import spamassassin-3.4.2-10.el8
This commit is contained in:
CentOS Sources
parent
3557798404
commit
3cb3a6b8fb
@ -26,9 +26,6 @@ override the daemon check in /etc/sysconfig/sa-update
|
||||
All sa-update channels are defined in files contained in this directory.
|
||||
See the existing config files as examples for writing your own config file.
|
||||
|
||||
4) SOUGHT Anti-Fraud Rule Channel is Enabled by Default
|
||||
http://wiki.apache.org/spamassassin/SoughtRules
|
||||
|
||||
General Warnings
|
||||
================
|
||||
* DO NOT USE SARE or OpenProtect rules. They are old and outdated, and
|
||||
|
||||
@ -1,47 +0,0 @@
|
||||
# http://wiki.apache.org/spamassassin/SoughtRules
|
||||
CHANNELURL=sought.rules.yerp.org
|
||||
KEYID=6C6191E3
|
||||
# Ignore everything below.
|
||||
return 0
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.1 (GNU/Linux)
|
||||
|
||||
mQGiBEa/l+YRBACC+uJfIThEoEWrNxdDD/1tAwb5L8v7H3gGt+LtuOwwn5ZU7XsT
|
||||
s1DOok1oZVRnTQJYdlth7QlU9wqijwLEVzW1LDWnxXXKwPmlTlkcdGoBcb+cBbYI
|
||||
miJ/TlAetvbprcZdROS4Ey31GjPRmWPPnVE2Xcwy+e4+RmnhqfZBmOaE7wCgo1GG
|
||||
pkik2OPD1le4LGGOGHL5HiED/0TyvTiSS3NnUtoDFQAPrnezOCjxv8zMjYEnJs/I
|
||||
h7uyIgHRsbB75cD2O1LWyO8Vz8r/snVuG35zcZagPf/7Tc9AJoaxVmCIk9DEmWZp
|
||||
iuvqpMhwHAbNvY3jY2oKsDl1rNx0IIctoJwjXia99kvNTHK/Yz/HqhIyLModhiMB
|
||||
aYYZA/wIdPOHGHaP5vjlbWBwGlRR9m0Rf4ob5sul8MjCyehOYcRVLwfOEfzX308v
|
||||
0enOGnbbBKXU2QvA0Z068aBmJkJaaPhlIjZApQJDsb7pt6k8jMPj/Xpr779wAFQ8
|
||||
IZC7Tw21OtqkjrUb3dZlEljrTwWNc6FVxuIidBBg7HCdP24WKLRESnVzdGluIE1h
|
||||
c29uIFNpZ25pbmcgS2V5IChDb2RlIFNpZ25pbmcgT25seSkgPHNpZ25pbmdrZXlA
|
||||
am1hc29uLm9yZz6IZAQTEQIAJAUCRr+X5gIbAwUJEswDAAYLCQgHAwIDFQIDAxYC
|
||||
AQIeAQIXgAAKCRDchTQfbGGR4/GJAKCC6X6AF8nM+H00b/XeZl9vYihXBgCcDYuU
|
||||
AtXjWWxndkneakmbnD0O4Z25BA0ERr+YdxAQAIYYUQHMzVsRAzpIRLfni0aeczrr
|
||||
armwXMJ8y5p74lVLbJyQOjkQyIJWP80twrN8SjNyUFBr/52SlOPOuAbGZY1ZKpux
|
||||
vkbsug2wWvkoj8xGjnexrSDahRgpNhf/otLRNTyUFZTM6mjZt0ItnYDl6xszY4kd
|
||||
O5rVzjQuivNB4BsHcd8qQ7zVo9+VZ5R77iM4dtk6t5ycpXlAom5pD8qLb7ZzTVe0
|
||||
SuhzOeynF51rwjS+wa3hzZisvJqZA5uJcAyYslgP1UTW+2e5wutSktSZmL/XnlEF
|
||||
p86GPjAgDPL2Q0TgzVL6sPt0blNCyzOJrcBqBHrgZfraYgqtmGepLpk72q4VD23c
|
||||
aV2wTqjnfJAsNR3y8jgVNwF8LpXtlbxrBByFRwEqsc/gzdMEnJ728XBDqT2IhZLY
|
||||
maL/WxiDKNWD/Mae69HTyInIYgrfT7nJKDeKQA81+e5+UmqBVoi5/AICMlDm1DgR
|
||||
gG6bbOXGhLVPh+gHjGG4Jdd/ZLedncUsjW9KyK261sqM3tSDSfgnF99w2/32ToFu
|
||||
ChN8JOfQ6VZ7QbL1BWRtQWZ3tyauUUXmsrYDv1w1nx51MqxQdlitnmTRWaRW0GmD
|
||||
b5XapJfSK+FiGXaynl3HHxHHpcUauX9zBa/LRp8oXiGPLfJEWmjWcGCyGZawASj3
|
||||
pTTJUnbkYs0fUyUXAAQND/42mh8f3mTA+24I3lY4K8mxH9GSFgOkLoYwok8xL5Md
|
||||
OUJAyvs34ixqvM2u560YJkegEO/xzg2abddfoqL8eNnjfvG3bI7KOCT+m+mM/5Cg
|
||||
ul8XFSnHIEivuOXNtc/x/dwYSidKM8atkdpKtv++psd6hVbJQMfLlzf0S2QyiaGk
|
||||
yXur/pM3A97lvkjAgvIKQt8NbJ/sITFlrN2TFxcbE8OED7LC4nBo54TJ1AxVsHlT
|
||||
LB5XPKU8pBv0fABZrNKxf6a2iXx9jT9sSYdnb0y+hBjnoWZUNbhxo6jpAqt1quUy
|
||||
