From 0cf975aeb5c7776e8317d53021d8e4009539eb67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Attila=20F=C3=BCl=C3=B6p?= Date: Fri, 5 Oct 2018 23:13:30 +0000 Subject: [PATCH] mail/spamassassin: update to 3.4.2 Fixes CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781. --- mail/spamassassin/Makefile | 7 ++-- mail/spamassassin/distinfo | 25 +++++------- mail/spamassassin/patches/patch-Makefile.PL | 40 ++++++++++--------- mail/spamassassin/patches/patch-ae | 12 ------ ...patch-lib_Mail_SpamAssassin_DnsResolver.pm | 16 -------- ...atch-lib_Mail_SpamAssassin_PerMsgStatus.pm | 28 ------------- mail/spamassassin/patches/patch-sa-compile | 25 ------------ .../patches/patch-spamc_libspamc.c | 12 ++---- 8 files changed, 39 insertions(+), 126 deletions(-) delete mode 100644 mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm delete mode 100644 mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_PerMsgStatus.pm delete mode 100644 mail/spamassassin/patches/patch-sa-compile diff --git a/mail/spamassassin/Makefile b/mail/spamassassin/Makefile index 6a5699862e57..9bcaa2336f4e 100644 --- a/mail/spamassassin/Makefile +++ b/mail/spamassassin/Makefile @@ -1,8 +1,7 @@ # $NetBSD: Makefile,v 1.131 2018/08/22 09:45:34 wiz Exp $ -DISTNAME= Mail-SpamAssassin-3.4.1 -PKGNAME= spamassassin-3.4.1 -PKGREVISION= 9 +DISTNAME= Mail-SpamAssassin-3.4.2 +PKGNAME= spamassassin-3.4.2 CATEGORIES= mail perl5 MASTER_SITES= ${MASTER_SITE_APACHE:=spamassassin/source/} DISTFILES= ${DISTNAME}${EXTRACT_SUFX} @@ -20,7 +19,7 @@ LICENSE= apache-2.0 SMF_METHODS= spamassassin -RULESARCHIVE= Mail-SpamAssassin-rules-3.4.1.r1675274.tgz +RULESARCHIVE= Mail-SpamAssassin-rules-3.4.2.r1840640.tgz #RULESARCHIVEASC=${RULESARCHIVE}.asc #RULESARCHIVESHA=${RULESARCHIVE}.sha1 FILES_SUBST+= RULESARCHIVE=${RULESDIR}/${RULESARCHIVE} diff --git a/mail/spamassassin/distinfo b/mail/spamassassin/distinfo index ec3a822e2694..bee7f6589f36 100644 --- a/mail/spamassassin/distinfo +++ b/mail/spamassassin/distinfo @@ -1,19 +1,16 @@ $NetBSD: distinfo,v 1.71 2018/03/17 09:14:35 tnn Exp $ -SHA1 (Mail-SpamAssassin-3.4.1.tar.gz) = e7b342d30f4983f70f4234480b489ccc7d2aa615 -RMD160 (Mail-SpamAssassin-3.4.1.tar.gz) = 4b7d6a6def068eb015e8d4699db410ade76b28f3 -SHA512 (Mail-SpamAssassin-3.4.1.tar.gz) = 6a074f1a4177e1969cef575fe3b1b844d27c813d48fe1e07a46f56ffa728fc780897597d00f11acb269317a6308f284f0dee544d504da874d93b0549d094a6a3 -Size (Mail-SpamAssassin-3.4.1.tar.gz) = 3174888 bytes -SHA1 (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = fcbcbf767f8c0b1b2ce2c3be4010cf6130f826b9 -RMD160 (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = 7ed097fa0b8fddc43f73985f0474c45b497c0d95 -SHA512 (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = b5822c116b5b3c558cbbc7a92dcf134a8e0338fa6e038e19ac34111d90c4fa0755111f36e61146674a9ad3b44c55a73941f103a12c4da50b17b05f95557efc6b -Size (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = 270622 bytes -SHA1 (patch-Makefile.PL) = d322d7fb7286d5cf87ca775f9c381db32626e060 +SHA1 (Mail-SpamAssassin-3.4.2.tar.gz) = f24c471d6594f60f1a1146a11bcb1c2f5215de03 +RMD160 (Mail-SpamAssassin-3.4.2.tar.gz) = dd3cbd744a642478d5773e2fb524461b2cd864e3 +SHA512 (Mail-SpamAssassin-3.4.2.tar.gz) = 85e3d78bb885ad1d0bf2066d1bc919d6ad5e9f86795069397e7c28cc1ba02870566ec014c08c81f68e7ed03b7f60d2de0b9730b3415b35d848abde2c8920a28f +Size (Mail-SpamAssassin-3.4.2.tar.gz) = 3185452 bytes +SHA1 (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = c93006e1572297f816a0e186a98cbbae246a4945 +RMD160 (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = d1f5d207176e51e37c346b2b6ce893b50341011d +SHA512 (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = 38b5f4dc6e6776937e787123c265ecd9a0a2f60aca1b57d6ed4a8f78cf81550478eddd0829b1255e9e8ce64421e06cc13ae82f1a597e893b65f0d07ba8c53a7f +Size (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = 284758 bytes +SHA1 (patch-Makefile.PL) = f598b173e73130b55714413d5fc55e29ca6a3c4f SHA1 (patch-README) = 5d2aaecc4791e4f76df1078c17036cc23a39a8d0 -SHA1 (patch-ae) = d46b1d8f56c8c61936c307f74b39a49da1b1f353 -SHA1 (patch-lib_Mail_SpamAssassin_DnsResolver.pm) = 129386c70010f6005ff93d4c237c219fe5b8a4a9 -SHA1 (patch-lib_Mail_SpamAssassin_PerMsgStatus.pm) = 414255bf5ffb2083029950bb38309716616803ce -SHA1 (patch-sa-compile) = e8a92060eefbc1c95b7b2c674fc69686a66f230b +SHA1 (patch-ae) = e6e83c1de1002b8db647779d17740e67103b69d8 SHA1 (patch-sa-update) = 59cba1287051042fc7f510f5e5ef462e2ee8d034 -SHA1 (patch-spamc_libspamc.c) = 9175012a0e06faaf6a425da65438ba8e2c29f1f1 +SHA1 (patch-spamc_libspamc.c) = 757b845df445414d4ba0c2fb039dbc6d9e68b85f SHA1 (patch-spamd_netbsd-rc-script.sh) = 192fc1876ee30a4475c0efd9be6340e87d9fa2f4 diff --git a/mail/spamassassin/patches/patch-Makefile.PL b/mail/spamassassin/patches/patch-Makefile.PL index 1f8e3cc6a154..2ca0863d478b 100644 --- a/mail/spamassassin/patches/patch-Makefile.PL +++ b/mail/spamassassin/patches/patch-Makefile.PL @@ -7,7 +7,7 @@ $NetBSD: patch-Makefile.PL,v 1.2 2015/09/09 19:13:49 christos Exp $ --- Makefile.PL.orig 2015-04-28 15:57:01.000000000 -0400 +++ Makefile.PL 2015-09-09 14:59:06.000000000 -0400 -@@ -133,6 +133,7 @@ +@@ -139,6 +139,7 @@ 'spamassassin.raw' => 'spamassassin', 'sa-learn.raw' => 'sa-learn', 'sa-update.raw' => 'sa-update', @@ -15,31 +15,33 @@ $NetBSD: patch-Makefile.PL,v 1.2 2015/09/09 19:13:49 christos Exp $ 'sa-compile.raw' => 'sa-compile', 'sa-awl.raw' => 'sa-awl', 'sa-check_spamd.raw' => 'sa-check_spamd', -@@ -1093,21 +1094,23 @@ +@@ -1120,15 +1121,16 @@ conf__install: -$(MKPATH) $(B_CONFDIR) -- $(PERL) -MFile::Copy -e "copy(q{rules/local.cf}, q{$(B_CONFDIR)/local.cf}) unless -f q{$(B_CONFDIR)/local.cf}" -- $(PERL) -MFile::Copy -e "copy(q{rules/init.pre}, q{$(B_CONFDIR)/init.pre}) unless -f q{$(B_CONFDIR)/init.pre}" -- $(PERL) -MFile::Copy -e "copy(q{rules/v310.pre}, q{$(B_CONFDIR)/v310.pre}) unless -f q{$(B_CONFDIR)/v310.pre}" -- $(PERL) -MFile::Copy -e "copy(q{rules/v312.pre}, q{$(B_CONFDIR)/v312.pre}) unless -f q{$(B_CONFDIR)/v312.pre}" -- $(PERL) -MFile::Copy -e "copy(q{rules/v320.pre}, q{$(B_CONFDIR)/v320.pre}) unless -f q{$(B_CONFDIR)/v320.pre}" -- $(PERL) -MFile::Copy -e "copy(q{rules/v330.pre}, q{$(B_CONFDIR)/v330.pre}) unless -f q{$(B_CONFDIR)/v330.pre}" -- $(PERL) -MFile::Copy -e "copy(q{rules/v340.pre}, q{$(B_CONFDIR)/v340.pre}) unless -f q{$(B_CONFDIR)/v340.pre}" -- $(PERL) -MFile::Copy -e "copy(q{rules/v341.pre}, q{$(B_CONFDIR)/v341.pre}) unless -f q{$(B_CONFDIR)/v341.pre}" +- $(PERL) -MFile::Copy -e "copy(q[rules/local.cf], q{$(B_CONFDIR)/local.cf}) unless -f q{$(B_CONFDIR)/local.cf}" +- $(PERL) -MFile::Copy -e "copy(q[rules/init.pre], q{$(B_CONFDIR)/init.pre}) unless -f q{$(B_CONFDIR)/init.pre}" +- $(PERL) -MFile::Copy -e "copy(q[rules/v310.pre], q{$(B_CONFDIR)/v310.pre}) unless -f q{$(B_CONFDIR)/v310.pre}" +- $(PERL) -MFile::Copy -e "copy(q[rules/v312.pre], q{$(B_CONFDIR)/v312.pre}) unless -f q{$(B_CONFDIR)/v312.pre}" +- $(PERL) -MFile::Copy -e "copy(q[rules/v320.pre], q{$(B_CONFDIR)/v320.pre}) unless -f q{$(B_CONFDIR)/v320.pre}" +- $(PERL) -MFile::Copy -e "copy(q[rules/v330.pre], q{$(B_CONFDIR)/v330.pre}) unless -f q{$(B_CONFDIR)/v330.pre}" +- $(PERL) -MFile::Copy -e "copy(q[rules/v340.pre], q{$(B_CONFDIR)/v340.pre}) unless -f q{$(B_CONFDIR)/v340.pre}" +- $(PERL) -MFile::Copy -e "copy(q[rules/v341.pre], q{$(B_CONFDIR)/v341.pre}) unless -f q{$(B_CONFDIR)/v341.pre}" +- $(PERL) -MFile::Copy -e "copy(q[rules/v342.pre], q{$(B_CONFDIR)/v342.pre}) unless -f q{$(B_CONFDIR)/v342.pre}" + # manage local.cf and *.pre through pkgsrc .mk files -+ # $(PERL) -MFile::Copy -e "copy(q{rules/local.cf}, q{$(B_CONFDIR)/local.cf}) unless -f q{$(B_CONFDIR)/local.cf}" -+ # $(PERL) -MFile::Copy -e "copy(q{rules/init.pre}, q{$(B_CONFDIR)/init.pre}) unless -f q{$(B_CONFDIR)/init.pre}" -+ # $(PERL) -MFile::Copy -e "copy(q{rules/v310.pre}, q{$(B_CONFDIR)/v310.pre}) unless -f q{$(B_CONFDIR)/v310.pre}" -+ # $(PERL) -MFile::Copy -e "copy(q{rules/v312.pre}, q{$(B_CONFDIR)/v312.pre}) unless -f q{$(B_CONFDIR)/v312.pre}" -+ # $(PERL) -MFile::Copy -e "copy(q{rules/v320.pre}, q{$(B_CONFDIR)/v320.pre}) unless -f q{$(B_CONFDIR)/v320.pre}" -+ # $(PERL) -MFile::Copy -e "copy(q{rules/v330.pre}, q{$(B_CONFDIR)/v330.pre}) unless -f q{$(B_CONFDIR)/v330.pre}" -+ # $(PERL) -MFile::Copy -e "copy(q{rules/v340.pre}, q{$(B_CONFDIR)/v340.pre}) unless -f q{$(B_CONFDIR)/v340.pre}" -+ # $(PERL) -MFile::Copy -e "copy(q{rules/v341.pre}, q{$(B_CONFDIR)/v341.pre}) unless -f q{$(B_CONFDIR)/v341.pre}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/local.cf], q{$(B_CONFDIR)/local.cf}) unless -f q{$(B_CONFDIR)/local.cf}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/init.pre], q{$(B_CONFDIR)/init.pre}) unless -f q{$(B_CONFDIR)/init.pre}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/v310.pre], q{$(B_CONFDIR)/v310.pre}) unless -f q{$(B_CONFDIR)/v310.pre}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/v312.pre], q{$(B_CONFDIR)/v312.pre}) unless -f q{$(B_CONFDIR)/v312.pre}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/v320.pre], q{$(B_CONFDIR)/v320.pre}) unless -f q{$(B_CONFDIR)/v320.pre}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/v330.pre], q{$(B_CONFDIR)/v330.pre}) unless -f q{$(B_CONFDIR)/v330.pre}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/v340.pre], q{$(B_CONFDIR)/v340.pre}) unless -f q{$(B_CONFDIR)/v340.pre}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/v341.pre], q{$(B_CONFDIR)/v341.pre}) unless -f q{$(B_CONFDIR)/v341.pre}" ++ # $(PERL) -MFile::Copy -e "copy(q[rules/v342.pre], q{$(B_CONFDIR)/v342.pre}) unless -f q{$(B_CONFDIR)/v342.pre}" data__install: - -$(MKPATH) $(B_DATADIR) + -$(MKPATH) $(B_DATADIR) $(PERL) -e "map unlink, <$(B_DATADIR)/*>" $(PREPROCESS) $(FIXVARS) -m$(PERM_RW) -Irules -O$(B_DATADIR) $(DATAFILES) - $(CHMOD) $(PERM_RWX) $(B_DATADIR) diff --git a/mail/spamassassin/patches/patch-ae b/mail/spamassassin/patches/patch-ae index f553a0a19b19..511b16d4d988 100644 --- a/mail/spamassassin/patches/patch-ae +++ b/mail/spamassassin/patches/patch-ae @@ -4,18 +4,6 @@ $NetBSD: patch-ae,v 1.13 2007/06/12 21:43:30 heinz Exp $ --- spamd/spamd.raw.orig 2007-04-23 14:15:48.000000000 +0200 +++ spamd/spamd.raw -@@ -2404,8 +2404,9 @@ sub backtrace_handler { - } - - sub daemonize { -- # Pretty command line in ps -- $0 = join (' ', $ORIG_ARG0, @ORIG_ARGV) unless would_log("dbg"); -+ # no pretty 'ps' command line (easier for pkgsrc rc script) -+ # # Pretty command line in ps -+ # $0 = join (' ', $ORIG_ARG0, @ORIG_ARGV) unless would_log("dbg"); - - # be a nice daemon and chdir to the root so we don't block any - # unmount attempts @@ -2664,12 +2665,12 @@ Create user preferences files if they do =item B<-C> I, B<--configpath>=I diff --git a/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm b/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm deleted file mode 100644 index 83b1ec628030..000000000000 --- a/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-lib_Mail_SpamAssassin_DnsResolver.pm,v 1.5 2016/11/10 20:25:50 roy Exp $ - -Taken from upstream to fix using newer Net::DNS - ---- lib/Mail/SpamAssassin/DnsResolver.pm.orig 2016-11-10 20:06:02.000000000 +0000 -+++ lib/Mail/SpamAssassin/DnsResolver.pm -@@ -592,6 +592,9 @@ sub new_dns_packet { - }; - - if ($packet) { -+ # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223 -+ $packet->header->rd(1); -+ - # my $udp_payload_size = $self->{res}->udppacketsize; - my $udp_payload_size = $self->{conf}->{dns_options}->{edns}; - if ($udp_payload_size && $udp_payload_size > 512) { diff --git a/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_PerMsgStatus.pm b/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_PerMsgStatus.pm deleted file mode 100644 index 673c89bf62af..000000000000 --- a/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_PerMsgStatus.pm +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-lib_Mail_SpamAssassin_PerMsgStatus.pm,v 1.3 2017/07/09 22:12:12 schmonz Exp $ - -Apply upstream patch (SVN rev 1791010) to fix "Unescaped left brace in -regex is deprecated here (and will be fatal in Perl 5.30)". - ---- lib/Mail/SpamAssassin/PerMsgStatus.pm.orig 2015-04-28 19:56:49.000000000 +0000 -+++ lib/Mail/SpamAssassin/PerMsgStatus.pm -@@ -914,16 +914,16 @@ sub get_content_preview { - $str .= shift @{$ary}; - } - undef $ary; -- chomp ($str); $str .= " [...]\n"; - - # in case the last line was huge, trim it back to around 200 chars - local $1; -- $str =~ s/^(.{,200}).*$/$1/gs; -+ $str =~ s/^(.{200}).+$/$1 [...]/gm; -+ chomp ($str); $str .= "\n"; - - # now, some tidy-ups that make things look a bit prettier -- $str =~ s/-----Original Message-----.*$//gs; -+ $str =~ s/-----Original Message-----.*$//gm; - $str =~ s/This is a multi-part message in MIME format\.//gs; -- $str =~ s/[-_\*\.]{10,}//gs; -+ $str =~ s/[-_*.]{10,}//gs; - $str =~ s/\s+/ /gs; - - # add "Content preview:" ourselves, so that the text aligns diff --git a/mail/spamassassin/patches/patch-sa-compile b/mail/spamassassin/patches/patch-sa-compile deleted file mode 100644 index c5e0f4b8ad17..000000000000 --- a/mail/spamassassin/patches/patch-sa-compile +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-sa-compile,v 1.1 2014/04/26 13:55:10 tron Exp $ - -Use full path of "re2c" binary to make sure that "sa-compile" works -with a default command search path. - ---- sa-compile.raw.orig 2014-02-07 08:36:38.000000000 +0000 -+++ sa-compile.raw 2014-04-26 14:40:47.000000000 +0100 -@@ -108,7 +108,7 @@ - or die "error writing: $!"; - exit 1; - } --unless (qx(re2c -V)) { -+unless (qx($PREFIX/bin/re2c -V)) { - print "$0 requires re2c for proper operation.\n" - or die "error writing: $!"; - exit 1; -@@ -451,7 +451,7 @@ - } - - for (1..$numscans) { -- my $cmd = "re2c -i -b -o scanner$_.c scanner$_.re"; -+ my $cmd = "$PREFIX/bin/re2c -i -b -o scanner$_.c scanner$_.re"; - if (!run($cmd)) { - # this must be fatal; it can result in corrupt output modules missing - # scannerN() functions diff --git a/mail/spamassassin/patches/patch-spamc_libspamc.c b/mail/spamassassin/patches/patch-spamc_libspamc.c index f8b27d2aa08a..56b734757efc 100644 --- a/mail/spamassassin/patches/patch-spamc_libspamc.c +++ b/mail/spamassassin/patches/patch-spamc_libspamc.c @@ -5,24 +5,20 @@ Fixes build with current openssl. --- spamc/libspamc.c.orig 2015-04-28 19:56:59.000000000 +0000 +++ spamc/libspamc.c -@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp, +@@ -1214,7 +1214,7 @@ if (flags & SPAMC_USE_SSL) { #ifdef SPAMC_SSL SSLeay_add_ssl_algorithms(); -- if (flags & SPAMC_TLSV1) { -- meth = TLSv1_client_method(); -- } else { -- meth = SSLv3_client_method(); /* default */ -- } +- meth = SSLv23_client_method(); + meth = TLSv1_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new(meth); #else -@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c +@@ -1601,7 +1601,7 @@ if (flags & SPAMC_USE_SSL) { #ifdef SPAMC_SSL SSLeay_add_ssl_algorithms(); -- meth = SSLv3_client_method(); +- meth = SSLv23_client_method(); + meth = TLSv1_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new(meth);