Olivier Berger wrote:
On Thu, Oct 09, 2008 at 05:25:50PM +0200, Patrick Schoenfeld wrote:
Hi,
On Thu, Oct 09, 2008 at 03:17:43PM +0300, Niko Tyni wrote:
Line 212 in the postinst breaks if sympa/key_password contains sed
metacharacters, for instance 'a/b/c' as above.
attached is a patch for this issue.
Best Regards,
Patrick
--- sympa-5.3.4/debian/postinst 2008-10-09 17:20:42.000000000 +0200
+++ sympa-5.3.4.patched/debian/postinst 2008-10-09 17:20:18.433756307 +0200
@@ -208,8 +208,10 @@
if ! grep -q "^#-- S/MIME configuration" /etc/sympa/sympa.conf ; then
db_get sympa/key_password
key_password="$RET"
+ # Escape the character which is used in the sed command
+ key_password="`echo $key_password|sed 's/|/\\\|/g'`"
- sed -e "s/@KEY_PASSWORD@/$key_password/" \
+ sed -e "s|@KEY_PASSWORD@|$key_password|" \
/etc/sympa/sympa.conf-smime.in >>/etc/sympa/sympa.conf
chown sympa:sympa /etc/sympa/sympa.conf
fi
What if one uses something like '\' characther in the password ?
The attached patch is tested with the string "a/b|c\".
It should be more robust by principle as the replacement string is read from environment
and special quoting isn't needed.
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
Index: postinst
===================================================================
RCS file: /home/cvs/debian/sympa/debian/postinst,v
retrieving revision 1.67.2.3
diff -u -r1.67.2.3 postinst
--- postinst 5 Oct 2008 09:51:13 -0000 1.67.2.3
+++ postinst 10 Oct 2008 12:16:15 -0000
@@ -208,8 +208,9 @@
if ! grep -q "^#-- S/MIME configuration" /etc/sympa/sympa.conf ; then
db_get sympa/key_password
key_password="$RET"
+ export key_password
- sed -e "s/@KEY_PASSWORD@/$key_password/" \
+ perl -p -e 's/[EMAIL PROTECTED]@/$ENV{key_password}/' \
/etc/sympa/sympa.conf-smime.in >>/etc/sympa/sympa.conf
chown sympa:sympa /etc/sympa/sympa.conf
fi