Part 2 and end of the update to maildrop-2.0.2.

mail/maildrop/files/SECURITY

@@ -0,0 +1,26 @@
+Maildrop must be run as the uid/gid of the user whose mailbox it
+is delivering to.
+
+Therefore, if the MTA does not spawn it with the correct uid/gid,
+it needs to be suid root to perform the operation itself.
+
+The port is installed with the suid bit stripped by default.  This
+works out-of-the-box with MTAs like qmail, which spawn maildrop
+with the correct uid/gid it needs to perform the delivery.
+
+For more information, please read the documentation in
+!!PREFIX!!/share/doc/maildrop/INSTALL.  It should be safe to enable
+the suid bits, but scan over the code first and satisfy yourself
+that there are no security holes.
+
+If you perform a full audit, please inform <ports@openbsd.org> and
+the suid bit may then be enabled by default.  Note that there have
+been no security advisories about this package in the past.
+
+The following files will need suid re-enabled if you so choose:
+
+!!PREFIX!!/bin/maildrop
+!!PREFIX!!/bin/lockmail
+
+Marc Balmer <mbalmer@openbsd.org>
+$OpenBSD: SECURITY,v 1.1 2006/11/03 13:52:19 mbalmer Exp $

mail/maildrop/patches/patch-liblock_locktest_c

@@ -0,0 +1,82 @@
+$OpenBSD: patch-liblock_locktest_c,v 1.1 2006/11/03 13:52:19 mbalmer Exp $
+--- liblock/locktest.c.orig	Mon Dec  6 11:18:55 1999
++++ liblock/locktest.c	Sat Jan  7 20:36:26 2006
+@@ -5,6 +5,7 @@
+ 
+ /* $Id */
+ 
++#include	<paths.h>
+ #include	"liblock.h"
+ #if	USE_FCNTL
+ #include	"lockfcntl.c"
+@@ -20,11 +21,23 @@
+ 
+ int main()
+ {
++#define FILENAME	"courier-authlib.locktest.XXXXX"
+ int	fd[2];
+ pid_t	p;
+ int	s;
+ int	f;
+ 
++	char *name;
++	const char *tmpdir;
++	if ((tmpdir = (char *)getenv("TMPDIR")) == NULL)
++		tmpdir = _PATH_TMP;
++	(void)asprintf(&name, "%s%s%s", tmpdir,
++		(tmpdir[strlen(tmpdir) - 1] == '/') ? "" : "/", FILENAME);
++	if (name == NULL) {
++		perror("get filename");
++		exit(1);
++	}
++
+ 	signal(SIGCHLD, SIG_DFL);
+ 	if (pipe(fd))
+ 	{
+@@ -32,6 +45,12 @@ int	f;
+ 		return (1);
+ 	}
+ 
++	if ((f=mkstemp(name)) < 0)
++	{
++		perror("open");
++		exit(1);
++	}
++
+ 	if ((p=fork()) == (pid_t)-1)
+ 	{
+ 		perror("fork");
+@@ -46,7 +65,7 @@ int	f;
+ 		read(fd[0], &c, 1);
+ 		close(fd[0]);
+ 
+-		if ((f=open("conftest.lock", O_RDWR|O_CREAT, 0644)) < 0)
++		if ((f=open(name, O_RDWR)) < 0)
+ 		{
+ 			perror("open");
+ 			exit(1);
+@@ -56,22 +75,18 @@ int	f;
+ 		if (ll_lockfd(f, ll_writelock, 0, 0))
+ 		{
+ 			close(f);
++			unlink(name);
+ 			exit(0);
+ 		}
+ 		close(f);
+ 		exit(1);
+ 	}
+-	
+-	if ((f=open("conftest.lock", O_RDWR|O_CREAT, 0644)) < 0)
+-	{
+-		perror("open");
+-		exit(1);
+-	}
+ 
+ 	if (ll_lockfd(f, ll_writelock, 0, 0))
+ 	{
+ 		perror("lock");
+ 		close(f);
++		unlink(name);
+ 		exit(1);
+ 	}
+ 	close(fd[1]);

