Re: NEW: sysutils/vifm

Tue, 02 Feb 2016 14:12:50 -0800 

> On Tue, Feb 02, 2016 at 05:09:34PM +0100, Tobias Ulmer wrote:
> > (libmagic is a security disaster waiting to happen in a file manager)
> 
On 2016/02/02 19:22, Landry Breuil wrote:
> sqlite> select distinct(fullpkgpath) from depends where dependspath like
> '%libmagic%';
[..]
> mail/amavisd-new,-main

Possible diff for amavisd-new below, I'm running it here, needs a bunch
more testing though.

> Then i guess we have other issues here.

Yep, it takes time to chip away at them.

Index: Makefile
===================================================================
RCS file: /cvs/ports/mail/amavisd-new/Makefile,v
retrieving revision 1.40
diff -u -p -r1.40 Makefile
--- Makefile    15 Jul 2015 19:26:44 -0000      1.40
+++ Makefile    2 Feb 2016 22:08:55 -0000
@@ -9,7 +9,7 @@ PKGNAME-main=           ${DISTNAME}
 PKGNAME-utils=         amavisd-new-utils-${V}
 CATEGORIES=            mail security
 
-REVISION-main=         2
+REVISION-main=         3
 REVISION-utils=                2
 
 HOMEPAGE=              http://www.amavis.org/
Index: patches/patch-amavisd
===================================================================
RCS file: /cvs/ports/mail/amavisd-new/patches/patch-amavisd,v
retrieving revision 1.12
diff -u -p -r1.12 patch-amavisd
--- patches/patch-amavisd       2 Feb 2016 21:58:32 -0000       1.12
+++ patches/patch-amavisd       2 Feb 2016 22:08:55 -0000
@@ -1,6 +1,18 @@
 $OpenBSD: patch-amavisd,v 1.12 2016/02/02 21:58:32 sthen Exp $
+
+Hunks 1, 3: Disable File::LibMagic in favour of safer file(1) from base.
+
 --- amavisd.orig       Sun Oct 26 00:06:00 2014
-+++ amavisd    Tue Feb  2 21:57:58 2016
++++ amavisd    Tue Feb  2 22:08:33 2016
+@@ -12557,7 +12557,7 @@ sub after_chroot_init() {
+                grep(/\.pm\z/, keys %INC)) {
+     next  if !grep($_ eq $m, qw(Amavis::Conf
+       Archive::Tar Archive::Zip Compress::Zlib Compress::Raw::Zlib
+-      Convert::TNEF Convert::UUlib File::LibMagic
++      Convert::TNEF Convert::UUlib
+       MIME::Entity MIME::Parser MIME::Tools Mail::Header Mail::Internet
+       Digest::MD5 Digest::SHA Digest::SHA1 Crypt::OpenSSL::RSA
+       Authen::SASL Authen::SASL::XS Authen::SASL::Cyrus Authen::SASL::Perl
 @@ -29847,7 +29847,7 @@ sub new_SpamAssassin_instance {
  #   PREFIX            => '/usr/local',
  #   DEF_RULES_DIR     => '/usr/local/share/spamassassin',
@@ -10,3 +22,21 @@ $OpenBSD: patch-amavisd,v 1.12 2016/02/0
  #see Mail::SpamAssassin man page for other options
    };
    if ($sa_version_num < 3.001005 && !defined $sa_args->{LOCAL_STATE_DIR})
+@@ -30595,17 +30595,8 @@ BEGIN {
+   import Amavis::Unpackers::NewFilename qw(consumed_bytes);
+ }
+ 
+-BEGIN {
+   use vars qw($filemagic);
+-  eval {
+-    require File::LibMagic;
+-    File::LibMagic->VERSION(1.00);
+-    import File::LibMagic;
+-    $filemagic = File::LibMagic->new;
+-  } or do {
+     undef $filemagic;
+-  };
+-}
+ 
+ use subs @EXPORT_OK;
+

Reply via email to