[Pkg-php-commits] r1314 - in pear/php-mail/trunk/debian: . patches
Raphael Geissert
geissert at alioth.debian.org
Thu Nov 19 19:18:38 UTC 2009
tags 557121 pending
thanks
Author: geissert
Date: 2009-11-19 19:18:37 +0000 (Thu, 19 Nov 2009)
New Revision: 1314
Added:
pear/php-mail/trunk/debian/patches/
pear/php-mail/trunk/debian/patches/escapeshellcmd-issue-fix.patch
pear/php-mail/trunk/debian/patches/series
Modified:
pear/php-mail/trunk/debian/changelog
pear/php-mail/trunk/debian/control
pear/php-mail/trunk/debian/rules
Log:
Prepare upload fixing security issues (Closes: #557121)
Modified: pear/php-mail/trunk/debian/changelog
===================================================================
--- pear/php-mail/trunk/debian/changelog 2009-11-14 22:36:48 UTC (rev 1313)
+++ pear/php-mail/trunk/debian/changelog 2009-11-19 19:18:37 UTC (rev 1314)
@@ -1,3 +1,11 @@
+php-mail (1.1.14-2) unstable; urgency=high
+
+ * Use escapeshellarg instead of escapeshellcmd to escape email addresses
+ on sendmail.php (Closes: #557121)
+ - Thanks to Dennis P. NIkolaenko <dennis at nikolaenko.ru> for the report
+
+ -- Raphael Geissert <geissert at debian.org> Thu, 19 Nov 2009 12:48:44 -0600
+
php-mail (1.1.14-1) unstable; urgency=low
[ Martin Lohmeier ]
Modified: pear/php-mail/trunk/debian/control
===================================================================
--- pear/php-mail/trunk/debian/control 2009-11-14 22:36:48 UTC (rev 1313)
+++ pear/php-mail/trunk/debian/control 2009-11-19 19:18:37 UTC (rev 1314)
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
Uploaders: Thijs Kinkhorst <thijs at debian.org>
-Build-Depends: debhelper (>= 5.0)
+Build-Depends: debhelper (>= 5.0), quilt
Build-Depends-Indep: php-pear
Vcs-Svn: svn://svn.debian.org/pkg-php/pear/php-mail/trunk
Vcs-Browser: http://svn.debian.org/wsvn/pkg-php/pear/php-mail/trunk
Added: pear/php-mail/trunk/debian/patches/escapeshellcmd-issue-fix.patch
===================================================================
--- pear/php-mail/trunk/debian/patches/escapeshellcmd-issue-fix.patch (rev 0)
+++ pear/php-mail/trunk/debian/patches/escapeshellcmd-issue-fix.patch 2009-11-19 19:18:37 UTC (rev 1314)
@@ -0,0 +1,20 @@
+--- php-mail-1.1.14/Mail-1.1.14/Mail/sendmail.php 2006-09-26 07:44:11.000000000 -0500
++++ php-mail/Mail-1.1.14/Mail/sendmail.php 2009-11-19 13:00:34.739120191 -0600
+@@ -108,7 +108,7 @@
+ if (PEAR::isError($recipients)) {
+ return $recipients;
+ }
+- $recipients = escapeShellCmd(implode(' ', $recipients));
++ $recipients = implode(' ', array_map('escapeshellarg', $recipients));
+
+ $this->_sanitizeHeaders($headers);
+ $headerElements = $this->prepareHeaders($headers);
+@@ -126,7 +126,7 @@
+ return PEAR::raiseError('From address specified with dangerous characters.');
+ }
+
+- $from = escapeShellCmd($from);
++ $from = escapeShellArg($from);
+ $mail = @popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w');
+ if (!$mail) {
+ return PEAR::raiseError('Failed to open sendmail [' . $this->sendmail_path . '] for execution.');
Added: pear/php-mail/trunk/debian/patches/series
===================================================================
--- pear/php-mail/trunk/debian/patches/series (rev 0)
+++ pear/php-mail/trunk/debian/patches/series 2009-11-19 19:18:37 UTC (rev 1314)
@@ -0,0 +1 @@
+escapeshellcmd-issue-fix.patch
Modified: pear/php-mail/trunk/debian/rules
===================================================================
--- pear/php-mail/trunk/debian/rules 2009-11-14 22:36:48 UTC (rev 1313)
+++ pear/php-mail/trunk/debian/rules 2009-11-19 19:18:37 UTC (rev 1314)
@@ -8,8 +8,10 @@
pear_pkg = $(shell ls |grep Mail)
package = php-mail
+include /usr/share/quilt/quilt.make
+
configure: configure-stamp
-configure-stamp:
+configure-stamp: $(QUILT_STAMPFN)
dh_testdir
touch configure-stamp
@@ -19,7 +21,7 @@
dh_testdir
touch build-stamp
-clean:
+clean: unpatch
dh_testdir
dh_testroot
if [ -f $(pear_pkg)/package.xml ]; then \
More information about the Pkg-php-commits
mailing list