Removed patch-ar again, as I have found a way to exploit it. Bumped

PKGREVISION.

1 files changed, 0 insertions, 19 deletions

diff --git a/mail/spamassassin/patches/patch-ar b/mail/spamassassin/patches/patch-ar
deleted file mode 100644
index 5573bb139bc..00000000000
--- a/mail/spamassassin/patches/patch-ar
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-ar,v 1.3 2005/11/22 10:35:00 rillig Exp $
-
-See http://mail-index.netbsd.org/tech-pkg/2005/11/22/0003.html
-
---- lib/Mail/SpamAssassin/Conf/Parser.pm.orig	Fri Aug 12 02:38:46 2005
-+++ lib/Mail/SpamAssassin/Conf/Parser.pm	Tue Nov 22 11:31:13 2005
-@@ -908,6 +908,12 @@ sub is_regexp_valid {
-   # will therefore open a hole!
-   if (eval { ("" =~ m#${re}#); 1; }) {
- 
-+    # untaint $safere. We know it's safe since $re, which is derived from
-+    # $safere, passed the above test for code injection. Just good that
-+    # Perl prevents injection of (?{...}) and (??{...}) groups automatically,
-+    # so we don't need to check for that.
-+    if ($safere =~ m#^(.*)$#) { $safere = $1; }
-+    
-     # now double-check -- try with the user-supplied delimiters as well
-     my $evalstr = '("" =~ '.$safere.'); 1;';
-     if (eval $evalstr) {