spamassassin/SOURCES/spamassassin-3.4.2-fix-CVE-2020-1930.patch

diff --git a/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm b/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
index 2d931ea..7b6244e 100644
--- a/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
+++ b/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
@@ -89,17 +89,19 @@ sub do_one_line_body_tests {
     loop_body => sub
   {
     my ($self, $pms, $conf, $rulename, $pat, %opts) = @_;
-    $pat = untaint_var($pat);
-    my $sub;
+    my $sub = '
+      my ($self, $line) = @_;
+      my $qrptr = $self->{main}->{conf}->{test_qrs};
+    ';
 
     if (($conf->{tflags}->{$rulename}||'') =~ /\bmultiple\b/)
     {
       # avoid [perl #86784] bug (fixed in 5.13.x), access the arg through ref
-      $sub = '
-      my $lref = \$_[1];
+      $sub .= '
+      my $lref = \$line;
       pos $$lref = 0;
       '.$self->hash_line_for_rule($pms, $rulename).'
-      while ($$lref =~ '.$pat.'g) {
+      while ($$lref =~ /$qrptr->{q{'.$rulename.'}}/go) {
         my $self = $_[0];
         $self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
         '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body",
@@ -108,9 +110,9 @@ sub do_one_line_body_tests {
       ';
 
     } else {
-      $sub = '
+      $sub .= '
       '.$self->hash_line_for_rule($pms, $rulename).'
-      if ($_[1] =~ '.$pat.') {
+      if ($line =~ /$qrptr->{q{'.$rulename.'}}/o) {
         my $self = $_[0];
         $self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
         '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", "return 1") . '