packages: spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr-untaint...

blues blues at pld-linux.org
Wed Apr 7 15:47:45 CEST 2010 

Author: blues                        Date: Wed Apr  7 13:47:45 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel.3 - more untainting with logfile

---- Files affected:
packages/spamassassin-plugin-fuzzyocr:
   spamassassin-plugin-fuzzyocr-untaint.patch (1.1 -> 1.2) , spamassassin-plugin-fuzzyocr.spec (1.33 -> 1.34) 

---- Diffs:

================================================================
Index: packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr-untaint.patch
diff -u packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr-untaint.patch:1.1 packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr-untaint.patch:1.2
--- packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr-untaint.patch:1.1	Wed Apr  7 12:28:25 2010
+++ packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr-untaint.patch	Wed Apr  7 15:47:39 2010
@@ -9,3 +9,16 @@
          debuglog("focr_bin_helper: '$val'");
          foreach my $bin (split(',',$val)) {
              unless (grep {m/$bin/} @bin_utils) {
+--- ./FuzzyOcr/Logging.pm.ORIG	2010-02-03 10:54:38.000000000 +0100
++++ ./FuzzyOcr/Logging.pm	2010-02-03 10:55:49.000000000 +0100
+@@ -31,7 +31,8 @@ sub logfile {
+     my $time = strftime("%Y-%m-%d %H:%M:%S",localtime(time));
+     $logtext =~ s/\n/\n                      /g;
+ 
+-    unless ( open LOGFILE, ">>", $conf->{focr_logfile} ) {
++    my $fname = Mail::SpamAssassin::Util::untaint_file_path($conf->{focr_logfile});
++    unless ( open LOGFILE, ">>", $fname ) {
+        warn "Can't open $conf->{focr_logfile} for writing, check permissions";
+        return;
+     }
+

================================================================
Index: packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr.spec
diff -u packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr.spec:1.33 packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr.spec:1.34
--- packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr.spec:1.33	Wed Apr  7 12:28:25 2010
+++ packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr.spec	Wed Apr  7 15:47:39 2010
@@ -8,7 +8,7 @@
 Summary(pl.UTF-8):	Wtyczka FuzzyOcr dla SpamAssassina
 Name:		spamassassin-plugin-fuzzyocr
 Version:	3.6.0
-Release:	2
+Release:	3
 License:	Apache v2.0
 Group:		Applications/Mail
 # svn export https://svn.own-hero.net/fuzzyocr/trunk/devel fuzzyocr
@@ -126,6 +126,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.34  2010/04/07 13:47:39  blues
+- rel.3 - more untainting with logfile
+
 Revision 1.33  2010/04/07 10:28:25  blues
 - rel.2: untaint patch added, picture scanning works with current perl
   again
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr-untaint.patch?r1=1.1&r2=1.2&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/spamassassin-plugin-fuzzyocr/spamassassin-plugin-fuzzyocr.spec?r1=1.33&r2=1.34&f=u

More information about the pld-cvs-commit mailing list