buGWugvG8J75JvT6X+lwEEkg1lplmm+HuaFtegOqTUTKmffKduY+E00le+3Kh8gW
|
||||
bLR8P1qp/xnxQxZJYcQ+mT4QsYpj6Pkcj0ON3NQO5wP6dr2UGhGcSzS2Cxv8TERN
|
||||
7HSdFbFXQWPCekx+i7OjeRSY/XTUf2zYquPNP2oU0MjgnXhnkHq+6EaQPpM59fMd
|
||||
MyLeOiUMOxpPOkeaAC8Ku0Oj2aZU/eyizuBDnhq1PAxBprSW5SSkxP4kz9BnA42x
|
||||
tkMKMzzPohdfMIRI6zSu0chr76w2UeoViSsMtmWnR6qAXbQvzR+HHxhhB/Rzp6Gc
|
||||
u9gybrv58IBkybn5ztST6NqgIgcQ/E7XIsB0Eooohfw+QiPlCdoghSxspbzwqcEZ
|
||||
B4hPBBgRAgAPBQJGv5h3AhsMBQkSzAMAAAoJENyFNB9sYZHjUh0AnA3u5TNYHGLQ
|
||||
DXLPP0qWHkTeOz8dAJ4wkrLBTaXz3CPCjoTdoBiQsNt3fw==
|
||||
=nK43
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
2881
SOURCES/spamassassin-3.4.2-fix-CVE-2018-11805.patch
Normal file
2881
SOURCES/spamassassin-3.4.2-fix-CVE-2018-11805.patch
Normal file
File diff suppressed because it is too large
Load Diff
25
SOURCES/spamassassin-3.4.2-fix-CVE-2019-12420.patch
Normal file
25
SOURCES/spamassassin-3.4.2-fix-CVE-2019-12420.patch
Normal file
@ -0,0 +1,25 @@
|
||||
diff -urp Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Message.pm Mail-SpamAssassin-3.4.2.new/lib/Mail/SpamAssassin/Message.pm
|
||||
--- Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Message.pm 2018-09-14 03:27:51.000000000 +0200
|
||||
+++ Mail-SpamAssassin-3.4.2.new/lib/Mail/SpamAssassin/Message.pm 2020-04-09 15:17:34.300986337 +0200
|
||||
@@ -876,6 +876,7 @@ sub _parse_multipart {
|
||||
my $header;
|
||||
my $part_array;
|
||||
my $found_end_boundary;
|
||||
+ my $partcnt = 0;
|
||||
|
||||
my $line_count = @{$body};
|
||||
foreach ( @{$body} ) {
|
||||
@@ -948,6 +949,13 @@ sub _parse_multipart {
|
||||
}
|
||||
}
|
||||
|
||||
+ # Maximum parts to process
|
||||
+ if (++$partcnt == 1000) {
|
||||
+ dbg("message: mimepart limit exceeded, stopping parsing");
|
||||
+ $self->{'mimepart_limit_exceeded'} = 1;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
# make sure we start with a new clean node
|
||||
$in_body = 0;
|
||||
$part_msg = Mail::SpamAssassin::Message::Node->new({ normalize=>$self->{normalize} });
|
||||
41
SOURCES/spamassassin-3.4.2-fix-CVE-2020-1930.patch
Normal file
41
SOURCES/spamassassin-3.4.2-fix-CVE-2020-1930.patch
Normal file
@ -0,0 +1,41 @@
|
||||
diff --git a/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm b/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
|
||||
index 2d931ea..7b6244e 100644
|
||||
--- a/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
|
||||
+++ b/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
|
||||
@@ -89,17 +89,19 @@ sub do_one_line_body_tests {
|
||||
loop_body => sub
|
||||
{
|
||||
my ($self, $pms, $conf, $rulename, $pat, %opts) = @_;
|
||||
- $pat = untaint_var($pat);
|
||||
- my $sub;
|
||||
+ my $sub = '
|
||||
+ my ($self, $line) = @_;
|
||||
+ my $qrptr = $self->{main}->{conf}->{test_qrs};
|
||||
+ ';
|
||||
|
||||
if (($conf->{tflags}->{$rulename}||'') =~ /\bmultiple\b/)
|
||||
{
|
||||
# avoid [perl #86784] bug (fixed in 5.13.x), access the arg through ref
|
||||
- $sub = '
|
||||
- my $lref = \$_[1];
|
||||
+ $sub .= '
|
||||
+ my $lref = \$line;
|
||||
pos $$lref = 0;
|
||||
'.$self->hash_line_for_rule($pms, $rulename).'
|
||||
- while ($$lref =~ '.$pat.'g) {
|
||||
+ while ($$lref =~ /$qrptr->{q{'.$rulename.'}}/go) {
|
||||
my $self = $_[0];
|
||||
$self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
|
||||
'. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body",
|
||||
@@ -108,9 +110,9 @@ sub do_one_line_body_tests {
|
||||
';
|
||||
|
||||
} else {
|
||||
- $sub = '
|
||||
+ $sub .= '
|
||||
'.$self->hash_line_for_rule($pms, $rulename).'
|
||||
- if ($_[1] =~ '.$pat.') {
|
||||
+ if ($line =~ /$qrptr->{q{'.$rulename.'}}/o) {
|
||||
my $self = $_[0];
|
||||
$self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
|
||||
'. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", "return 1") . '
|
||||
44
SOURCES/spamassassin-3.4.2-fix-CVE-2020-1931.patch
Normal file
44
SOURCES/spamassassin-3.4.2-fix-CVE-2020-1931.patch
Normal file
@ -0,0 +1,44 @@
|
||||
diff -urp Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Conf.pm Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
|
||||
--- Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Conf.pm 2020-06-15 19:10:21.700917582 +0200
|
||||
+++ Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm 2020-06-15 19:07:59.045897164 +0200
|
||||
@@ -3414,6 +3414,20 @@ internally, and should not be used.
|
||||
setting => 'priority',
|
||||
is_priv => 1,
|
||||
type => $CONF_TYPE_HASH_KEY_VALUE,
|
||||
+ code => sub {
|
||||
+ my ($self, $key, $value, $line) = @_;
|
||||
+ my ($rulename, $priority) = split(/\s+/, $value, 2);
|
||||
+ unless (defined $priority) {
|
||||
+ return $MISSING_REQUIRED_VALUE;
|
||||
+ }
|
||||
+ unless ($rulename =~ IS_RULENAME) {
|
||||
+ return $INVALID_VALUE;
|
||||
+ }
|
||||
+ unless ($priority =~ /^-?\d+$/) {
|
||||
+ return $INVALID_VALUE;
|
||||
+ }
|
||||
+ $self->{priority}->{$rulename} = $priority;
|
||||
+ }
|
||||
});
|
||||
|
||||
=back
|
||||
diff -urp Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Constants.pm Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Constants.pm
|
||||
--- Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Constants.pm 2020-06-15 19:10:21.701917596 +0200
|
||||
+++ Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Constants.pm 2020-06-15 19:07:59.045897164 +0200
|
||||
@@ -43,7 +43,7 @@ BEGIN {
|
||||
HARVEST_DNSBL_PRIORITY MBX_SEPARATOR
|
||||
MAX_BODY_LINE_LENGTH MAX_HEADER_KEY_LENGTH MAX_HEADER_VALUE_LENGTH
|
||||
MAX_HEADER_LENGTH ARITH_EXPRESSION_LEXER AI_TIME_UNKNOWN
|
||||
- CHARSETS_LIKELY_TO_FP_AS_CAPS MAX_URI_LENGTH RULENAME_RE
|
||||
+ CHARSETS_LIKELY_TO_FP_AS_CAPS MAX_URI_LENGTH RULENAME_RE IS_RULENAME
|
||||
);
|
||||
|
||||
%EXPORT_TAGS = (
|
||||
@@ -404,5 +404,7 @@ use constant CHARSETS_LIKELY_TO_FP_AS_CA
|
||||
|
||||
# Allowed rulename format
|
||||
