You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2007/02/05 20:30:00 UTC

svn commit: r503835 - /spamassassin/branches/3.1/sa-update.raw

Author: felicity
Date: Mon Feb  5 11:30:00 2007
New Revision: 503835

URL: http://svn.apache.org/viewvc?view=rev&rev=503835
Log:
bug 5240: disable plugins by default via sa-update unless new --allowplugins option is specified

Modified:
    spamassassin/branches/3.1/sa-update.raw

Modified: spamassassin/branches/3.1/sa-update.raw
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.1/sa-update.raw?view=diff&rev=503835&r1=503834&r2=503835
==============================================================================
--- spamassassin/branches/3.1/sa-update.raw (original)
+++ spamassassin/branches/3.1/sa-update.raw Mon Feb  5 11:30:00 2007
@@ -147,6 +147,7 @@
   'version|V'                           => \$opt{'version'},
   'help|h|?'                            => \$opt{'help'},
   'checkonly'                           => \$opt{'checkonly'},
+  'allowplugins'                        => \$opt{'allowplugins'},
 
   # allow multiple of these on the commandline
   'gpgkey=s'				=> $opt{'gpgkey'},
@@ -911,9 +912,16 @@
     if (open OUT, ">".$outfname) {
       my $content = $tar->get_content($file);
 
-      # replace macros in the update files if it's a .pre or .cf
       if ($outfname =~ /\.(?:pre|cf)$/) {
+        # replace macros in the update files if it's a .pre or .cf
         $content =~ s/\@\@([^\@]+)\@\@/$MACRO_VALUES{$1} || "\@\@$1\@\@"/ge;
+
+        # also, if --allowplugins is not specified, comment out
+        # all loadplugin or tryplugin lines
+        if ( !$opt{'allowplugins'} ) {
+          $content =~ s{^(\s*(?:load|try)plugin)\b}
+            {#(commented by sa-update, no --allowplugins switch specified)# $1}gmx;
+        }
       }
 
       print OUT $content;
@@ -1240,6 +1248,7 @@
                           Use multiple times for multiple channels
   --channelfile file      Retrieve updates from the channels in the file
   --checkonly             Check for update availability, do not install
+  --allowplugins          Allow updates to load plugin code
   --gpgkey key            Trust the key id to sign releases
                           Use multiple times for multiple keys
   --gpgkeyfile file       Trust the key ids in the file to sign releases
@@ -1293,6 +1302,12 @@
 
 Only check if an update is available, don't actually download and install it.
 The exit code will be C<0> or C<1> as described below.
+
+=item B<--allowplugins>
+
+Allow downloaded updates to activate plugins.  The default is not to
+activate plugins; any C<loadplugin> or C<tryplugin> lines will be commented
+in the downloaded update rules files.
 
 =item B<--gpg>, B<--nogpg>