svn commit: r414374 - in head: . mail/dspam mail/dspam/files
    Jason Unovitch 
    junovitch at FreeBSD.org
       
    Sun May  1 01:13:08 UTC 2016
    
    
  
Author: junovitch
Date: Sun May  1 01:13:06 2016
New Revision: 414374
URL: https://svnweb.freebsd.org/changeset/ports/414374
Log:
  mail/dspam: implement privilege separation (resolves bug running with suexec)
  
  - Runs as dspam:dspam instead of root:mail. The dspam UID/GID were created
    in r168311 when the UIDs/GIDs files were added but the port had always
    used root:mail. This had prevented running the dspam webUI under Apache
    with suexec due to a minimal requirement of UID/GID of 100. The original
    unsecure behavior is available with the SETUID option.
  - Default run directory is now /var/run/dspam. This follows the default
    upstream behavior and removes the patch to dspam.c as a result. Use
    RUN_DIR and correct the dspam.conf.sample file accordingly.
  - Default daemon/client communication port is now 2424.
  - Regen patches while here (portlint)
  
  UPDATING: Document privilege separated dspam
  
  PR:		115957
  Reported by:	tedm at ipinc.net, support at ipinc.net
  Submitted by:	Danny Warren <danny at dannywarren.com> (maintainer)
Added:
  head/mail/dspam/files/patch-src__client.c   (contents, props changed)
  head/mail/dspam/files/patch-src__daemon.c   (contents, props changed)
Deleted:
  head/mail/dspam/files/patch-src__dspam.c
Modified:
  head/UPDATING
  head/mail/dspam/Makefile
  head/mail/dspam/files/UPDATING
  head/mail/dspam/files/dspam.in
  head/mail/dspam/files/patch-src__Makefile.in
  head/mail/dspam/files/patch-src__dspam.conf.in
  head/mail/dspam/pkg-plist
Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Sun May  1 01:07:58 2016	(r414373)
+++ head/UPDATING	Sun May  1 01:13:06 2016	(r414374)
@@ -5,6 +5,16 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20160501:
+  AFFECTS: Users of mail/dspam
+  AUTHOR: junovitch at FreeBSD.org
+
+  dspam has been modified to no longer run as root:mail by default.
+  Existing configuration must be adjusted to reflect using a non-privileged
+  port and the /var/run/dspam directory for PID and socket files.  If you
+  need dspam to run as root for your mail setup, you can use the SETUID
+  config option to enable the old insecure behavior.
+  
 20160424:
   AFFECTS: Users of net-mgmt/icinga2
   AUTHOR: lme at FreeBSD.org
Modified: head/mail/dspam/Makefile
==============================================================================
--- head/mail/dspam/Makefile	Sun May  1 01:07:58 2016	(r414373)
+++ head/mail/dspam/Makefile	Sun May  1 01:13:06 2016	(r414374)
@@ -7,7 +7,7 @@
 
 PORTNAME=	dspam
 PORTVERSION=	3.10.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	mail
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
 
@@ -16,13 +16,16 @@ COMMENT=	Bayesian spam filter
 
 LICENSE=	AGPLv3
 
+USERS=		dspam
+GROUPS=		dspam
+
 OPTIONS_SUB=	yes
 
 OPTIONS_DEFINE=	SYSLOG DEBUG VERBOSE_DEBUG BNR_DEBUG PREF_EXT DAEMON \
 		CLAMAV CLAMAV_LOCAL EXTERNAL_LOOKUP \
 		USER_HOMEDIR TRUSTED_USERS VIRT_USERS LONG_USERNAMES \
 		LARGE_SCALE DOMAIN_SCALE NICESENDMAIL POSTFIX_MBC \
-		QMAIL WEBUI LIGHTTPD DOCS EXAMPLES
+		QMAIL WEBUI LIGHTTPD DOCS EXAMPLES SETUID
 
 OPTIONS_MULTI=		DB
 OPTIONS_MULTI_DB=	HASH MYSQL MYSQL_COMPRESS MYSQL_LOCAL \
@@ -70,6 +73,7 @@ POSTFIX_MBC_DESC=	Dspam as mailbox_comma
 QMAIL_DESC=		Play nice with Qmail mail server
 WEBUI_DESC=		Install WebUI (RUN_DEPEND on Apache/Lighttpd)
 LIGHTTPD_DESC=		RUN_DEPEND on Lighttpd instead of Apache
+SETUID_DESC=		Run as root:mail with setuid (insecure)
 
