From 90b645f20d9bf386ad5cd65992f46ff76946d48f Mon Sep 17 00:00:00 2001 From: aredridel Date: Sat, 3 Jan 2004 06:42:36 +0000 Subject: [PATCH] - http://www.ijs.si/software/amavisd/Razor2.patch-quinlan - http://www.ijs.si/software/amavisd/#faq-spam Changed files: Razor2.patch-quinlan -> 1.1 --- Razor2.patch-quinlan | 77 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 Razor2.patch-quinlan diff --git a/Razor2.patch-quinlan b/Razor2.patch-quinlan new file mode 100644 index 0000000..d344d28 --- /dev/null +++ b/Razor2.patch-quinlan @@ -0,0 +1,77 @@ +This information is originally from http://www.ijs.si/software/amavisd/ +(Thanks to amavisd-new, Mark Martinec, and Vivek Khera!) + +If SpamAssassin is running in taint-mode (the default) and is configured to +call Vipul's Razor 2.22 or higher, then Razor2 checks will fail because the +Razor2 code is not quite taint-safe. The problem is still present in 2.36 +and the SpamAssassin developers do not know when or how this will be +addressed so please don't ask us! + +To apply: cd to the directory /usr/{lib,share}/perl5/.../Razor2 (wherever +the Client subdirectory is located) and apply the patch directly with: + + patch -p0 < Razor2.patch + +or apply to the Razor2 source tree with: + + patch -p0 -d lib/Razor2 < Razor2.patch + +Please make sure that no unpatched copies of Razor are installed on your +system. Sometimes, there is more than one installed copy. + +--- Client/Agent.pm~ Tue Nov 19 16:26:05 2002 ++++ Client/Agent.pm Sun Sep 21 23:20:47 2003 +@@ -969,6 +969,7 @@ + my @fns; + if (opendir D,$self->{razorhome}) { + @fns = map "$self->{razorhome}/$_", grep /^server\.[\S]+\.conf$/, readdir D; ++ @fns = map { /^(\S+)$/, $1 } @fns; # untaint + closedir D; + } + foreach (@fns) { +--- Client/Config.pm~ Thu Nov 14 14:47:01 2002 ++++ Client/Config.pm Sun Sep 21 23:18:52 2003 +@@ -323,9 +323,11 @@ + if ($fn =~ /^(.*)\/([^\/]+)$/) { + my $dir = $1; + $fn = readlink $fn; ++ $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink + $fn = "$dir/$fn" unless $fn =~ /^\//; + } else { + $fn = readlink $fn; ++ $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink + } + } + } +@@ -366,13 +368,13 @@ + chomp; + next if /^\s*#/; + if ($nothash) { +- s/^\s+//; s/\s+$//; ++ next unless s/^\s*(.+?)\s*$/$1/; # untaint + $conf->{$_} = 7; + push @lines, $_; + } else { + next unless /=/; +- my ($attribute, $value) = split /\=/, $_, 2; +- $attribute =~ s/^\s+//; $attribute =~ s/\s+$//; ++ my ($attribute, $value) = /^\s*(.+?)\s*=\s*(.+?)\s*$/; # untaint ++ next unless (defined $attribute && defined $value); + $conf->{$attribute} = $self->parse_value($value); + } + $total++; +--- Client/Core.pm~ Wed Nov 13 12:01:10 2002 ++++ Client/Core.pm Sun Sep 21 23:20:21 2003 +@@ -216,8 +216,10 @@ + foreach $rr ($query->answer) { + my $pushed = 0; + if ($rr->type eq "A") { +- push @list, $rr->address; +- $pushed = 1; ++ if ($rr->address =~ m/^(\d+\.\d+\.\d+\.\d+)$/) { ++ push @list, $1; ++ $pushed = 1; ++ } + } elsif ($rr->type eq "CNAME") { + if ($rr->cname eq 'list.terminator') { + pop @list if $pushed; -- 2.44.0