mail/maildrop/patches/patch-maildir_Makefile_am

@@ -0,0 +1,24 @@
+$OpenBSD: patch-maildir_Makefile_am,v 1.1 2006/11/03 13:52:19 mbalmer Exp $
+--- maildir/Makefile.am.orig	Sat Jan  7 22:49:37 2006
++++ maildir/Makefile.am	Sat Jan  7 22:53:22 2006
+@@ -115,16 +115,16 @@ mailbot.h: config.status
+ 	echo '#define MAILBOT "@MAILBOT@"' >mailbot.h
+ 
+ maildirsharedrc.h: config.status
+-	echo '#define MAILDIRSHAREDRC "$(sysconfdir)/maildirshared"' >maildirsharedrc.h
++	echo '#define MAILDIRSHAREDRC "$(sysconfdir)/maildrop/maildirshared"' >maildirsharedrc.h
+ 
+ maildirfilterconfig.h: config.status
+-	echo '#define MAILDIRFILTERCONFIG "$(sysconfdir)/maildirfilterconfig"' >maildirfilterconfig.h
++	echo '#define MAILDIRFILTERCONFIG "$(sysconfdir)/maildrop/maildirfilterconfig"' >maildirfilterconfig.h
+ 
+ autoresponsequota.h: config.status
+-	echo '#define AUTORESPONSEQUOTA "$(sysconfdir)/autoresponsesquota"' >autoresponsequota.h
++	echo '#define AUTORESPONSEQUOTA "$(sysconfdir)/maildrop/autoresponsesquota"' >autoresponsequota.h
+ 
+ quotawarnmsg.h: config.status
+-	echo '#define QUOTAWARNMSG "$(sysconfdir)/quotawarnmsg"' >quotawarnmsg.h
++	echo '#define QUOTAWARNMSG "$(sysconfdir)/maildrop/quotawarnmsg"' >quotawarnmsg.h
+ maildir.libdeps: config.status
+ 	echo @LIBFAM@ >maildir.libdeps
+ 

mail/maildrop/patches/patch-maildir_Makefile_in

@@ -0,0 +1,24 @@
+$OpenBSD: patch-maildir_Makefile_in,v 1.1 2006/11/03 13:52:19 mbalmer Exp $
+--- maildir/Makefile.in.orig	Sat Jan  7 22:49:52 2006
++++ maildir/Makefile.in	Sat Jan  7 22:52:02 2006
+@@ -828,16 +828,16 @@ mailbot.h: config.status
+ 	echo '#define MAILBOT "@MAILBOT@"' >mailbot.h
+ 
+ maildirsharedrc.h: config.status
+-	echo '#define MAILDIRSHAREDRC "$(sysconfdir)/maildirshared"' >maildirsharedrc.h
++	echo '#define MAILDIRSHAREDRC "$(sysconfdir)/maildrop/maildirshared"' >maildirsharedrc.h
+ 
+ maildirfilterconfig.h: config.status
+-	echo '#define MAILDIRFILTERCONFIG "$(sysconfdir)/maildirfilterconfig"' >maildirfilterconfig.h
++	echo '#define MAILDIRFILTERCONFIG "$(sysconfdir)/maildrop/maildirfilterconfig"' >maildirfilterconfig.h
+ 
+ autoresponsequota.h: config.status
+-	echo '#define AUTORESPONSEQUOTA "$(sysconfdir)/autoresponsesquota"' >autoresponsequota.h
++	echo '#define AUTORESPONSEQUOTA "$(sysconfdir)/maildrop/autoresponsesquota"' >autoresponsequota.h
+ 
+ quotawarnmsg.h: config.status
+-	echo '#define QUOTAWARNMSG "$(sysconfdir)/quotawarnmsg"' >quotawarnmsg.h
++	echo '#define QUOTAWARNMSG "$(sysconfdir)/maildrop/quotawarnmsg"' >quotawarnmsg.h
+ maildir.libdeps: config.status
+ 	echo @LIBFAM@ >maildir.libdeps
+ 

mail/maildrop/patches/patch-maildrop_Makefile_in

@@ -0,0 +1,12 @@
+$OpenBSD: patch-maildrop_Makefile_in,v 1.1 2006/11/03 13:52:19 mbalmer Exp $
+--- maildrop/Makefile.in.orig	Fri Jan 21 08:15:18 2005
++++ maildrop/Makefile.in	Fri Jan 21 08:15:49 2005
+@@ -166,7 +166,7 @@ AUTOMAKE = srcdir=${srcdir} @SHELL@ ${sr
+ AWK = @AWK@
+ CC = @CC@
+ CCDEPMODE = @CCDEPMODE@
+-CFLAGS = @CFLAGS@
++CFLAGS = @CFLAGS@ -I/usr/local/include
+ COURIERAUTHCONFIG = @COURIERAUTHCONFIG@
+ CPP = @CPP@
+ CPPFLAGS = @CPPFLAGS@

mail/maildrop/patches/patch-maildrop_configure

@@ -0,0 +1,23 @@
+$OpenBSD: patch-maildrop_configure,v 1.1 2006/11/03 13:52:19 mbalmer Exp $
+--- maildrop/configure.orig	Sat Jan  7 20:08:16 2006
++++ maildrop/configure	Sat Jan  7 20:21:41 2006
+@@ -22317,17 +22317,12 @@ echo "$as_me:$LINENO: result: $maildrop_
+ echo "${ECHO_T}$maildrop_cv_SYS_INSTALL_RESET_GID" >&6
+ 
+ # Check whether --with-default-maildrop or --without-default-maildrop was given.
+-if test "${with_default_maildrop+set}" = set; then
++if false; then
+   withval="$with_default_maildrop"
+   maildrop_cv_SYS_INSTALL_MBOXDIR="$withval"
+ else
+   # Courier defaults to ./Maildir
+-
+-	if test -d $srcdir/../courier
+-	then
+-		maildrop_cv_SYS_INSTALL_MBOXDIR=./Maildir
+-	fi
+-
++  maildrop_cv_SYS_INSTALL_MBOXDIR=./Maildir
+ fi;
+ 
+ 

mail/maildrop/patches/patch-maildrop_maildrop_1_in

@@ -0,0 +1,12 @@
+$OpenBSD: patch-maildrop_maildrop_1_in,v 1.1 2006/11/03 13:52:19 mbalmer Exp $
+--- maildrop/maildrop.1.in.orig	Sat Jan 29 12:08:36 2005
++++ maildrop/maildrop.1.in	Sat Jan 29 12:09:03 2005
+@@ -163,7 +163,7 @@ group or world permissions.
+ .SH "TEMPORARY FILES"
+ .PP
+ \fBmaildrop\fR is heavily optimized and tries to use as
+-little resources as possible. \fBmaildrop\fR reads smalle
++little resources as possible. \fBmaildrop\fR reads small
+ messages into
+ memory, then filters and/or delivers the message directly from memory. For
+ larger messages, \fBmaildrop\fR accesses the message directly

mail/maildrop/patches/patch-maildrop_maildropfilter_7_in

@@ -0,0 +1,12 @@
+$OpenBSD: patch-maildrop_maildropfilter_7_in,v 1.1 2006/11/03 13:52:19 mbalmer Exp $
+--- maildrop/maildropfilter.7.in.orig	Tue Feb  1 02:46:57 2005
++++ maildrop/maildropfilter.7.in	Tue Feb  1 02:47:22 2005
+@@ -295,7 +295,7 @@ file, in order to avoid a race condition
+ also trying to remove the same stale dot-lock, at the same time.
+ .TP
+ \fBLOGNAME\fR
+-Name of the user to who the message is being
++Name of the user to whom the message is being
+ delivered.
+ .TP
+ \fBMAILFILTER\fR