 MAKE_JOBS_UNSAFE=	yes
 USES=		perl5 libtool shebangfix
@@ -97,13 +101,24 @@ CONFLICTS=	dspam-devel-[0-9]*
 
 SIGNATURE_LIFE?=	15
 
+.include <bsd.port.options.mk>
+
 _VAR_DIR=	/var
+
+RUN_DIR?=	${_VAR_DIR}/run/dspam
+
 LOG_DIR?=	${_VAR_DIR}/log/dspam
 LOGFILE?=	${LOG_DIR}/dspam.log
 
-DSPAM_MODE?=	4510
+.if ${PORT_OPTIONS:MSETUID}
 DSPAM_OWNER?=	root
 DSPAM_GROUP?=	mail
+DSPAM_MODE?=	4510
+.else
+DSPAM_OWNER?=	${USERS}
+DSPAM_GROUP?=	${GROUPS}
+DSPAM_MODE?=	0555
+.endif
 
 DSPAM_ETC?=	${LOCALBASE}/etc
 DSPAM_HOME?=	${_VAR_DIR}/db/dspam
@@ -124,6 +139,7 @@ PLIST_SUB+=	DSPAM_HOME=${DSPAM_HOME} \
 CONFIGURE_ARGS+=	--sysconfdir=${DSPAM_ETC}
 CONFIGURE_ARGS+=	--with-logdir=${LOG_DIR}
 PLIST_SUB+=	LOG_DIR=${LOG_DIR}
+PLIST_SUB+=	RUN_DIR=${RUN_DIR}
 
 CONFIGURE_ARGS+=	--with-dspam-home=${DSPAM_HOME}
 CONFIGURE_ARGS+=	--with-dspam-home-owner=${DSPAM_HOME_OWNER}
@@ -148,7 +164,6 @@ _SED_SCRIPT=	-e 's,%%DOCSDIR%%,${DOCSDIR
 		-e 's,%%_VAR_DIR%%,${_VAR_DIR},g' \
 		-e '/^%%FreeBSD/D'
 
-.include <bsd.port.options.mk>
 
 .if ${PORT_OPTIONS:MSYSLOG}
 CONFIGURE_ARGS+=	--enable-syslog
@@ -178,6 +193,8 @@ CONFIGURE_ARGS+=	--enable-daemon
 USE_RC_SUBR=	${PORTNAME}
 _SED_SCRIPT+=	-e 's,%%DAEMON%%,,g'
 SUB_LIST+=	DSPAM_HOME=${DSPAM_HOME}
+SUB_LIST+=	DSPAM_OWNER=${DSPAM_OWNER}
+SUB_LIST+=	DSPAM_GROUP=${DSPAM_GROUP}
 .else
 _SED_SCRIPT+=	-e '/%%DAEMON%%/D'
 .endif
@@ -217,15 +234,19 @@ _DBDRV:=	${_DBDRV:S/pgsql_drv,//}
 .if ${PORT_OPTIONS:MSQLITE3}
 USES+=		sqlite:3
 _DBDRV_COUNT:=	${_DBDRV_COUNT}o
+PLIST_SUB+=	SQLITE3=""
 .else
 _DBDRV:=	${_DBDRV:S/sqlite3_drv,//}
+PLIST_SUB+=	SQLITE3="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MSQLITE2}
 USES+=		sqlite:2
 _DBDRV_COUNT:=	${_DBDRV_COUNT}o
+PLIST_SUB+=	SQLITE2=""
 .else
 _DBDRV:=	${_DBDRV:S/sqlite_drv,//}
+PLIST_SUB+=	SQLITE2="@comment "
 .endif
 
 .if ${USES:Msqlite*}
@@ -246,7 +267,7 @@ PLIST_SUB+=	HASH="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MMYSQL}
-USE_MYSQL=	yes
+USES+=		mysql
 CONFIGURE_ARGS+=	--with-mysql-includes=${LOCALBASE}/include/mysql \
 			--with-mysql-libraries=${LOCALBASE}/lib/mysql
 PLIST_SUB+=	MYSQL=""
@@ -255,7 +276,7 @@ _DBDRV_COUNT:=	${_DBDRV_COUNT}o
 CONFIGURE_ARGS+=	--enable-client-compression
 .	endif
 .	if ${PORT_OPTIONS:MMYSQL_LOCAL}
-USE_MYSQL=	server
+WANT_MYSQL=	server
 SUB_LIST+=	MYSQL=mysql
 .	else
 SUB_LIST+=	MYSQL=
@@ -274,6 +295,14 @@ PLIST_SUB+=	DYNAMIC=""
 PLIST_SUB+=	DYNAMIC="@comment "
 .endif
 
