rpms/spamassassin
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- 3.3.0-alpha1

Browse Source 
- WARNING: spamassassin-3.3.0+ no longer ships with its own rules. You must
    run sa-update to download rules before you use spamassassin. Failure to
    download rules means spamassassin always returns unfiltered. Should we
    ship a set of rules with spamassassin? Please discuss on
    fedora-devel-list.
This commit is contained in:
Warren Togami 2009-07-07 15:14:52 +00:00
parent 7c90203b5f
commit 0b9818bb60
5 changed files with 432 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
Mail-SpamAssassin-3.2.5.tar.bz2
Mail-SpamAssassin-3.3.0-alpha1.tar.bz2

250
Mail-SpamAssassin-3.3.0-missing-pre.patch Normal file
View File

@ -0,0 +1,250 @@
diff -urN Mail-SpamAssassin-3.3.0.orig/rules/init.pre Mail-SpamAssassin-3.3.0/rules/init.pre
--- Mail-SpamAssassin-3.3.0.orig/rules/init.pre 1969-12-31 19:00:00.000000000 -0500
+++ Mail-SpamAssassin-3.3.0/rules/init.pre 2009-07-06 18:56:58.599173705 -0400
@@ -0,0 +1,36 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file contains plugin activation commands for plugins included
+# in SpamAssassin 3.0.x releases. It will not be installed if you
+# already have a file in place called "init.pre".
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# RelayCountry - add metadata for Bayes learning, marking the countries
+# a message was relayed through
+#
+# Note: This requires the IP::Country::Fast Perl module
+#
+# loadplugin Mail::SpamAssassin::Plugin::RelayCountry
+
+# URIDNSBL - look up URLs found in the message against several DNS
+# blocklists.
+#
+loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
+
+# Hashcash - perform hashcash verification.
+#
+loadplugin Mail::SpamAssassin::Plugin::Hashcash
+
+# SPF - perform SPF verification.
+#
+loadplugin Mail::SpamAssassin::Plugin::SPF
+
diff -urN Mail-SpamAssassin-3.3.0.orig/rules/v310.pre Mail-SpamAssassin-3.3.0/rules/v310.pre
--- Mail-SpamAssassin-3.3.0.orig/rules/v310.pre 1969-12-31 19:00:00.000000000 -0500
+++ Mail-SpamAssassin-3.3.0/rules/v310.pre 2009-07-06 18:56:58.600173835 -0400
@@ -0,0 +1,78 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.1.0,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# DCC - perform DCC message checks.
+#
+# DCC is disabled here because it is not open source. See the DCC
+# license for more details.
+#
+#loadplugin Mail::SpamAssassin::Plugin::DCC
+
+# Pyzor - perform Pyzor message checks.
+#
+loadplugin Mail::SpamAssassin::Plugin::Pyzor
+
+# Razor2 - perform Razor2 message checks.
+#
+loadplugin Mail::SpamAssassin::Plugin::Razor2
+
+# SpamCop - perform SpamCop message reporting
+#
+loadplugin Mail::SpamAssassin::Plugin::SpamCop
+
+# AntiVirus - some simple anti-virus checks, this is not a replacement
+# for an anti-virus filter like Clam AntiVirus
+#
+#loadplugin Mail::SpamAssassin::Plugin::AntiVirus
+
+# AWL - do auto-whitelist checks
+#
+#loadplugin Mail::SpamAssassin::Plugin::AWL
+
+# AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning
+#
+loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
+
+# TextCat - language guesser
+#
+#loadplugin Mail::SpamAssassin::Plugin::TextCat
+
+# AccessDB - lookup from-addresses in access database
+#
+#loadplugin Mail::SpamAssassin::Plugin::AccessDB
+
+# WhitelistSubject - Whitelist/Blacklist certain subject regular expressions
+#
+loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
+
+###########################################################################
+# experimental plugins
+
+# DomainKeys - perform DomainKeys verification
+#
