"Mike Loiterman" <[EMAIL PROTECTED]> writes: > I tried applying the ptachfile posted to the list but it fails at > chunk 1 on the Core.pm patch. I'm trying to patch razor-agents-2.34.
This patch (which will be with the next release) applies fine for me. ------- start of cut text -------------- This information is originally from http://www.ijs.si/software/amavisd/ (Thanks to amavisd-new, Mark Martinec, and Vivek Khera!) If SpamAssassin is running in taint-mode (the default) and is configured to call Vipul's Razor 2.22 or higher, then Razor2 checks will fail because the Razor2 code is not quite taint-safe. The problem is still present in 2.36 and the SpamAssassin developers do not know when it will be fixed so please don't ask us! Razor2 fails because reading its config file (routine read_file in Razor2/Client/Config.pm) produces tainted values. Razor2/Client/Core.pm has a similar problem. To apply: cd to the directory /usr/{lib,share}/perl5/.../Razor2 (wherever Client/Config.pm and Client/Core.pm are located) and apply the patch directly with: patch -p0 < patchfile or apply to the Razor2 source tree with: patch -p0 -d lib/Razor2 < patchfile --- Client/Config.pm~ 2002-11-25 19:13:59.000000000 +0100 +++ Client/Config.pm 2002-11-11 19:29:17.000000000 +0100 @@ -373,6 +373,7 @@ next unless /=/; my ($attribute, $value) = split /\=/, $_, 2; $attribute =~ s/^\s+//; $attribute =~ s/\s+$//; + $value = $1 if $value =~ /^(.*)$/; # untaint! $conf->{$attribute} = $self->parse_value($value); } $total++; --- Client/Core.pm~ 2002-11-25 19:07:38.000000000 +0100 +++ Client/Core.pm 2002-11-25 18:55:35.000000000 +0100 @@ -216,8 +216,10 @@ foreach $rr ($query->answer) { my $pushed = 0; if ($rr->type eq "A") { - push @list, $rr->address; - $pushed = 1; + if ($rr->address =~ m/^(\d+\.\d+\.\d+\.\d+)$/) { + push @list, $1; + $pushed = 1; + } } elsif ($rr->type eq "CNAME") { if ($rr->cname eq 'list.terminator') { pop @list if $pushed; ------- end ---------------------------- Daniel ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