+.if %{PORT_OPTIONS:MSETUID}
+PLIST_SUB+=	SETUID=""
+PLIST_SUB+=	NOSETUID="@comment "
+.else
+PLIST_SUB+=	SETUID="@comment "
+PLIST_SUB+=	NOSETUID=""
+.endif
+
 .if ${PORT_OPTIONS:MEXTERNAL_LOOKUP}
 CONFIGURE_ARGS+=	--enable-external-lookup
 USE_OPENLDAP=	YES
@@ -421,6 +450,7 @@ pre-extract:
 	@${ECHO_CMD} "DSPAM_HOME_GROUP=${DSPAM_HOME_GROUP}"
 	@${ECHO_CMD} "DSPAM_HOME_MODE=${DSPAM_HOME_MODE} (default: 0770)"
 	@${ECHO_CMD} "LOG_DIR=${LOG_DIR} (default: ${_VAR_DIR}/log/dspam)"
+	@${ECHO_CMD} "RUN_DIR=${RUN_DIR} (default: ${_VAR_DIR}/run/dspam)"
 .	ifdef(WITHOUT_SYSLOG)
 	@${ECHO_CMD} "LOGFILE=${LOGFILE} (default: ${_VAR_DIR}/log/dspam/dspam.log)"
 .	endif
@@ -448,24 +478,24 @@ post-patch:
 		${WRKSRC}/src/tools/dspam_notify.in
 
 pre-configure:
-.if ${PORT_OPTIONS:MVIRT_USERS} && !( defined(USE_MYSQL) || \
+.if ${PORT_OPTIONS:MVIRT_USERS} && !( ${PORT_OPTIONS:MMYSQL} || \
 	${PORT_OPTIONS:MPGSQL} || ${PORT_OPTIONS:MHASH} )
 	@${ECHO_CMD} "You need MySQL, POSTGRESQL or HASH for virtual users."
 	@${FALSE}
 .endif
-.if ${PORT_OPTIONS:MPREF_EXT} && !( defined(USE_MYSQL) || \
+.if ${PORT_OPTIONS:MPREF_EXT} && !( ${PORT_OPTIONS:MMYSQL} || \
 	${PORT_OPTIONS:MPGSQL} )
 	@${ECHO_CMD} "You need MySQL or Postgres for preferences extension"
 	@${FALSE}
 .endif
-.if ${PORT_OPTIONS:MDAEMON} && !( defined(USE_MYSQL) || \
+.if ${PORT_OPTIONS:MDAEMON} && !( ${PORT_OPTIONS:MMYSQL} || \
 	${PORT_OPTIONS:MPGSQL} || ${PORT_OPTIONS:MHASH} )
 	@${ECHO_CMD} "You need MySQL, PostgreSQL or Hash for Daemon mode, because multithreading support is needed"
 	@${FALSE}
 .endif
-.if ${PORT_OPTIONS:MEXTERNAL_LOOKUP} && !( defined(USE_MYSQL) || \
+.if ${PORT_OPTIONS:MEXTERNAL_LOOKUP} && !( ${PORT_OPTIONS:MMYSQL} || \
 	${PORT_OPTIONS:MPGSQL} || ${PORT_OPTIONS:MSQLITE*} )
-	@${ECHO_CMD} "You need MySQL, Postgres or SQLITE for EXTERNAL_LOOKUP."
+	@${ECHO_CMD} "You need MySQL, Postgres or SQLite for EXTERNAL_LOOKUP."
 	@${FALSE}
 .endif
 .if ${PORT_OPTIONS:MUSER_HOMEDIR} && ${PORT_OPTIONS:MWEBUI}
@@ -490,7 +520,7 @@ post-install:
 		${RM} -R ${STAGEDIR}${PREFIX}/lib/pkgconfig || true
 
