[spamassassin-FuzzyOcr/f15/master] - fix bugzilla #640504
topdog
topdog at fedoraproject.org
Sat Feb 12 11:57:40 UTC 2011
commit a24c05c2520d95aa1e95a23e7bf5b33d73afabaa
Author: Andrew Colin Kissa <andrew at topdog.za.net>
Date: Sat Feb 12 13:52:44 2011 +0200
- fix bugzilla #640504
fuzzyocr-fix-untaint-issue.patch | 33 +++++++++++++++++++++++++++++++++
spamassassin-FuzzyOcr.spec | 7 ++++++-
2 files changed, 39 insertions(+), 1 deletions(-)
---
diff --git a/fuzzyocr-fix-untaint-issue.patch b/fuzzyocr-fix-untaint-issue.patch
new file mode 100644
index 0000000..71f6b73
--- /dev/null
+++ b/fuzzyocr-fix-untaint-issue.patch
@@ -0,0 +1,33 @@
+--- a/FuzzyOcr/Config.pm
++++ b/FuzzyOcr/Config.pm
+@@ -577,7 +577,7 @@ sub parse_config {
+ return 1;
+ } elsif ($opts->{key} eq 'focr_bin_helper') {
+ my @cmd; $conf = $opts->{conf};
+- my $val = $opts->{value}; $val =~ s/[\s]*//g;
++ my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val =~ s/[\s]*//g;
+ debuglog("focr_bin_helper: '$val'");
+ foreach my $bin (split(',',$val)) {
+ unless (grep {m/$bin/} @bin_utils) {
+@@ -618,6 +618,7 @@ sub finish_parsing_end {
+ delete $conf->{$b};
+ }
+ if (defined $conf->{$b}) {
++ $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b});
+ debuglog("Using $a => $conf->{$b}");
+ } else {
+ foreach my $p (@paths) {
+diff --git a/FuzzyOcr/Logging.pm b/FuzzyOcr/Logging.pm
+index bed9ff5..ef02b32 100644
+--- a/FuzzyOcr/Logging.pm
++++ b/FuzzyOcr/Logging.pm
+@@ -31,7 +31,8 @@ sub logfile {
+ my $time = strftime("%Y-%m-%d %H:%M:%S",localtime(time));
+ $logtext =~ s/\n/\n /g;
+
+- unless ( open LOGFILE, ">>", $conf->{focr_logfile} ) {
++ my $fname = Mail::SpamAssassin::Util::untaint_file_path($conf->{focr_logfile});
++ unless ( open LOGFILE, ">>", $fname ) {
+ warn "Can't open $conf->{focr_logfile} for writing, check permissions";
+ return;
+ }
diff --git a/spamassassin-FuzzyOcr.spec b/spamassassin-FuzzyOcr.spec
index 0226776..0424919 100644
--- a/spamassassin-FuzzyOcr.spec
+++ b/spamassassin-FuzzyOcr.spec
@@ -1,11 +1,12 @@
Name: spamassassin-FuzzyOcr
Version: 3.6.0
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: Spamassassin plugin to identify image spam
Group: Applications/Internet
License: ASL 2.0
URL: http://fuzzyocr.own-hero.net/
Source0: http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-%{version}.tar.gz
+Patch1: fuzzyocr-fix-untaint-issue.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Requires: spamassassin perl-String-Approx netpbm-progs ocrad gifsicle giflib-utils
@@ -20,6 +21,7 @@ distinguish between normal mails (Ham) and spam mails.
%prep
%setup -q -n FuzzyOcr-%{version}
+%patch1 -p1
%{__perl} -pi -e 's|/usr/local/bin/perl|%{__perl}|' Utils/fuzzy-*
%{__perl} -pi -e 's|FuzzyOcr.pm|%{perl_vendorlib}/FuzzyOcr.pm|' FuzzyOcr.cf
%{__perl} -pi -e 's|#focr_verbose 3|focr_verbose 0|' FuzzyOcr.cf
@@ -53,6 +55,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Sat Feb 12 2011 Andrew Colin Kissa <andrew at topdog.za.net> - 3.6.0-6
+- fix bugzilla bug #640504
+
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.6.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
More information about the scm-commits
mailing list