diff --git a/SOURCES/fuzzyocr-fix-untaint-issue.patch b/SOURCES/fuzzyocr-fix-untaint-issue.patch new file mode 100644 index 0000000..71f6b73 --- /dev/null +++ b/SOURCES/fuzzyocr-fix-untaint-issue.patch @@ -0,0 +1,33 @@ +--- a/FuzzyOcr/Config.pm ++++ b/FuzzyOcr/Config.pm +@@ -577,7 +577,7 @@ sub parse_config { + return 1; + } elsif ($opts->{key} eq 'focr_bin_helper') { + my @cmd; $conf = $opts->{conf}; +- my $val = $opts->{value}; $val =~ s/[\s]*//g; ++ my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val =~ s/[\s]*//g; + debuglog("focr_bin_helper: '$val'"); + foreach my $bin (split(',',$val)) { + unless (grep {m/$bin/} @bin_utils) { +@@ -618,6 +618,7 @@ sub finish_parsing_end { + delete $conf->{$b}; + } + if (defined $conf->{$b}) { ++ $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b}); + debuglog("Using $a => $conf->{$b}"); + } else { + foreach my $p (@paths) { +diff --git a/FuzzyOcr/Logging.pm b/FuzzyOcr/Logging.pm +index bed9ff5..ef02b32 100644 +--- a/FuzzyOcr/Logging.pm ++++ b/FuzzyOcr/Logging.pm +@@ -31,7 +31,8 @@ sub logfile { + my $time = strftime("%Y-%m-%d %H:%M:%S",localtime(time)); + $logtext =~ s/\n/\n /g; + +- unless ( open LOGFILE, ">>", $conf->{focr_logfile} ) { ++ my $fname = Mail::SpamAssassin::Util::untaint_file_path($conf->{focr_logfile}); ++ unless ( open LOGFILE, ">>", $fname ) { + warn "Can't open $conf->{focr_logfile} for writing, check permissions"; + return; + } diff --git a/SPECS/spamassassin-FuzzyOcr.spec b/SPECS/spamassassin-FuzzyOcr.spec new file mode 100644 index 0000000..c85c98b --- /dev/null +++ b/SPECS/spamassassin-FuzzyOcr.spec @@ -0,0 +1,107 @@ +Name: spamassassin-FuzzyOcr +Version: 3.6.0 +Release: 18%{?dist} +Summary: Spamassassin plugin to identify image spam +Group: Applications/Internet +License: ASL 2.0 +URL: http://fuzzyocr.own-hero.net/ +Source0: http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-%{version}.tar.gz +Patch1: fuzzyocr-fix-untaint-issue.patch +BuildArch: noarch +Requires: spamassassin perl-String-Approx netpbm-progs ocrad gifsicle giflib-utils +BuildRequires: /usr/bin/iconv +BuildRequires: perl-generators + +%description +FuzzyOcr is a plugin for SpamAssassin which is aimed at unsolicited bulk mail +(also known as "Spam") containing images as the main content carrier. Using +different methods, it analyzes the content and properties of images to +distinguish between normal mails (Ham) and spam mails. + + +%prep +%setup -q -n FuzzyOcr-%{version} +%patch1 -p1 +%{__perl} -pi -e 's|/usr/local/bin/perl|%{__perl}|' Utils/fuzzy-* +%{__perl} -pi -e 's|FuzzyOcr.pm|%{perl_vendorlib}/FuzzyOcr.pm|' FuzzyOcr.cf +%{__perl} -pi -e 's|#focr_verbose 3|focr_verbose 0|' FuzzyOcr.cf +%{__sed} -i 's/\r//' Utils/README FuzzyOcr.mysql samples/ocr-obfuscated.eml +iconv -f iso8859-1 -t utf-8 samples/ocr-jpg.eml > samples/ocr-jpg.eml.conv && mv -f samples/ocr-jpg.eml.conv samples/ocr-jpg.eml + +%build +# nothing to do here + +%install +rm -rf $RPM_BUILD_ROOT +%{__install} -d $RPM_BUILD_ROOT/%{_sysconfdir}/mail/spamassassin +%{__install} -d $RPM_BUILD_ROOT/%{perl_vendorlib}/FuzzyOcr +%{__cp} FuzzyOcr/* $RPM_BUILD_ROOT/%{perl_vendorlib}/FuzzyOcr/ +%{__cp} FuzzyOcr.pm $RPM_BUILD_ROOT/%{perl_vendorlib}/ +%{__cp} FuzzyOcr.cf $RPM_BUILD_ROOT/%{_sysconfdir}/mail/spamassassin/ +%{__cp} FuzzyOcr.preps $RPM_BUILD_ROOT/%{_sysconfdir}/mail/spamassassin/ +%{__cp} FuzzyOcr.scansets $RPM_BUILD_ROOT/%{_sysconfdir}/mail/spamassassin/ +%{__cp} FuzzyOcr.words $RPM_BUILD_ROOT/%{_sysconfdir}/mail/spamassassin/ + + + +%files +%doc Utils samples INSTALL LICENSE CHANGES FuzzyOcr.mysql +%{perl_vendorlib}/* +%config(noreplace) %{_sysconfdir}/mail/spamassassin/* + + +%changelog +* Sat Jul 14 2018 Fedora Release Engineering - 3.6.0-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Feb 09 2018 Fedora Release Engineering - 3.6.0-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 3.6.0-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 3.6.0-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Feb 05 2016 Fedora Release Engineering - 3.6.0-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 3.6.0-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 3.6.0-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Aug 04 2013 Fedora Release Engineering - 3.6.0-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 3.6.0-10 +- Perl 5.18 rebuild + +* Fri Feb 15 2013 Fedora Release Engineering - 3.6.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Jul 21 2012 Fedora Release Engineering - 3.6.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jan 14 2012 Fedora Release Engineering - 3.6.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Sat Feb 12 2011 Andrew Colin Kissa - 3.6.0-6 +- fix bugzilla bug #640504 + +* Wed Feb 09 2011 Fedora Release Engineering - 3.6.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Aug 22 2010 Andrew Colin Kissa - 3.6.0-4 +- fix bugzilla bug #621785 + +* Tue Aug 03 2010 Andrew Colin Kissa - 3.6.0-3 +- fix requires + +* Wed Jul 28 2010 Andrew Colin Kissa - 3.6.0-2 +- fixed the module path +- added iconv build requires + +* Tue Jul 20 2010 Andrew Colin Kissa - 3.6.0-1 +- initial package