From: Don Armstrong <don@donarmstrong.com>
Date: Fri, 6 Aug 2010 04:52:36 +0000 (-0400)
Subject: * Various changes to make debbugs-local work better (Closes: #585796)
X-Git-Tag: release/2.6.0~415^2~28
X-Git-Url: https://git.donarmstrong.com/?p=debbugs.git;a=commitdiff_plain;h=03cad65103808bca0f63bc182e1b7827014471fe

* Various changes to make debbugs-local work better (Closes: #585796)
  - Add libnet-server-fork-perl to Depends for debbugs-local
  - Sanitize env in -T code
---

diff --git a/cgi/bugreport.cgi b/cgi/bugreport.cgi
index 8692146..8ad688f 100755
--- a/cgi/bugreport.cgi
+++ b/cgi/bugreport.cgi
@@ -1,8 +1,13 @@
-#!/usr/bin/perl -wT
+#!/usr/bin/perl
 
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
 use POSIX qw(strftime);
 use MIME::Parser;
 use MIME::Decoder;
diff --git a/cgi/pkgreport.cgi b/cgi/pkgreport.cgi
index b70a5cb..4f4ea80 100755
--- a/cgi/pkgreport.cgi
+++ b/cgi/pkgreport.cgi
@@ -13,6 +13,11 @@
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
 use POSIX qw(strftime nice);
 
 use Debbugs::Config qw(:globals :text :config);
diff --git a/debian/changelog b/debian/changelog
index 923c161..ae5278c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -29,6 +29,9 @@ debbugs (2.4.2~exp1) experimental; urgency=low
     Wirzenius
   * Don't RFC1522 escape ", ( and ). (Closes: #588859). Thanks to Glenn
     Morris
+  * Various changes to make debbugs-local work better (Closes: #585796) 
+    - Add libnet-server-fork-perl to Depends for debbugs-local
+    - Sanitize env in -T code
 
  -- Don Armstrong <don@debian.org>  Wed, 26 Aug 2009 21:32:53 -0700