+# This plugin has been removed as of v3.3.0. Use the DKIM plugin instead,
+# which supports both Domain Keys and DKIM.
+
+# MIMEHeader - apply regexp rules against MIME headers in the message
+#
+loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
+# ReplaceTags
+#
+loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
+
diff -urN Mail-SpamAssassin-3.3.0.orig/rules/v312.pre Mail-SpamAssassin-3.3.0/rules/v312.pre
--- Mail-SpamAssassin-3.3.0.orig/rules/v312.pre 1969-12-31 19:00:00.000000000 -0500
+++ Mail-SpamAssassin-3.3.0/rules/v312.pre 2009-07-06 18:56:58.600173835 -0400
@@ -0,0 +1,29 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.1.2,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+
+###########################################################################
+# experimental plugins
+
+# DKIM - perform DKIM verification
+#
+# Mail::DKIM module required for use, see INSTALL for more information.
+#
+# Note that if C<Mail::DKIM> version 0.20 or later is installed, this
+# renders the DomainKeys plugin redundant.
+#
+loadplugin Mail::SpamAssassin::Plugin::DKIM
+
diff -urN Mail-SpamAssassin-3.3.0.orig/rules/v320.pre Mail-SpamAssassin-3.3.0/rules/v320.pre
--- Mail-SpamAssassin-3.3.0.orig/rules/v320.pre 1969-12-31 19:00:00.000000000 -0500
+++ Mail-SpamAssassin-3.3.0/rules/v320.pre 2009-07-06 18:56:58.600173835 -0400
@@ -0,0 +1,64 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.2.0,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# Check - Provides main check functionality
+#
+loadplugin Mail::SpamAssassin::Plugin::Check
+
+# HTTPSMismatch - find URI mismatches between href and anchor text
+#
+loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
+
+# URIDetail - test URIs using detailed URI information
+#
+loadplugin Mail::SpamAssassin::Plugin::URIDetail
+
+# Shortcircuit - stop evaluation early if high-accuracy rules fire
+#
+# loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
+
+# Plugins which used to be EvalTests.pm
+# broken out into separate plugins
+loadplugin Mail::SpamAssassin::Plugin::Bayes
+loadplugin Mail::SpamAssassin::Plugin::BodyEval
+loadplugin Mail::SpamAssassin::Plugin::DNSEval
+loadplugin Mail::SpamAssassin::Plugin::HTMLEval
+loadplugin Mail::SpamAssassin::Plugin::HeaderEval
+loadplugin Mail::SpamAssassin::Plugin::MIMEEval
+loadplugin Mail::SpamAssassin::Plugin::RelayEval
+loadplugin Mail::SpamAssassin::Plugin::URIEval
+loadplugin Mail::SpamAssassin::Plugin::WLBLEval
+
+# VBounce - anti-bounce-message rules, see rules/20_vbounce.cf
+#
+loadplugin Mail::SpamAssassin::Plugin::VBounce
+
+# Rule2XSBody - speedup by compilation of ruleset to native code
+#
+# loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
+
+# ASN - Look up the Autonomous System Number of the connecting IP
+# and create a header containing ASN data for bayes tokenization.
+# See plugin's POD docs for usage info.
+#
+# loadplugin Mail::SpamAssassin::Plugin::ASN
+
+# ImageInfo - rules to match metadata of image attachments
+#
+loadplugin Mail::SpamAssassin::Plugin::ImageInfo
+
diff -urN Mail-SpamAssassin-3.3.0.orig/rules/v330.pre Mail-SpamAssassin-3.3.0/rules/v330.pre
--- Mail-SpamAssassin-3.3.0.orig/rules/v330.pre 1969-12-31 19:00:00.000000000 -0500
+++ Mail-SpamAssassin-3.3.0/rules/v330.pre 2009-07-06 18:56:58.600173835 -0400
@@ -0,0 +1,23 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.3.0,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# PhishTag - allows sites to rewrite suspect phish-mail URLs
+# (Note: this requires configuration, see http://umut.topkara.org/PhishTag)
+#
+#loadplugin Mail::SpamAssassin::Plugin::PhishTag
+

163
Mail-SpamAssassin-3.3.0-perl-bug-taint.patch Normal file
View File

@ -0,0 +1,163 @@
Index: lib/Mail/SpamAssassin/PerMsgStatus.pm
===================================================================
--- lib/Mail/SpamAssassin/PerMsgStatus.pm (revision 791769)
+++ lib/Mail/SpamAssassin/PerMsgStatus.pm (working copy)
@@ -2200,11 +2200,13 @@
# default ruletype, if not specified:
$params{ruletype} ||= 'unknown';
+ my $rule_descr = $self->{conf}->get_description_for_rule($rule);
+ $rule_descr = $rule if !defined $rule_descr || $rule_descr eq '';
$self->_handle_hit($rule,
$score,
$area,
$params{ruletype},
- $self->{conf}->get_description_for_rule($rule) || $rule);
+ $rule_descr);
# take care of duplicate rules, too (bug 5206)
my $dups = $self->{conf}->{duplicate_rules}->{$rule};
Index: lib/Mail/SpamAssassin/Conf.pm
===================================================================
--- lib/Mail/SpamAssassin/Conf.pm (revision 791769)
+++ lib/Mail/SpamAssassin/Conf.pm (working copy)
@@ -3571,7 +3571,11 @@
sub get_description_for_rule {
my ($self, $rule) = @_;
- return $self->{descriptions}->{$rule};
+ # as silly as it looks, localized $1 here prevents an outer $1 from getting
+ # tainted by the expression or assignment in the next line, bug 6148
+ local($1);
+ my $rule_descr = $self->{descriptions}->{$rule};
+ return $rule_descr;
}
###########################################################################
Index: sa-update.raw
===================================================================
--- sa-update.raw (revision 791769)
+++ sa-update.raw (working copy)
@@ -47,6 +47,7 @@
use Config;
use strict;
use warnings;
+use re 'taint';
BEGIN { # see comments in "spamassassin.raw" for doco
my @bin = File::Spec->splitpath($0);
@@ -221,10 +222,7 @@
# we're not a setuid script, we trust them
foreach my $optkey (keys %opt) {
next if ref $opt{$optkey};
- my $untaint = $opt{$optkey};
- next unless defined $untaint;
- $untaint =~ /^(.*)$/;
- $opt{$optkey} = $1;
+ Mail::SpamAssassin::Util::untaint_var(\$opt{$optkey});
}
##############################################################################
@@ -344,9 +342,9 @@
# untaint the channel listing
for(my $ind = 0; $ind < @channels; $ind++) {
- local ($1); # bug 5061: prevent random taint flagging of $1
+ local($1); # bug 5061: prevent random taint flagging of $1
if ($channels[$ind] =~ /^([a-zA-Z0-9._-]+)$/) {
- $channels[$ind] = $1;
+ Mail::SpamAssassin::Util::untaint_var(\$channels[$ind]);
}
else {
dbg("channel: skipping invalid channel: $channels[$ind]");
@@ -416,6 +414,7 @@
my $currentV = -1;
if (open(CF, $CFFile)) {
while(<CF>) {
+ local($1,$2);
last unless /^# UPDATE\s+([A-Za-z]+)\s+(\S+)/;
my($type, $value) = (lc $1,$2);
@@ -435,6 +434,7 @@
my $DNSQ = "$RevSAVersion.$channel";
my $dnsV = join(' ', do_txt_query($DNSQ));
+ local($1);
if (defined $dnsV && $dnsV =~ /^(\d+)/) {
$newV = $1 if (!defined $newV || $1 > $newV);
dbg("dns: $DNSQ => $dnsV, parsed as $1");
@@ -464,6 +464,7 @@
} else { # $instfile
# the /.*/ ensures we use the 3-digit string nearest to the end of string, otherwise
# we might pick up something from the middle of the directory path
+ local($1);
if ($instfile !~ /(?:.*\D|^)(\d{3,})/) {
# this is a requirement
die "channel: $channel: --install file $instfile does not contain a 3-digit version number!\n";
@@ -632,8 +633,10 @@
# Validate the SHA1 signature before going forward with more complicated
# operations.
# The SHA1 file may be "signature filename" ala sha1sum, just use the signature
- $SHA1 =~ /^([a-fA-F0-9]{40})/;
- $SHA1 = $1 || 'INVALID';
+ { local($1);
+ $SHA1 =~ /^([a-fA-F0-9]{40})/;
+ $SHA1 = $1 || 'INVALID';
+ }
my $digest = sha1_hex($content);
dbg("sha1: verification wanted: $SHA1");
dbg("sha1: verification result: $digest");
@@ -690,6 +693,7 @@
warn $GNUPG."\n"; # report bad news
}
+ local($1);
if ($GNUPG =~ /^\Q[GNUPG:]\E NO_PUBKEY \S+(\S{8})$/) {
$missingkeys .= $1." ";
}
@@ -887,9 +891,7 @@
my @files = ();
while(my $file = readdir(DIR)) {
next if $file eq '.' || $file eq '..';
- local ($1); # avoid random taint flagging of $1
- $file =~ /^(.+)$/; # untaint
- $file = $1;
+ Mail::SpamAssassin::Util::untaint_var(\$file);
my $path = File::Spec->catfile($UPDDir, $file);
next unless (-f $path); # shouldn't ever happen
push(@files, $file);
@@ -1039,6 +1041,7 @@
foreach my $file (@files) {
next if ($file =~ /^\/$/); # ignore dirs
+ local($1);
$file =~ /^([-\.\,\/a-zA-Z0-9_]+)$/;
my $outfname = $1;
$outfname =~ s/\.\.\//__\//gs; # avoid "../" dir traversal attacks
@@ -1050,6 +1053,7 @@
if ($outfname =~ /\.(?:pre|cf)$/) {
# replace macros in the update files if it's a .pre or .cf
+ local($1);
$content =~ s/\@\@([^\@]+)\@\@/$MACRO_VALUES{$1} || "\@\@$1\@\@"/ge;
# also, if --allowplugins is not specified, comment out
@@ -1089,6 +1093,7 @@
if ($RR) {
foreach my $rr ($RR->answer) {
my $text = $rr->rdatastr;
+ local($1);
$text =~ /^"(.*)"$/;
push @result, $1;
}
@@ -1311,9 +1316,7 @@
}
while(my $file = readdir(DIR)) {
next if $file eq '.' || $file eq '..';
- local ($1); # bug 5216: prevent random taint flagging of $1
- $file =~ /^(.+)$/; # untaint
- $file = $1;
+ Mail::SpamAssassin::Util::untaint_var(\$file);
my $path = File::Spec->catfile($dir, $file);
next unless (-f $path);

