diff options
| author | rillig <rillig@pkgsrc.org> | 2005-11-22 10:35:00 +0000 |
|---|---|---|
| committer | rillig <rillig@pkgsrc.org> | 2005-11-22 10:35:00 +0000 |
| commit | b3301f44a4689563061ad2d7090add6b2d21bbbc (patch) | |
| tree | a13810788a88ac5db900535f16cdbf9b793924f6 /mail | |
| parent | fbde1877159889c465c99405ef71db23e03d0e97 (diff) | |
| download | pkgsrc-b3301f44a4689563061ad2d7090add6b2d21bbbc.tar.gz | |
Added patch-ar, which fixes a Perl error in tainted mode. Removed the
checksum of the non-existant patch-ax from distinfo.
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/spamassassin/distinfo | 4 | ||||
| -rw-r--r-- | mail/spamassassin/patches/patch-ar | 19 |
2 files changed, 21 insertions, 2 deletions
diff --git a/mail/spamassassin/distinfo b/mail/spamassassin/distinfo index 47b396a9ca4..65e4b07da3c 100644 --- a/mail/spamassassin/distinfo +++ b/mail/spamassassin/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.32 2005/11/13 22:48:32 heinz Exp $ +$NetBSD: distinfo,v 1.33 2005/11/22 10:35:00 rillig Exp $ SHA1 (Mail-SpamAssassin-3.1.0.tar.gz) = d887cbae5962cb03e45aaf71cd93881a27cccc99 RMD160 (Mail-SpamAssassin-3.1.0.tar.gz) = 20dc1b8befcc72545b6136e58a9fcce143480ccd @@ -7,4 +7,4 @@ SHA1 (patch-ab) = e1cebc78255d3a72b75b2494f6539957742b0cea SHA1 (patch-ad) = 1949ac07780ed2c10cdff77ce2ac9982d18a9559 SHA1 (patch-ae) = 1461b24978c75c394c607ae1d49cb49dd086b563 SHA1 (patch-aq) = 495a3ac94a05129520e5d7018fdd56b6dad3c951 -SHA1 (patch-ax) = d874d0b0b03a90e2db1242ec6c2f99f60452abc4 +SHA1 (patch-ar) = f25adfc8ec072a0c82a0710651a60847c6d4bcb7 diff --git a/mail/spamassassin/patches/patch-ar b/mail/spamassassin/patches/patch-ar new file mode 100644 index 00000000000..5573bb139bc --- /dev/null +++ b/mail/spamassassin/patches/patch-ar @@ -0,0 +1,19 @@ +$NetBSD: patch-ar,v 1.3 2005/11/22 10:35:00 rillig Exp $ + +See http://mail-index.netbsd.org/tech-pkg/2005/11/22/0003.html + +--- lib/Mail/SpamAssassin/Conf/Parser.pm.orig Fri Aug 12 02:38:46 2005 ++++ lib/Mail/SpamAssassin/Conf/Parser.pm Tue Nov 22 11:31:13 2005 +@@ -908,6 +908,12 @@ sub is_regexp_valid { + # will therefore open a hole! + if (eval { ("" =~ m#${re}#); 1; }) { + ++ # untaint $safere. We know it's safe since $re, which is derived from ++ # $safere, passed the above test for code injection. Just good that ++ # Perl prevents injection of (?{...}) and (??{...}) groups automatically, ++ # so we don't need to check for that. ++ if ($safere =~ m#^(.*)$#) { $safere = $1; } ++ + # now double-check -- try with the user-supplied delimiters as well + my $evalstr = '("" =~ '.$safere.'); 1;'; + if (eval $evalstr) { |