[spamassassin-FuzzyOcr/f15/master] - fix bugzilla #640504

[topdog]

commit a24c05c2520d95aa1e95a23e7bf5b33d73afabaa
Author: Andrew Colin Kissa <andrew at topdog.za.net>
Date:   Sat Feb 12 13:52:44 2011 +0200

    - fix bugzilla #640504

 fuzzyocr-fix-untaint-issue.patch |   33 +++++++++++++++++++++++++++++++++
 spamassassin-FuzzyOcr.spec       |    7 ++++++-
 2 files changed, 39 insertions(+), 1 deletions(-)
---
diff --git a/fuzzyocr-fix-untaint-issue.patch b/fuzzyocr-fix-untaint-issue.patch
new file mode 100644
index 0000000..71f6b73
--- /dev/null
+++ b/fuzzyocr-fix-untaint-issue.patch
@@ -0,0 +1,33 @@
+--- a/FuzzyOcr/Config.pm
++++ b/FuzzyOcr/Config.pm
+@@ -577,7 +577,7 @@ sub parse_config {
+         return 1;
+     } elsif ($opts->{key} eq 'focr_bin_helper') {
+         my @cmd; $conf = $opts->{conf};
+-        my $val = $opts->{value}; $val =~ s/[\s]*//g;
++        my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val =~ s/[\s]*//g;
+         debuglog("focr_bin_helper: '$val'");
+         foreach my $bin (split(',',$val)) {
+             unless (grep {m/$bin/} @bin_utils) {
+@@ -618,6 +618,7 @@ sub finish_parsing_end {
+             delete $conf->{$b};
+         } 
+         if (defined $conf->{$b}) {
++            $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b});
+             debuglog("Using $a => $conf->{$b}");
+         } else {
+             foreach my $p (@paths) {
+diff --git a/FuzzyOcr/Logging.pm b/FuzzyOcr/Logging.pm
+index bed9ff5..ef02b32 100644
+--- a/FuzzyOcr/Logging.pm
++++ b/FuzzyOcr/Logging.pm
+@@ -31,7 +31,8 @@ sub logfile {
+     my $time = strftime("%Y-%m-%d %H:%M:%S",localtime(time));
+     $logtext =~ s/\n/\n                      /g;
+ 
+-    unless ( open LOGFILE, ">>", $conf->{focr_logfile} ) {
++    my $fname = Mail::SpamAssassin::Util::untaint_file_path($conf->{focr_logfile});
++    unless ( open LOGFILE, ">>", $fname ) {
+        warn "Can't open $conf->{focr_logfile} for writing, check permissions";
+        return;
+     }
diff --git a/spamassassin-FuzzyOcr.spec b/spamassassin-FuzzyOcr.spec
index 0226776..0424919 100644
--- a/spamassassin-FuzzyOcr.spec
+++ b/spamassassin-FuzzyOcr.spec
@@ -1,11 +1,12 @@
 Name:           spamassassin-FuzzyOcr
 Version:        3.6.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Spamassassin plugin to identify image spam
 Group:          Applications/Internet
 License:        ASL 2.0
 URL:            http://fuzzyocr.own-hero.net/
 Source0:        http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-%{version}.tar.gz
+Patch1:         fuzzyocr-fix-untaint-issue.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
 Requires:       spamassassin perl-String-Approx netpbm-progs ocrad gifsicle giflib-utils
@@ -20,6 +21,7 @@ distinguish between normal mails (Ham) and spam mails.
 
 %prep
 %setup -q -n FuzzyOcr-%{version}
+%patch1 -p1
 %{__perl} -pi -e 's|/usr/local/bin/perl|%{__perl}|' Utils/fuzzy-*
 %{__perl} -pi -e 's|FuzzyOcr.pm|%{perl_vendorlib}/FuzzyOcr.pm|' FuzzyOcr.cf
 %{__perl} -pi -e 's|#focr_verbose 3|focr_verbose 0|' FuzzyOcr.cf
@@ -53,6 +55,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Sat Feb 12 2011 Andrew Colin Kissa <andrew at topdog.za.net> - 3.6.0-6
+- fix bugzilla bug #640504
+
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.6.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild