[packages/spamassassin] - up to 3.4.6; fixes CVE-2020-1946 (in 3.4.5)
arekm
arekm at pld-linux.org
Wed May 26 13:24:16 CEST 2021
commit 24ca2c6fe75a771b7da96b2daa50e816a3ed39d1
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed May 26 13:23:49 2021 +0200
- up to 3.4.6; fixes CVE-2020-1946 (in 3.4.5)
bug_771408_perl_version | 11 ++++++-----
spamassassin.spec | 5 +++--
2 files changed, 9 insertions(+), 7 deletions(-)
---
diff --git a/spamassassin.spec b/spamassassin.spec
index a10c0d6..86dbef6 100644
--- a/spamassassin.spec
+++ b/spamassassin.spec
@@ -11,12 +11,12 @@
Summary: A spam filter for email which can be invoked from mail delivery agents
Summary(pl.UTF-8): Filtr antyspamowy, przeznaczony dla programów dostarczających pocztę (MDA)
Name: spamassassin
-Version: 3.4.4
+Version: 3.4.6
Release: 1
License: Apache v2.0
Group: Applications/Mail
Source0: http://ftp.ps.pl/pub/apache//spamassassin/source/%{pdir}-%{pnam}-%{version}.tar.bz2
-# Source0-md5: ce51fe5665d5838c56db6712846b58bb
+# Source0-md5: 0ef3f64ffcdf6f1e96068e19a16ce1be
Source1: %{name}.sysconfig
Source2: %{name}-spamd.init
Source3: %{name}-default.rc
@@ -355,6 +355,7 @@ fi
# It's needed for help of spamassassin command.
%{perl_vendorlib}/spamassassin-run.pod
+%{_mandir}/man1/sa-check_spamd.1*
%{_mandir}/man1/sa-learn.1*
%{_mandir}/man1/spamassassin.1*
%{_mandir}/man1/spamassassin-run.1*
diff --git a/bug_771408_perl_version b/bug_771408_perl_version
index f51e0bf..e22b385 100644
--- a/bug_771408_perl_version
+++ b/bug_771408_perl_version
@@ -1,9 +1,10 @@
upstream fix for bug #771408
Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf/Parser.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
-@@ -536,6 +536,9 @@ sub handle_conditional {
+diff -urNp -x '*.orig' Mail-SpamAssassin-3.4.4.org/lib/Mail/SpamAssassin/Conf/Parser.pm Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Conf/Parser.pm
+--- Mail-SpamAssassin-3.4.4.org/lib/Mail/SpamAssassin/Conf/Parser.pm 2020-01-25 03:50:49.000000000 +0100
++++ Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Conf/Parser.pm 2021-03-10 14:52:59.391415202 +0100
+@@ -537,6 +537,9 @@ sub handle_conditional {
elsif ($token eq 'perl_version') {
$eval .= $]." ";
}
@@ -11,5 +12,5 @@ Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
+ $eval .= $]." ";
+ }
elsif ($token =~ /^\w[\w\:]+$/) { # class name
- my $u = untaint_var($token);
- $eval .= '"' . $u . '" ';
+ # Strictly controlled form:
+ if ($token =~ /^(?:\w+::){0,10}\w+$/) {
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/spamassassin.git/commitdiff/24ca2c6fe75a771b7da96b2daa50e816a3ed39d1
More information about the pld-cvs-commit
mailing list