 .if ${PORT_OPTIONS:MEXAMPLES}
-.ifdef(USE_MYSQL)
+.if ${PORT_OPTIONS:MMYSQL}
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/mysql
 	cd  ${WRKSRC}/src/tools.mysql_drv && \
 		${INSTALL_DATA} mysql_objects-4.1.sql \
@@ -558,7 +588,8 @@ post-install:
 		${INSTALL_DATA} ${_file}.sample ${STAGEDIR}${DSPAM_HOME}
 .endfor
 
-	@${MKDIR} -m ${DSPAM_HOME_MODE} ${STAGEDIR}${LOG_DIR}
+	@${MKDIR} ${STAGEDIR}${RUN_DIR}
+	@${MKDIR} ${STAGEDIR}${LOG_DIR}
 
 	@${CAT} ${WRKSRC}/README.FreeBSD
 
Modified: head/mail/dspam/files/UPDATING
==============================================================================
--- head/mail/dspam/files/UPDATING	Sun May  1 01:07:58 2016	(r414373)
+++ head/mail/dspam/files/UPDATING	Sun May  1 01:13:06 2016	(r414374)
@@ -17,6 +17,19 @@ in the port directory:
 make extract;  more `find . -type f -maxdepth 2 -name UPGRADING`
 
 ###########################################################################
+# dspam-3.10.2_2
+#
+
+Port Changes:
+- Runs as dspam:dspam instead of root:mail [1]
+- Default run directory is now /var/run/dspam [1]
+- Default daemon/client communication port is now 2424 [1]
+- New SETUID option to enable old insecure behavior [1]
+
+[1] Questionable ownership and security on mail/dspam (PR #115957)
+
+
+###########################################################################
 # dspam-3.10.2
 #
 
Modified: head/mail/dspam/files/dspam.in
==============================================================================
--- head/mail/dspam/files/dspam.in	Sun May  1 01:07:58 2016	(r414373)
+++ head/mail/dspam/files/dspam.in	Sun May  1 01:13:06 2016	(r414374)
@@ -25,7 +25,9 @@ load_rc_config $name
 #defaults
 : ${dspam_enable="NO"}
 : ${dspam_debug="NO"}
-: ${dspam_pidfile:-/var/run/dspam.pid}
+: ${dspam_pidfile:-/var/run/dspam/dspam.pid}
+: ${dspam_user="%%DSPAM_OWNER%%"}
+: ${dspam_group="%%DSPAM_GROUP%%"}
 