use constant RULENAME_RE => qr([_a-zA-Z][_a-zA-Z0-9]{0,127});
|
||||
+# Exact match
|
||||
+use constant IS_RULENAME => qr/^${\(RULENAME_RE)}$/;
|
||||
|
||||
1;
|
||||
@ -60,7 +60,7 @@ Summary: Spam filter for email which can be invoked from mail delivery agents
|
||||
Name: spamassassin
|
||||
Version: 3.4.2
|
||||
#Release: 0.8.%%{prerev}%%{?dist}
|
||||
Release: 7%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: ASL 2.0
|
||||
Group: Applications/Internet
|
||||
URL: https://spamassassin.apache.org/
|
||||
@ -78,7 +78,6 @@ Source8: sa-update.cronscript
|
||||
Source9: sa-update.force-sysconfig
|
||||
Source10: spamassassin-helper.sh
|
||||
Source11: spamassassin-official.conf
|
||||
Source12: sought.conf
|
||||
Source13: README.RHEL.Fedora
|
||||
%if %{use_systemd}
|
||||
Source14: spamassassin.service
|
||||
@ -100,6 +99,10 @@ Patch3: 0001-Drop-the-ResourceLimits-plugin.patch
|
||||
Patch100: spamassassin-3.4.2-fix-use-after-free.patch
|
||||
Patch101: spamassassin-3.4.2-fix-file-handle-leaks.patch
|
||||
Patch102: spamassassin-3.4.2-fix-rawbody-rules-documentation.patch
|
||||
Patch103: spamassassin-3.4.2-fix-CVE-2019-12420.patch
|
||||
Patch104: spamassassin-3.4.2-fix-CVE-2018-11805.patch
|
||||
Patch105: spamassassin-3.4.2-fix-CVE-2020-1930.patch
|
||||
Patch106: spamassassin-3.4.2-fix-CVE-2020-1931.patch
|
||||
|
||||
# end of patches
|
||||
|
||||
@ -212,6 +215,10 @@ rm -f lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
%patch104 -p1
|
||||
%patch105 -p1
|
||||
%patch106 -p1
|
||||
|
||||
# end of patches
|
||||
|
||||
@ -295,7 +302,6 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/spamassassin
|
||||
mkdir -m 0700 $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/sa-update-keys/
|
||||
mkdir -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
|
||||
install -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
|
||||
install -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
|
||||
|
||||
install -m 0644 %{SOURCE13} $RPM_BUILD_DIR/Mail-SpamAssassin-%{version}/
|
||||
%if %{razor_deps}
|
||||
@ -396,6 +402,22 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jun 15 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-10
|
||||
- Fixed CVE-2018-11805
|
||||
- Resolves: rhbz#1787514
|
||||
- Fixed CVE-2020-1930
|
||||
- Resolves: rhbz#1820649
|
||||
- Fixed CVE-2020-1931
|
||||
- Resolves: rhbz#1820650
|
||||
|
||||
* Thu Apr 09 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-9
|
||||
- Fix CVE-2019-12420
|
||||
- Resolves: rhbz#1812977
|
||||
|
||||
* Wed Mar 18 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-8
|
||||
- Removed the obsolete SOUGHT channel for rule updates
|
||||
- Resolves: rhbz#1630362
|
||||
|
||||
* Tue Oct 01 2019 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-7
|
||||
- Fix rawbody rules documentation
|
||||
- Resolves: rhbz#1639251
|
||||
|
||||
Loading…
Reference in New Issue
Block a user