rpms/spamassassin
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import spamassassin-3.4.2-10.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-11-03 06:52:25 -05:00 committed by Andrew Lukoshko
parent 3557798404
commit 3cb3a6b8fb
7 changed files with 3016 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
SOURCES/README.RHEL.Fedora
View File

@ -26,9 +26,6 @@ override the daemon check in /etc/sysconfig/sa-update
All sa-update channels are defined in files contained in this directory. All sa-update channels are defined in files contained in this directory.
See the existing config files as examples for writing your own config file. See the existing config files as examples for writing your own config file.
4) SOUGHT Anti-Fraud Rule Channel is Enabled by Default
http://wiki.apache.org/spamassassin/SoughtRules
General Warnings General Warnings
================ ================
* DO NOT USE SARE or OpenProtect rules. They are old and outdated, and * DO NOT USE SARE or OpenProtect rules. They are old and outdated, and

47
SOURCES/sought.conf
View File

@ -1,47 +0,0 @@
# http://wiki.apache.org/spamassassin/SoughtRules
CHANNELURL=sought.rules.yerp.org
KEYID=6C6191E3
# Ignore everything below.
return 0
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (GNU/Linux)
mQGiBEa/l+YRBACC+uJfIThEoEWrNxdDD/1tAwb5L8v7H3gGt+LtuOwwn5ZU7XsT
s1DOok1oZVRnTQJYdlth7QlU9wqijwLEVzW1LDWnxXXKwPmlTlkcdGoBcb+cBbYI
miJ/TlAetvbprcZdROS4Ey31GjPRmWPPnVE2Xcwy+e4+RmnhqfZBmOaE7wCgo1GG
pkik2OPD1le4LGGOGHL5HiED/0TyvTiSS3NnUtoDFQAPrnezOCjxv8zMjYEnJs/I
h7uyIgHRsbB75cD2O1LWyO8Vz8r/snVuG35zcZagPf/7Tc9AJoaxVmCIk9DEmWZp
iuvqpMhwHAbNvY3jY2oKsDl1rNx0IIctoJwjXia99kvNTHK/Yz/HqhIyLModhiMB
aYYZA/wIdPOHGHaP5vjlbWBwGlRR9m0Rf4ob5sul8MjCyehOYcRVLwfOEfzX308v
0enOGnbbBKXU2QvA0Z068aBmJkJaaPhlIjZApQJDsb7pt6k8jMPj/Xpr779wAFQ8
IZC7Tw21OtqkjrUb3dZlEljrTwWNc6FVxuIidBBg7HCdP24WKLRESnVzdGluIE1h
c29uIFNpZ25pbmcgS2V5IChDb2RlIFNpZ25pbmcgT25seSkgPHNpZ25pbmdrZXlA
am1hc29uLm9yZz6IZAQTEQIAJAUCRr+X5gIbAwUJEswDAAYLCQgHAwIDFQIDAxYC
AQIeAQIXgAAKCRDchTQfbGGR4/GJAKCC6X6AF8nM+H00b/XeZl9vYihXBgCcDYuU
AtXjWWxndkneakmbnD0O4Z25BA0ERr+YdxAQAIYYUQHMzVsRAzpIRLfni0aeczrr
armwXMJ8y5p74lVLbJyQOjkQyIJWP80twrN8SjNyUFBr/52SlOPOuAbGZY1ZKpux
vkbsug2wWvkoj8xGjnexrSDahRgpNhf/otLRNTyUFZTM6mjZt0ItnYDl6xszY4kd
O5rVzjQuivNB4BsHcd8qQ7zVo9+VZ5R77iM4dtk6t5ycpXlAom5pD8qLb7ZzTVe0
SuhzOeynF51rwjS+wa3hzZisvJqZA5uJcAyYslgP1UTW+2e5wutSktSZmL/XnlEF
p86GPjAgDPL2Q0TgzVL6sPt0blNCyzOJrcBqBHrgZfraYgqtmGepLpk72q4VD23c
aV2wTqjnfJAsNR3y8jgVNwF8LpXtlbxrBByFRwEqsc/gzdMEnJ728XBDqT2IhZLY
maL/WxiDKNWD/Mae69HTyInIYgrfT7nJKDeKQA81+e5+UmqBVoi5/AICMlDm1DgR
gG6bbOXGhLVPh+gHjGG4Jdd/ZLedncUsjW9KyK261sqM3tSDSfgnF99w2/32ToFu
ChN8JOfQ6VZ7QbL1BWRtQWZ3tyauUUXmsrYDv1w1nx51MqxQdlitnmTRWaRW0GmD
b5XapJfSK+FiGXaynl3HHxHHpcUauX9zBa/LRp8oXiGPLfJEWmjWcGCyGZawASj3
pTTJUnbkYs0fUyUXAAQND/42mh8f3mTA+24I3lY4K8mxH9GSFgOkLoYwok8xL5Md
OUJAyvs34ixqvM2u560YJkegEO/xzg2abddfoqL8eNnjfvG3bI7KOCT+m+mM/5Cg
ul8XFSnHIEivuOXNtc/x/dwYSidKM8atkdpKtv++psd6hVbJQMfLlzf0S2QyiaGk
yXur/pM3A97lvkjAgvIKQt8NbJ/sITFlrN2TFxcbE8OED7LC4nBo54TJ1AxVsHlT
LB5XPKU8pBv0fABZrNKxf6a2iXx9jT9sSYdnb0y+hBjnoWZUNbhxo6jpAqt1quUy
buGWugvG8J75JvT6X+lwEEkg1lplmm+HuaFtegOqTUTKmffKduY+E00le+3Kh8gW
bLR8P1qp/xnxQxZJYcQ+mT4QsYpj6Pkcj0ON3NQO5wP6dr2UGhGcSzS2Cxv8TERN
7HSdFbFXQWPCekx+i7OjeRSY/XTUf2zYquPNP2oU0MjgnXhnkHq+6EaQPpM59fMd
MyLeOiUMOxpPOkeaAC8Ku0Oj2aZU/eyizuBDnhq1PAxBprSW5SSkxP4kz9BnA42x
tkMKMzzPohdfMIRI6zSu0chr76w2UeoViSsMtmWnR6qAXbQvzR+HHxhhB/Rzp6Gc
u9gybrv58IBkybn5ztST6NqgIgcQ/E7XIsB0Eooohfw+QiPlCdoghSxspbzwqcEZ
B4hPBBgRAgAPBQJGv5h3AhsMBQkSzAMAAAoJENyFNB9sYZHjUh0AnA3u5TNYHGLQ
DXLPP0qWHkTeOz8dAJ4wkrLBTaXz3CPCjoTdoBiQsNt3fw==
=nK43
-----END PGP PUBLIC KEY BLOCK-----

