On Mon, Sep 17, 2018 at 07:50:03PM +0200, Pierre-Emmanuel André wrote:
> On Mon, Sep 17, 2018 at 09:14:43AM +0200, Giovanni Bechis wrote:
> > Hi,
> > update to latest version, this a major update, there are many new features
> > and a lot of bug fixed.
> > Some CVE has been fixed and a old SA versions will not be compatible with
> > new rules sooner or later.
> > I used several iterations of this diff in production, ok to put it in
> > before 6.4 ?
> >
> > More info here:
> > http://svn.apache.org/repos/asf/spamassassin/trunk/build/announcements/3.4.2.txt
> >
> > Thanks & Cheers
> > Giovanni
>
>
> Works fine on my small setup.
> ok pea@
>
> Any plans to backport CVE to -stable ?
>
some of them has been backported before a CVE has been assigned, anyway I feel
more confident in updating to 3.4.2 in -stable as well.
Diff follows.
Giovanni
Index: Makefile
===================================================================
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/Makefile,v
retrieving revision 1.108
diff -u -p -r1.108 Makefile
--- Makefile 13 Mar 2018 07:51:59 -0000 1.108
+++ Makefile 18 Sep 2018 07:08:03 -0000
@@ -2,11 +2,10 @@
COMMENT= mailfilter to identify and mark spam
-VER= 3.4.1
+VER= 3.4.2
DISTNAME= Mail-SpamAssassin-${VER}
PKGNAME= p5-${DISTNAME}
-REVISION= 14
-RULESNAME= Mail-SpamAssassin-rules-${VER}.r1675274.tgz
+RULESNAME= Mail-SpamAssassin-rules-${VER}.r1840640.tgz
CATEGORIES= mail perl5
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${RULESNAME}
@@ -33,8 +32,9 @@ COMMON_DEPENDS= www/p5-HTML-Parser>=3.3
BUILD_DEPENDS= ${COMMON_DEPENDS}
RUN_DEPENDS= ${COMMON_DEPENDS} \
devel/re2c \
+ devel/p5-BSD-Resource \
p5-Mail-SPF-*|p5-Mail-SPF-Query-*:mail/p5-Mail-SPF \
- net/p5-Geo-IP \
+
p5-Geo-IP-*|p5-IP-Country-DB_File-*|p5-IP-Country-*:net/p5-Geo-IP \
net/p5-Net-LibIDN \
net/p5-Net-Patricia \
security/gnupg \
Index: distinfo
===================================================================
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/distinfo,v
retrieving revision 1.38
diff -u -p -r1.38 distinfo
--- distinfo 30 Apr 2015 14:41:53 -0000 1.38
+++ distinfo 18 Sep 2018 07:08:03 -0000
@@ -1,4 +1,4 @@
-SHA256 (Mail-SpamAssassin-3.4.1.tar.bz2) =
oMHJgI8GhLOJWU64ssy6zmSGVGWTST+TCMlVRWPRRlE=
-SHA256 (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) =
OC9+4WCpahWq5Vn1PfksNvLhdkexnFlU7+3oYUn40Ss=
-SIZE (Mail-SpamAssassin-3.4.1.tar.bz2) = 2710985
-SIZE (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = 270622
+SHA256 (Mail-SpamAssassin-3.4.2.tar.bz2) =
zwMEWkmRdSFF7tAH51c38+TH80zyJdtBHOP9NZKA6No=
+SHA256 (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) =
jUgaIIHx5ioleSOPZrWNIST3ounzz6PUqisD/nsBmbs=
+SIZE (Mail-SpamAssassin-3.4.2.tar.bz2) = 2700016
+SIZE (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = 284758
Index: patches/patch-Makefile_PL
===================================================================
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/patches/patch-Makefile_PL,v
retrieving revision 1.13
diff -u -p -r1.13 patch-Makefile_PL
--- patches/patch-Makefile_PL 30 Apr 2015 14:41:53 -0000 1.13
+++ patches/patch-Makefile_PL 18 Sep 2018 07:08:03 -0000
@@ -1,7 +1,8 @@
$OpenBSD: patch-Makefile_PL,v 1.13 2015/04/30 14:41:53 sthen Exp $
---- Makefile.PL.orig Tue Apr 28 20:57:01 2015
-+++ Makefile.PL Thu Apr 30 14:25:54 2015
-@@ -832,7 +832,7 @@ sub MY::install {
+Index: Makefile.PL
+--- Makefile.PL.orig
++++ Makefile.PL
+@@ -856,7 +856,7 @@ sub MY::install {
foreach (@code) {
# Add our install targets as a dependency to all top-level install targets
Index: patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
diff -N patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
--- patches/patch-lib_Mail_SpamAssassin_BayesStore_pm 31 Oct 2017 07:41:51
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,15 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_BayesStore_pm,v 1.1 2017/10/31 07:41:51
giovanni Exp $
-
-# bug 7340: remove expire flag after token expiration is done
-
-Index: lib/Mail/SpamAssassin/BayesStore.pm
---- lib/Mail/SpamAssassin/BayesStore.pm.orig
-+++ lib/Mail/SpamAssassin/BayesStore.pm
-@@ -419,6 +419,7 @@ sub expire_old_tokens_trapped {
- dbg("bayes: $msg: $msg2");
- }
-
-+ $self->remove_running_expire_tok();
- return 1;
- }
-
Index: patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
--- patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm 13 Mar 2018 07:51:59
-0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,218 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Conf_Parser_pm,v 1.2 2018/03/13 07:51:59
giovanni Exp $
-
-Index: lib/Mail/SpamAssassin/Conf/Parser.pm
---- lib/Mail/SpamAssassin/Conf/Parser.pm.orig
-+++ lib/Mail/SpamAssassin/Conf/Parser.pm
-@@ -142,15 +142,11 @@ use Mail::SpamAssassin::NetSet;
-
- use strict;
- use warnings;
--use bytes;
-+# use bytes;
- use re 'taint';
-
--use vars qw{
-- @ISA
--};
-+our @ISA = qw();
-
--@ISA = qw();
--
- ###########################################################################
-
- sub new {
-@@ -263,6 +259,7 @@ sub parse {
- while (defined ($line = shift @conf_lines)) {
- local ($1); # bug 3838: prevent random taint flagging of $1
-
-+ if (index($line,'#') > -1) {
- # bug 5545: used to support testing rules in the ruleqa system
- if ($keepmetadata && $line =~ /^\#testrules/) {
- $self->{file_scoped_attrs}->{testrules}++;
-@@ -278,8 +275,12 @@ sub parse {
-
- $line =~ s/(?<!\\)#.*$//; # remove comments
- $line =~ s/\\#/#/g; # hash chars are escaped, so unescape them
-+ }
-+
-+ if ($line =~ tr{ \t\r\n\f}{}) {
- $line =~ s/^\s+//; # remove leading whitespace
- $line =~ s/\s+$//; # remove tailing whitespace
-+ }
- next unless($line); # skip empty lines
-
- # handle i18n
-@@ -288,7 +289,7 @@ sub parse {
- my($key, $value) = split(/\s+/, $line, 2);
- $key = lc $key;
- # convert all dashes in setting name to underscores.
-- $key =~ s/-/_/g;
-+ $key =~ tr/-/_/;
- $value = '' unless defined($value);
-
- # # Do a better job untainting this info ...
-@@ -338,26 +339,26 @@ sub parse {
- }
-
- # now handle the commands.
-- if ($key eq 'include') {
-+ elsif ($key eq 'include') {
- $value = $self->fix_path_relative_to_current_file($value);
- my $text = $conf->{main}->read_cf($value, 'included file');
- unshift (@conf_lines, split (/\n/, $text));
- next;
- }
-
-- if ($key eq 'ifplugin') {
-+ elsif ($key eq 'ifplugin') {
- $self->handle_conditional ($key, "plugin ($value)",
- \@if_stack, \$skip_parsing);
- next;
- }
-
-- if ($key eq 'if') {
-+ elsif ($key eq 'if') {
- $self->handle_conditional ($key, $value,
- \@if_stack, \$skip_parsing);
- next;
- }
-
-- if ($key eq 'else') {
-+ elsif ($key eq 'else') {
- # TODO: if/else/else won't get flagged here :(
- if (!@if_stack) {
- $parse_error = "config: found else without matching conditional";
-@@ -369,7 +370,7 @@ sub parse {
- }
-
- # and the endif statement:
-- if ($key eq 'endif') {
-+ elsif ($key eq 'endif') {
- my $lastcond = pop @if_stack;
- if (!defined $lastcond) {
- $parse_error = "config: found endif without matching conditional";
-@@ -508,7 +509,7 @@ sub handle_conditional {
- my $conf = $self->{conf};
-
- my $lexer = ARITH_EXPRESSION_LEXER;
-- my @tokens = ($value =~ m/($lexer)/g);
-+ my @tokens = ($value =~ m/($lexer)/og);
-
- my $eval = '';
- my $bad = 0;
-@@ -573,6 +574,10 @@ sub cond_clause_plugin_loaded {
-
- sub cond_clause_can {
- my ($self, $method) = @_;
-+ if ($self->{currentfile} =~ q!/user_prefs$! ) {
-+ warn "config: 'if can $method' not available in user_prefs";
-+ return 0
-+ }
- $self->cond_clause_can_or_has('can', $method);
- }
-
-@@ -591,7 +596,7 @@ sub cond_clause_can_or_has {
- } elsif ($method =~ /^(.*)::([^:]+)$/) {
- no strict "refs";
- my($module, $meth) = ($1, $2);
-- return 1 if UNIVERSAL::can($module,$meth) &&
-+ return 1 if $module->can($meth) &&
- ( $fn_name eq 'has' || &{$method}() );
- } else {
- $self->lint_warn("bad 'if' line, cannot find '::' in $fn_name($method), ".
-@@ -984,14 +989,14 @@ sub _meta_deps_recurse {
-
- # Lex the rule into tokens using a rather simple RE method ...
- my $lexer = ARITH_EXPRESSION_LEXER;
-- my @tokens = ($rule =~ m/$lexer/g);
-+ my @tokens = ($rule =~ m/$lexer/og);
-
- # Go through each token in the meta rule
- my $conf_tests = $conf->{tests};
- foreach my $token (@tokens) {
- # has to be an alpha+numeric token
-- # next if $token =~ /^(?:\W+|[+-]?\d+(?:\.\d+)?)$/;
-- next if $token !~ /^[A-Za-z_][A-Za-z0-9_]*\z/s; # faster
-+ next if $token =~ tr{A-Za-z0-9_}{}c || substr($token,0,1) =~
tr{A-Za-z_}{}c; # even faster
-+
- # and has to be a rule name
- next unless exists $conf_tests->{$token};
-
-@@ -1178,25 +1183,25 @@ sub add_test {
- my $conf = $self->{conf};
-
- # Don't allow invalid names ...
-- if ($name !~ /^\D\w*$/) {
-+ if ($name !~ /^[_[:alpha:]]\w*$/) {
- $self->lint_warn("config: error: rule '$name' has invalid characters ".
- "(not Alphanumeric + Underscore + starting with a non-digit)\n",
$name);
- return;
- }
-
-- # Also set a hard limit for ALL rules (rule names longer than 242
-+ # Also set a hard limit for ALL rules (rule names longer than 40
- # characters throw warnings). Check this separately from the above
- # pattern to avoid vague error messages.
-- if (length $name > 200) {
-- $self->lint_warn("config: error: rule '$name' is way too long ".
-+ if (length $name > 100) {
-+ $self->lint_warn("config: error: rule '$name' is too long ".
- "(recommended maximum length is 22 characters)\n", $name);
- return;
- }
-
- # Warn about, but use, long rule names during --lint
- if ($conf->{lint_rules}) {
-- if (length($name) > 50 && $name !~ /^__/ && $name !~ /^T_/) {
-- $self->lint_warn("config: warning: rule name '$name' is over 50 chars ".
-+ if (length($name) > 40 && $name !~ /^__/ && $name !~ /^T_/) {
-+ $self->lint_warn("config: warning: rule name '$name' is over 40 chars ".
- "(recommended maximum length is 22 characters)\n", $name);
- }
- }
-@@ -1286,12 +1291,18 @@ sub add_regression_test {
- sub is_meta_valid {
- my ($self, $name, $rule) = @_;
-
-+ # $meta is a degenerate translation of the rule, replacing all variables
(i.e. rule names) with 0.
- my $meta = '';
- $rule = untaint_var($rule); # must be careful below
-+ # Bug #7557 code injection
-+ if ( $rule =~ /\S(::|->)\S/ ) {
-+ warn("is_meta_valid: Bogus rule $name: $rule") ;
-+ return 0;
-+ }
-
- # Lex the rule into tokens using a rather simple RE method ...
- my $lexer = ARITH_EXPRESSION_LEXER;
-- my @tokens = ($rule =~ m/$lexer/g);
-+ my @tokens = ($rule =~ m/$lexer/og);
- if (length($name) == 1) {
- for (@tokens) {
- print "$name $_\n " or die "Error writing token: $!";
-@@ -1299,16 +1310,20 @@ sub is_meta_valid {
- }
- # Go through each token in the meta rule
- foreach my $token (@tokens) {
-- # Numbers can't be rule names
-- if ($token !~ /^[A-Za-z_][A-Za-z0-9_]*\z/s) {
-+ # If the token is a syntactically legal rule name, make it zero
-+ if ($token =~ /^[_[:alpha:]]\w+\z/s) {
-+ $meta .= "0 ";
-+ }
-+ # if it is a number or a string of 1 or 2 punctuation characters (i.e.
operators) tack it onto the degenerate rule
-+ elsif ( $token =~ /^(\d+|[[:punct:]]{1,2})\z/s ) {
- $meta .= "$token ";
- }
-- # Zero will probably cause more errors
-+ # WTF is it? Just warn, for now. Bug #7557
- else {
-- $meta .= "0 ";
-+ $self->lint_warn("config: Strange rule token: $token", $name);
-+ $meta .= "$token ";
- }
- }
--
- my $evalstr = 'my $x = ' . $meta . '; 1;';
- if (eval $evalstr) {
- return 1;
Index: patches/patch-lib_Mail_SpamAssassin_Conf_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Conf_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Conf_pm
--- patches/patch-lib_Mail_SpamAssassin_Conf_pm 13 Mar 2018 07:51:59 -0000
1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Conf_pm,v 1.1 2018/03/13 07:51:59
giovanni Exp $
-
-Index: lib/Mail/SpamAssassin/Conf.pm
---- lib/Mail/SpamAssassin/Conf.pm.orig
-+++ lib/Mail/SpamAssassin/Conf.pm
-@@ -2836,8 +2836,8 @@ C<header SYMBOLIC_TEST_NAME header =~ /\S/> rule as de
- =item header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
-
- Define a header eval test. C<name_of_eval_method> is the name of
--a method on the C<Mail::SpamAssassin::EvalTests> object. C<arguments>
--are optional arguments to the function call.
-+a method registered by a C<Mail::SpamAssassin::Plugin> object.
-+C<arguments> are optional arguments to the function call.
-
- =item header SYMBOLIC_TEST_NAME eval:check_rbl('set', 'zone' [, 'sub-test'])
-
-@@ -2950,7 +2950,10 @@ name.
- local ($1,$2);
- if ($value =~ /^(\S+)\s+(?:rbl)?eval:(.*)$/) {
- my ($rulename, $fn) = ($1, $2);
--
-+ dbg("config: header eval rule name is $rulename function is $fn");
-+ if ($fn !~ /^\w+(\(.*\))?$/) {
-+ return $INVALID_VALUE;
-+ }
- if ($fn =~ /^check_(?:rbl|dns)/) {
- $self->{parser}->add_test ($rulename, $fn, $TYPE_RBL_EVALS);
- }
-@@ -3008,7 +3011,13 @@ Define a body eval test. See above.
- my ($self, $key, $value, $line) = @_;
- local ($1,$2);
- if ($value =~ /^(\S+)\s+eval:(.*)$/) {
-- $self->{parser}->add_test ($1, $2, $TYPE_BODY_EVALS);
-+ my ($rulename, $fn) = ($1, $2);
-+ dbg("config: body eval rule name is $rulename function is $fn");
-+
-+ if ($fn !~ /^\w+(\(.*\))?$/) {
-+ return $INVALID_VALUE;
-+ }
-+ $self->{parser}->add_test ($rulename, $fn, $TYPE_BODY_EVALS);
- }
- else {
- my @values = split(/\s+/, $value, 2);
Index: patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
diff -N patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
--- patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm 4 Mar 2016 00:05:35
-0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,82 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_DnsResolver_pm,v 1.4 2016/03/04 00:05:35
sthen Exp $
---- lib/Mail/SpamAssassin/DnsResolver.pm.orig Tue Apr 28 20:56:49 2015
-+++ lib/Mail/SpamAssassin/DnsResolver.pm Thu Mar 3 23:59:55 2016
-@@ -592,6 +592,9 @@ sub new_dns_packet {
- };
-
- if ($packet) {
-+ # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223
-+ $packet->header->rd(1);
-+
- # my $udp_payload_size = $self->{res}->udppacketsize;
- my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
- if ($udp_payload_size && $udp_payload_size > 512) {
-@@ -722,6 +725,37 @@ sub bgsend {
-
- ###########################################################################
-
-+=item $id = $res->bgread()
-+
-+Similar to C<Net::DNS::Resolver::bgread>. Reads a DNS packet from
-+a supplied socket, decodes it, and returns a Net::DNS::Packet object
-+if successful. Dies on error.
-+
-+=cut
-+
-+sub bgread() {
-+ my ($self) = @_;
-+ my $sock = $self->{sock};
-+ my $packetsize = $self->{res}->udppacketsize;
-+ $packetsize = 512 if $packetsize < 512; # just in case
-+ my $data = '';
-+ my $peeraddr = $sock->recv($data, $packetsize+256); # with some size
margin for troubleshooting
-+ defined $peeraddr or die "bgread: recv() failed: $!";
-+ my $peerhost = $sock->peerhost;
-+ $data ne '' or die "bgread: received empty packet from $peerhost";
-+ dbg("dns: bgread: received %d bytes from %s", length($data), $peerhost);
-+ my($answerpkt, $decoded_length) = Net::DNS::Packet->new(\$data);
-+ $answerpkt or die "bgread: decoding DNS packet failed: $@";
-+ $answerpkt->answerfrom($peerhost);
-+ if ($decoded_length ne length($data)) {
-+ warn sprintf("bgread: received a %d bytes packet from %s, decoded %d
bytes\n",
-+ length($data), $peerhost, $decoded_length);
-+ }
-+ return $answerpkt;
-+}
-+
-+###########################################################################
-+
- =item $nfound = $res->poll_responses()
-
- See if there are any C<bgsend> reply packets ready, and return
-@@ -769,13 +803,25 @@ sub poll_responses {
- $timeout = 0; # next time around collect whatever is available, then exit
- last if $nfound == 0;
-
-- my $packet = $self->{res}->bgread($self->{sock});
-+ my $packet;
-+ eval {
-+ $packet = $self->bgread();
-+ } or do {
-+ undef $packet;
-+ my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat;
-+ # resignal if alarm went off
-+ die $eval_stat if $eval_stat =~ /__alarm__ignore__\(.*\)/s;
-+ info("dns: bad dns reply: %s", $eval_stat);
-+ };
-
-+# Bug 7265, use our own bgread()
-+# my $packet = $self->{res}->bgread($self->{sock});
-+
- if (!$packet) {
-- my $dns_err = $self->{res}->errorstring;
-- # resignal if alarm went off
-- die "dns (3) $dns_err\n" if $dns_err =~ /__alarm__ignore__\(.*\)/s;
-- info("dns: bad dns reply: $dns_err");
-+ # error already reported above
-+# my $dns_err = $self->{res}->errorstring;
-+# die "dns (3) $dns_err\n" if $dns_err =~ /__alarm__ignore__\(.*\)/s;
-+# info("dns: bad dns reply: $dns_err");
- } else {
- my $header = $packet->header;
- if (!$header) {
Index: patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
--- patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm 4 Mar
2016 00:05:35 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,25 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm,v 1.1
2016/03/04 00:05:35 sthen Exp $
---- lib/Mail/SpamAssassin/Message/Metadata/Received.pm.orig Tue Apr 28
20:56:48 2015
-+++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm Thu Mar 3 23:59:55 2016
-@@ -434,7 +434,8 @@ sub parse_received_line {
- $auth = 'Postfix';
- }
- # Communigate Pro - Bug 6495 adds HTTP as possible transmission method
-- elsif (/CommuniGate Pro (HTTP|SMTP)/ && / \(account /) {
-+ # Bug 7277: XIMSS used by Pronto and other custom apps, IMAP supports
XMIT extension
-+ elsif (/CommuniGate Pro (HTTP|SMTP|XIMSS|IMAP)/ && / \(account /) {
- $auth = 'Communigate';
- }
- # Microsoft Exchange (complete with syntax error)
-@@ -714,6 +715,11 @@ sub parse_received_line {
- # Received: from sc8-sf-sshgate.sourceforge.net (HELO
sc8-sf-netmisc.sourceforge.net) (66.35.250.220) by la.mx.develooper.com
(qpsmtpd/0.27-dev) with ESMTP; Fri, 02 Jan 2004 14:44:41 -0800
- # Received: from mx10.topofferz.net (HELO ) (69.6.60.10) by
blazing.arsecandle.org with SMTP; 3 Mar 2004 20:34:38 -0000
- if (/^(\S+) \((?:HELO|EHLO) (\S*)\) \((${IP_ADDRESS})\) by (\S+)
\(qpsmtpd\/\S+\) with (?:ESMTP|SMTP)/) {
-+ $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
-+ }
-+
-+ # Received: from mail-backend.DDDD.com (LHLO mail-backend.DDDD.com)
(10.2.2.20) by mail-backend.DDDD.com with LMTP; Thu, 18 Jun 2015 16:50:56 -0700
(PDT)
-+ if (/^(\S+) \(LHLO (\S*)\) \((${IP_ADDRESS})\) by (\S+) with LMTP/) {
- $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
- }
-
Index: patches/patch-lib_Mail_SpamAssassin_Message_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Message_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Message_pm
--- patches/patch-lib_Mail_SpamAssassin_Message_pm 31 Oct 2017 07:41:51
-0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,27 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Message_pm,v 1.2 2017/10/31 07:41:51
giovanni Exp $
-
-# bug 7447: Delete parse_queue in Message::finish() to prevent memory leak.
-
-Index: lib/Mail/SpamAssassin/Message.pm
---- lib/Mail/SpamAssassin/Message.pm.orig
-+++ lib/Mail/SpamAssassin/Message.pm
-@@ -628,6 +628,9 @@ sub finish {
- delete $self->{'line_ending'};
- delete $self->{'missing_head_body_separator'};
-
-+ # Remove the queue variable, in case the body has not been parsed
-+ delete $self->{'parse_queue'};
-+
- my @toclean = ( $self );
-
- # Go ahead and clean up all of the Message::Node parts
-@@ -1045,6 +1048,9 @@ sub _parse_normal {
- }
- elsif ($ct[3]) {
- $msg->{'name'} = $ct[3];
-+ }
-+ if ($msg->{'name'}) {
-+ $msg->{'name'} = Encode::decode("MIME-Header", $msg->{'name'});
- }
-
- $msg->{'boundary'} = $boundary;
Index: patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
--- patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm 4 Mar 2016 00:05:35
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,87 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm,v 1.1 2016/03/04 00:05:35
sthen Exp $
---- lib/Mail/SpamAssassin/Plugin/DKIM.pm.orig Tue Apr 28 20:56:47 2015
-+++ lib/Mail/SpamAssassin/Plugin/DKIM.pm Thu Mar 3 23:59:55 2016
-@@ -178,14 +178,19 @@ sub set_config {
-
- Works similarly to whitelist_from, except that in addition to matching
- an author address (From) to the pattern in the first parameter, the message
--must also carry a Domain Keys Identified Mail (DKIM) signature made by a
--signing domain (SDID, i.e. the d= tag) that is acceptable to us.
-+must also carry a valid Domain Keys Identified Mail (DKIM) signature made by
-+a signing domain (SDID, i.e. the d= tag) that is acceptable to us.
-
- Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
- Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
- are allowed for the From address (the first parameter), just like with
--C<whitelist_from_rcvd>. The second parameter does not accept wildcards.
-+C<whitelist_from_rcvd>.
-
-+The second parameter (the signing-domain) does not accept full file-glob style
-+wildcards, although a simple '*.' (or just a '.') prefix to a domain name
-+is recognized and implies any subdomain of the specified domain (but not
-+the domain itself).
-+
- If no signing-domain parameter is specified, the only acceptable signature
- will be an Author Domain Signature (sometimes called first-party signature)
- which is a signature where the signing domain (SDID) of a signature matches
-@@ -205,7 +210,8 @@ Examples of whitelisting based on third-party signatur
- whitelist_from_dkim [email protected] example.org
- whitelist_from_dkim [email protected] example.net
- whitelist_from_dkim *@info.example.net example.net
-- whitelist_from_dkim *@* remailer.example.com
-+ whitelist_from_dkim *@* mail7.remailer.example.com
-+ whitelist_from_dkim *@* *.remailer.example.com
-
- =item def_whitelist_from_dkim [email protected] [signing-domain]
-
-@@ -376,7 +382,8 @@ some valid signature on a message has no reputational
- associated with a particular domain), regardless of its key size - anyone can
- prepend its own signature on a copy of some third party mail and re-send it,
- which makes it no more trustworthy than without such signature. This is also
--a reason for a rule DKIM_VALID to have a near-zero score.
-+a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit
-+is only informational.
-
- =cut
-
-@@ -786,7 +793,8 @@ sub _check_dkim_signature {
- # Only do so if EDNS0 provides a reasonably-sized UDP payload size,
- # as our interface does not provide a DNS fallback to TCP, unlike
- # the Net::DNS::Resolver::send which does provide it.
-- my $res = $self->{main}->{resolver}->get_resolver;
-+ my $res = $self->{main}->{resolver};
-+ dbg("dkim: providing our own resolver: %s", ref $res);
- Mail::DKIM::DNS::resolver($res);
- }
- }
-@@ -892,13 +900,13 @@ sub _check_dkim_signature {
- }
- }
- if (would_log("dbg","dkim")) {
-- dbg("dkim: %s %s, i=%s, d=%s, s=%s, a=%s, c=%s, %s, %s",
-+ dbg("dkim: %s %s, i=%s, d=%s, s=%s, a=%s, c=%s, %s, %s, %s",
- $info,
- $signature->isa('Mail::DKIM::DkSignature') ? 'DK' : 'DKIM',
- map(!defined $_ ? '(undef)' : $_,
- $signature->identity, $d, $signature->selector,
- $signature->algorithm, scalar($signature->canonicalization),
-- $key_size ? "key_bits=$key_size" : (),
-+ $key_size ? "key_bits=$key_size" : "unknown key size",
- ($sig_result_supported ? $signature : $verifier)->result ),
- defined $d && $pms->{dkim_author_domains}->{$d}
- ? 'matches author domain'
-@@ -1257,8 +1265,12 @@ sub _wlcheck_list {
- # identity (AUID). Nevertheless, be prepared to accept the full e-mail
- # address there for compatibility, and just ignore its local-part.
-
-- $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/;
-- $matches = 1 if $sdid eq lc $acceptable_sdid;
-+ $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/s;
-+ if ($acceptable_sdid =~ s/^\*?\.//s) {
-+ $matches = 1 if $sdid =~ /\.\Q$acceptable_sdid\E\z/si;
-+ } else {
-+ $matches = 1 if $sdid eq lc $acceptable_sdid;
-+ }
- }
- if ($matches) {
- if (would_log("dbg","dkim")) {
Index: patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
--- patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm 8 Mar 2018
07:30:00 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,99 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm,v 1.1 2018/03/08
07:30:00 giovanni Exp $
-
-Index: lib/Mail/SpamAssassin/Plugin/PDFInfo.pm
---- lib/Mail/SpamAssassin/Plugin/PDFInfo.pm.orig
-+++ lib/Mail/SpamAssassin/Plugin/PDFInfo.pm
-@@ -31,7 +31,7 @@ This plugin helps detected spam using attached PDF fil
-
- =item See "Usage:" below - more documentation see 20_pdfinfo.cf
-
-- Original info kept for history.
-+ Original info kept for history. For later changes see SVN repo
- -------------------------------------------------------
- PDFInfo Plugin for SpamAssassin
- Version: 0.8
-@@ -40,7 +40,6 @@ This plugin helps detected spam using attached PDF fil
- Modified: 2007-08-10
- By: Dallas Engelken
-
--
- Changes:
- 0.8 - added .fdf detection (thanks John Lundin) [axb]
- 0.7 - fixed empty body/pdf count buglet(thanks Jeremy) [axb]
-@@ -76,7 +75,6 @@ This plugin helps detected spam using attached PDF fil
- - removed all support for png, gif, and jpg from the code.
- - prepended pdf_ to all function names to avoid conflicts with
ImageInfo in SA 3.2.
-
--
- Usage:
-
- pdf_count()
-@@ -144,14 +142,14 @@ package Mail::SpamAssassin::Plugin::PDFInfo;
-
- use Mail::SpamAssassin::Plugin;
- use Mail::SpamAssassin::Logger;
-+use Mail::SpamAssassin::Util;
- use strict;
- use warnings;
--use bytes;
-+# use bytes;
- use Digest::MD5 qw(md5_hex);
- use MIME::QuotedPrint;
-
--use vars qw(@ISA);
--@ISA = qw(Mail::SpamAssassin::Plugin);
-+our @ISA = qw(Mail::SpamAssassin::Plugin);
-
- # constructor: register the eval rule
- sub new {
-@@ -413,9 +411,9 @@ sub _find_pdf_mime_parts {
-
- foreach my $p (@parts) {
- my $type = $p->{'type'} =~ m@/([\w\-]+)$@;
-- my $name = $p->{'name'};
-+ my $name = $p->{'name'} || '';
-
-- my $cte = lc $p->get_header('content-transfer-encoding') || '';
-+ my $cte = lc( $p->get_header('content-transfer-encoding') || '' );
-
- dbg("pdfinfo: found part, type=".($type ? $type : '')." file=".($name ?
$name : '')." cte=".($cte ? $cte : '')."");
-
-@@ -441,7 +439,6 @@ sub _find_pdf_mime_parts {
-
- }
-
--
- # ----------------------------------------
-
- sub pdf_named {
-@@ -476,8 +473,12 @@ sub pdf_name_regex {
-
- my $hit = 0;
- foreach my $name (keys %{$pms->{'pdfinfo'}->{"names_pdf"}}) {
-- my $eval = 'if (q{'.$name.'} =~ '.$re.') { $hit = 1; } ';
-- eval $eval;
-+ eval {
-+ my $regex = Mail::SpamAssassin::Util::make_qr($re);
-+ if ( $name =~ m/$regex/ ) {
-+ $hit = 1;
-+ }
-+ };
- dbg("pdfinfo: error in regex $re - $@") if $@;
- if ($hit) {
- dbg("pdfinfo: pdf_name_regex hit on $name");
-@@ -722,9 +723,12 @@ sub pdf_match_details {
- return unless $check_value;
-
- my $hit = 0;
-- $check_value =~ s/[\{\}\\]//g;
-- my $eval = 'if (q{'.$check_value.'} =~ '.$regex.') { $hit = 1; }';
-- eval $eval;
-+ eval {
-+ my $re = Mail::SpamAssassin::Util::make_qr($regex);
-+ if ( $check_value =~ m/$re/ ) {
-+ $hit = 1;
-+ }
-+ };
- dbg("pdfinfo: error in regex $regex - $@") if $@;
- if ($hit) {
- dbg("pdfinfo: pdf_match_details $detail $regex matches $check_value");
Index: patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
--- patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm 4 Mar 2016 00:05:35
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,24 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_SPF_pm,v 1.1 2016/03/04 00:05:35
sthen Exp $
---- lib/Mail/SpamAssassin/Plugin/SPF.pm.orig Tue Apr 28 20:56:47 2015
-+++ lib/Mail/SpamAssassin/Plugin/SPF.pm Thu Mar 3 23:59:55 2016
-@@ -232,7 +232,7 @@ working downwards until results are successfully parse
- =item has_check_for_spf_errors
-
- Adds capability check for "if can()" for check_for_spf_permerror,
check_for_spf_temperror, check_for_spf_helo_permerror and
check_for_spf_helo_permerror
--
-+
- =cut
-
- sub has_check_for_spf_errors { 1 }
-@@ -506,9 +506,9 @@ sub _check_spf {
- $self->{spf_server} = Mail::SPF::Server->new(
- hostname => $scanner->get_tag('HOSTNAME'),
- dns_resolver => $self->{main}->{resolver},
-- max_dns_interactive_terms => 15);
-+ max_dns_interactive_terms => 20);
- # Bug 7112: max_dns_interactive_terms defaults to 10, but even 14 is
-- # not enough for ebay.com, setting it to 15
-+ # not enough for ebay.com, setting it to 15 NOTE: raising to 20 per bug
7182
- 1;
- } or do {
- $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat;
Index: patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
--- patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm 4 Mar 2016
00:05:35 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,28 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm,v 1.1 2016/03/04
00:05:35 sthen Exp $
---- lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm.orig Tue Apr 28 20:56:47 2015
-+++ lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm Thu Mar 3 23:59:55 2016
-@@ -942,9 +942,8 @@ sub complete_ns_lookup {
- next unless (defined($str) && defined($dom));
- dbg("uridnsbl: got($j) NS for $dom: $str");
-
-- if ($str =~ /IN\s+NS\s+(\S+)/) {
-- my $nsmatch = lc $1;
-- $nsmatch =~ s/\.$//;
-+ if ($rr->type eq 'NS') {
-+ my $nsmatch = lc $rr->nsdname; # available since at least Net::DNS 0.14
- my $nsrhblstr = $nsmatch;
- my $fullnsrhblstr = $nsmatch;
-
-@@ -1025,9 +1024,9 @@ sub complete_a_lookup {
- }
- dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
-
-- local $1;
-- if ($str =~ /IN\s+A\s+(\S+)/) {
-- $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
-+ if ($rr->type eq 'A') {
-+ my $ip_address = $rr->rdatastr;
-+ $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
- }
- }
- }
Index: patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
--- patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm 6 Feb 2018
07:58:03 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,34 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm,v 1.1 2018/02/06
07:58:03 giovanni Exp $
-
-Compatibility patches for perl 5.23+
-
-Index: lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
---- lib/Mail/SpamAssassin/Plugin/URILocalBL.pm.orig
-+++ lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
-@@ -350,7 +350,7 @@ sub check_uri_local_bl {
- # look for W3 links only
- next unless (defined $info->{types}->{a});
-
-- while (my($host, $domain) = each $info->{hosts}) {
-+ while (my($host, $domain) = each %{$info->{hosts}}) {
-
- # skip if the domain name was matched
- if (exists $rule->{exclusions} && exists
$rule->{exclusions}->{$domain}) {
-@@ -374,7 +374,7 @@ sub check_uri_local_bl {
- }
-
- if (exists $rule->{countries}) {
-- dbg("check: uri_local_bl countries %s\n", join(' ', sort keys
$rule->{countries}));
-+ dbg("check: uri_local_bl countries %s\n", join(' ', sort keys
%{$rule->{countries}}));
-
- my $cc = $self->{geoip}->country_code_by_addr($ip);
-
-@@ -403,7 +403,7 @@ sub check_uri_local_bl {
- }
-
- if (exists $rule->{isps}) {
-- dbg("check: uri_local_bl isps %s\n", join(' ', map { '"' . $_ .
'"'; } sort keys $rule->{isps}));
-+ dbg("check: uri_local_bl isps %s\n", join(' ', map { '"' . $_ .
'"'; } sort keys %{$rule->{isps}}));
-
- my $isp = $self->{geoisp}->isp_by_name($ip);
-
Index: patches/patch-lib_Mail_SpamAssassin_Util_pm
===================================================================
RCS file: patches/patch-lib_Mail_SpamAssassin_Util_pm
diff -N patches/patch-lib_Mail_SpamAssassin_Util_pm
--- patches/patch-lib_Mail_SpamAssassin_Util_pm 23 Feb 2018 17:07:35 -0000
1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,96 +0,0 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_Util_pm,v 1.4 2018/02/23 17:07:35
giovanni Exp $
-Index: lib/Mail/SpamAssassin/Util.pm
---- lib/Mail/SpamAssassin/Util.pm.orig
-+++ lib/Mail/SpamAssassin/Util.pm
-@@ -62,7 +62,8 @@ BEGIN {
- @EXPORT_OK = qw(&local_tz &base64_decode &untaint_var &untaint_file_path
- &exit_status_str &proc_status_ok &am_running_on_windows
- &reverse_ip_address &decode_dns_question_entry
-- &secure_tmpfile &secure_tmpdir &uri_list_canonicalize);
-+ &secure_tmpfile &secure_tmpdir &uri_list_canonicalize
-+ &get_user_groups);
- }
-
- use Mail::SpamAssassin;
-@@ -108,7 +109,7 @@ BEGIN {
- if ( !$displayed_path++ ) {
- dbg("util: current PATH is:
".join($Config{'path_sep'},File::Spec->path()));
- }
-- foreach my $path (File::Spec->path()) {
-+ foreach my $path (File::Spec->path(), qw(${LOCALBASE}/bin
${LOCALBASE}/sbin)) {
- my $fname = File::Spec->catfile ($path, $filename);
- if ( -f $fname ) {
- if (-x $fname) {
-@@ -988,6 +989,18 @@ sub parse_content_type {
- my($charset) = $ct =~ /\bcharset\s*=\s*["']?(.*?)["']?(?:;|$)/i;
- my($name) = $ct =~ /\b(?:file)?name\s*=\s*["']?(.*?)["']?(?:;|$)/i;
-
-+ # RFC 2231 section 3: Parameter Value Continuations
-+ # support continuations for name values
-+ #
-+ if (!$name && $ct =~ /\b(?:file)?name\*0\s*=/i) {
-+
-+ my @name;
-+ $name[$1] = $2
-+ while ($ct =~ /\b(?:file)?name\*(\d+)\s*=\s*["']?(.*?)["']?(?:;|$)/ig);
-+
-+ $name = join "", grep defined, @name;
-+ }
-+
- # Get the actual MIME type out ...
- # Note: the header content may not be whitespace unfolded, so make sure the
- # REs do /s when appropriate.
-@@ -1493,13 +1506,43 @@ sub receive_date {
- }
-
- ###########################################################################
-+sub get_user_groups {
-+ my $suid = shift;
-+ dbg("get_user_groups: uid is $suid\n");
-+ my ( $user, $passwd, $uid, $gid, $quota, $comment, $gcos, $dir, $shell,
$expire ) = getpwuid($suid);
-+ my $rgids="$gid ";
-+ while ( my($name,$pw,$gid,$members) = getgrent() ) {
-+ if ( $members =~ m/\b$user\b/ ) {
-+ $rgids .= "$gid ";
-+ dbg("get_user_groups: added $gid ($name) to group list which is now:
$rgids\n");
-+ }
-+ }
-+ endgrent;
-+ chop $rgids;
-+ return ($rgids);
-+}
-
-+
-+
- sub setuid_to_euid {
- return if (RUNNING_ON_WINDOWS);
-
- # remember the target uid, the first number is the important one
- my $touid = $>;
--
-+ my $gids = get_user_groups($touid);
-+ my ( $pgid, $supgs ) = split (' ',$gids,2);
-+ defined $supgs or $supgs=$pgid;
-+ if ($( != $pgid) {
-+ # Gotta be root for any of this to work
-+ $> = 0 ;
-+ dbg("util: changing real primary gid from $( to $pgid and supplemental
groups to $supgs to match effective uid $touid");
-+ POSIX::setgid($pgid);
-+ dbg("util: POSIX::setgid($pgid) set errno to $!");
-+ $! = 0;
-+ $( = $pgid;
-+ $) = "$pgid $supgs";
-+ dbg("util: assignment \$) = $pgid $supgs set errno to $!");
-+ }
- if ($< != $touid) {
- dbg("util: changing real uid from $< to match effective uid $touid");
- # bug 3586: kludges needed to work around platform dependent behavior
assigning to $<
-@@ -1574,7 +1617,7 @@ sub helper_app_pipe_open_unix {
- eval {
- # go setuid...
- setuid_to_euid();
-- dbg("util: setuid: ruid=$< euid=$>");
-+ info("util: setuid: ruid=$< euid=$> rgid=$( egid=$) ");
-
- # now set up the fds. due to some wierdness, we may have to ensure that
- # we *really* close the correct fd number, since some other code may have
Index: patches/patch-spamc_libspamc_c
===================================================================
RCS file: patches/patch-spamc_libspamc_c
diff -N patches/patch-spamc_libspamc_c
--- patches/patch-spamc_libspamc_c 23 May 2015 14:18:55 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$OpenBSD: patch-spamc_libspamc_c,v 1.3 2015/05/23 14:18:55 bluhm Exp $
---- spamc/libspamc.c.orig Tue Apr 28 21:56:59 2015
-+++ spamc/libspamc.c Wed May 20 19:53:07 2015
-@@ -1216,7 +1216,7 @@ int message_filter(struct transport *tp, const char *u
- if (flags & SPAMC_TLSV1) {
- meth = TLSv1_client_method();
- } else {
-- meth = SSLv3_client_method(); /* default */
-+ meth = SSLv23_client_method(); /* default */
- }
- SSL_load_error_strings();
- ctx = SSL_CTX_new(meth);
-@@ -1604,7 +1604,7 @@ int message_tell(struct transport *tp, const char *use
- if (flags & SPAMC_USE_SSL) {
- #ifdef SPAMC_SSL
- SSLeay_add_ssl_algorithms();
-- meth = SSLv3_client_method();
-+ meth = SSLv23_client_method();
- SSL_load_error_strings();
- ctx = SSL_CTX_new(meth);
- #else
Index: patches/patch-spamd_spamd_raw
===================================================================
RCS file: patches/patch-spamd_spamd_raw
diff -N patches/patch-spamd_spamd_raw
--- patches/patch-spamd_spamd_raw 23 Feb 2018 17:07:35 -0000 1.9
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,98 +0,0 @@
-$OpenBSD: patch-spamd_spamd_raw,v 1.9 2018/02/23 17:07:35 giovanni Exp $
-Index: spamd/spamd.raw
---- spamd/spamd.raw.orig
-+++ spamd/spamd.raw
-@@ -246,7 +246,8 @@ use Mail::SpamAssassin::SubProcBackChannel;
- use Mail::SpamAssassin::SpamdForkScaling qw(:pfstates);
- use Mail::SpamAssassin::Logger qw(:DEFAULT log_message);
- use Mail::SpamAssassin::Util qw(untaint_var untaint_file_path
-- exit_status_str am_running_on_windows);
-+ exit_status_str am_running_on_windows
-+ get_user_groups);
- use Mail::SpamAssassin::Timeout;
-
- use Getopt::Long;
-@@ -1071,7 +1072,6 @@ sub server_sock_setup_inet {
- $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP'
- && IO::Socket::IP->VERSION >= 0.09;
- %sockopt = (%sockopt, (
-- SSL_version => $sslversion,
- SSL_verify_mode => 0x00,
- SSL_key_file => $opt{'server-key'},
- SSL_cert_file => $opt{'server-cert'},
-@@ -1092,7 +1092,8 @@ sub server_sock_setup_inet {
- if (!$server_inet) {
- $diag = sprintf("could not create %s socket on [%s]:%s: %s",
- $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
-- $adr, $port, $!);
-+ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
-+ "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
- push(@diag_fail, $diag);
- } else {
- $diag = sprintf("created %s socket on [%s]:%s",
-@@ -1369,10 +1370,20 @@ sub spawn {
- # bug 5518: assignments to $) and $( don't always work on all platforms
- # bug 3900: assignments to $> and $< problems with BSD perl bug
- # use the POSIX functions to hide the platform specific workarounds
-+ dbg("spamd: Privilege de-escalation from user $< and groups $(\n");
-+ $! = 0;
- POSIX::setgid($ugid); # set effective and real gid
-+ dbg("spamd: setgid ERRNO is $!\n");
-+ $( = $ugid;
-+ $) = "$ugid ".(get_user_groups($uuid)); # set effective and real
gid/grouplist another way because we lack initgroups in Perl
-+ dbg("spamd: group assignment ERRNO is $!\n");
- POSIX::setuid($uuid); # set effective and real UID
-+ dbg("spamd: setuid ERRNO is $!\n");
- $< = $uuid; $> = $uuid; # bug 5574
-+ dbg("spamd: uid assignment ERRNO is $!\n");
-+ dbg("spamd: real user is $< \neff user is $> \nreal groups are $( \neff
groups are $) \n");
-
-+
- # keep the sanity check to catch problems like bug 3900 just in case
- if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) {
- die "spamd: setuid to uid $uuid failed (> = $>, < = $<)\n";
-@@ -1521,7 +1532,7 @@ sub accept_from_any_server_socket {
- } # end multiple sockets case
-
- if ($selected_socket_info) {
-- my $socket = $selected_socket_info->{socket};
-+ $socket = $selected_socket_info->{socket};
- $socket or die "no socket???, impossible";
- dbg("spamd: accept() on fd %d", $selected_socket_info->{fd});
- $client = $socket->accept;
-@@ -1726,7 +1737,7 @@ sub handle_setuid_to_user {
- my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
- getpwnam('nobody');
-
-- $) = "$gid $gid"; # eGID
-+ $) = (get_user_groups($uid)); # eGID
- $> = $uid; # eUID
- if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
- die("spamd: setuid to nobody failed");
-@@ -2488,7 +2499,7 @@ sub handle_user_setuid_basic {
- }
-
- if ($setuid_to_user) {
-- $) = "$gid $gid"; # change eGID
-+ $) = (get_user_groups($uid)); # change eGID
- $> = $uid; # change eUID
- if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
- # make it fatal to avoid security breaches
-@@ -2710,7 +2721,7 @@ sub handle_user_setuid_with_sql {
- }
-
- if ($setuid_to_user) {
-- $) = "$gid $gid"; # change eGID
-+ $) = (get_user_groups($uid)); # change eGID
- $> = $uid; # change eUID
- if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
- # make it fatal to avoid security breaches
-@@ -2755,7 +2766,7 @@ sub handle_user_setuid_with_ldap {
- }
-
- if ($setuid_to_user) {
-- $) = "$gid $gid"; # change eGID
-+ $) = (get_user_groups($uid)); # change eGID
- $> = $uid; # change eUID
- if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
- # make it fatal to avoid security breaches
Index: patches/patch-t_SATest_pm
===================================================================
RCS file: patches/patch-t_SATest_pm
diff -N patches/patch-t_SATest_pm
--- patches/patch-t_SATest_pm 7 Nov 2017 07:39:07 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-$OpenBSD: patch-t_SATest_pm,v 1.1 2017/11/07 07:39:07 giovanni Exp $
-
-Index: t/SATest.pm
---- t/SATest.pm.orig
-+++ t/SATest.pm
-@@ -1027,7 +1027,7 @@ sub can_use_net_dns_safely {
- # (which is used by Net::DNS)
-
- return 1 if ($< != 0);
-- return 1 if ($^O =~ /^(linux|mswin|dos|os2)/oi);
-+ return 1 if ($^O =~ /^(linux|mswin|dos|os2|openbsd)/oi);
-
- my $has_unsafe_hostname =
- eval { require Sys::Hostname::Long && Sys::Hostname::Long->VERSION < 1.4
};
Index: patches/patch-t_sa_compile_t
===================================================================
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/patches/patch-t_sa_compile_t,v
retrieving revision 1.3
diff -u -p -r1.3 patch-t_sa_compile_t
--- patches/patch-t_sa_compile_t 23 May 2015 14:18:55 -0000 1.3
+++ patches/patch-t_sa_compile_t 18 Sep 2018 07:08:03 -0000
@@ -1,21 +1,14 @@
$OpenBSD: patch-t_sa_compile_t,v 1.3 2015/05/23 14:18:55 bluhm Exp $
---- t/sa_compile.t.orig Tue Apr 28 21:56:58 2015
-+++ t/sa_compile.t Tue May 12 22:36:36 2015
-@@ -8,8 +8,7 @@ use Config;
+Index: t/sa_compile.t
+--- t/sa_compile.t.orig
++++ t/sa_compile.t
+@@ -12,8 +12,7 @@ use Config;
use File::Basename;
use File::Path qw/mkpath/;
-my $temp_binpath = $Config{sitebinexp};
--$temp_binpath =~ s/^\Q$Config{prefix}\E//;
+-$temp_binpath =~ s|^\Q$Config{siteprefixexp}\E/||;
+my $temp_binpath = "bin";
- # called from BEGIN
- sub re2c_version_new_enough {
-@@ -65,6 +64,7 @@ sub new_instdir {
- $instdir = $instbase.".".(shift);
- print "\nsetting new instdir: $instdir\n";
- $INST_FROM_SCRATCH and system("rm -rf $instdir; mkdir $instdir");
-+ system("mkdir -p $instdir/foo/etc/mail/spamassassin");
- }
-
- sub run_makefile_pl {
+ use Test::More;
+ plan skip_all => "Long running tests disabled" unless
conf_bool('run_long_tests');
Index: patches/patch-t_spf_t
===================================================================
RCS file: patches/patch-t_spf_t
diff -N patches/patch-t_spf_t
--- patches/patch-t_spf_t 7 Nov 2017 07:39:07 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,22 +0,0 @@
-$OpenBSD: patch-t_spf_t,v 1.1 2017/11/07 07:39:07 giovanni Exp $
-
-Index: t/spf.t
---- t/spf.t.orig
-+++ t/spf.t
-@@ -12,6 +12,7 @@ use constant HAS_MAILSPF => eval { require Mail::SPF;
- # on non-Linux unices as root, due to a bug in Sys::Hostname::Long
- # (it is used by Mail::SPF::Query, which is now obsoleted by Mail::SPF)
- use constant IS_LINUX => $^O eq 'linux';
-+use constant IS_OPENBSD => $^O eq 'openbsd';
- use constant IS_WINDOWS => ($^O =~ /^(mswin|dos|os2)/oi);
- use constant AM_ROOT => $< == 0;
-
-@@ -20,7 +21,7 @@ use constant HAS_UNSAFE_HOSTNAME => # Bug 3806 - modu
-
- use constant DO_RUN =>
- TEST_ENABLED && (HAS_SPFQUERY || HAS_MAILSPF) &&
-- (!HAS_UNSAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS);
-+ (!HAS_UNSAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS || IS_OPENBSD);
-
- BEGIN {
-
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/pkg/PLIST,v
retrieving revision 1.35
diff -u -p -r1.35 PLIST
--- pkg/PLIST 6 May 2017 14:56:08 -0000 1.35
+++ pkg/PLIST 18 Sep 2018 07:08:03 -0000
@@ -79,8 +79,10 @@ ${P5SITE}/Mail/SpamAssassin/Plugin/DCC.p
${P5SITE}/Mail/SpamAssassin/Plugin/DKIM.pm
${P5SITE}/Mail/SpamAssassin/Plugin/DNSEval.pm
${P5SITE}/Mail/SpamAssassin/Plugin/FreeMail.pm
+${P5SITE}/Mail/SpamAssassin/Plugin/FromNameSpoof.pm
${P5SITE}/Mail/SpamAssassin/Plugin/HTMLEval.pm
${P5SITE}/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm
+${P5SITE}/Mail/SpamAssassin/Plugin/HashBL.pm
${P5SITE}/Mail/SpamAssassin/Plugin/Hashcash.pm
${P5SITE}/Mail/SpamAssassin/Plugin/HeaderEval.pm
${P5SITE}/Mail/SpamAssassin/Plugin/ImageInfo.pm
@@ -89,11 +91,13 @@ ${P5SITE}/Mail/SpamAssassin/Plugin/MIMEH
${P5SITE}/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
${P5SITE}/Mail/SpamAssassin/Plugin/PDFInfo.pm
${P5SITE}/Mail/SpamAssassin/Plugin/PhishTag.pm
+${P5SITE}/Mail/SpamAssassin/Plugin/Phishing.pm
${P5SITE}/Mail/SpamAssassin/Plugin/Pyzor.pm
${P5SITE}/Mail/SpamAssassin/Plugin/Razor2.pm
${P5SITE}/Mail/SpamAssassin/Plugin/RelayCountry.pm
${P5SITE}/Mail/SpamAssassin/Plugin/RelayEval.pm
${P5SITE}/Mail/SpamAssassin/Plugin/ReplaceTags.pm
+${P5SITE}/Mail/SpamAssassin/Plugin/ResourceLimits.pm
${P5SITE}/Mail/SpamAssassin/Plugin/Reuse.pm
${P5SITE}/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
${P5SITE}/Mail/SpamAssassin/Plugin/SPF.pm
@@ -118,9 +122,9 @@ ${P5SITE}/Mail/SpamAssassin/SubProcBackC
${P5SITE}/Mail/SpamAssassin/Timeout.pm
${P5SITE}/Mail/SpamAssassin/Util/
${P5SITE}/Mail/SpamAssassin/Util.pm
+@comment ${P5SITE}/Mail/SpamAssassin/Util.pm.beforesubst
${P5SITE}/Mail/SpamAssassin/Util/DependencyInfo.pm
${P5SITE}/Mail/SpamAssassin/Util/Progress.pm
-${P5SITE}/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
${P5SITE}/Mail/SpamAssassin/Util/ScopedTimer.pm
${P5SITE}/Mail/SpamAssassin/Util/TieOneStringHash.pm
${P5SITE}/Mail/SpamAssassin/Util/TinyRedis.pm
@@ -174,16 +178,20 @@ ${P5SITE}/spamassassin-run.pod
@man man/man3p/Mail::SpamAssassin::Plugin::DCC.3p
@man man/man3p/Mail::SpamAssassin::Plugin::DKIM.3p
@man man/man3p/Mail::SpamAssassin::Plugin::DNSEval.3p
+@man man/man3p/Mail::SpamAssassin::Plugin::FromNameSpoof.3p
+@man man/man3p/Mail::SpamAssassin::Plugin::HashBL.3p
@man man/man3p/Mail::SpamAssassin::Plugin::Hashcash.3p
@man man/man3p/Mail::SpamAssassin::Plugin::MIMEEval.3p
@man man/man3p/Mail::SpamAssassin::Plugin::MIMEHeader.3p
@man man/man3p/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3p
@man man/man3p/Mail::SpamAssassin::Plugin::PDFInfo.3p
@man man/man3p/Mail::SpamAssassin::Plugin::PhishTag.3p
+@man man/man3p/Mail::SpamAssassin::Plugin::Phishing.3p
@man man/man3p/Mail::SpamAssassin::Plugin::Pyzor.3p
@man man/man3p/Mail::SpamAssassin::Plugin::Razor2.3p
@man man/man3p/Mail::SpamAssassin::Plugin::RelayCountry.3p
@man man/man3p/Mail::SpamAssassin::Plugin::ReplaceTags.3p
+@man man/man3p/Mail::SpamAssassin::Plugin::ResourceLimits.3p
@man man/man3p/Mail::SpamAssassin::Plugin::Reuse.3p
@man man/man3p/Mail::SpamAssassin::Plugin::Rule2XSBody.3p
@man man/man3p/Mail::SpamAssassin::Plugin::SPF.3p
@@ -205,7 +213,6 @@ ${P5SITE}/spamassassin-run.pod
@man man/man3p/Mail::SpamAssassin::Util.3p
@man man/man3p/Mail::SpamAssassin::Util::DependencyInfo.3p
@man man/man3p/Mail::SpamAssassin::Util::Progress.3p
-@man man/man3p/Mail::SpamAssassin::Util::RegistrarBoundaries.3p
@man man/man3p/spamassassin-run.3p
share/doc/SpamAssassin/
share/doc/SpamAssassin/CREDITS
@@ -242,6 +249,7 @@ share/examples/SpamAssassin/init.pre
@sample ${CONFDIR}/init.pre
share/examples/SpamAssassin/local.cf
@sample ${CONFDIR}/local.cf
+@comment share/examples/SpamAssassin/svn_only.pre
share/examples/SpamAssassin/v310.pre
@sample ${CONFDIR}/v310.pre
share/examples/SpamAssassin/v312.pre
@@ -254,6 +262,8 @@ share/examples/SpamAssassin/v340.pre
@sample ${CONFDIR}/v340.pre
share/examples/SpamAssassin/v341.pre
@sample ${CONFDIR}/v341.pre
+share/examples/SpamAssassin/v342.pre
+@sample ${CONFDIR}/v342.pre
share/spamassassin/
share/spamassassin/10_default_prefs.cf
share/spamassassin/10_hasbase.cf
@@ -303,7 +313,9 @@ share/spamassassin/50_scores.cf
share/spamassassin/60_adsp_override_dkim.cf
share/spamassassin/60_awl.cf
share/spamassassin/60_shortcircuit.cf
+share/spamassassin/60_txrep.cf
share/spamassassin/60_whitelist.cf
+share/spamassassin/60_whitelist_auth.cf
share/spamassassin/60_whitelist_dkim.cf
share/spamassassin/60_whitelist_spf.cf
share/spamassassin/60_whitelist_subject.cf
Index: pkg/spamassassin.rc
===================================================================
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/pkg/spamassassin.rc,v
retrieving revision 1.6
diff -u -p -r1.6 spamassassin.rc
--- pkg/spamassassin.rc 11 Jan 2018 19:27:03 -0000 1.6
+++ pkg/spamassassin.rc 18 Sep 2018 07:08:03 -0000
@@ -7,6 +7,6 @@ daemon_flags="-u _spamdaemon -P"
. /etc/rc.d/rc.subr
-pexp="perl: ${daemon}${daemon_flags:+ ${daemon_flags}}"
+pexp="/usr/bin/perl -T -w ${daemon}${daemon_flags:+ ${daemon_flags}}"
rc_cmd $1
