head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.52
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.50
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2011Q4:1.3.0.48
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q2:1.3.0.46
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2009Q4:1.3.0.44
	pkgsrc-2009Q4-base:1.3
	pkgsrc-2008Q4:1.3.0.42
	pkgsrc-2008Q4-base:1.3
	pkgsrc-2008Q3:1.3.0.40
	pkgsrc-2008Q3-base:1.3
	cube-native-xorg:1.3.0.38
	cube-native-xorg-base:1.3
	pkgsrc-2008Q2:1.3.0.36
	pkgsrc-2008Q2-base:1.3
	pkgsrc-2008Q1:1.3.0.34
	pkgsrc-2008Q1-base:1.3
	pkgsrc-2007Q4:1.3.0.32
	pkgsrc-2007Q4-base:1.3
	pkgsrc-2007Q3:1.3.0.30
	pkgsrc-2007Q3-base:1.3
	pkgsrc-2007Q2:1.3.0.28
	pkgsrc-2007Q2-base:1.3
	pkgsrc-2007Q1:1.3.0.26
	pkgsrc-2007Q1-base:1.3
	pkgsrc-2006Q4:1.3.0.24
	pkgsrc-2006Q4-base:1.3
	pkgsrc-2006Q3:1.3.0.22
	pkgsrc-2006Q3-base:1.3
	pkgsrc-2006Q2:1.3.0.20
	pkgsrc-2006Q2-base:1.3
	pkgsrc-2006Q1:1.3.0.18
	pkgsrc-2006Q1-base:1.3
	pkgsrc-2005Q4:1.3.0.16
	pkgsrc-2005Q4-base:1.3
	pkgsrc-2005Q3:1.3.0.14
	pkgsrc-2005Q3-base:1.3
	pkgsrc-2005Q2:1.3.0.12
	pkgsrc-2005Q2-base:1.3
	pkgsrc-2005Q1:1.3.0.10
	pkgsrc-2005Q1-base:1.3
	pkgsrc-2004Q4:1.3.0.8
	pkgsrc-2004Q4-base:1.3
	pkgsrc-2004Q3:1.3.0.6
	pkgsrc-2004Q3-base:1.3
	pkgsrc-2004Q2:1.3.0.4
	pkgsrc-2004Q2-base:1.3
	pkgsrc-2004Q1:1.3.0.2
	pkgsrc-2004Q1-base:1.3
	pkgsrc-2003Q4:1.1.0.2
	pkgsrc-2003Q4-base:1.1;
locks; strict;
comment	@# @;


1.3
date	2004.03.12.22.55.23;	author heinz;	state dead;
branches;
next	1.2;

1.2
date	2003.12.01.00.24.15;	author heinz;	state Exp;
branches;
next	1.1;

1.1
date	2003.09.27.13.20.25;	author heinz;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update to version 2.40
No longer dependent on Digest::Nilsimsa
External taint patches no longer necessary.

Changes since 2.36
    *   Applied another Makefile.PL patch from Michael Schwern to correctly
        install manpages in part 5 of the manual set in various versions of
        perl.
    *   Applied patch from Mark Martinec and Vivek Khera of Amavisd to
        untaint various file targets obtained from user input. This is the
        same patch pointed to by the SpamAssassin FAQ
        [http://www.spamassassin.org/released/Razor2.patch]
    *   Support for HTTP 1.1 tunneling [SF patch #821324] by Jon Schewe.
    *   Applied Anne Bennett's patch to Logger.pm to introduce a new log
        target, "syslog-sys", that talks to Syslog over a Unix socket rather
        than a TCP socket.
    *   Applied Anne Bennett's patch to deHTML.xs to get rid of the type
        mismatch warning.
    *   Removed computation of signatures that are no longer supported by
        the backend -- engines 1, 2 and 3. Digest::Nilsimsa no longer
        required by Razor Agents.
@
text
@$NetBSD: patch-ac,v 1.2 2003/12/01 00:24:15 heinz Exp $

--- lib/Razor2/Client/Config.pm.orig	Mon Apr 21 21:59:56 2003
+++ lib/Razor2/Client/Config.pm
@@@@ -333,9 +333,11 @@@@ sub my_readlink {
         if ($fn =~ /^(.*)\/([^\/]+)$/) {
             my $dir = $1;
             $fn = readlink $fn;
+            $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink
             $fn = "$dir/$fn" unless $fn =~ /^\//;
         } else {
             $fn = readlink $fn;
+            $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink
         }
     }
 }
@@@@ -376,13 +378,13 @@@@ sub read_file {
         chomp; 
         next if /^\s*#/;
         if ($nothash) {
-            s/^\s+//; s/\s+$//;
+            next unless s/^\s*(.+?)\s*$/$1/; # untaint
             $conf->{$_} = 7;
             push @@lines, $_;
         } else { 
             next unless /=/;
-            my ($attribute, $value) = split /\=/, $_, 2; 
-            $attribute =~ s/^\s+//; $attribute =~ s/\s+$//;
+            my ($attribute, $value) = /^\s*(.+?)\s*=\s*(.+?)\s*$/; # untaint
+            next unless (defined $attribute && defined $value);
             $conf->{$attribute} = $self->parse_value($value);
         }
         $total++;
@


1.2
log
@New version 2.36. It'a leaf package and 2.36 fixes a build problem Grant
Beattie encountered on Linux.

Relevant changes sinc 2.22:

       o   Better compatibility of Makefile.PL with new MakeMaker
       o   C Code compiles with C compilers other than GCC.
       o   Detect and skip body parts that only contain MIME headers.
       o   Fixed a bug where razor-check would terminate prematurely
	   on messages for which it could not compute a signature.
       o   Introduced SOCKS support. Net::SOCKS is required in
           order to use SOCKS.  Specify socks_server in the config file.
       o   Fixed a bug where the MIME boundary was being spuriously set
	   in certain cases.
       o   A bug in the selection of zone prefixes in bootstrap
           discovery was fixed.
       o   Razorhome is gleaned from the config file passed to
           razor-agents, if all else fails. "razor-report
           -conf=/etc/razor/razor.conf spam" will use /etc/razor
           as its home if no other home is found (eg in
           $HOME/.razor).  To force a particular Razorhome value,
           use the -home=path option.
       o   Force bootstrap discovery when all discovery servers are
	   unavailable. This fixes a bug where by razor-agents would
	   try to connect to the old Razor2 discovery server found in
	   servers.discovery.lst.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1
log
@Improve behaviour of Razor2 when running in taint mode.
Fixes come from the SpamAssassin 2.60 release (originally from
http://www.ijs.si/software/amavisd/ (Thanks to amavisd-new, Mark Martinec,
and Vivek Khera!))
@
text
@d3 1
a3 1
--- lib/Razor2/Client/Config.pm.orig	Thu Nov 14 23:47:01 2002
d5 1
a5 1
@@@@ -323,9 +323,11 @@@@ sub my_readlink {
d17 1
a17 1
@@@@ -366,13 +368,13 @@@@ sub read_file {
@