From 250c7a84410f76ffb6bfb6969c66bce9749e271b Mon Sep 17 00:00:00 2001 From: leeym Date: Fri, 26 Sep 2003 01:47:26 +0000 Subject: Razor2 is not quite taint-safe. http://article.gmane.org/gmane.mail.spam.spamassassin.general/29666 PR: 57210 Submitted by: Matthew Seaman --- mail/razor-agents/Makefile | 4 ++++ .../files/patch-lib::Razor2::Client::Config.pm | 10 ++++++++++ .../razor-agents/files/patch-lib::Razor2::Client::Core.pm | 15 +++++++++++++++ mail/razor-agents/pkg-plist | 1 - 4 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 mail/razor-agents/files/patch-lib::Razor2::Client::Config.pm create mode 100644 mail/razor-agents/files/patch-lib::Razor2::Client::Core.pm (limited to 'mail/razor-agents') diff --git a/mail/razor-agents/Makefile b/mail/razor-agents/Makefile index 0be29950551a..468bae4f6336 100644 --- a/mail/razor-agents/Makefile +++ b/mail/razor-agents/Makefile @@ -7,6 +7,7 @@ PORTNAME= razor-agents PORTVERSION= 2.36 +PORTREVISION= 1 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= razor @@ -29,6 +30,9 @@ MAN3= Razor2::Errorhandler.3 Razor2::Preproc::deHTMLxs.3 \ Razor2::Syslog.3 MAN5= razor-agents.5 razor-whitelist.5 razor-agent.conf.5 +post-patch: + @${FIND} ${WRKSRC} -name "*.orig" -delete + post-install: @${PREFIX}/bin/razor-client diff --git a/mail/razor-agents/files/patch-lib::Razor2::Client::Config.pm b/mail/razor-agents/files/patch-lib::Razor2::Client::Config.pm new file mode 100644 index 000000000000..da79781bc383 --- /dev/null +++ b/mail/razor-agents/files/patch-lib::Razor2::Client::Config.pm @@ -0,0 +1,10 @@ +--- lib/Razor2/Client/Config.pm.orig 2002-11-25 19:13:59.000000000 +0100 ++++ lib/Razor2/Client/Config.pm 2002-11-11 19:29:17.000000000 +0100 +@@ -373,6 +373,7 @@ + next unless /=/; + my ($attribute, $value) = split /\=/, $_, 2; + $attribute =~ s/^\s+//; $attribute =~ s/\s+$//; ++ $value = $1 if $value =~ /^(.*)$/; # untaint! + $conf->{$attribute} = $self->parse_value($value); + } + $total++; diff --git a/mail/razor-agents/files/patch-lib::Razor2::Client::Core.pm b/mail/razor-agents/files/patch-lib::Razor2::Client::Core.pm new file mode 100644 index 000000000000..1d9a36579333 --- /dev/null +++ b/mail/razor-agents/files/patch-lib::Razor2::Client::Core.pm @@ -0,0 +1,15 @@ +--- lib/Razor2/Client/Core.pm.orig 2002-11-25 19:07:38.000000000 +0100 ++++ lib/Razor2/Client/Core.pm 2002-11-25 18:55:35.000000000 +0100 +@@ -216,8 +216,10 @@ + foreach $rr ($query->answer) { + my $pushed = 0; + if ($rr->type eq "A") { +- push @list, $rr->address; +- $pushed = 1; ++ if ($rr->address =~ m/^(\d+\.\d+\.\d+\.\d+)$/) { ++ push @list, $1; ++ $pushed = 1; ++ } + } elsif ($rr->type eq "CNAME") { + if ($rr->cname eq 'list.terminator') { + pop @list if $pushed; diff --git a/mail/razor-agents/pkg-plist b/mail/razor-agents/pkg-plist index e72e000a6112..4630a93af5c4 100644 --- a/mail/razor-agents/pkg-plist +++ b/mail/razor-agents/pkg-plist @@ -4,7 +4,6 @@ bin/razor-client bin/razor-report bin/razor-revoke %%SITE_PERL%%/%%PERL_ARCH%%/Razor2/Client/Agent.pm -%%SITE_PERL%%/%%PERL_ARCH%%/Razor2/Client/Agent.pm.orig %%SITE_PERL%%/%%PERL_ARCH%%/Razor2/Client/Config.pm %%SITE_PERL%%/%%PERL_ARCH%%/Razor2/Client/Core.pm %%SITE_PERL%%/%%PERL_ARCH%%/Razor2/Client/Engine.pm -- cgit