Removed patch-ar again, as I have found a way to exploit it. Bumped

PKGREVISION.
2005-11-22 13:03:22 +00:00 · 2005-11-22 13:03:22 +00:00 · 835e577ea6
commit 835e577ea6
parent 81b00c840a
3 changed files with 3 additions and 23 deletions
--- a/mail/spamassassin/Makefile
+++ b/mail/spamassassin/Makefile
@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.63 2005/11/22 10:37:39 rillig Exp $
+# $NetBSD: Makefile,v 1.64 2005/11/22 13:03:22 rillig Exp $

 DISTNAME=	Mail-SpamAssassin-3.1.0
 PKGNAME=	spamassassin-3.1.0
-PKGREVISION=	1
+PKGREVISION=	2
 SVR4_PKGNAME=	sa
 CATEGORIES=	mail perl5
 MASTER_SITES=	${MASTER_SITE_APACHE:=spamassassin/source/}
--- a/mail/spamassassin/distinfo
+++ b/mail/spamassassin/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.33 2005/11/22 10:35:00 rillig Exp $
+$NetBSD: distinfo,v 1.34 2005/11/22 13:03:22 rillig Exp $

 SHA1 (Mail-SpamAssassin-3.1.0.tar.gz) = d887cbae5962cb03e45aaf71cd93881a27cccc99
 RMD160 (Mail-SpamAssassin-3.1.0.tar.gz) = 20dc1b8befcc72545b6136e58a9fcce143480ccd
@ -7,4 +7,3 @@ SHA1 (patch-ab) = e1cebc78255d3a72b75b2494f6539957742b0cea
 SHA1 (patch-ad) = 1949ac07780ed2c10cdff77ce2ac9982d18a9559
 SHA1 (patch-ae) = 1461b24978c75c394c607ae1d49cb49dd086b563
 SHA1 (patch-aq) = 495a3ac94a05129520e5d7018fdd56b6dad3c951
-SHA1 (patch-ar) = f25adfc8ec072a0c82a0710651a60847c6d4bcb7
--- a/mail/spamassassin/patches/patch-ar
+++ b/mail/spamassassin/patches/patch-ar
@ -1,19 +0,0 @@
-$NetBSD: patch-ar,v 1.3 2005/11/22 10:35:00 rillig Exp $
-
-See http://mail-index.netbsd.org/tech-pkg/2005/11/22/0003.html
-
--- lib/Mail/SpamAssassin/Conf/Parser.pm.orig	Fri Aug 12 02:38:46 2005
-+++ lib/Mail/SpamAssassin/Conf/Parser.pm	Tue Nov 22 11:31:13 2005
-@@ -908,6 +908,12 @@ sub is_regexp_valid {
-   # will therefore open a hole!
-   if (eval { ("" =~ m#${re}#); 1; }) {
- 
-+    # untaint $safere. We know it's safe since $re, which is derived from
-+    # $safere, passed the above test for code injection. Just good that
-+    # Perl prevents injection of (?{...}) and (??{...}) groups automatically,
-+    # so we don't need to check for that.
-+    if ($safere =~ m#^(.*)$#) { $safere = $1; }
-+    
-     # now double-check -- try with the user-supplied delimiters as well
-     my $evalstr = '("" =~ '.$safere.'); 1;';
-     if (eval $evalstr) {