 command=%%PREFIX%%/bin/${name}
 
Modified: head/mail/dspam/files/patch-src__Makefile.in
==============================================================================
--- head/mail/dspam/files/patch-src__Makefile.in	Sun May  1 01:07:58 2016	(r414373)
+++ head/mail/dspam/files/patch-src__Makefile.in	Sun May  1 01:13:06 2016	(r414374)
@@ -1,6 +1,6 @@
---- src/Makefile.in.orig	2014-05-14 17:35:13.000000000 -0300
-+++ src/Makefile.in	2014-05-14 17:35:48.000000000 -0300
-@@ -1117,11 +1117,11 @@
+--- src/Makefile.in.orig        2012-04-23 17:53:45 UTC
++++ src/Makefile.in
+@@ -1249,11 +1249,11 @@ install-exec-hook:
  		mkdir -p $(DESTDIR)$(sysconfdir); \
  		chmod 755 $(DESTDIR)$(sysconfdir); \
  	fi
Added: head/mail/dspam/files/patch-src__client.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/mail/dspam/files/patch-src__client.c	Sun May  1 01:13:06 2016	(r414374)
@@ -0,0 +1,22 @@
+--- src/client.c.orig   2012-04-11 18:48:33 UTC
++++ src/client.c
+@@ -304,7 +304,7 @@ int client_connect(AGENT_CTX *ATX, int f
+   struct sockaddr_un saun;
+   int sockfd;
+   int yes = 1;
+-  int port = 24;
++  int port = 2424;
+   int domain = 0;
+   int addr_len;
+   char *host;
+--- src/client.c.orig   2012-04-11 18:48:33 UTC
++++ src/client.c
+@@ -304,7 +304,7 @@ int client_connect(AGENT_CTX *ATX, int f
+   struct sockaddr_un saun;
+   int sockfd;
+   int yes = 1;
+-  int port = 24;
++  int port = 2424;
+   int domain = 0;
+   int addr_len;
+   char *host;
Added: head/mail/dspam/files/patch-src__daemon.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/mail/dspam/files/patch-src__daemon.c	Sun May  1 01:13:06 2016	(r414374)
@@ -0,0 +1,22 @@
+--- src/daemon.c.orig   2012-04-11 18:48:33 UTC
++++ src/daemon.c
+@@ -97,7 +97,7 @@ int daemon_listen(DRIVER_CTX *DTX) {
+   int domain = 0;		/* listening on domain socket? */
+   int listener;			/* listener fd */
+   int i;
+-  int port = 24, queue = 32;	/* default port and queue size */
++  int port = 2424, queue = 32;	/* default port and queue size */
+ 
+   signal(SIGPIPE, SIG_IGN);
+   signal(SIGINT,  process_signal);
+--- src/daemon.c.orig   2012-04-11 18:48:33 UTC
++++ src/daemon.c
+@@ -97,7 +97,7 @@ int daemon_listen(DRIVER_CTX *DTX) {
+   int domain = 0;		/* listening on domain socket? */
+   int listener;			/* listener fd */
+   int i;
+-  int port = 24, queue = 32;	/* default port and queue size */
++  int port = 2424, queue = 32;	/* default port and queue size */
+ 
+   signal(SIGPIPE, SIG_IGN);
+   signal(SIGINT,  process_signal);
Modified: head/mail/dspam/files/patch-src__dspam.conf.in
==============================================================================
--- head/mail/dspam/files/patch-src__dspam.conf.in	Sun May  1 01:07:58 2016	(r414373)
+++ head/mail/dspam/files/patch-src__dspam.conf.in	Sun May  1 01:13:06 2016	(r414374)
@@ -1,6 +1,6 @@
---- src/dspam.conf.in.orig	2014-09-18 00:33:02.874722063 -0700
-+++ src/dspam.conf.in	2014-09-18 00:41:49.434685786 -0700
-@@ -56,6 +56,7 @@
+--- src/dspam.conf.in.orig	2012-04-11 18:48:33 UTC
++++ src/dspam.conf.in
+@@ -56,6 +56,7 @@ TrustedDeliveryAgent "@delivery_agent@"
  # necessary if you plan on allowing untrusted processing.
  #
  #UntrustedDeliveryAgent "/usr/bin/procmail -d %u"
@@ -8,7 +8,7 @@
  
  #
  # SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or LMTP
-@@ -350,7 +351,7 @@
+@@ -350,7 +351,7 @@ AllowOverride notifications
  # Storage driver settings: Specific to a particular storage driver. Uncomment
  # the configuration specific to your installation, if applicable.
  #
@@ -17,7 +17,7 @@
  #MySQLPort		
  #MySQLUser		dspam
  #MySQLPass		changeme
-@@ -361,7 +362,7 @@
+@@ -361,7 +362,7 @@ AllowOverride notifications
  # If you are using replication for clustering, you can also specify a separate
  # server to perform all writes to.
  #
@@ -26,7 +26,7 @@
  #MySQLWritePort		
  #MySQLWriteUser		dspam
  #MySQLWritePass		changeme
-@@ -406,7 +407,7 @@
+@@ -406,7 +407,7 @@ AllowOverride notifications
  # in /var/run/postgresql/.s.PGSQL.5432 specify just the path where the socket
  # resits (without .s.PGSQL.5432).
  
@@ -35,12 +35,24 @@
  #PgSQLPort		
  #PgSQLUser		dspam
  #PgSQLPass		changeme
-@@ -845,14 +846,14 @@
+@@ -807,9 +808,9 @@ Opt out
+ # interfaces.
+ #
+ #ServerHost		127.0.0.1
+-#ServerPort		24
++#ServerPort		2424
+ #ServerQueueSize	32
+-#ServerPID		/var/run/dspam.pid
++#ServerPID		/var/run/dspam/dspam.pid
+ 
+ #
+ # ServerMode specifies the type of LMTP server to start. This can be one of:
+@@ -845,18 +846,18 @@ Opt out
  # you are running the client and server on the same machine, as it eliminates
  # much of the bandwidth overhead.
  #
 -#ServerDomainSocketPath	"/tmp/dspam.sock"
-+#ServerDomainSocketPath	"/var/run/dspam.sock"
++#ServerDomainSocketPath	"/var/run/dspam/dspam.sock"
  
