rpms
/
spamassassin
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import spamassassin-3.4.2-10.el8

This commit is contained in:
CentOS Sources 2020-11-03 06:52:25 -05:00 committed by Andrew Lukoshko
parent 3557798404
commit 3cb3a6b8fb
7 changed files with 3016 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
SOURCES/README.RHEL.Fedora
View File

@ -26,9 +26,6 @@ override the daemon check in /etc/sysconfig/sa-update
All sa-update channels are defined in files contained in this directory.
See the existing config files as examples for writing your own config file.
4) SOUGHT Anti-Fraud Rule Channel is Enabled by Default
http://wiki.apache.org/spamassassin/SoughtRules
General Warnings
================
* DO NOT USE SARE or OpenProtect rules. They are old and outdated, and

47
SOURCES/sought.conf
View File

@ -1,47 +0,0 @@
# http://wiki.apache.org/spamassassin/SoughtRules
CHANNELURL=sought.rules.yerp.org
KEYID=6C6191E3
# Ignore everything below.
return 0
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (GNU/Linux)
mQGiBEa/l+YRBACC+uJfIThEoEWrNxdDD/1tAwb5L8v7H3gGt+LtuOwwn5ZU7XsT
s1DOok1oZVRnTQJYdlth7QlU9wqijwLEVzW1LDWnxXXKwPmlTlkcdGoBcb+cBbYI
miJ/TlAetvbprcZdROS4Ey31GjPRmWPPnVE2Xcwy+e4+RmnhqfZBmOaE7wCgo1GG
pkik2OPD1le4LGGOGHL5HiED/0TyvTiSS3NnUtoDFQAPrnezOCjxv8zMjYEnJs/I
h7uyIgHRsbB75cD2O1LWyO8Vz8r/snVuG35zcZagPf/7Tc9AJoaxVmCIk9DEmWZp
iuvqpMhwHAbNvY3jY2oKsDl1rNx0IIctoJwjXia99kvNTHK/Yz/HqhIyLModhiMB
aYYZA/wIdPOHGHaP5vjlbWBwGlRR9m0Rf4ob5sul8MjCyehOYcRVLwfOEfzX308v
0enOGnbbBKXU2QvA0Z068aBmJkJaaPhlIjZApQJDsb7pt6k8jMPj/Xpr779wAFQ8
IZC7Tw21OtqkjrUb3dZlEljrTwWNc6FVxuIidBBg7HCdP24WKLRESnVzdGluIE1h
c29uIFNpZ25pbmcgS2V5IChDb2RlIFNpZ25pbmcgT25seSkgPHNpZ25pbmdrZXlA
am1hc29uLm9yZz6IZAQTEQIAJAUCRr+X5gIbAwUJEswDAAYLCQgHAwIDFQIDAxYC
AQIeAQIXgAAKCRDchTQfbGGR4/GJAKCC6X6AF8nM+H00b/XeZl9vYihXBgCcDYuU
AtXjWWxndkneakmbnD0O4Z25BA0ERr+YdxAQAIYYUQHMzVsRAzpIRLfni0aeczrr
armwXMJ8y5p74lVLbJyQOjkQyIJWP80twrN8SjNyUFBr/52SlOPOuAbGZY1ZKpux
vkbsug2wWvkoj8xGjnexrSDahRgpNhf/otLRNTyUFZTM6mjZt0ItnYDl6xszY4kd
O5rVzjQuivNB4BsHcd8qQ7zVo9+VZ5R77iM4dtk6t5ycpXlAom5pD8qLb7ZzTVe0
SuhzOeynF51rwjS+wa3hzZisvJqZA5uJcAyYslgP1UTW+2e5wutSktSZmL/XnlEF
p86GPjAgDPL2Q0TgzVL6sPt0blNCyzOJrcBqBHrgZfraYgqtmGepLpk72q4VD23c
aV2wTqjnfJAsNR3y8jgVNwF8LpXtlbxrBByFRwEqsc/gzdMEnJ728XBDqT2IhZLY
maL/WxiDKNWD/Mae69HTyInIYgrfT7nJKDeKQA81+e5+UmqBVoi5/AICMlDm1DgR
gG6bbOXGhLVPh+gHjGG4Jdd/ZLedncUsjW9KyK261sqM3tSDSfgnF99w2/32ToFu
ChN8JOfQ6VZ7QbL1BWRtQWZ3tyauUUXmsrYDv1w1nx51MqxQdlitnmTRWaRW0GmD
b5XapJfSK+FiGXaynl3HHxHHpcUauX9zBa/LRp8oXiGPLfJEWmjWcGCyGZawASj3
pTTJUnbkYs0fUyUXAAQND/42mh8f3mTA+24I3lY4K8mxH9GSFgOkLoYwok8xL5Md
OUJAyvs34ixqvM2u560YJkegEO/xzg2abddfoqL8eNnjfvG3bI7KOCT+m+mM/5Cg
ul8XFSnHIEivuOXNtc/x/dwYSidKM8atkdpKtv++psd6hVbJQMfLlzf0S2QyiaGk
yXur/pM3A97lvkjAgvIKQt8NbJ/sITFlrN2TFxcbE8OED7LC4nBo54TJ1AxVsHlT
LB5XPKU8pBv0fABZrNKxf6a2iXx9jT9sSYdnb0y+hBjnoWZUNbhxo6jpAqt1quUy
buGWugvG8J75JvT6X+lwEEkg1lplmm+HuaFtegOqTUTKmffKduY+E00le+3Kh8gW
bLR8P1qp/xnxQxZJYcQ+mT4QsYpj6Pkcj0ON3NQO5wP6dr2UGhGcSzS2Cxv8TERN
7HSdFbFXQWPCekx+i7OjeRSY/XTUf2zYquPNP2oU0MjgnXhnkHq+6EaQPpM59fMd
MyLeOiUMOxpPOkeaAC8Ku0Oj2aZU/eyizuBDnhq1PAxBprSW5SSkxP4kz9BnA42x
tkMKMzzPohdfMIRI6zSu0chr76w2UeoViSsMtmWnR6qAXbQvzR+HHxhhB/Rzp6Gc
u9gybrv58IBkybn5ztST6NqgIgcQ/E7XIsB0Eooohfw+QiPlCdoghSxspbzwqcEZ
B4hPBBgRAgAPBQJGv5h3AhsMBQkSzAMAAAoJENyFNB9sYZHjUh0AnA3u5TNYHGLQ
DXLPP0qWHkTeOz8dAJ4wkrLBTaXz3CPCjoTdoBiQsNt3fw==
=nK43
-----END PGP PUBLIC KEY BLOCK-----

2881
SOURCES/spamassassin-3.4.2-fix-CVE-2018-11805.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
SOURCES/spamassassin-3.4.2-fix-CVE-2019-12420.patch Normal file
View File

@ -0,0 +1,25 @@
diff -urp Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Message.pm Mail-SpamAssassin-3.4.2.new/lib/Mail/SpamAssassin/Message.pm
--- Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Message.pm 2018-09-14 03:27:51.000000000 +0200
+++ Mail-SpamAssassin-3.4.2.new/lib/Mail/SpamAssassin/Message.pm 2020-04-09 15:17:34.300986337 +0200
@@ -876,6 +876,7 @@ sub _parse_multipart {
my $header;
my $part_array;
my $found_end_boundary;
+ my $partcnt = 0;
my $line_count = @{$body};
foreach ( @{$body} ) {
@@ -948,6 +949,13 @@ sub _parse_multipart {
}
}
+ # Maximum parts to process
+ if (++$partcnt == 1000) {
+ dbg("message: mimepart limit exceeded, stopping parsing");
+ $self->{'mimepart_limit_exceeded'} = 1;
+ return;
+ }
+
# make sure we start with a new clean node
$in_body = 0;
$part_msg = Mail::SpamAssassin::Message::Node->new({ normalize=>$self->{normalize} });

41
SOURCES/spamassassin-3.4.2-fix-CVE-2020-1930.patch Normal file
View File

@ -0,0 +1,41 @@
diff --git a/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm b/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
index 2d931ea..7b6244e 100644
--- a/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
+++ b/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
@@ -89,17 +89,19 @@ sub do_one_line_body_tests {
loop_body => sub
{
my ($self, $pms, $conf, $rulename, $pat, %opts) = @_;
- $pat = untaint_var($pat);
- my $sub;
+ my $sub = '
+ my ($self, $line) = @_;
+ my $qrptr = $self->{main}->{conf}->{test_qrs};
+ ';
if (($conf->{tflags}->{$rulename}||'') =~ /\bmultiple\b/)
{
# avoid [perl #86784] bug (fixed in 5.13.x), access the arg through ref
- $sub = '
- my $lref = \$_[1];
+ $sub .= '
+ my $lref = \$line;
pos $$lref = 0;
'.$self->hash_line_for_rule($pms, $rulename).'
- while ($$lref =~ '.$pat.'g) {
+ while ($$lref =~ /$qrptr->{q{'.$rulename.'}}/go) {
my $self = $_[0];
$self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
'. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body",
@@ -108,9 +110,9 @@ sub do_one_line_body_tests {
';
} else {
- $sub = '
+ $sub .= '
'.$self->hash_line_for_rule($pms, $rulename).'
- if ($_[1] =~ '.$pat.') {
+ if ($line =~ /$qrptr->{q{'.$rulename.'}}/o) {
my $self = $_[0];
$self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
'. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", "return 1") . '

