Ubuntu
spamassassin package

Merge ~mitchdz/ubuntu/+source/spamassassin:fix-spamassassin-focal into ubuntu/+source/spamassassin:ubuntu/focal-devel

  1. Git
  2. lp:~mitchdz/ubuntu/+source/spamassassin
  3. fix-spamassassin-focal
  4. Merge into ubuntu/focal-devel
Proposed by Mitchell Dzurick
Status: Merged
Merge reported by: Mitchell Dzurick
Merged at revision: fdd0b15d6b154b1d8807b1f86ba1597c6912c09f
Proposed branch: ~mitchdz/ubuntu/+source/spamassassin:fix-spamassassin-focal
Merge into: ubuntu/+source/spamassassin:ubuntu/focal-devel
Diff against target: 50 lines (+28/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/fix-mkpath-untainted.patch (+20/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Lena Voytek (community) Approve
Canonical Server Reporter Pending
Review via email: mp+439776@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Lena Voytek (lvoytek) wrote :

LGTM

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

dput ubuntu spamassassin_3.4.4-1ubuntu1.2_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: /home/lena/git/spamassassin/spamassassin_3.4.4-1ubuntu1.2_source.changes: Valid signature from 34B8AD7D9529E793
Checking signature on .dsc
gpg: /home/lena/git/spamassassin/spamassassin_3.4.4-1ubuntu1.2.dsc: Valid signature from 34B8AD7D9529E793
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading spamassassin_3.4.4-1ubuntu1.2.dsc: done.
  Uploading spamassassin_3.4.4-1ubuntu1.2.debian.tar.xz: done.
  Uploading spamassassin_3.4.4-1ubuntu1.2_source.buildinfo: done.
  Uploading spamassassin_3.4.4-1ubuntu1.2_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 010ed3d..44d29f3 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+spamassassin (3.4.4-1ubuntu1.2) focal; urgency=medium
7+
8+ * d/p/fix-mkpath-untainted.patch: fix spamd running with virtual-config-dir
9+ mkdir error (LP: #1799185)
10+
11+ -- Mitchell Dzurick <mitchell.dzurick@canonical.com> Fri, 24 Mar 2023 09:36:49 -0700
12+
13 spamassassin (3.4.4-1ubuntu1.1) focal-security; urgency=medium
14
15 * SECURITY UPDATE: OS Command Injection in cf file parsing
16diff --git a/debian/patches/fix-mkpath-untainted.patch b/debian/patches/fix-mkpath-untainted.patch
17new file mode 100644
18index 0000000..11f7a1f
19--- /dev/null
20+++ b/debian/patches/fix-mkpath-untainted.patch
21@@ -0,0 +1,20 @@
22+Description: fix spamd running with virtual-config-dir mkdir error
23+Author: Henrik Krohns <hege@apache.org>
24+Origin: upstream, https://github.com/apache/spamassassin/commit/bdf77b263d3d52c8c3abff8865aeb1648ff292c0
25+Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7646
26+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1799185
27+Forwarded: not-needed
28+Last-Update: 2023-03-23
29+---
30+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
31+--- a/lib/Mail/SpamAssassin.pm
32++++ b/lib/Mail/SpamAssassin.pm
33+@@ -1900,7 +1900,7 @@
34+ dbg("config: error accessing $fname: $!");
35+ } else { # does not exist, create it
36+ eval {
37+- mkpath($fname, 0, 0700); 1;
38++ mkpath(Mail::SpamAssassin::Util::untaint_file_path($fname), 0, 0700); 1;
39+ } or do {
40+ my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat;
41+ dbg("config: mkdir $fname failed: $eval_stat");
42diff --git a/debian/patches/series b/debian/patches/series
43index 35716a9..4f7d642 100644
44--- a/debian/patches/series
45+++ b/debian/patches/series
46@@ -8,3 +8,4 @@ debian_gitignore
47 bug426031-pod-fix
48 skip_config_tree_recurse_test
49 CVE-2020-1946.patch
50+fix-mkpath-untainted.patch

Subscribers

People subscribed via source and target branches