2881
SOURCES/spamassassin-3.4.2-fix-CVE-2018-11805.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
SOURCES/spamassassin-3.4.2-fix-CVE-2019-12420.patch Normal file
View File

@ -0,0 +1,25 @@
diff -urp Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Message.pm Mail-SpamAssassin-3.4.2.new/lib/Mail/SpamAssassin/Message.pm
--- Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Message.pm 2018-09-14 03:27:51.000000000 +0200
+++ Mail-SpamAssassin-3.4.2.new/lib/Mail/SpamAssassin/Message.pm 2020-04-09 15:17:34.300986337 +0200
@@ -876,6 +876,7 @@ sub _parse_multipart {
my $header;
my $part_array;
my $found_end_boundary;
+ my $partcnt = 0;
my $line_count = @{$body};
foreach ( @{$body} ) {
@@ -948,6 +949,13 @@ sub _parse_multipart {
}
}
+ # Maximum parts to process
+ if (++$partcnt == 1000) {
+ dbg("message: mimepart limit exceeded, stopping parsing");
+ $self->{'mimepart_limit_exceeded'} = 1;
+ return;
+ }
+
# make sure we start with a new clean node
$in_body = 0;
$part_msg = Mail::SpamAssassin::Message::Node->new({ normalize=>$self->{normalize} });

