/[smeserver]/rpms/smeserver-qpsmtpd/sme10/smeserver-qpsmtpd-2.7.0-bz11648-tnef2mime.patch
ViewVC logotype

Contents of /rpms/smeserver-qpsmtpd/sme10/smeserver-qpsmtpd-2.7.0-bz11648-tnef2mime.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Fri Sep 17 04:36:31 2021 UTC (3 years, 1 month ago) by jpp
Branch: MAIN
CVS Tags: smeserver-qpsmtpd-2_7_0-13_el7_sme, smeserver-qpsmtpd-2_7_0-6_el7_sme, smeserver-qpsmtpd-2_7_0-9_el7_sme, smeserver-qpsmtpd-2_7_0-7_el7_sme, smeserver-qpsmtpd-2_7_0-14_el7_sme, smeserver-qpsmtpd-2_7_0-8_el7_sme, smeserver-qpsmtpd-2_7_0-17_el7_sme, smeserver-qpsmtpd-2_7_0-12_el7_sme, smeserver-qpsmtpd-2_7_0-11_el7_sme, smeserver-qpsmtpd-2_7_0-5_el7_sme, smeserver-qpsmtpd-2_7_0-16_el7_sme, smeserver-qpsmtpd-2_7_0-15_el7_sme, smeserver-qpsmtpd-2_7_0-10_el7_sme, HEAD
Changes since 1.1: +101 -1 lines
* Thu Sep 16 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.7.0-5.sme
- fix tnef2mime FATAL PLUGIN ERROR  [SME: 11648]
  this will be a temp fix by redefining MIME::Parser::Filer::output_path
  until it has been fixed upstream

1 diff -Nur --no-dereference smeserver-qpsmtpd-2.7.0.old/root/usr/share/qpsmtpd/plugins/tnef2mime smeserver-qpsmtpd-2.7.0/root/usr/share/qpsmtpd/plugins/tnef2mime
2 --- smeserver-qpsmtpd-2.7.0.old/root/usr/share/qpsmtpd/plugins/tnef2mime 2008-10-07 11:05:17.000000000 -0400
3 +++ smeserver-qpsmtpd-2.7.0/root/usr/share/qpsmtpd/plugins/tnef2mime 2021-09-17 00:33:10.776000000 -0400
4 @@ -1,4 +1,4 @@
5 -#!/usr/bin/perl -wT
6 +#!/usr/bin/perl -w
7 =head1 NAME
8
9 tnef2mime
10 @@ -19,9 +19,56 @@
11
12
13 =cut
14 -
15 -
16 use MIME::Parser;
17 +{
18 +# this is a dirty fix regarding this bug https://rt.cpan.org/Ticket/Display.html?id=97886
19 +# this way we can keep on usinhg this plugin waiting for the upstream fix
20 +# the no warnings avoid message in qpsmtpd log on every mails saying we override the sub.
21 +no warnings;
22 +*MIME::Parser::Filer::output_path = sub {
23 + my ($self, $head) = @_;
24 +
25 + ### Get the output directory:
26 + my $dir = $self->output_dir($head);
27 +
28 + ### Get the output filename as UTF-8
29 + my $fname = $head->recommended_filename;
30 +
31 + ### Can we use it:
32 + if (!defined($fname)) {
33 + $self->debug("no filename recommended: synthesizing our own");
34 + $fname = $self->output_filename($head);
35 + }
36 + elsif ($self->ignore_filename) {
37 + $self->debug("ignoring all external filenames: synthesizing our own");
38 + $fname = $self->output_filename($head);
39 + }
40 + elsif ($self->evil_filename($fname)) {
41 +
42 + ### Can we save it by just taking the last element?
43 + my $ex = $self->exorcise_filename($fname);
44 + if (defined($ex) and !$self->evil_filename($ex)) {
45 + $self->whine("Provided filename '$fname' is regarded as evil, ",
46 + "but I was able to exorcise it and get something ",
47 + "usable.");
48 + $fname = $ex;
49 + }
50 + else {
51 + $self->whine("Provided filename '$fname' is regarded as evil; ",
52 + "I'm ignoring it and supplying my own.");
53 + $fname = $self->output_filename($head);
54 + }
55 + }
56 + $self->debug("planning to use '$fname'");
57 +
58 + #untaint dir and fname
59 + $self->debug("it is our own");
60 + $fname = ($fname =~ m/^([ \w_.:%-]+)$/ig) ? $1 : $self->output_filename($head);
61 + ### Resolve collisions and return final path:
62 + return $self->find_unused_path($dir, $fname);
63 +};
64 +}
65 +
66 use MIME::Entity;
67 use MIME::Head;
68 use File::MMagic;
69 @@ -117,13 +164,18 @@
70 my ($self, $transaction) = @_;
71 # new Parser Object
72 $parser = new MIME::Parser;
73 + # if you want to debug the Parser :
74 + #use MIME::Tools; MIME::Tools->debugging(1);
75 # temp output directory
76 $parser->output_under( $tmpdir );
77 $parser->extract_uuencode(1);
78
79 + #untainted filename
80 + $transaction->body_filename() =~ /^([:\-\/\w]+)\z/ or die "Disallowed characters in filename ".$transaction->body_filename();
81 + my $bdfilename = $1;
82 # read message body
83 - open BFN, $transaction->body_filename();
84 - $ent = $parser->parse(\*BFN);
85 + open BFN, "<", $bdfilename ;#$transaction->body_filename();
86 + $ent = $parser->parse(\*BFN);
87 my @keep = grep { keep_part($self, $_) } $ent->parts; # @keep now holds all non-tnef attachments
88 close BFN;
89
90 @@ -155,7 +207,7 @@
91 $transaction->header->add('X-TNEF2MIME-Plugin', $xac );
92 }
93 # write converted message body
94 - open BFN, ">" . $transaction->body_filename();
95 + open BFN, ">" , $bdfilename;#$transaction->body_filename();
96 $ent->print(\*BFN);
97 close BFN;
98 }
99 @@ -166,7 +218,9 @@
100 $tnefs[$i]->purge();
101 }
102
103 - my $output_dir = $parser->output_dir;
104 + #untainted filename
105 + $parser->output_dir =~ /^([:\-\/\w]+)\z/ or die "Disallowed characters in output dir ".$parser->output_dir;
106 + my $output_dir = $1;
107
108 opendir( DIR, $output_dir ) or die "Could not open temporary output dir $output_dir: $!\n";
109 while( defined( my $file = readdir( DIR ) ) )

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed