From 6df75f9a0363eb6cd04fb8482185460861d7fd47 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Mon, 14 Jan 2019 13:23:06 +0000 Subject: [PATCH] - merged 3.4.2 from PLD --- bug-869408-unescaped-brace-in-regex.patch | 29 -- bug_828552-openssl-1.1.0 | 453 ---------------------- cronjob-sa-update.service | 5 - cronjob-sa-update.timer | 8 - disable_sslv3 | 276 ------------- dkim_subdomains | 64 --- fix-uninitialized-concat | 25 -- spamassassin-3.4.1-netdns.patch | 396 ------------------- spamassassin-perl-fix.patch | 12 - spamassassin.spec | 31 +- spamassassin.sysconfig | 2 +- 11 files changed, 9 insertions(+), 1292 deletions(-) delete mode 100644 bug-869408-unescaped-brace-in-regex.patch delete mode 100644 bug_828552-openssl-1.1.0 delete mode 100644 cronjob-sa-update.service delete mode 100644 cronjob-sa-update.timer delete mode 100644 disable_sslv3 delete mode 100644 dkim_subdomains delete mode 100644 fix-uninitialized-concat delete mode 100644 spamassassin-3.4.1-netdns.patch delete mode 100644 spamassassin-perl-fix.patch diff --git a/bug-869408-unescaped-brace-in-regex.patch b/bug-869408-unescaped-brace-in-regex.patch deleted file mode 100644 index 7056dd9..0000000 --- a/bug-869408-unescaped-brace-in-regex.patch +++ /dev/null @@ -1,29 +0,0 @@ -Description: Unescaped left brace in regex leads to warnings with perl 5.26 -Origin: https://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm?r1=1708863&r2=1791010&diff_format=h -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869408 - -Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm -=================================================================== ---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm -+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm -@@ -916,16 +916,16 @@ sub get_content_preview { - $str .= shift @{$ary}; - } - undef $ary; -- chomp ($str); $str .= " [...]\n"; - - # in case the last line was huge, trim it back to around 200 chars - local $1; -- $str =~ s/^(.{,200}).*$/$1/gs; -+ $str =~ s/^(.{200}).+$/$1 [...]/gm; -+ chomp ($str); $str .= "\n"; - - # now, some tidy-ups that make things look a bit prettier -- $str =~ s/-----Original Message-----.*$//gs; -+ $str =~ s/-----Original Message-----.*$//gm; - $str =~ s/This is a multi-part message in MIME format\.//gs; -- $str =~ s/[-_\*\.]{10,}//gs; -+ $str =~ s/[-_*.]{10,}//gs; - $str =~ s/\s+/ /gs; - - # add "Content preview:" ourselves, so that the text aligns diff --git a/bug_828552-openssl-1.1.0 b/bug_828552-openssl-1.1.0 deleted file mode 100644 index fd11d4a..0000000 --- a/bug_828552-openssl-1.1.0 +++ /dev/null @@ -1,453 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Thu, 22 Sep 2016 11:19:42 +0000 -Subject: [PATCH] spamassassin: get it compiled against openssl 1.1.0 - -CRYPTO_lock was part of the old locking API which got removed. I picked -a different symbol. - -Signed-off-by: Sebastian Andrzej Siewior ---- - spamc/configure | 22 +++++++++++----------- - spamc/configure.in | 2 +- - 2 files changed, 12 insertions(+), 12 deletions(-) - -Index: spamassassin-3.4.1/spamc/configure -=================================================================== ---- spamassassin-3.4.1.orig/spamc/configure -+++ spamassassin-3.4.1/spamc/configure -@@ -943,7 +943,7 @@ esac - else - echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 - fi -- cd "$ac_popdir" -+ cd $ac_popdir - done - fi - -@@ -1874,7 +1874,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -1932,7 +1933,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -2048,7 +2050,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -2102,7 +2105,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -2147,7 +2151,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -2191,7 +2196,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -2523,7 +2529,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -2693,7 +2700,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -2764,7 +2772,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -2917,7 +2926,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3069,7 +3079,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3260,7 +3271,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3323,7 +3335,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3388,7 +3401,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3491,7 +3505,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3557,7 +3572,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3628,7 +3644,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3666,9 +3683,9 @@ fi - SSLLIBS="" - SSLCFLAGS="" - if test yes = "$sa_ssl_enabled"; then -- echo "$as_me:$LINENO: checking for CRYPTO_lock in -lcrypto" >&5 --echo $ECHO_N "checking for CRYPTO_lock in -lcrypto... $ECHO_C" >&6 --if test "${ac_cv_lib_crypto_CRYPTO_lock+set}" = set; then -+ echo "$as_me:$LINENO: checking for CRYPTO_malloc in -lcrypto" >&5 -+echo $ECHO_N "checking for CRYPTO_malloc in -lcrypto... $ECHO_C" >&6 -+if test "${ac_cv_lib_crypto_CRYPTO_malloc+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 - else - ac_check_lib_save_LIBS=$LIBS -@@ -3686,11 +3703,11 @@ extern "C" - #endif - /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ --char CRYPTO_lock (); -+char CRYPTO_malloc (); - int - main () - { --CRYPTO_lock (); -+CRYPTO_malloc (); - ; - return 0; - } -@@ -3704,7 +3721,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3716,20 +3734,20 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then -- ac_cv_lib_crypto_CRYPTO_lock=yes -+ ac_cv_lib_crypto_CRYPTO_malloc=yes - else - echo "$as_me: failed program was:" >&5 - sed 's/^/| /' conftest.$ac_ext >&5 - --ac_cv_lib_crypto_CRYPTO_lock=no -+ac_cv_lib_crypto_CRYPTO_malloc=no - fi - rm -f conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS=$ac_check_lib_save_LIBS - fi --echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_lock" >&5 --echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_lock" >&6 --if test $ac_cv_lib_crypto_CRYPTO_lock = yes; then -+echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_malloc" >&5 -+echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_malloc" >&6 -+if test $ac_cv_lib_crypto_CRYPTO_malloc = yes; then - SSLLIBS="-lcrypto $SSLLIBS" - fi - -@@ -3771,7 +3789,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3804,7 +3823,7 @@ fi - # before defining SPAMC_SSL check that all its requirements are - # actually available - if test yes = "$ac_cv_header_openssl_crypto_h" && \ -- test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \ -+ test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \ - test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then - SSLCFLAGS="-DSPAMC_SSL" - else -@@ -3854,7 +3873,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -3927,7 +3947,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4000,7 +4021,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4073,7 +4095,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4182,7 +4205,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4246,7 +4270,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4311,7 +4336,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4368,7 +4394,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4435,7 +4462,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4500,7 +4528,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4564,7 +4593,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4628,7 +4658,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -4692,7 +4723,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' -+ { ac_try='test -z "$ac_c_werror_flag" -+ || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? -@@ -5527,6 +5559,11 @@ esac - - - -+ if test x"$ac_file" != x-; then -+ { echo "$as_me:$LINENO: creating $ac_file" >&5 -+echo "$as_me: creating $ac_file" >&6;} -+ rm -f "$ac_file" -+ fi - # Let's still pretend it is `configure' which instantiates (i.e., don't - # use $as_me), people would be surprised to read: - # /* config.h. Generated by config.status. */ -@@ -5565,12 +5602,6 @@ echo "$as_me: error: cannot find input f - fi;; - esac - done` || { (exit 1); exit 1; } -- -- if test x"$ac_file" != x-; then -- { echo "$as_me:$LINENO: creating $ac_file" >&5 --echo "$as_me: creating $ac_file" >&6;} -- rm -f "$ac_file" -- fi - _ACEOF - cat >>$CONFIG_STATUS <<_ACEOF - sed "$ac_vpsub -Index: spamassassin-3.4.1/spamc/configure.in -=================================================================== ---- spamassassin-3.4.1.orig/spamc/configure.in -+++ spamassassin-3.4.1/spamc/configure.in -@@ -64,13 +64,13 @@ AC_CHECK_LIB(socket, socket) - SSLLIBS="" - SSLCFLAGS="" - if test yes = "$sa_ssl_enabled"; then -- AC_CHECK_LIB(crypto, CRYPTO_lock,[SSLLIBS="-lcrypto $SSLLIBS"]) -+ AC_CHECK_LIB(crypto, CRYPTO_malloc,[SSLLIBS="-lcrypto $SSLLIBS"]) - AC_CHECK_LIB(ssl, SSL_CTX_free,[SSLLIBS="-lssl $SSLLIBS"],,-lcrypto) - - # before defining SPAMC_SSL check that all its requirements are - # actually available - if test yes = "$ac_cv_header_openssl_crypto_h" && \ -- test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \ -+ test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \ - test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then - SSLCFLAGS="-DSPAMC_SSL" - else diff --git a/cronjob-sa-update.service b/cronjob-sa-update.service deleted file mode 100644 index 7e39494..0000000 --- a/cronjob-sa-update.service +++ /dev/null @@ -1,5 +0,0 @@ -[Unit] -Description=Spamassassin Rules Updates - -[Service] -ExecStart=/usr/share/spamassassin/sa-update.cron diff --git a/cronjob-sa-update.timer b/cronjob-sa-update.timer deleted file mode 100644 index 0584895..0000000 --- a/cronjob-sa-update.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Spamassassin Rules Updates timer - -[Timer] -OnCalendar=4:10 - -[Install] -WantedBy=cronjobs.target diff --git a/disable_sslv3 b/disable_sslv3 deleted file mode 100644 index 794f07f..0000000 --- a/disable_sslv3 +++ /dev/null @@ -1,276 +0,0 @@ -Index: spamassassin-3.4.1/spamc/libspamc.c -=================================================================== ---- spamassassin-3.4.1.orig/spamc/libspamc.c -+++ spamassassin-3.4.1/spamc/libspamc.c -@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp, - unsigned int throwaway; - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; -- SSL_METHOD *meth; -+ const SSL_METHOD *meth; - char zlib_on = 0; - unsigned char *zlib_buf = NULL; - int zlib_bufsiz = 0; -@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp, - if (flags & SPAMC_USE_SSL) { - #ifdef SPAMC_SSL - SSLeay_add_ssl_algorithms(); -- if (flags & SPAMC_TLSV1) { -- meth = TLSv1_client_method(); -- } else { -- meth = SSLv3_client_method(); /* default */ -- } -+ meth = SSLv23_client_method(); - SSL_load_error_strings(); - ctx = SSL_CTX_new(meth); - #else -@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c - int failureval; - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; -- SSL_METHOD *meth; -+ const SSL_METHOD *meth; - - assert(tp != NULL); - assert(m != NULL); -@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c - if (flags & SPAMC_USE_SSL) { - #ifdef SPAMC_SSL - SSLeay_add_ssl_algorithms(); -- meth = SSLv3_client_method(); -+ meth = SSLv23_client_method(); - SSL_load_error_strings(); - ctx = SSL_CTX_new(meth); - #else -Index: spamassassin-3.4.1/spamc/spamc.c -=================================================================== ---- spamassassin-3.4.1.orig/spamc/spamc.c -+++ spamassassin-3.4.1/spamc/spamc.c -@@ -368,16 +368,11 @@ read_args(int argc, char **argv, - case 'S': - { - flags |= SPAMC_USE_SSL; -- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) { -- flags |= SPAMC_SSLV3; -- } -- else if (strcmp(spamc_optarg,"tlsv1") == 0) { -- flags |= SPAMC_TLSV1; -- } -- else { -- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg); -- ret = EX_USAGE; -- } -+ if(spamc_optarg) { -+ libspamc_log(flags, LOG_ERR, -+ "Explicit specification of an SSL/TLS version no longer supported."); -+ ret = EX_USAGE; -+ } - break; - } - #endif -Index: spamassassin-3.4.1/spamd/spamd.raw -=================================================================== ---- spamassassin-3.4.1.orig/spamd/spamd.raw -+++ spamassassin-3.4.1/spamd/spamd.raw -@@ -409,7 +409,6 @@ GetOptions( - 'sql-config!' => \$opt{'sql-config'}, - 'ssl' => \$opt{'ssl'}, - 'ssl-port=s' => \$opt{'ssl-port'}, -- 'ssl-version=s' => \$opt{'ssl-version'}, - 'syslog-socket=s' => \$opt{'syslog-socket'}, - 'syslog|s=s' => \$opt{'syslog'}, - 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'}, -@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) { - - # Do whitelist later in tmp dir. Side effect: this will be done as -u user. - --my $sslversion = $opt{'ssl-version'} || 'sslv3'; --if ($sslversion !~ /^(?:sslv3|tlsv1)$/) { -- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n"; --} -- - $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem"; - $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem"; - -@@ -898,9 +892,8 @@ sub compose_listen_info_string { - $socket_info->{ip_addr}, $socket_info->{port})); - - } elsif ($socket->isa('IO::Socket::SSL')) { -- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s", -- $socket_info->{ip_addr}, $socket_info->{port}, -- $opt{'ssl-version'}||'sslv3')); -+ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr}, -+ $socket_info->{port})); - } - } - -@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet { - $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP' - && IO::Socket::IP->VERSION >= 0.09; - %sockopt = (%sockopt, ( -- SSL_version => $sslversion, - SSL_verify_mode => 0x00, - SSL_key_file => $opt{'server-key'}, - SSL_cert_file => $opt{'server-cert'}, -@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet { - if (!$server_inet) { - $diag = sprintf("could not create %s socket on [%s]:%s: %s", - $ssl ? 'IO::Socket::SSL' : $io_socket_module_name, -- $adr, $port, $!); -+ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ? -+ "$!,$IO::Socket::SSL::SSL_ERROR" : $!); - push(@diag_fail, $diag); - } else { - $diag = sprintf("created %s socket on [%s]:%s", -@@ -3232,7 +3225,6 @@ Options: - -H [dir], --helper-home-dir[=dir] Specify a different HOME directory - --ssl Enable SSL on TCP connections - --ssl-port port Override --port setting for SSL connections -- --ssl-version sslversion Specify SSL protocol version to use - --server-key keyfile Specify an SSL keyfile - --server-cert certfile Specify an SSL certificate - --socketpath=path Listen on a given UNIX domain socket -@@ -3720,14 +3712,6 @@ Optionally specifies the port number for - SSL connections (default: whatever --port uses). See B<--ssl> for - more details. - --=item B<--ssl-version>=I -- --Specify the SSL protocol version to use, one of B or B. --The default, B, is the most flexible, accepting a SSLv3 or --higher hello handshake, then negotiating use of SSLv3 or TLSv1 --protocol if the client can accept it. Specifying B<--ssl-version> --implies B<--ssl>. -- - =item B<--server-key> I - - Specify the SSL key file to use for SSL connections. -Index: spamassassin-3.4.1/spamc/spamc.pod -=================================================================== ---- spamassassin-3.4.1.orig/spamc/spamc.pod -+++ spamassassin-3.4.1/spamc/spamc.pod -@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a - Sleep for I seconds between failed spamd filtering attempts. - The default is 1 second. - --=item B<-S>, B<--ssl>, B<--ssl>=I -+=item B<-S>, B<--ssl>, B<--ssl> - - If spamc was built with support for SSL, encrypt data to and from the - spamd process with SSL; spamd must support SSL as well. --I specifies the SSL protocol version to use, either --C, or C. The default, is C. - - =item B<-t> I, B<--timeout>=I - -Index: spamassassin-3.4.1/t/spamd_ssl_tls.t -=================================================================== ---- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t -+++ /dev/null -@@ -1,28 +0,0 @@ --#!/usr/bin/perl -- --use lib '.'; use lib 't'; --use SATest; sa_t_init("spamd_ssl_tls"); --use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); -- --exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); -- --# --------------------------------------------------------------------------- -- --%patterns = ( -- --q{ Return-Path: sb55sb55@yahoo.com}, 'firstline', --q{ Subject: There yours for FREE!}, 'subj', --q{ X-Spam-Status: Yes, score=}, 'status', --q{ X-Spam-Flag: YES}, 'flag', --q{ X-Spam-Level: **********}, 'stars', --q{ TEST_ENDSNUMS}, 'endsinnums', --q{ TEST_NOREALNAME}, 'noreal', --q{ This must be the very last line}, 'lastline', -- -- --); -- --ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert", -- "--ssl=tlsv1 < data/spam/001", -- \&patterns_run_cb)); --ok_all_patterns(); -Index: spamassassin-3.4.1/t/spamd_ssl_v3.t -=================================================================== ---- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t -+++ /dev/null -@@ -1,28 +0,0 @@ --#!/usr/bin/perl -- --use lib '.'; use lib 't'; --use SATest; sa_t_init("spamd_sslv3"); --use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); -- --exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); -- --# --------------------------------------------------------------------------- -- --%patterns = ( -- --q{ Return-Path: sb55sb55@yahoo.com}, 'firstline', --q{ Subject: There yours for FREE!}, 'subj', --q{ X-Spam-Status: Yes, score=}, 'status', --q{ X-Spam-Flag: YES}, 'flag', --q{ X-Spam-Level: **********}, 'stars', --q{ TEST_ENDSNUMS}, 'endsinnums', --q{ TEST_NOREALNAME}, 'noreal', --q{ This must be the very last line}, 'lastline', -- -- --); -- --ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert", -- "--ssl=sslv3 < data/spam/001", -- \&patterns_run_cb)); --ok_all_patterns(); -Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t -=================================================================== ---- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t -+++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t -@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la - - ); - --ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert")); -+ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert")); - ok (spamcrun ("< data/spam/001", \&patterns_run_cb)); --ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb)); -+ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb)); - ok (stop_spamd ()); - - ok_all_patterns(); -Index: spamassassin-3.4.1/t/spamd_ssl.t -=================================================================== ---- spamassassin-3.4.1.orig/t/spamd_ssl.t -+++ spamassassin-3.4.1/t/spamd_ssl.t -@@ -2,10 +2,7 @@ - - use lib '.'; use lib 't'; - use SATest; sa_t_init("spamd_ssl"); --use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9), -- onfail => sub { -- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" . -- "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" }; -+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); - - exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); - -Index: spamassassin-3.4.1/MANIFEST -=================================================================== ---- spamassassin-3.4.1.orig/MANIFEST -+++ spamassassin-3.4.1/MANIFEST -@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t - t/spamd_sql_prefs.t - t/spamd_ssl.t - t/spamd_ssl_accept_fail.t --t/spamd_ssl_tls.t --t/spamd_ssl_v3.t - t/spamd_stop.t - t/spamd_symbols.t - t/spamd_syslog.t diff --git a/dkim_subdomains b/dkim_subdomains deleted file mode 100644 index cb2cbdc..0000000 --- a/dkim_subdomains +++ /dev/null @@ -1,64 +0,0 @@ -Description: Support signer subdomain matching in whitelist_from_dkim -Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1693414 -Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7226 -Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm -=================================================================== ---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DKIM.pm -+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm -@@ -178,13 +178,18 @@ sub set_config { - - Works similarly to whitelist_from, except that in addition to matching - an author address (From) to the pattern in the first parameter, the message --must also carry a Domain Keys Identified Mail (DKIM) signature made by a --signing domain (SDID, i.e. the d= tag) that is acceptable to us. -+must also carry a valid Domain Keys Identified Mail (DKIM) signature made by -+a signing domain (SDID, i.e. the d= tag) that is acceptable to us. - - Only one whitelist entry is allowed per line, as in C. - Multiple C lines are allowed. File-glob style characters - are allowed for the From address (the first parameter), just like with --C. The second parameter does not accept wildcards. -+C. -+ -+The second parameter (the signing-domain) does not accept full file-glob style -+wildcards, although a simple '*.' (or just a '.') prefix to a domain name -+is recognized and implies any subdomain of the specified domain (but not -+the domain itself). - - If no signing-domain parameter is specified, the only acceptable signature - will be an Author Domain Signature (sometimes called first-party signature) -@@ -205,7 +210,8 @@ Examples of whitelisting based on third- - whitelist_from_dkim jane@example.net example.org - whitelist_from_dkim rick@info.example.net example.net - whitelist_from_dkim *@info.example.net example.net -- whitelist_from_dkim *@* remailer.example.com -+ whitelist_from_dkim *@* mail7.remailer.example.com -+ whitelist_from_dkim *@* *.remailer.example.com - - =item def_whitelist_from_dkim author@example.com [signing-domain] - -@@ -376,7 +382,8 @@ some valid signature on a message has no - associated with a particular domain), regardless of its key size - anyone can - prepend its own signature on a copy of some third party mail and re-send it, - which makes it no more trustworthy than without such signature. This is also --a reason for a rule DKIM_VALID to have a near-zero score. -+a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit -+is only informational. - - =cut - -@@ -1257,8 +1264,12 @@ sub _wlcheck_list { - # identity (AUID). Nevertheless, be prepared to accept the full e-mail - # address there for compatibility, and just ignore its local-part. - -- $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/; -- $matches = 1 if $sdid eq lc $acceptable_sdid; -+ $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/s; -+ if ($acceptable_sdid =~ s/^\*?\.//s) { -+ $matches = 1 if $sdid =~ /\.\Q$acceptable_sdid\E\z/si; -+ } else { -+ $matches = 1 if $sdid eq lc $acceptable_sdid; -+ } - } - if ($matches) { - if (would_log("dbg","dkim")) { diff --git a/fix-uninitialized-concat b/fix-uninitialized-concat deleted file mode 100644 index 1c62c99..0000000 --- a/fix-uninitialized-concat +++ /dev/null @@ -1,25 +0,0 @@ -Description: Import upstream fix for uninitialized value warning in Mail::SpamAssassin::PerMsgStatus::get_names_of_tests_hit_with_scores() -Origin: https://svn.apache.org/viewvc?view=revision&revision=1685843 -Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7212 -Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm -=================================================================== ---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm -+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm -@@ -738,7 +738,7 @@ test names and individual scores of the - sub get_names_of_tests_hit_with_scores_hash { - my ($self) = @_; - -- my ($line, %testsscores); -+ my (%testsscores); - - #BASED ON CODE FOR TESTSSCORES TAG - KAM 2014-04-24 - foreach my $test (@{$self->{test_names_hit}}) { -@@ -763,6 +763,8 @@ sub get_names_of_tests_hit_with_scores { - - my ($line, %testsscores); - -+ $line = ''; -+ - #BASED ON CODE FOR TESTSSCORES TAG - KAM 2014-04-24 - foreach my $test (sort @{$self->{test_names_hit}}) { - my $score = $self->{conf}->{scores}->{$test}; diff --git a/spamassassin-3.4.1-netdns.patch b/spamassassin-3.4.1-netdns.patch deleted file mode 100644 index 0337f2f..0000000 --- a/spamassassin-3.4.1-netdns.patch +++ /dev/null @@ -1,396 +0,0 @@ -commit e064e2844aede6026433fa9635d4181b3de396aa -Author: Mark Martinec -Date: Mon Jul 20 18:23:18 2015 +0000 - - Bug 7223: Net::DNS 1.01 breaks DnsResolver - - git-svn-id: https://svn.apache.org/repos/asf/spamassassin/trunk@1691991 13f79535-47bb-0310-9956-ffa450edef68 - -diff --git a/lib/Mail/SpamAssassin/DnsResolver.pm b/lib/Mail/SpamAssassin/DnsResolver.pm -index ce51bee83..612245cac 100644 ---- a/lib/Mail/SpamAssassin/DnsResolver.pm -+++ b/lib/Mail/SpamAssassin/DnsResolver.pm -@@ -581,7 +581,7 @@ sub new_dns_packet { - # time, $domain, $type, $packet->id); - 1; - } or do { -- # this can if a domain name in a query is invalid, or if a timeout signal -+ # get here if a domain name in a query is invalid, or if a timeout signal - # happened to be trapped by this eval, or if Net::DNS signalled an error - my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat; - # resignal if alarm went off -@@ -592,6 +592,9 @@ sub new_dns_packet { - }; - - if ($packet) { -+ # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223 -+ $packet->header->rd(1); -+ - # my $udp_payload_size = $self->{res}->udppacketsize; - my $udp_payload_size = $self->{conf}->{dns_options}->{edns}; - if ($udp_payload_size && $udp_payload_size > 512) { -@@ -861,7 +864,8 @@ Emulates C. - This subroutine is a simple synchronous leftover from SpamAssassin version - 3.3 and does not participate in packet query caching and callback grouping - as implemented by AsyncLoop::bgsend_and_start_lookup(). As such it should --be avoided for mainstream usage. -+be avoided for mainstream usage. Currently used through Mail::SPF::Server -+by the SPF plugin. - - =cut - -commit 41f4c5ac8f275593a2bad1cb614b5185172ef568 -Author: Mark Martinec -Date: Tue Aug 4 23:10:16 2015 +0000 - - Bug 7231: Net::DNS 1.01 returns answers formatted differently, breaks SA - - git-svn-id: https://svn.apache.org/repos/asf/spamassassin/trunk@1694122 13f79535-47bb-0310-9956-ffa450edef68 - -diff --git a/lib/Mail/SpamAssassin/Dns.pm b/lib/Mail/SpamAssassin/Dns.pm -index 55e1640f8..1c305c939 100644 ---- a/lib/Mail/SpamAssassin/Dns.pm -+++ b/lib/Mail/SpamAssassin/Dns.pm -@@ -171,7 +171,7 @@ sub dnsbl_hit { - if (substr($rule, 0, 2) eq "__") { - # don't bother with meta rules - } elsif ($answer->type eq 'TXT') { -- # txtdata returns a non- zone-file-format encoded result, unlike rdatastr; -+ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; - # avoid space-separated RDATA fields if possible, - # txtdata provides a list of strings in a list context since Net::DNS 0.69 - $log = join('',$answer->txtdata); -@@ -215,12 +215,14 @@ sub dnsbl_uri { - - my $qname = $question->qname; - -- # txtdata returns a non- zone-file-format encoded result, unlike rdatastr; -+ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; - # avoid space-separated RDATA fields if possible, - # txtdata provides a list of strings in a list context since Net::DNS 0.69 - # -- my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) -- : $answer->rdatastr; -+ # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 -+ my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) -+ : $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring -+ : $answer->rdatastr; - if (defined $qname && defined $rdatastr) { - my $qclass = $question->qclass; - my $qtype = $question->qtype; -@@ -267,8 +269,13 @@ sub process_dnsbl_result { - my $answ_type = $answer->type; - # TODO: there are some CNAME returns that might be useful - next if ($answ_type ne 'A' && $answ_type ne 'TXT'); -- # skip any A record that isn't on 127/8 -- next if ($answ_type eq 'A' && $answer->rdatastr !~ /^127\./); -+ if ($answ_type eq 'A') { -+ # Net::DNS::RR::A::address() is available since Net::DNS 0.69 -+ my $ip_address = $answer->UNIVERSAL::can('address') ? $answer->address -+ : $answer->rdatastr; -+ # skip any A record that isn't on 127.0.0.0/8 -+ next if $ip_address !~ /^127\./; -+ } - for my $rule (@{$rules}) { - $self->dnsbl_hit($rule, $question, $answer); - } -@@ -284,12 +291,14 @@ sub process_dnsbl_result { - sub process_dnsbl_set { - my ($self, $set, $question, $answer) = @_; - -- # txtdata returns a non- zone-file-format encoded result, unlike rdatastr; -+ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; - # avoid space-separated RDATA fields if possible, - # txtdata provides a list of strings in a list context since Net::DNS 0.69 - # -- my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) -- : $answer->rdatastr; -+ # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 -+ my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) -+ : $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring -+ : $answer->rdatastr; - - while (my ($subtest, $rule) = each %{ $self->{dnspost}->{$set} }) { - next if $self->{tests_already_hit}->{$rule}; -diff --git a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -index 3511162e8..4f41ff0ff 100644 ---- a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -+++ b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -@@ -539,7 +539,7 @@ sub process_response_packet { - @answer = ( undef ); - } - -- # NOTE: $rr->rdatastr returns the result encoded in a DNS zone file -+ # NOTE: $rr->rdstring returns the result encoded in a DNS zone file - # format, i.e. enclosed in double quotes if a result contains whitespace - # (or other funny characters), and may use \DDD encoding or \X quoting as - # per RFC 1035. Using $rr->txtdata instead avoids this unnecessary encoding -@@ -566,19 +566,24 @@ sub process_response_packet { - # special case, no answer records, only rcode can be tested - } else { - $rr_type = uc $rr->type; -- if ($rr->UNIVERSAL::can('txtdata')) { # TXT, SPF -- # join with no intervening spaces, as per RFC 5518 -+ if ($rr_type eq 'A') { -+ # Net::DNS::RR::A::address() is available since Net::DNS 0.69 -+ $rr_rdatastr = $rr->UNIVERSAL::can('address') ? $rr->address -+ : $rr->rdatastr; -+ if ($rr_rdatastr =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/) { -+ $rdatanum = Mail::SpamAssassin::Util::my_inet_aton($rr_rdatastr); -+ } -+ } elsif ($rr->UNIVERSAL::can('txtdata')) { -+ # TXT, SPF: join with no intervening spaces, as per RFC 5518 - if ($txtdata_can_provide_a_list || $rr_type ne 'TXT') { - $rr_rdatastr = join('', $rr->txtdata); # txtdata() in list context! - } else { # char_str_list() is only available for TXT records - $rr_rdatastr = join('', $rr->char_str_list); # historical - } - } else { -- $rr_rdatastr = $rr->rdatastr; -- if ($rr_type eq 'A' && -- $rr_rdatastr =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/) { -- $rdatanum = Mail::SpamAssassin::Util::my_inet_aton($rr_rdatastr); -- } -+ # rdatastr() is historical, use rdstring() since Net::DNS 0.69 -+ $rr_rdatastr = $rr->UNIVERSAL::can('rdstring') ? $rr->rdstring -+ : $rr->rdatastr; - } - # dbg("askdns: received rr type %s, data: %s", $rr_type, $rr_rdatastr); - } -diff --git a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm -index 9602eba4e..674f42bd4 100644 ---- a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm -+++ b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm -@@ -942,9 +942,8 @@ sub complete_ns_lookup { - next unless (defined($str) && defined($dom)); - dbg("uridnsbl: got($j) NS for $dom: $str"); - -- if ($str =~ /IN\s+NS\s+(\S+)/) { -- my $nsmatch = lc $1; -- $nsmatch =~ s/\.$//; -+ if ($rr->type eq 'NS') { -+ my $nsmatch = lc $rr->nsdname; # available since at least Net::DNS 0.14 - my $nsrhblstr = $nsmatch; - my $fullnsrhblstr = $nsmatch; - -@@ -1025,9 +1024,11 @@ sub complete_a_lookup { - } - dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str); - -- local $1; -- if ($str =~ /IN\s+A\s+(\S+)/) { -- $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1); -+ if ($rr->type eq 'A') { -+ # Net::DNS::RR::A::address() is available since Net::DNS 0.69 -+ my $ip_address = $rr->UNIVERSAL::can('address') ? $rr->address -+ : $rr->rdatastr; -+ $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address); - } - } - } -@@ -1038,7 +1039,8 @@ sub lookup_dnsbl_for_ip { - my ($self, $pms, $obj, $ip) = @_; - - local($1,$2,$3,$4); -- $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/; -+ $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/ -+ or warn "lookup_dnsbl_for_ip: not an IPv4 address: $ip\n"; - my $revip = "$4.$3.$2.$1"; - - my $conf = $pms->{conf}; -@@ -1100,12 +1102,14 @@ sub complete_dnsbl_lookup { - my $rr_type = $rr->type; - - if ($rr_type eq 'A') { -- $rdatastr = $rr->rdatastr; -+ # Net::DNS::RR::A::address() is available since Net::DNS 0.69 -+ $rdatastr = $rr->UNIVERSAL::can('address') ? $rr->address -+ : $rr->rdatastr; - if ($rdatastr =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) { - $rdatanum = Mail::SpamAssassin::Util::my_inet_aton($rdatastr); - } - } elsif ($rr_type eq 'TXT') { -- # txtdata returns a non- zone-file-format encoded result, unlike rdatastr; -+ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; - # avoid space-separated RDATA fields if possible; - # txtdata provides a list of strings in list context since Net::DNS 0.69 - $rdatastr = join('',$rr->txtdata); -commit 0d95b5b9280c3f8febffd418227a10f03747939a -Author: Mark Martinec -Date: Mon Aug 10 23:43:53 2015 +0000 - - Bug 7236: Net::DNS assumes strings in TXT resource records are in UTF-8 and gratuitously tries to decodes it - - git-svn-id: https://svn.apache.org/repos/asf/spamassassin/trunk@1695182 13f79535-47bb-0310-9956-ffa450edef68 - -diff --git a/lib/Mail/SpamAssassin/Plugin/ASN.pm b/lib/Mail/SpamAssassin/Plugin/ASN.pm -index 3b406b00f..a5143fd12 100644 ---- a/lib/Mail/SpamAssassin/Plugin/ASN.pm -+++ b/lib/Mail/SpamAssassin/Plugin/ASN.pm -@@ -355,8 +355,10 @@ sub process_dns_result { - foreach my $rr (@answer) { - dbg("asn: %s: lookup result packet: %s", $zone, $rr->string); - next if $rr->type ne 'TXT'; -- my @strings = $rr->char_str_list; -+ my @strings = Net::DNS->VERSION >= 0.69 ? $rr->txtdata -+ : $rr->char_str_list; - next if !@strings; -+ for (@strings) { utf8::encode($_) if utf8::is_utf8($_) } - - my @items; - if (@strings > 1 && join('',@strings) !~ m{\|}) { -diff --git a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -index 4cb37e1e1..b9b880ec3 100644 ---- a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -+++ b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -@@ -574,6 +574,7 @@ sub process_response_packet { - if ($rr_rdatastr =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/) { - $rdatanum = Mail::SpamAssassin::Util::my_inet_aton($rr_rdatastr); - } -+ - } elsif ($rr->UNIVERSAL::can('txtdata')) { - # TXT, SPF: join with no intervening spaces, as per RFC 5518 - if ($txtdata_can_provide_a_list || $rr_type ne 'TXT') { -@@ -581,10 +582,22 @@ sub process_response_packet { - } else { # char_str_list() is only available for TXT records - $rr_rdatastr = join('', $rr->char_str_list); # historical - } -+ # Net::DNS attempts to decode text strings in a TXT record as UTF-8, -+ # which is bad: octets failing the UTF-8 decoding are converted to -+ # three octets \x{EF}\x{BF}\x{BD} (i.e. to a Unicode "replacement -+ # character" U+FFFD encoded as UTF-8), and ASCII text is unnecessarily -+ # flagged as perl native characters (utf8 flag on), which can be -+ # disruptive on later processing, e.g. implicitly upgrading strings -+ # on concatenation. Unfortunately there is no way of legally bypassing -+ # the UTF-8 decoding by Net::DNS::RR::TXT in Net::DNS::RR::Text. -+ # Try to minimize damage by encoding back to UTF-8 octets: -+ utf8::encode($rr_rdatastr) if utf8::is_utf8($rr_rdatastr); -+ - } else { - # rdatastr() is historical, use rdstring() since Net::DNS 0.69 - $rr_rdatastr = $rr->UNIVERSAL::can('rdstring') ? $rr->rdstring - : $rr->rdatastr; -+ utf8::encode($rr_rdatastr) if utf8::is_utf8($rr_rdatastr); - } - # dbg("askdns: received rr type %s, data: %s", $rr_type, $rr_rdatastr); - } -diff --git a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm -index a35037dbe..978a2af7d 100644 ---- a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm -+++ b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm -@@ -1108,6 +1108,7 @@ sub complete_dnsbl_lookup { - # avoid space-separated RDATA fields if possible; - # txtdata provides a list of strings in list context since Net::DNS 0.69 - $rdatastr = join('',$rr->txtdata); -+ utf8::encode($rdatastr) if utf8::is_utf8($rdatastr); - } else { - next; - } -commit 7e9872e5b45a7793b9aabeb513e45acde9dce652 -Author: Mark Martinec -Date: Tue Aug 11 16:22:27 2015 +0000 - - Bug 7236: Net::DNS assumes strings in TXT resource records are in UTF-8 and gratuitously tries to decodes it (also in Dns.pm) - - git-svn-id: https://svn.apache.org/repos/asf/spamassassin/trunk@1695336 13f79535-47bb-0310-9956-ffa450edef68 - -diff --git a/lib/Mail/SpamAssassin/Dns.pm b/lib/Mail/SpamAssassin/Dns.pm -index 0926a030e..014ab2bf6 100644 ---- a/lib/Mail/SpamAssassin/Dns.pm -+++ b/lib/Mail/SpamAssassin/Dns.pm -@@ -177,6 +177,7 @@ sub dnsbl_hit { - # avoid space-separated RDATA fields if possible, - # txtdata provides a list of strings in a list context since Net::DNS 0.69 - $log = join('',$answer->txtdata); -+ utf8::encode($log) if utf8::is_utf8($log); - local $1; - $log =~ s{ (?}xgi; - } else { # assuming $answer->type eq 'A' -@@ -215,16 +216,27 @@ sub dnsbl_hit { - sub dnsbl_uri { - my ($self, $question, $answer) = @_; - -- my $qname = $question->qname; -+ my $rdatastr; -+ if ($answer->UNIVERSAL::can('txtdata')) { -+ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; -+ # avoid space-separated RDATA fields if possible, -+ # txtdata provides a list of strings in a list context since Net::DNS 0.69 -+ $rdatastr = join('',$answer->txtdata); -+ } else { -+ # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 -+ $rdatastr = $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring -+ : $answer->rdatastr; -+ # encoded in a RFC 1035 zone file format (escaped), decode it -+ $rdatastr =~ s{ \\ ( [0-9]{3} | (?![0-9]{3}) . ) } -+ { length($1)==3 && $1 <= 255 ? chr($1) : $1 }xgse; -+ } -+ # Bug 7236: Net::DNS attempts to decode text strings in a TXT record as -+ # UTF-8 since version 0.69, which is undesired: octets failing the UTF-8 -+ # decoding are converted to a Unicode "replacement character" U+FFFD, and -+ # ASCII text is unnecessarily flagged as perl native characters. -+ utf8::encode($rdatastr) if utf8::is_utf8($rdatastr); - -- # txtdata returns a non- zone-file-format encoded result, unlike rdstring; -- # avoid space-separated RDATA fields if possible, -- # txtdata provides a list of strings in a list context since Net::DNS 0.69 -- # -- # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 -- my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) -- : $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring -- : $answer->rdatastr; -+ my $qname = $question->qname; - if (defined $qname && defined $rdatastr) { - my $qclass = $question->qclass; - my $qtype = $question->qtype; -@@ -293,14 +305,25 @@ sub process_dnsbl_result { - sub process_dnsbl_set { - my ($self, $set, $question, $answer) = @_; - -- # txtdata returns a non- zone-file-format encoded result, unlike rdstring; -- # avoid space-separated RDATA fields if possible, -- # txtdata provides a list of strings in a list context since Net::DNS 0.69 -- # -- # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 -- my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) -- : $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring -- : $answer->rdatastr; -+ my $rdatastr; -+ if ($answer->UNIVERSAL::can('txtdata')) { -+ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; -+ # avoid space-separated RDATA fields if possible, -+ # txtdata provides a list of strings in a list context since Net::DNS 0.69 -+ $rdatastr = join('',$answer->txtdata); -+ } else { -+ # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 -+ $rdatastr = $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring -+ : $answer->rdatastr; -+ # encoded in a RFC 1035 zone file format (escaped), decode it -+ $rdatastr =~ s{ \\ ( [0-9]{3} | (?![0-9]{3}) . ) } -+ { length($1)==3 && $1 <= 255 ? chr($1) : $1 }xgse; -+ } -+ # Bug 7236: Net::DNS attempts to decode text strings in a TXT record as -+ # UTF-8 since version 0.69, which is undesired: octets failing the UTF-8 -+ # decoding are converted to a Unicode "replacement character" U+FFFD, and -+ # ASCII text is unnecessarily flagged as perl native characters. -+ utf8::encode($rdatastr) if utf8::is_utf8($rdatastr); - - while (my ($subtest, $rule) = each %{ $self->{dnspost}->{$set} }) { - next if $self->{tests_already_hit}->{$rule}; -diff --git a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -index d26117bbb..ac533a779 100644 ---- a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -+++ b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm -@@ -584,9 +584,9 @@ sub process_response_packet { - $rr_rdatastr = join('', $rr->char_str_list); # historical - } - # Net::DNS attempts to decode text strings in a TXT record as UTF-8, -- # which is bad: octets failing the UTF-8 decoding are converted to -- # three octets \x{EF}\x{BF}\x{BD} (i.e. to a Unicode "replacement -- # character" U+FFFD encoded as UTF-8), and ASCII text is unnecessarily -+ # which is undesired: octets failing the UTF-8 decoding are converted -+ # to a Unicode "replacement character" U+FFFD (encoded as octets -+ # \x{EF}\x{BF}\x{BD} in UTF-8), and ASCII text is unnecessarily - # flagged as perl native characters (utf8 flag on), which can be - # disruptive on later processing, e.g. implicitly upgrading strings - # on concatenation. Unfortunately there is no way of legally bypassing diff --git a/spamassassin-perl-fix.patch b/spamassassin-perl-fix.patch deleted file mode 100644 index 10c66f1..0000000 --- a/spamassassin-perl-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ruNp Mail-SpamAssassin-3.4.1.orig/spamc/configure.pl Mail-SpamAssassin-3.4.1/spamc/configure.pl ---- Mail-SpamAssassin-3.4.1.orig/spamc/configure.pl 2015-04-28 21:56:59.000000000 +0200 -+++ Mail-SpamAssassin-3.4.1/spamc/configure.pl 2017-07-21 23:34:50.122992872 +0200 -@@ -66,7 +66,7 @@ print join(' ', $Config{'perlpath'}, "ve - # Do the same thing as for the preprocessor below. - package version_h; - my $Z = $0; -- local $0 = "version.h.pl"; -+ local $0 = "./version.h.pl"; - local @ARGV = (); - # Got to check for defined because the script returns shell error level! - unless (defined do $0) { diff --git a/spamassassin.spec b/spamassassin.spec index b719df3..2ad9410 100644 --- a/spamassassin.spec +++ b/spamassassin.spec @@ -12,12 +12,12 @@ Summary: A spam filter for email which can be invoked from mail delivery agents Summary(pl.UTF-8): Filtr antyspamowy, przeznaczony dla programów dostarczających pocztę (MDA) Name: spamassassin -Version: 3.4.1 -Release: 8 +Version: 3.4.2 +Release: 1 License: Apache v2.0 Group: Applications/Mail Source0: http://ftp.ps.pl/pub/apache//spamassassin/source/%{pdir}-%{pnam}-%{version}.tar.bz2 -# Source0-md5: 0db5d27d7b782ff5eadee12b95eae84c +# Source0-md5: 4f4c38a7cd4ae3e3750895ae21d2fc78 Source1: %{name}.sysconfig Source2: %{name}-spamd.init Source3: %{name}-default.rc @@ -26,16 +26,7 @@ Source5: sa-update.sh Source6: sa-update.cron Source7: spamassassin-official.conf Source8: sought.conf -Source9: cronjob-sa-update.service -Source10: cronjob-sa-update.timer -Patch0: spamassassin-3.4.1-netdns.patch -Patch1: %{name}-perl-fix.patch -Patch2: bug_771408_perl_version -Patch3: bug_828552-openssl-1.1.0 -Patch4: bug-869408-unescaped-brace-in-regex.patch -Patch5: disable_sslv3 -Patch6: dkim_subdomains -Patch7: fix-uninitialized-concat +Patch0: bug_771408_perl_version URL: http://spamassassin.apache.org/ BuildRequires: openssl-devel >= 0.9.7d BuildRequires: perl(ExtUtils::MakeMaker) >= 6.16 @@ -271,13 +262,6 @@ aplikacji do czytania poczty. %prep %setup -q -n %{pdir}-%{pnam}-%{version} %patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 # disable broken test %{__mv} t/sa_compile.t{,.disabled} @@ -285,6 +269,10 @@ aplikacji do czytania poczty. # this test needs network, does not work on builders %{__mv} t/dnsbl_subtests.t{,.disabled} +# temporary disable problematic tests +%{__mv} t/trust_path.t{,.disabled} +%{__mv} t/urilocalbl_geoip.t{,.disabled} + %build # for spamc/configure export CFLAGS="%{rpmcflags}" @@ -301,9 +289,6 @@ export CFLAGS="%{rpmcflags}" CC="%{__cc}" \ OPTIMIZE="%{rpmcflags}" -%{__sed} -e "s,@@LOCAL_STATE_DIR@@,$(pwd)," sa-compile.raw > sa-compile.pl -%{__perl} -T sa-compile.pl --siteconfigpath=rules - %{?with_tests:%{__make} -j1 TEST_VERBOSE=1 test} %install diff --git a/spamassassin.sysconfig b/spamassassin.sysconfig index f8e4aca..83a1792 100644 --- a/spamassassin.sysconfig +++ b/spamassassin.sysconfig @@ -1,4 +1,4 @@ # Customized settings for spamassassin (spamd) # Cmdline options -SPAMD_OPTS="-d -c --pidfile=/var/run/spamassassin.pid" +SPAMD_OPTS="-d -c" -- 2.46.0