rpms/enemies-of-carlotta/FC-4 enemies-of-carlotta-1.0.3-shellquote.patch, NONE, 1.1 enemies-of-carlotta.spec, 1.3, 1.4
Ralf Ertzinger (ertzing)
fedora-extras-commits at redhat.com
Wed Dec 13 17:40:05 UTC 2006
Author: ertzing
Update of /cvs/extras/rpms/enemies-of-carlotta/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20263
Modified Files:
enemies-of-carlotta.spec
Added Files:
enemies-of-carlotta-1.0.3-shellquote.patch
Log Message:
- Add security bugfix for CVE-2006-5875 from upstream
enemies-of-carlotta-1.0.3-shellquote.patch:
--- NEW FILE enemies-of-carlotta-1.0.3-shellquote.patch ---
--- enemies-of-carlotta-1.0.3.orig/eoc.py
+++ enemies-of-carlotta-1.0.3/eoc.py
@@ -119,6 +119,33 @@
return string.join(map(lambda c: "%02x" % ord(c), hash), "")
+def forkexec(argv, text):
+ """Run a command (given as argv array) and write text to its stdin"""
+ (r, w) = os.pipe()
+ pid = os.fork()
+ if pid == -1:
+ raise Exception("fork failed")
+ elif pid == 0:
+ os.dup2(r, 0)
+ os.close(r)
+ os.close(w)
+ fd = os.open("/dev/null", os.O_RDWR)
+ os.dup2(fd, 1)
+ os.dup2(fd, 2)
+ os.execvp(argv[0], argv)
+ sys.exit(1)
+ else:
+ os.close(r)
+ os.write(w, text)
+ os.close(w)
+ (pid2, exit) = os.waitpid(pid, 0)
+ if pid != pid2:
+ raise Exception("os.waitpid for %d returned for %d" % (pid, pid2))
+ if exit != 0:
+ raise Exception("subprocess failed, exit=0x%x" % exit)
+ return exit
+
+
environ = None
def set_environ(new_environ):
@@ -379,12 +406,8 @@
smtp.sendmail(envelope_sender, recipients, text)
smtp.quit()
else:
- recipients = string.join(recipients, " ")
- f = os.popen("%s -oi -f '%s' %s" %
- (self.mlm.sendmail, envelope_sender, recipients),
- "w")
- f.write(text)
- f.close()
+ forkexec([self.mlm.sendmail, "-oi", "-f", envelope_sender] +
+ recipients, text)
else:
debug("send_mail: no recipients, not sending")
Index: enemies-of-carlotta.spec
===================================================================
RCS file: /cvs/extras/rpms/enemies-of-carlotta/FC-4/enemies-of-carlotta.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- enemies-of-carlotta.spec 18 May 2005 14:03:36 -0000 1.3
+++ enemies-of-carlotta.spec 13 Dec 2006 17:39:35 -0000 1.4
@@ -1,6 +1,6 @@
Name: enemies-of-carlotta
Version: 1.0.3
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: A simple mailing list manager
Group: Applications/Internet
@@ -8,6 +8,7 @@
URL: http://liw.iki.fi/liw/eoc
Source0: http://liw.iki.fi/liw/eoc/%{name}-%{version}.tar.gz
Patch0: enemies-of-carlotta-1.0.3-Makefile.patch
+Patch1: enemies-of-carlotta-1.0.3-shellquote.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: python >= 2.1
@@ -24,6 +25,7 @@
%prep
%setup -q
%patch0 -p1 -b .Makefile
+%patch1 -p1 -b .shellquote
%build
@@ -54,6 +56,9 @@
%changelog
+* Wed Dec 13 2006 Ralf Ertzinger <ralf at skytale.net> 1.0.3-4.fc4
+- Add security bugfix for CVE-2006-5875 from upstream
+
* Tue May 17 2005 Ralf Ertzinger <ralf at skytale.net> 1.0.3-3
- Added %%{dist}
- Made package noarch
More information about the fedora-extras-commits
mailing list