to send the remains of the body,
 - # it would be nice to send a message to root or postmaster, at least...
 - #
 --if (! -r $cf) {
 --    die("$cf not readable; stopped");
 --}
 -
 --require "$cf";
 -+if (not sysopen CONFIG,$cf,O_RDONLY)
 -+{
 -+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 -+}
 -+elsif ((stat CONFIG)[4] != $>)
 -+{
 -+  die qq|Config file "$cf" not owned by effective UID.\n|;
 -+}
 -+elsif (eval(join '',<CONFIG>),$@)
 -+{
 -+  die qq|Unable to eval "$cf": $@.\n|;
 -+}
 -+else
 -+{
 -+  close CONFIG;
 -+}
 -
 - chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
 -
 
 --------------036086A5732E78D291BFA2EA--
 
 
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Mon May 29 11:16:40 PDT 2000 
State-Changed-Why:  
Update committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=17820 
>Unformatted:
