rpms/enemies-of-carlotta/FC-4 enemies-of-carlotta-1.0.3-shellquote.patch, NONE, 1.1 enemies-of-carlotta.spec, 1.3, 1.4

Ralf Ertzinger (ertzing) fedora-extras-commits at redhat.com
Wed Dec 13 17:40:05 UTC 2006 

Author: ertzing

Update of /cvs/extras/rpms/enemies-of-carlotta/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20263

Modified Files:
	enemies-of-carlotta.spec 
Added Files:
	enemies-of-carlotta-1.0.3-shellquote.patch 
Log Message:

- Add security bugfix for CVE-2006-5875 from upstream


enemies-of-carlotta-1.0.3-shellquote.patch:

--- NEW FILE enemies-of-carlotta-1.0.3-shellquote.patch ---
--- enemies-of-carlotta-1.0.3.orig/eoc.py
+++ enemies-of-carlotta-1.0.3/eoc.py
@@ -119,6 +119,33 @@
     return string.join(map(lambda c: "%02x" % ord(c), hash), "")
 
 
+def forkexec(argv, text):
+    """Run a command (given as argv array) and write text to its stdin"""
+    (r, w) = os.pipe()
+    pid = os.fork()
+    if pid == -1:
+        raise Exception("fork failed")
+    elif pid == 0:
+        os.dup2(r, 0)
+        os.close(r)
+        os.close(w)
+        fd = os.open("/dev/null", os.O_RDWR)
+        os.dup2(fd, 1)
+        os.dup2(fd, 2)
+        os.execvp(argv[0], argv)
+        sys.exit(1)
+    else:
+        os.close(r)
+        os.write(w, text)
+        os.close(w)
+        (pid2, exit) = os.waitpid(pid, 0)
+        if pid != pid2:
+            raise Exception("os.waitpid for %d returned for %d" % (pid, pid2))
+        if exit != 0:
+            raise Exception("subprocess failed, exit=0x%x" % exit)
+        return exit
+
+
 environ = None
 
 def set_environ(new_environ):
@@ -379,12 +406,8 @@
 		smtp.sendmail(envelope_sender, recipients, text)
 		smtp.quit()
 	    else:
-		recipients = string.join(recipients, " ")
-		f = os.popen("%s -oi -f '%s' %s" % 
-				(self.mlm.sendmail, envelope_sender, recipients), 
-			     "w")
-		f.write(text)
-		f.close()
+		forkexec([self.mlm.sendmail, "-oi", "-f", envelope_sender] +
+		          recipients, text)
 	else:
 	    debug("send_mail: no recipients, not sending")
 


Index: enemies-of-carlotta.spec
===================================================================
RCS file: /cvs/extras/rpms/enemies-of-carlotta/FC-4/enemies-of-carlotta.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- enemies-of-carlotta.spec	18 May 2005 14:03:36 -0000	1.3
+++ enemies-of-carlotta.spec	13 Dec 2006 17:39:35 -0000	1.4
@@ -1,6 +1,6 @@
 Name:           enemies-of-carlotta
 Version:        1.0.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A simple mailing list manager
 
 Group:          Applications/Internet
@@ -8,6 +8,7 @@
 URL:            http://liw.iki.fi/liw/eoc
 Source0:        http://liw.iki.fi/liw/eoc/%{name}-%{version}.tar.gz
 Patch0:         enemies-of-carlotta-1.0.3-Makefile.patch
+Patch1:         enemies-of-carlotta-1.0.3-shellquote.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  python >= 2.1
@@ -24,6 +25,7 @@
 %prep
 %setup -q
 %patch0 -p1 -b .Makefile
+%patch1 -p1 -b .shellquote
 
 
 %build
@@ -54,6 +56,9 @@
 
 
 %changelog
+* Wed Dec 13 2006 Ralf Ertzinger <ralf at skytale.net> 1.0.3-4.fc4
+- Add security bugfix for CVE-2006-5875 from upstream
+
 * Tue May 17 2005 Ralf Ertzinger <ralf at skytale.net> 1.0.3-3
 - Added %%{dist}
 - Made package noarch

More information about the fedora-extras-commits mailing list