44
SOURCES/spamassassin-3.4.2-fix-CVE-2020-1931.patch Normal file
View File

@ -0,0 +1,44 @@
diff -urp Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Conf.pm Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
--- Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Conf.pm 2020-06-15 19:10:21.700917582 +0200
+++ Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm 2020-06-15 19:07:59.045897164 +0200
@@ -3414,6 +3414,20 @@ internally, and should not be used.
setting => 'priority',
is_priv => 1,
type => $CONF_TYPE_HASH_KEY_VALUE,
+ code => sub {
+ my ($self, $key, $value, $line) = @_;
+ my ($rulename, $priority) = split(/\s+/, $value, 2);
+ unless (defined $priority) {
+ return $MISSING_REQUIRED_VALUE;
+ }
+ unless ($rulename =~ IS_RULENAME) {
+ return $INVALID_VALUE;
+ }
+ unless ($priority =~ /^-?\d+$/) {
+ return $INVALID_VALUE;
+ }
+ $self->{priority}->{$rulename} = $priority;
+ }
});
=back
diff -urp Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Constants.pm Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Constants.pm
--- Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Constants.pm 2020-06-15 19:10:21.701917596 +0200
+++ Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Constants.pm 2020-06-15 19:07:59.045897164 +0200
@@ -43,7 +43,7 @@ BEGIN {
HARVEST_DNSBL_PRIORITY MBX_SEPARATOR
MAX_BODY_LINE_LENGTH MAX_HEADER_KEY_LENGTH MAX_HEADER_VALUE_LENGTH
MAX_HEADER_LENGTH ARITH_EXPRESSION_LEXER AI_TIME_UNKNOWN
- CHARSETS_LIKELY_TO_FP_AS_CAPS MAX_URI_LENGTH RULENAME_RE
+ CHARSETS_LIKELY_TO_FP_AS_CAPS MAX_URI_LENGTH RULENAME_RE IS_RULENAME
);
%EXPORT_TAGS = (
@@ -404,5 +404,7 @@ use constant CHARSETS_LIKELY_TO_FP_AS_CA
# Allowed rulename format
use constant RULENAME_RE => qr([_a-zA-Z][_a-zA-Z0-9]{0,127});
+# Exact match
+use constant IS_RULENAME => qr/^${\(RULENAME_RE)}$/;
1;

28
SPECS/spamassassin.spec
View File

@ -60,7 +60,7 @@ Summary: Spam filter for email which can be invoked from mail delivery agents
Name: spamassassin
Version: 3.4.2
#Release: 0.8.%%{prerev}%%{?dist}
Release: 7%{?dist}
Release: 10%{?dist}
License: ASL 2.0
Group: Applications/Internet
URL: https://spamassassin.apache.org/
@ -78,7 +78,6 @@ Source8: sa-update.cronscript
Source9: sa-update.force-sysconfig
Source10: spamassassin-helper.sh
Source11: spamassassin-official.conf
Source12: sought.conf
Source13: README.RHEL.Fedora
%if %{use_systemd}
Source14: spamassassin.service
@ -100,6 +99,10 @@ Patch3: 0001-Drop-the-ResourceLimits-plugin.patch
Patch100: spamassassin-3.4.2-fix-use-after-free.patch
Patch101: spamassassin-3.4.2-fix-file-handle-leaks.patch
Patch102: spamassassin-3.4.2-fix-rawbody-rules-documentation.patch
Patch103: spamassassin-3.4.2-fix-CVE-2019-12420.patch
Patch104: spamassassin-3.4.2-fix-CVE-2018-11805.patch
Patch105: spamassassin-3.4.2-fix-CVE-2020-1930.patch
Patch106: spamassassin-3.4.2-fix-CVE-2020-1931.patch
# end of patches
@ -212,6 +215,10 @@ rm -f lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
# end of patches
@ -295,7 +302,6 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/spamassassin
mkdir -m 0700 $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/sa-update-keys/
mkdir -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
install -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
install -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
install -m 0644 %{SOURCE13} $RPM_BUILD_DIR/Mail-SpamAssassin-%{version}/
%if %{razor_deps}
@ -396,6 +402,22 @@ exit 0
%endif
%changelog
* Mon Jun 15 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-10
- Fixed CVE-2018-11805
- Resolves: rhbz#1787514
- Fixed CVE-2020-1930
- Resolves: rhbz#1820649
- Fixed CVE-2020-1931
- Resolves: rhbz#1820650
* Thu Apr 09 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-9
- Fix CVE-2019-12420
- Resolves: rhbz#1812977
* Wed Mar 18 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-8
- Removed the obsolete SOUGHT channel for rule updates
- Resolves: rhbz#1630362
* Tue Oct 01 2019 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-7
- Fix rawbody rules documentation
- Resolves: rhbz#1639251