--- php-mail-1.1.6.orig/Mail/sendmail.php +++ php-mail-1.1.6/Mail/sendmail.php @@ -100,7 +100,7 @@ if (PEAR::isError($recipients)) { return $recipients; } - $recipients = escapeShellCmd(implode(' ', $recipients)); + $recipients = implode(' ', array_map('escapeshellarg', $recipients)); $headerElements = $this->prepareHeaders($headers); if (PEAR::isError($headerElements)) { @@ -119,7 +119,7 @@ $result = 0; if (@is_file($this->sendmail_path)) { - $from = escapeShellCmd($from); + $from = escapeShellArg($from); $mail = popen($this->sendmail_path . (!empty($this->sendmail_args) ? ' ' . $this->sendmail_args : '') . " -f$from -- $recipients", 'w'); fputs($mail, $text_headers); fputs($mail, $this->sep); // newline to end the headers section --- php-mail-1.1.6.orig/debian/compat +++ php-mail-1.1.6/debian/compat @@ -0,0 +1 @@ +4 --- php-mail-1.1.6.orig/debian/dirs +++ php-mail-1.1.6/debian/dirs @@ -0,0 +1,3 @@ +usr/share/php/ +usr/share/php/Mail/ +usr/share/php/tests/ --- php-mail-1.1.6.orig/debian/control +++ php-mail-1.1.6/debian/control @@ -0,0 +1,21 @@ +Source: php-mail +Section: web +Priority: optional +Maintainer: Debian PHP Maintainers +Uploaders: Adam Conrad , Ondřej Surý +Build-Depends: debhelper (>= 4.0) +Standards-Version: 3.6.2 + +Package: php-mail +Architecture: all +Depends: php-pear +Recommends: php-net-smtp (>= 1.1.0) +Replaces: php4-pear (<< 4:4.4.0-0) +Description: PHP PEAR module for sending email + PEAR's Mail:: package defines the interface for implementing mailers + under the PEAR hierarchy, and provides supporting functions useful + in multiple mailer backends. Currently supported are native PHP mail() + function, sendmail and SMTP. + . + This package also provides a RFC 822 Email address list validation + utility class. --- php-mail-1.1.6.orig/debian/copyright +++ php-mail-1.1.6/debian/copyright @@ -0,0 +1,83 @@ +This package was debianized by Ondrej Sury and is currently +maintained by the Debian PHP Maintainers + +It was downloaded from http://pear.php.net/package/Mail + +The upstream copyright is held by The PHP Group, and the source is under +the PHP License, version 2.02, the complete text of which follows: + +-------------------------------------------------------------------- + The PHP License, version 2.02 +Copyright (c) 1999 - 2002 The PHP Group. All rights reserved. +-------------------------------------------------------------------- + +Redistribution and use in source and binary forms, with or without +modification, is permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + 3. The name "PHP" must not be used to endorse or promote products + derived from this software without prior permission from the + PHP Group. This does not apply to add-on libraries or tools + that work in conjunction with PHP. In such a case the PHP + name may be used to indicate that the product supports PHP. + + 4. The PHP Group may publish revised and/or new versions of the + license from time to time. Each version will be given a + distinguishing version number. + Once covered code has been published under a particular version + of the license, you may always continue to use it under the + terms of that version. You may also choose to use such covered + code under the terms of any subsequent version of the license + published by the PHP Group. No one other than the PHP Group has + the right to modify the terms applicable to covered code created + under this License. + + 5. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes PHP, freely available from + http://www.php.net/". + + 6. The software incorporates the Zend Engine, a product of Zend + Technologies, Ltd. ("Zend"). The Zend Engine is licensed to the + PHP Association (pursuant to a grant from Zend that can be + found at http://www.php.net/license/ZendGrant/) for + distribution to you under this license agreement, only as a + part of PHP. In the event that you separate the Zend Engine + (or any portion thereof) from the rest of the software, or + modify the Zend Engine, or any portion thereof, your use of the + separated or modified Zend Engine software shall not be governed + by this license, and instead shall be governed by the license + set forth at http://www.zend.com/license/ZendLicense/. + + + +THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND +ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP +DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. + +-------------------------------------------------------------------- + +This software consists of voluntary contributions made by many +individuals on behalf of the PHP Group. + +The PHP Group can be contacted via Email at group@php.net. + +For more information on the PHP Group and the PHP project, +please see . --- php-mail-1.1.6.orig/debian/changelog +++ php-mail-1.1.6/debian/changelog @@ -0,0 +1,27 @@ +php-mail (1.1.6-2+etch1build0.8.04.1) hardy-security; urgency=low + + * fake sync from Debian + + -- Jamie Strandboge Sat, 12 Dec 2009 09:28:32 -0600 + +php-mail (1.1.6-2+etch1) oldstable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix a command injection vulnerability in sendmail.php (Closes: #557121) + + -- Raphael Geissert Fri, 20 Nov 2009 12:34:29 -0600 + +php-mail (1.1.6-2) unstable; urgency=low + + * Need to replace php4-pear (<< 4:4.4.0-0), yes the epoch matters. + * Update debian/copyright to make sure the license is correct, the + Debian maintainers are mentioned, the upstream copyright holder + is mentioned and the upstream location is quoted. + + -- Adam Conrad Fri, 29 Jul 2005 08:37:35 +1000 + +php-mail (1.1.6-1) unstable; urgency=low + + * Initial release. + + -- Ondřej Surý Thu, 21 Jul 2005 09:45:07 +0200 --- php-mail-1.1.6.orig/debian/rules +++ php-mail-1.1.6/debian/rules @@ -0,0 +1,37 @@ +#!/usr/bin/make -f + +source=$(shell dpkg-parsechangelog | grep '^Source: ' | sed -e 's/^Source: //') + +build: + # Nothing to do here + +clean: + dh_testdir + dh_testroot + dh_clean + +binary: binary-arch binary-indep + # Nothing to do here + +binary-arch: + # Nothing to do here + +binary-indep: + dh_testdir + dh_installdirs + + # Custom package actions + cp Mail.php debian/$(source)/usr/share/php/ + cp Mail/* debian/$(source)/usr/share/php/Mail/ + cp tests/* debian/$(source)/usr/share/php/tests/ + + # Rest of the debhelper scripts + dh_testroot + dh_installchangelogs + dh_installdocs + dh_fixperms + dh_compress + dh_gencontrol + dh_md5sums + dh_builddeb +.PHONY: binary binary-arch binary-indep build clean