Security fix for CVE-2010-0301, "maildrop Privilege Escalation

Security Issue". patch from upstream cvs. ok ajacoutot@
2010-01-29 12:03:09 +00:00 · 2010-01-29 12:03:09 +00:00 · 4fe6846531
commit 4fe6846531
parent 5eff20eeb9
2 changed files with 18 additions and 2 deletions
--- a/mail/maildrop/Makefile
+++ b/mail/maildrop/Makefile
@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.29 2009/12/22 11:21:33 giovanni Exp $
+# $OpenBSD: Makefile,v 1.30 2010/01/29 12:03:09 jasper Exp $

 COMMENT-main=		mail delivery agent with filtering abilities
 COMMENT-utils=		quota tools for the Courier mail suite

 V=			2.2.0
 DISTNAME=		maildrop-$V
-PKGNAME-main=		maildrop-$Vp0
+PKGNAME-main=		maildrop-$Vp1
 FULLPKGNAME-utils=	courier-utils-$V
 CATEGORIES=		mail

--- a/mail/maildrop/patches/patch-maildrop_main_C
+++ b/mail/maildrop/patches/patch-maildrop_main_C
@ -0,0 +1,16 @@
+$OpenBSD: patch-maildrop_main_C,v 1.1 2010/01/29 12:03:09 jasper Exp $
+
+Security fix for CVE-2010-0301, "maildrop Privilege Escalation
+Security Issue". patch from upstream cvs -r1.59 of main.C.
+
+--- maildrop/main.C.orig	Fri Jan 29 12:04:39 2010
+++ maildrop/main.C	Fri Jan 29 12:05:04 2010
+@@ -471,6 +471,8 @@ const	char *numuidgid=0;
+ 					nouser();
+ #if	RESET_GID
+ 				setgroupid(my_pw->pw_gid);
+#else
+				setgroupid(getegid());
+ #endif
+ 				setuid(my_pw->pw_uid);
+ 				if (getuid() != my_pw->pw_uid)