You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2007/02/05 20:30:00 UTC
svn commit: r503835 - /spamassassin/branches/3.1/sa-update.raw
Author: felicity
Date: Mon Feb 5 11:30:00 2007
New Revision: 503835
URL: http://svn.apache.org/viewvc?view=rev&rev=503835
Log:
bug 5240: disable plugins by default via sa-update unless new --allowplugins option is specified
Modified:
spamassassin/branches/3.1/sa-update.raw
Modified: spamassassin/branches/3.1/sa-update.raw
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.1/sa-update.raw?view=diff&rev=503835&r1=503834&r2=503835
==============================================================================
--- spamassassin/branches/3.1/sa-update.raw (original)
+++ spamassassin/branches/3.1/sa-update.raw Mon Feb 5 11:30:00 2007
@@ -147,6 +147,7 @@
'version|V' => \$opt{'version'},
'help|h|?' => \$opt{'help'},
'checkonly' => \$opt{'checkonly'},
+ 'allowplugins' => \$opt{'allowplugins'},
# allow multiple of these on the commandline
'gpgkey=s' => $opt{'gpgkey'},
@@ -911,9 +912,16 @@
if (open OUT, ">".$outfname) {
my $content = $tar->get_content($file);
- # replace macros in the update files if it's a .pre or .cf
if ($outfname =~ /\.(?:pre|cf)$/) {
+ # replace macros in the update files if it's a .pre or .cf
$content =~ s/\@\@([^\@]+)\@\@/$MACRO_VALUES{$1} || "\@\@$1\@\@"/ge;
+
+ # also, if --allowplugins is not specified, comment out
+ # all loadplugin or tryplugin lines
+ if ( !$opt{'allowplugins'} ) {
+ $content =~ s{^(\s*(?:load|try)plugin)\b}
+ {#(commented by sa-update, no --allowplugins switch specified)# $1}gmx;
+ }
}
print OUT $content;
@@ -1240,6 +1248,7 @@
Use multiple times for multiple channels
--channelfile file Retrieve updates from the channels in the file
--checkonly Check for update availability, do not install
+ --allowplugins Allow updates to load plugin code
--gpgkey key Trust the key id to sign releases
Use multiple times for multiple keys
--gpgkeyfile file Trust the key ids in the file to sign releases
@@ -1293,6 +1302,12 @@
Only check if an update is available, don't actually download and install it.
The exit code will be C<0> or C<1> as described below.
+
+=item B<--allowplugins>
+
+Allow downloaded updates to activate plugins. The default is not to
+activate plugins; any C<loadplugin> or C<tryplugin> lines will be commented
+in the downloaded update rules files.
=item B<--gpg>, B<--nogpg>