2
sources
View File

@ -1 +1 @@
695f9107b240383e48df8938f2de334e Mail-SpamAssassin-3.2.5.tar.bz2
04141392e1f20ea4a91bb63937351c65 Mail-SpamAssassin-3.3.0-alpha1.tar.bz2

22
spamassassin.spec
View File

@ -40,12 +40,13 @@
Summary: Spam filter for email which can be invoked from mail delivery agents
Name: spamassassin
Version: 3.2.5
Release: 5%{?dist}
Version: 3.3.0
%define prename alpha1
Release: 0.1.alpha1%{?dist}
License: ASL 2.0
Group: Applications/Internet
URL: http://spamassassin.apache.org/
Source0: http://www.apache.org/dist/%{name}/%{real_name}-%{version}.tar.bz2
Source0: http://www.apache.org/dist/%{name}/%{real_name}-%{version}-%{prename}.tar.bz2
Source2: redhat_local.cf
Source3: spamassassin-default.rc
Source4: spamassassin-spamc.rc
@ -57,7 +58,8 @@ Source10: spamassassin-helper.sh
# Patches 0-99 are RH specific
# none yet
# Patches 100+ are SVN backports (DO NOT REUSE!)
#Patch100: Mail-SpamAssassin-3.2.2-bug5574-setuid.patch
Patch100: Mail-SpamAssassin-3.3.0-missing-pre.patch
Patch101: Mail-SpamAssassin-3.3.0-perl-bug-taint.patch
# end of patches
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Buildroot: %{_tmppath}/%{name}-root
@ -68,6 +70,7 @@ BuildRequires: perl >= 2:5.8.0
BuildRequires: perl(Net::DNS)
BuildRequires: perl(Time::HiRes)
BuildRequires: perl(HTML::Parser)
BuildRequires: perl(NetAddr::IP)
BuildRequires: openssl-devel
Requires: perl(HTTP::Date)
@ -119,7 +122,8 @@ To filter spam for all users, add that line to /etc/procmailrc
# Patches 0-99 are RH specific
# none yet
# Patches 100+ are SVN backports (DO NOT REUSE!)
#%patch100 -p0
%patch100 -p1
%patch101 -p0
# end of patches
%build
@ -222,6 +226,14 @@ fi
exit 0
%changelog
* Mon Jul 06 2009 Warren Togami <wtogami@redhat.com> - 3.3.0-0.1.alpha1
- 3.3.0-alpha1
- WARNING: spamassassin-3.3.0+ no longer ships with rules.
You must run sa-update to download rules before you use spamassassin.
Failure to download rules means spamassassin always returns unfiltered.
Should we ship a set of rules with spamassassin? Please discuss on
fedora-devel-list.
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild