Added patch-ar, which fixes a Perl error in tainted mode. Removed the

checksum of the non-existant patch-ax from distinfo.

1 files changed, 19 insertions, 0 deletions

diff --git a/mail/spamassassin/patches/patch-ar b/mail/spamassassin/patches/patch-ar
new file mode 100644
index 00000000000..5573bb139bc
--- /dev/null
+++ b/mail/spamassassin/patches/patch-ar
@@ -0,0 +1,19 @@
+$NetBSD: patch-ar,v 1.3 2005/11/22 10:35:00 rillig Exp $
+
+See http://mail-index.netbsd.org/tech-pkg/2005/11/22/0003.html
+
+--- lib/Mail/SpamAssassin/Conf/Parser.pm.orig	Fri Aug 12 02:38:46 2005
++++ lib/Mail/SpamAssassin/Conf/Parser.pm	Tue Nov 22 11:31:13 2005
+@@ -908,6 +908,12 @@ sub is_regexp_valid {
+   # will therefore open a hole!
+   if (eval { ("" =~ m#${re}#); 1; }) {
+ 
++    # untaint $safere. We know it's safe since $re, which is derived from
++    # $safere, passed the above test for code injection. Just good that
++    # Perl prevents injection of (?{...}) and (??{...}) groups automatically,
++    # so we don't need to check for that.
++    if ($safere =~ m#^(.*)$#) { $safere = $1; }
++    
+     # now double-check -- try with the user-supplied delimiters as well
+     my $evalstr = '("" =~ '.$safere.'); 1;';
+     if (eval $evalstr) {