https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7418
Bug ID: 7418
Summary: SHA1 verification of rule updates fails if curl is
used
Product: Spamassassin
Version: 3.4.1
Hardware: PC
OS: Windows 7
Status: NEW
Severity: normal
Priority: P2
Component: sa-update
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
On Windows, if curl (or another external tool) is used by sa-update for
downloading rule updates, the SHA1 verification of the downloaded files will
fail.
The reason is that Windows uses different line endings than Unix. If you read a
file in "text mode" in Perl, the line endings will automatically be converted.
If you then calculate a hash of the contents of a binary file, you will not get
the expected result. A binary file needs to be read in "binary mode" by calling
binmode [^1] on the file handle before reading from the file.
[^1]: http://perldoc.perl.org/functions/binmode.html
I have attached a patch that fixes the problem. It does so, by always calling
binmode if necessary. There is no good way for the subroutine `http_get` to
tell whether the file it has downloaded is a text file or a binary file. (The
routine could consider the MIME type, but that seemed overly complicated to
me). That is why I have decided to extract a new subroutine (`read_content`)
that will read the content, and that takes a parameter `$binary_mode` which
allows the user of the routine to tell it in which mode the file needs to be
read. `http_get` will not return the content of the file anymore. I have
adjusted all places where the routine is used accordingly.
--
You are receiving this mail because:
You are the assignee for the bug.
