From d940be6613a05ff8dda1a1aa02ca7bdef83a21ac Mon Sep 17 00:00:00 2001
From: Warren Togami <wtogami@fedoraproject.org>
Date: Thu, 2 Aug 2007 20:02:47 +0000
Subject: [PATCH] Fix SA#5574 which cripples dcc/pyzor users

---
 Mail-SpamAssassin-3.2.2-bug5574-setuid.patch | 174 +++++++++++++++++++
 spamassassin.spec                            |   7 +-
 2 files changed, 180 insertions(+), 1 deletion(-)
 create mode 100644 Mail-SpamAssassin-3.2.2-bug5574-setuid.patch

diff --git a/Mail-SpamAssassin-3.2.2-bug5574-setuid.patch b/Mail-SpamAssassin-3.2.2-bug5574-setuid.patch
new file mode 100644
index 0000000..34f0166
--- /dev/null
+++ b/Mail-SpamAssassin-3.2.2-bug5574-setuid.patch
@@ -0,0 +1,174 @@
+Index: MANIFEST
+===================================================================
+--- MANIFEST	(revision 558745)
++++ MANIFEST	(working copy)
+@@ -502,3 +502,5 @@
+ t/spamc_H.t
+ t/spamc_x_E_R.t
+ t/spamc_x_e.t
++t/root_spamd_u.t
++t/root_spamd_u_dcc.t
+Index: lib/Mail/SpamAssassin/Util.pm
+===================================================================
+--- lib/Mail/SpamAssassin/Util.pm	(revision 558745)
++++ lib/Mail/SpamAssassin/Util.pm	(working copy)
+@@ -1336,6 +1336,7 @@
+     # bug 3586: kludges needed to work around platform dependent behavior assigning to $<
+     #  The POSIX functions deal with that so just use it here
+     POSIX::setuid($touid);
++    $< = $touid; $> = $touid;       # bug 5574
+ 
+     # Check that we have now accomplished the setuid: catch bug 3586 if it comes back
+     if ($< != $touid) {
+Index: t/root_spamd_u_dcc.t
+===================================================================
+--- t/root_spamd_u_dcc.t	(revision 0)
++++ t/root_spamd_u_dcc.t	(revision 0)
+@@ -0,0 +1,65 @@
++#!/usr/bin/perl
++#
++# test for http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5574#c12 .
++# run with:   sudo prove -v t/root_spamd*
++
++use lib '.'; use lib 't';
++use SATest; sa_t_init("root_spamd_u_dcc");
++use Test;
++
++use constant TEST_ENABLED => conf_bool('run_root_tests');
++use constant DCC_TEST_ENABLED => conf_bool('run_dcc_tests');
++use constant IS_ROOT => eval { ($> == 0); };
++use constant RUN_TESTS => (TEST_ENABLED && DCC_TEST_ENABLED && IS_ROOT);
++
++BEGIN { plan tests => (RUN_TESTS ? 23 : 0) };
++exit unless RUN_TESTS;
++
++# ---------------------------------------------------------------------------
++
++%patterns = (
++        q{ spam reported to DCC }, 'dcc report',
++            );
++
++tstpre ("
++
++  loadplugin Mail::SpamAssassin::Plugin::DCC
++  dcc_timeout 30
++
++");
++
++ok sarun ("-t -D info -r < data/spam/gtubedcc.eml 2>&1", \&patterns_run_cb);
++# ok_all_patterns();
++
++# ---------------------------------------------------------------------------
++
++%patterns = (
++
++q{ X-Spam-Status: Yes, score=}, 'status',
++q{ X-Spam-Flag: YES}, 'flag',
++q{ X-Spam-Level: **********}, 'stars',
++
++);
++
++# run spamc as unpriv uid
++$spamc = "sudo -u nobody $spamc";
++
++$SIG{ALRM} = sub { stop_spamd(); die "timed out"; };
++alarm 60;
++ok(start_spamd("-c -H -m1"));
++alarm 0;
++
++# run a few times to ensure that the child can process more than
++# one message successfully. do not bother looking for the dcc
++# result; we just want to ensure that the check did not cause
++# the spamd kids to get hung
++for my $try (1 .. 5) {
++  $SIG{ALRM} = sub { stop_spamd(); die "timed out"; };
++  alarm 30;
++  ok(spamcrun("< data/spam/gtubedcc.eml", \&patterns_run_cb));
++  alarm 0;
++  ok_all_patterns();
++}
++
++ok(stop_spamd());
++
+
+Property changes on: t/root_spamd_u_dcc.t
+___________________________________________________________________
+Name: svn:executable
+   + *
+
+Index: t/root_spamd_u.t
+===================================================================
+--- t/root_spamd_u.t	(revision 0)
++++ t/root_spamd_u.t	(revision 0)
+@@ -0,0 +1,48 @@
++#!/usr/bin/perl
++
++# run with:   sudo prove -v t/root_spamd*
++
++use lib '.'; use lib 't';
++use SATest; sa_t_init("root_spamd_u");
++use Test;
++
++use constant TEST_ENABLED => conf_bool('run_root_tests');
++use constant IS_ROOT => eval { ($> == 0); };
++use constant RUN_TESTS => (TEST_ENABLED && IS_ROOT);
++
++BEGIN { plan tests => (RUN_TESTS ? 14 : 0) };
++exit unless RUN_TESTS;
++
++# ---------------------------------------------------------------------------
++
++%patterns = (
++
++q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
++q{ Subject: There yours for FREE!}, 'subj',
++q{ X-Spam-Status: Yes, score=}, 'status',
++q{ X-Spam-Flag: YES}, 'flag',
++q{ X-Spam-Level: **********}, 'stars',
++q{ TEST_ENDSNUMS}, 'endsinnums',
++q{ TEST_NOREALNAME}, 'noreal',
++q{ This must be the very last line}, 'lastline',
++
++);
++
++# run spamc as unpriv uid
++$spamc = "sudo -u nobody $spamc";
++
++ok(start_spamd("-L -u nobody"));
++
++ok(spamcrun("< data/spam/001", \&patterns_run_cb));
++ok_all_patterns();
++
++%patterns = (
++q{ X-Spam-Status: Yes, score=}, 'status',
++q{ X-Spam-Flag: YES}, 'flag',
++             );
++
++
++ok (spamcrun("< data/spam/018", \&patterns_run_cb));
++ok_all_patterns();
++
++ok(stop_spamd());
+
+Property changes on: t/root_spamd_u.t
+___________________________________________________________________
+Name: svn:executable
+   + *
+
+Index: spamd/spamd.raw
+===================================================================
+--- spamd/spamd.raw	(revision 558745)
++++ spamd/spamd.raw	(working copy)
+@@ -1024,10 +1024,11 @@
+       # use the POSIX functions to hide the platform specific workarounds 
+       POSIX::setgid($ugid);  # set effective and real gid
+       POSIX::setuid($uuid);  # set effective and real UID
++      $< = $uuid; $> = $uuid;   # bug 5574
+ 
+       # keep the sanity check to catch problems like bug 3900 just in case
+       if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) {
+-        die "spamd: setuid to uid $uuid failed\n";
++        die "spamd: setuid to uid $uuid failed (> = $>, < = $<)\n";
+       }
+     }
+ 
diff --git a/spamassassin.spec b/spamassassin.spec
index abdb729..11a9977 100644
--- a/spamassassin.spec
+++ b/spamassassin.spec
@@ -14,7 +14,7 @@
 Summary: Spam filter for email which can be invoked from mail delivery agents.
 Name: spamassassin
 Version: 3.2.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: Apache License
 Group: Applications/Internet
 URL: http://spamassassin.apache.org/
@@ -30,6 +30,7 @@ Source10: spamassassin-helper.sh
 # Patches 0-99 are RH specific
 # none yet
 # Patches 100+ are SVN backports (DO NOT REUSE!)
+Patch100: Mail-SpamAssassin-3.2.2-bug5574-setuid.patch
 # end of patches
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 Buildroot: %{_tmppath}/%{name}-root
@@ -92,6 +93,7 @@ To filter spam for all users, add that line to /etc/procmailrc
 # Patches 0-99 are RH specific
 # none yet
 # Patches 100+ are SVN backports (DO NOT REUSE!)
+%patch100 -p0
 # end of patches
 
 %build
@@ -193,6 +195,9 @@ fi
 exit 0
 
 %changelog
+* Thu Aug 2 2007 Warren Togami <wtogami@redhat.com> 3.2.2-2
+- Fix SA#5574 which cripples dcc/pyzor users
+
 * Wed Jul 25 2007 Warren Togami <wtogami@redhat.com> 3.2.2-1
 - 3.2.2 minor bugfix release