  #
  # Client Mode: If you are running DSPAM in client/server mode, uncomment and
@@ -48,7 +60,12 @@
  # a domain socket.
  #
 -#ClientHost	/tmp/dspam.sock
-+#ClientHost	/var/run/dspam.sock
++#ClientHost	/var/run/dspam/dspam.sock
  #ClientIdent	"secret at Relay1"
  #
  #ClientHost	127.0.0.1
+-#ClientPort	24
++#ClientPort	2424
+ #ClientIdent	"secret at Relay1"
+ 
+ # --- RABL ---
Modified: head/mail/dspam/pkg-plist
==============================================================================
--- head/mail/dspam/pkg-plist	Sun May  1 01:07:58 2016	(r414373)
+++ head/mail/dspam/pkg-plist	Sun May  1 01:13:06 2016	(r414374)
@@ -2,7 +2,8 @@
 %%HASH%%bin/csscompress
 %%HASH%%bin/cssconvert
 %%HASH%%bin/cssstat
-@(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%,%%DSPAM_MODE%%) bin/dspam
+%%SETUID%%@(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%,%%DSPAM_MODE%%) bin/dspam
+%%NOSETUID%%bin/dspam
 bin/dspamc
 bin/dspam_2sql
 bin/dspam_admin
@@ -65,10 +66,14 @@ man/man3/libdspam.3.gz
 %%DYNAMIC%%%%PGSQL%%lib/dspam/libpgsql_drv.so
 %%DYNAMIC%%%%PGSQL%%lib/dspam/libpgsql_drv.so.7
 %%DYNAMIC%%%%PGSQL%%lib/dspam/libpgsql_drv.so.7.0.0
-%%DYNAMIC%%%%SQLITE%%lib/dspam/libsqlite3_drv.a
-%%DYNAMIC%%%%SQLITE%%lib/dspam/libsqlite3_drv.so
-%%DYNAMIC%%%%SQLITE%%lib/dspam/libsqlite3_drv.so.7
-%%DYNAMIC%%%%SQLITE%%lib/dspam/libsqlite3_drv.so.7.0.0
+%%DYNAMIC%%%%SQLITE2%%lib/dspam/libsqlite_drv.so.7.0.0
+%%DYNAMIC%%%%SQLITE2%%lib/dspam/libsqlite_drv.a
+%%DYNAMIC%%%%SQLITE2%%lib/dspam/libsqlite_drv.so
+%%DYNAMIC%%%%SQLITE2%%lib/dspam/libsqlite_drv.so.7
+%%DYNAMIC%%%%SQLITE3%%lib/dspam/libsqlite3_drv.a
+%%DYNAMIC%%%%SQLITE3%%lib/dspam/libsqlite3_drv.so
+%%DYNAMIC%%%%SQLITE3%%lib/dspam/libsqlite3_drv.so.7
+%%DYNAMIC%%%%SQLITE3%%lib/dspam/libsqlite3_drv.so.7.0.0
 libdata/pkgconfig/dspam.pc
 %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
 %%PORTDOCS%%%%DOCSDIR%%/LICENSE
@@ -206,8 +211,9 @@ libdata/pkgconfig/dspam.pc
 %%WebUI%%%%WWWDIR%%/templates/ro/nav_preferences.html
 %%WebUI%%%%WWWDIR%%/templates/ro/nav_quarantine.html
 %%WebUI%%%%WWWDIR%%/templates/ro/nav_viewmessage.html
-%%DSPAM_HOME%%/firstrun.txt.sample
-%%DSPAM_HOME%%/firstspam.txt.sample
-%%DSPAM_HOME%%/quarantinefull.txt.sample
+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/firstrun.txt.sample
+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/firstspam.txt.sample
+@(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%DSPAM_HOME%%/quarantinefull.txt.sample
 @dir(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%,%%DSPAM_HOME_MODE%%) %%DSPAM_HOME%%
- at dir(%%DSPAM_HOME_OWNER%%,%%DSPAM_HOME_GROUP%%) %%LOG_DIR%%
+ at dir(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%) %%LOG_DIR%%
+ at dir(%%DSPAM_OWNER%%,%%DSPAM_GROUP%%) %%RUN_DIR%%
    
    
More information about the svn-ports-head
mailing list