41
SOURCES/spamassassin-3.4.2-fix-CVE-2020-1930.patch Normal file
View File

@ -0,0 +1,41 @@
diff --git a/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm b/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
index 2d931ea..7b6244e 100644
--- a/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
+++ b/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
@@ -89,17 +89,19 @@ sub do_one_line_body_tests {
loop_body => sub
{
my ($self, $pms, $conf, $rulename, $pat, %opts) = @_;
- $pat = untaint_var($pat);
- my $sub;
+ my $sub = '
+ my ($self, $line) = @_;
+ my $qrptr = $self->{main}->{conf}->{test_qrs};
+ ';
if (($conf->{tflags}->{$rulename}||'') =~ /\bmultiple\b/)
{
# avoid [perl #86784] bug (fixed in 5.13.x), access the arg through ref
- $sub = '
- my $lref = \$_[1];
+ $sub .= '
+ my $lref = \$line;
pos $$lref = 0;
'.$self->hash_line_for_rule($pms, $rulename).'
- while ($$lref =~ '.$pat.'g) {
+ while ($$lref =~ /$qrptr->{q{'.$rulename.'}}/go) {
my $self = $_[0];
$self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
'. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body",
@@ -108,9 +110,9 @@ sub do_one_line_body_tests {
';
} else {
- $sub = '
+ $sub .= '
'.$self->hash_line_for_rule($pms, $rulename).'
- if ($_[1] =~ '.$pat.') {
+ if ($line =~ /$qrptr->{q{'.$rulename.'}}/o) {
my $self = $_[0];
$self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
'. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", "return 1") . '

44
SOURCES/spamassassin-3.4.2-fix-CVE-2020-1931.patch Normal file
View File

@ -0,0 +1,44 @@
diff -urp Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Conf.pm Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
--- Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Conf.pm 2020-06-15 19:10:21.700917582 +0200
+++ Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm 2020-06-15 19:07:59.045897164 +0200
@@ -3414,6 +3414,20 @@ internally, and should not be used.
setting => 'priority',
is_priv => 1,
type => $CONF_TYPE_HASH_KEY_VALUE,
+ code => sub {
+ my ($self, $key, $value, $line) = @_;
+ my ($rulename, $priority) = split(/\s+/, $value, 2);
+ unless (defined $priority) {
+ return $MISSING_REQUIRED_VALUE;
+ }
+ unless ($rulename =~ IS_RULENAME) {
+ return $INVALID_VALUE;
+ }
+ unless ($priority =~ /^-?\d+$/) {
+ return $INVALID_VALUE;
+ }
+ $self->{priority}->{$rulename} = $priority;
+ }
});
=back
diff -urp Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Constants.pm Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Constants.pm
--- Mail-SpamAssassin-3.4.2.old/lib/Mail/SpamAssassin/Constants.pm 2020-06-15 19:10:21.701917596 +0200
+++ Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Constants.pm 2020-06-15 19:07:59.045897164 +0200
@@ -43,7 +43,7 @@ BEGIN {
HARVEST_DNSBL_PRIORITY MBX_SEPARATOR
MAX_BODY_LINE_LENGTH MAX_HEADER_KEY_LENGTH MAX_HEADER_VALUE_LENGTH
MAX_HEADER_LENGTH ARITH_EXPRESSION_LEXER AI_TIME_UNKNOWN
- CHARSETS_LIKELY_TO_FP_AS_CAPS MAX_URI_LENGTH RULENAME_RE
+ CHARSETS_LIKELY_TO_FP_AS_CAPS MAX_URI_LENGTH RULENAME_RE IS_RULENAME
);
%EXPORT_TAGS = (
@@ -404,5 +404,7 @@ use constant CHARSETS_LIKELY_TO_FP_AS_CA
# Allowed rulename format
use constant RULENAME_RE => qr([_a-zA-Z][_a-zA-Z0-9]{0,127});
+# Exact match
+use constant IS_RULENAME => qr/^${\(RULENAME_RE)}$/;
1;

28
SPECS/spamassassin.spec
View File

@ -60,7 +60,7 @@ Summary: Spam filter for email which can be invoked from mail delivery agents
Name: spamassassin Name: spamassassin
Version: 3.4.2 Version: 3.4.2
#Release: 0.8.%%{prerev}%%{?dist} #Release: 0.8.%%{prerev}%%{?dist}
Release: 7%{?dist} Release: 10%{?dist}
License: ASL 2.0 License: ASL 2.0
Group: Applications/Internet Group: Applications/Internet
URL: https://spamassassin.apache.org/ URL: https://spamassassin.apache.org/
@ -78,7 +78,6 @@ Source8: sa-update.cronscript
Source9: sa-update.force-sysconfig Source9: sa-update.force-sysconfig
Source10: spamassassin-helper.sh Source10: spamassassin-helper.sh
Source11: spamassassin-official.conf Source11: spamassassin-official.conf
Source12: sought.conf
Source13: README.RHEL.Fedora Source13: README.RHEL.Fedora
%if %{use_systemd} %if %{use_systemd}
Source14: spamassassin.service Source14: spamassassin.service
@ -100,6 +99,10 @@ Patch3: 0001-Drop-the-ResourceLimits-plugin.patch
Patch100: spamassassin-3.4.2-fix-use-after-free.patch Patch100: spamassassin-3.4.2-fix-use-after-free.patch
Patch101: spamassassin-3.4.2-fix-file-handle-leaks.patch Patch101: spamassassin-3.4.2-fix-file-handle-leaks.patch
Patch102: spamassassin-3.4.2-fix-rawbody-rules-documentation.patch Patch102: spamassassin-3.4.2-fix-rawbody-rules-documentation.patch
Patch103: spamassassin-3.4.2-fix-CVE-2019-12420.patch
Patch104: spamassassin-3.4.2-fix-CVE-2018-11805.patch
Patch105: spamassassin-3.4.2-fix-CVE-2020-1930.patch
Patch106: spamassassin-3.4.2-fix-CVE-2020-1931.patch
# end of patches # end of patches
@ -212,6 +215,10 @@ rm -f lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
%patch100 -p1 %patch100 -p1
%patch101 -p1 %patch101 -p1
%patch102 -p1 %patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
# end of patches # end of patches
@ -295,7 +302,6 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/spamassassin
mkdir -m 0700 $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/sa-update-keys/ mkdir -m 0700 $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/sa-update-keys/
mkdir -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/ mkdir -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
install -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/ install -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
install -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
install -m 0644 %{SOURCE13} $RPM_BUILD_DIR/Mail-SpamAssassin-%{version}/ install -m 0644 %{SOURCE13} $RPM_BUILD_DIR/Mail-SpamAssassin-%{version}/
%if %{razor_deps} %if %{razor_deps}
@ -396,6 +402,22 @@ exit 0
%endif %endif
%changelog %changelog
* Mon Jun 15 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-10
- Fixed CVE-2018-11805
- Resolves: rhbz#1787514
- Fixed CVE-2020-1930
- Resolves: rhbz#1820649
- Fixed CVE-2020-1931
- Resolves: rhbz#1820650
* Thu Apr 09 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-9
- Fix CVE-2019-12420
- Resolves: rhbz#1812977
* Wed Mar 18 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-8
- Removed the obsolete SOUGHT channel for rule updates
- Resolves: rhbz#1630362
* Tue Oct 01 2019 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-7 * Tue Oct 01 2019 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-7
- Fix rawbody rules documentation - Fix rawbody rules documentation
- Resolves: rhbz#1639251 - Resolves: rhbz#1639251