Call setgid(2) before initgroups(3), otherwise we end up with an empty

group list and havp will get the gid of the last entry in groups(5). ok giovanni@ (maintainer) robert@ jasper@
2012-05-17 09:10:44 +00:00 · 2012-05-17 09:10:44 +00:00 · f1d3309b8f
commit f1d3309b8f
parent 7d8652ecf1
3 changed files with 39 additions and 6 deletions
--- a/www/havp/Makefile
+++ b/www/havp/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.13 2011/11/30 11:00:59 robert Exp $
+# $OpenBSD: Makefile,v 1.14 2012/05/17 09:10:44 ajacoutot Exp $

 COMMENT=	web proxy with antivirus filter

@ -6,7 +6,7 @@ DISTNAME=	havp-0.92a
 CATEGORIES=	www
 MASTER_SITES=	${HOMEPAGE}/download/

-REVISION=	0
+REVISION=	1

 HOMEPAGE=	http://www.server-side.de/

--- a/www/havp/patches/patch-etc_havp_havp_config_in
+++ b/www/havp/patches/patch-etc_havp_havp_config_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-etc_havp_havp_config_in,v 1.1.1.1 2008/06/04 10:56:15 sthen Exp $
--- etc/havp/havp.config.in.orig	Tue Apr 15 10:55:20 2008
-+++ etc/havp/havp.config.in	Fri May 23 10:39:10 2008
+$OpenBSD: patch-etc_havp_havp_config_in,v 1.2 2012/05/17 09:10:44 ajacoutot Exp $
+--- etc/havp/havp.config.in.orig	Fri Apr  2 15:33:34 2010
+++ etc/havp/havp.config.in	Wed May 16 19:41:48 2012
@@ -24,8 +24,8 @@ REMOVETHISLINE deleteme
 # used by any other program.
 #
@ -12,7 +12,7 @@ $OpenBSD: patch-etc_havp_havp_config_in,v 1.1.1.1 2008/06/04 10:56:15 sthen Exp
 
 # If this is true HAVP is running as daemon in background.
 # For testing you may run HAVP at your text console.
-@@ -430,7 +430,7 @@ ENABLECLAMD false
+@@ -479,7 +479,7 @@ ENABLECLAMD false
 # Path to clamd socket
 #
 # Default:
--- a/www/havp/patches/patch-havp_helper_cpp
+++ b/www/havp/patches/patch-havp_helper_cpp
@ -0,0 +1,33 @@
+$OpenBSD: patch-havp_helper_cpp,v 1.1 2012/05/17 09:10:44 ajacoutot Exp $
+--- havp/helper.cpp.orig	Wed May 16 19:42:02 2012
+++ havp/helper.cpp	Wed May 16 19:42:43 2012
+@@ -325,6 +325,16 @@ bool ChangeUserAndGroup( string usr, string grp )
+         return false;
+     }
+ 
+    /*
+     * Set the GID before initgroups(), since on some platforms
+     * setgid() is known to zap the group list.
+     */
+    if ( setgid( my_group->gr_gid ) < 0 )
+    {
+        cout << "Could not change group to: " << grp << endl;
+        return false;
+    }
+
+ #ifdef HAVE_INITGROUPS
+     if ( initgroups( usr.c_str(), user->pw_gid ) )
+     {
+@@ -340,12 +350,6 @@ bool ChangeUserAndGroup( string usr, string grp )
+     }
+ #endif
+ #endif
+-
+-    if ( setgid( my_group->gr_gid ) < 0 )
+-    {
+-        cout << "Could not change group to: " << grp << endl;
+-        return false;
+-    }
+ 
+     if ( setuid( user->pw_uid ) < 0 )
+     {