From 3c13191e8d504e3b0eaf1c639be4201a7ea21ed7 Mon Sep 17 00:00:00 2001 From: tron Date: Thu, 3 Dec 2009 10:07:48 +0000 Subject: Pullup ticket #2940 - requested by taca pear-Mail: security update Revisions pulled up: - mail/pear-Mail/Makefile 1.10 - mail/pear-Mail/distinfo 1.3-1.4 - mail/pear-Mail/patches/patch-ab 1.1 - mail/pear-Mail/patches/patch-aa 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Nov 30 06:16:56 UTC 2009 Modified Files: pkgsrc/mail/pear-Mail: Makefile distinfo Added Files: pkgsrc/mail/pear-Mail/patches: patch-aa Log Message: Add a fix for http://secunia.com/advisories/37410/ refering Debian's patch via http://secunia.com/advisories/37458/ Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 3 08:11:40 UTC 2009 Modified Files: pkgsrc/mail/pear-Mail: distinfo Added Files: pkgsrc/mail/pear-Mail/patches: patch-ab Log Message: Try to fix build problem on amd64 (at least). --- mail/pear-Mail/Makefile | 4 ++-- mail/pear-Mail/distinfo | 4 +++- mail/pear-Mail/patches/patch-aa | 25 +++++++++++++++++++++++++ mail/pear-Mail/patches/patch-ab | 13 +++++++++++++ 4 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 mail/pear-Mail/patches/patch-aa create mode 100644 mail/pear-Mail/patches/patch-ab diff --git a/mail/pear-Mail/Makefile b/mail/pear-Mail/Makefile index cde17dd519f..4308c63366c 100644 --- a/mail/pear-Mail/Makefile +++ b/mail/pear-Mail/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.9.2.2 2009/12/03 07:37:18 tron Exp $ +# $NetBSD: Makefile,v 1.9.2.3 2009/12/03 10:07:48 tron Exp $ DISTNAME= Mail-1.1.14 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= mail CONFLICTS= php-pear-Mail-[0-9]* diff --git a/mail/pear-Mail/distinfo b/mail/pear-Mail/distinfo index 3780b9b8b31..8aef4e93b61 100644 --- a/mail/pear-Mail/distinfo +++ b/mail/pear-Mail/distinfo @@ -1,5 +1,7 @@ -$NetBSD: distinfo,v 1.2.28.2 2009/12/03 07:37:18 tron Exp $ +$NetBSD: distinfo,v 1.2.28.3 2009/12/03 10:07:48 tron Exp $ SHA1 (pear/Mail-1.1.14.tgz) = 6c46636e0df3c0a813df3cbda1fd5afac987069d RMD160 (pear/Mail-1.1.14.tgz) = 72c0c7018b92ef97789f723a1970c41471bd165f Size (pear/Mail-1.1.14.tgz) = 17537 bytes +SHA1 (patch-aa) = ef6b0afa4e45789bb82065413c7b1305f92daf72 +SHA1 (patch-ab) = a897f545f2a36e87d9bd5ab6f0a8810a115708f9 diff --git a/mail/pear-Mail/patches/patch-aa b/mail/pear-Mail/patches/patch-aa new file mode 100644 index 00000000000..684cd54a4c7 --- /dev/null +++ b/mail/pear-Mail/patches/patch-aa @@ -0,0 +1,25 @@ +$NetBSD: patch-aa,v 1.1.2.4 2009/12/03 10:07:48 tron Exp $ + +Fix for http://secunia.com/advisories/37410/: + refering Debian's patch via http://secunia.com/advisories/37458/ + +--- Mail/sendmail.php.orig 2006-09-26 21:44:11.000000000 +0900 ++++ Mail/sendmail.php +@@ -108,7 +108,7 @@ class Mail_sendmail extends Mail { + if (PEAR::isError($recipients)) { + return $recipients; + } +- $recipients = escapeShellCmd(implode(' ', $recipients)); ++ $recipients = implode(' ', array_map('escapeshellarg', $recipients)); + + $this->_sanitizeHeaders($headers); + $headerElements = $this->prepareHeaders($headers); +@@ -126,7 +126,7 @@ class Mail_sendmail extends Mail { + return PEAR::raiseError('From address specified with dangerous characters.'); + } + +- $from = escapeShellCmd($from); ++ $from = escapeShellArg($from); + $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w'); + if (!$mail) { + return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.'); diff --git a/mail/pear-Mail/patches/patch-ab b/mail/pear-Mail/patches/patch-ab new file mode 100644 index 00000000000..9d27ddf8b62 --- /dev/null +++ b/mail/pear-Mail/patches/patch-ab @@ -0,0 +1,13 @@ +$NetBSD: patch-ab,v 1.1.2.2 2009/12/03 10:07:48 tron Exp $ + +--- ../package.xml.orig 2006-10-12 05:32:51.000000000 +0900 ++++ ../package.xml +@@ -52,7 +52,7 @@ + + + +- ++ + + + -- cgit v1.2.3