Thu Dec 3 10:07:48 2009 UTC ()
Pullup ticket #2940 - requested by taca
pear-Mail: security update
Revisions pulled up:
- mail/pear-Mail/Makefile 1.10
- mail/pear-Mail/distinfo 1.3-1.4
- mail/pear-Mail/patches/patch-ab 1.1
- mail/pear-Mail/patches/patch-aa 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Nov 30 06:16:56 UTC 2009
Modified Files:
pkgsrc/mail/pear-Mail: Makefile distinfo
Added Files:
pkgsrc/mail/pear-Mail/patches: patch-aa
Log Message:
Add a fix for http://secunia.com/advisories/37410/ refering
Debian's patch via http://secunia.com/advisories/37458/
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Dec 3 08:11:40 UTC 2009
Modified Files:
pkgsrc/mail/pear-Mail: distinfo
Added Files:
pkgsrc/mail/pear-Mail/patches: patch-ab
Log Message:
Try to fix build problem on amd64 (at least).
(tron)
diff -r1.9.2.2 -r1.9.2.3 pkgsrc/mail/pear-Mail/Makefile
diff -r1.2.28.2 -r1.2.28.3 pkgsrc/mail/pear-Mail/distinfo
diff -r0 -r1.1.2.4 pkgsrc/mail/pear-Mail/patches/patch-aa
diff -r0 -r1.1.2.2 pkgsrc/mail/pear-Mail/patches/patch-ab
--- pkgsrc/mail/pear-Mail/Makefile 2009/12/03 07:37:18 1.9.2.2
+++ pkgsrc/mail/pear-Mail/Makefile 2009/12/03 10:07:48 1.9.2.3
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.9.2.2 2009/12/03 07:37:18 tron Exp $
+# $NetBSD: Makefile,v 1.9.2.3 2009/12/03 10:07:48 tron Exp $
DISTNAME= Mail-1.1.14
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= mail
CONFLICTS= php-pear-Mail-[0-9]*
--- pkgsrc/mail/pear-Mail/distinfo 2009/12/03 07:37:18 1.2.28.2
+++ pkgsrc/mail/pear-Mail/distinfo 2009/12/03 10:07:48 1.2.28.3
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.2.28.2 2009/12/03 07:37:18 tron Exp $
+$NetBSD: distinfo,v 1.2.28.3 2009/12/03 10:07:48 tron Exp $
SHA1 (pear/Mail-1.1.14.tgz) = 6c46636e0df3c0a813df3cbda1fd5afac987069d
RMD160 (pear/Mail-1.1.14.tgz) = 72c0c7018b92ef97789f723a1970c41471bd165f
Size (pear/Mail-1.1.14.tgz) = 17537 bytes
+SHA1 (patch-aa) = ef6b0afa4e45789bb82065413c7b1305f92daf72
+SHA1 (patch-ab) = a897f545f2a36e87d9bd5ab6f0a8810a115708f9
$NetBSD: patch-aa,v 1.1.2.4 2009/12/03 10:07:48 tron Exp $
Fix for http://secunia.com/advisories/37410/:
refering Debian's patch via http://secunia.com/advisories/37458/
--- Mail/sendmail.php.orig 2006-09-26 21:44:11.000000000 +0900
+++ Mail/sendmail.php
@@ -108,7 +108,7 @@ class Mail_sendmail extends Mail {
if (PEAR::isError($recipients)) {
return $recipients;
}
- $recipients = escapeShellCmd(implode(' ', $recipients));
+ $recipients = implode(' ', array_map('escapeshellarg', $recipients));
$this->_sanitizeHeaders($headers);
$headerElements = $this->prepareHeaders($headers);
@@ -126,7 +126,7 @@ class Mail_sendmail extends Mail {
return PEAR::raiseError('From address specified with dangerous characters.');
}
- $from = escapeShellCmd($from);
+ $from = escapeShellArg($from);
$mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w');
if (!$mail) {
return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.');
$NetBSD: patch-ab,v 1.1.2.2 2009/12/03 10:07:48 tron Exp $
--- ../package.xml.orig 2006-10-12 05:32:51.000000000 +0900
+++ ../package.xml
@@ -52,7 +52,7 @@
<file role="php" md5sum="e90b498ce97ee926aab71180aa1f68bd" name="Mail.php"/>
<file role="php" md5sum="c3433e6b7b54a362c6acbffffddcb2f1" name="Mail/mail.php"/>
<file role="php" md5sum="4a1ed7ae8036862b24fa0ea84f8bbe0e" name="Mail/null.php"/>
- <file role="php" md5sum="8d567715b062fd05ae0d0c195ec3ba1b" name="Mail/sendmail.php"/>
+ <file role="php" md5sum="cf1a206ca5ec1dabc706e6e76b9eb723" name="Mail/sendmail.php"/>
<file role="php" md5sum="ed539e37c764c38205cb70597e0e84e4" name="Mail/smtp.php"/>
<file role="php" md5sum="3a513a76e6222b50e7e1186a11cb7b2b" name="Mail/RFC822.php"/>
<file role="test" md5sum="4117acf13586a15da2a5cdd368aa3931" name="tests/rfc822.phpt"/>