Update to 3.4.2

Fixes: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
2018-09-18 18:21:26 -07:00 · 2018-09-18 18:21:26 -07:00 · a23eca0f84
commit a23eca0f84
parent cbfebadb51
7 changed files with 16 additions and 199 deletions
--- a/CRYPTO_malloc.patch
+++ b/CRYPTO_malloc.patch
@ -1,84 +0,0 @@
-diff -Nur Mail-SpamAssassin-3.4.1.orig/spamc/configure Mail-SpamAssassin-3.4.1/spamc/configure
--- Mail-SpamAssassin-3.4.1.orig/spamc/configure	2015-04-28 13:56:59.000000000 -0600
-+++ Mail-SpamAssassin-3.4.1/spamc/configure	2016-11-06 14:36:54.722342568 -0700
-@@ -3666,9 +3666,9 @@
- SSLLIBS=""
- SSLCFLAGS=""
- if test yes = "$sa_ssl_enabled"; then
-	echo "$as_me:$LINENO: checking for CRYPTO_lock in -lcrypto" >&5
-echo $ECHO_N "checking for CRYPTO_lock in -lcrypto... $ECHO_C" >&6
-if test "${ac_cv_lib_crypto_CRYPTO_lock+set}" = set; then
-+	echo "$as_me:$LINENO: checking for CRYPTO_malloc in -lcrypto" >&5
-+echo $ECHO_N "checking for CRYPTO_malloc in -lcrypto... $ECHO_C" >&6
-+if test "${ac_cv_lib_crypto_CRYPTO_malloc+set}" = set; then
-   echo $ECHO_N "(cached) $ECHO_C" >&6
- else
-   ac_check_lib_save_LIBS=$LIBS
-@@ -3686,11 +3686,11 @@
- #endif
- /* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-char CRYPTO_lock ();
-+char CRYPTO_malloc ();
- int
- main ()
- {
-CRYPTO_lock ();
-+CRYPTO_malloc ();
-   ;
-   return 0;
- }
-@@ -3716,20 +3716,20 @@
-   ac_status=$?
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); }; }; then
-  ac_cv_lib_crypto_CRYPTO_lock=yes
-+  ac_cv_lib_crypto_CRYPTO_malloc=yes
- else
-   echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
- 
-ac_cv_lib_crypto_CRYPTO_lock=no
-+ac_cv_lib_crypto_CRYPTO_malloc=no
- fi
- rm -f conftest.err conftest.$ac_objext \
-       conftest$ac_exeext conftest.$ac_ext
- LIBS=$ac_check_lib_save_LIBS
- fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_lock" >&5
-echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_lock" >&6
-if test $ac_cv_lib_crypto_CRYPTO_lock = yes; then
-+echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_malloc" >&5
-+echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_malloc" >&6
-+if test $ac_cv_lib_crypto_CRYPTO_malloc = yes; then
-   SSLLIBS="-lcrypto $SSLLIBS"
- fi
- 
-@@ -3804,7 +3804,7 @@
- 	# before defining SPAMC_SSL check that all its requirements are
- 	# actually available
- 	if test yes = "$ac_cv_header_openssl_crypto_h" && \
-	   test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \
-+	   test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \
- 	   test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then
- 		SSLCFLAGS="-DSPAMC_SSL"
- 	else
-diff -Nur Mail-SpamAssassin-3.4.1.orig/spamc/configure.in Mail-SpamAssassin-3.4.1/spamc/configure.in
--- Mail-SpamAssassin-3.4.1.orig/spamc/configure.in	2015-04-28 13:56:59.000000000 -0600
-+++ Mail-SpamAssassin-3.4.1/spamc/configure.in	2016-11-06 14:36:54.724342587 -0700
-@@ -64,13 +64,13 @@
- SSLLIBS=""
- SSLCFLAGS=""
- if test yes = "$sa_ssl_enabled"; then
-	AC_CHECK_LIB(crypto, CRYPTO_lock,[SSLLIBS="-lcrypto $SSLLIBS"])
-+	AC_CHECK_LIB(crypto, CRYPTO_malloc,[SSLLIBS="-lcrypto $SSLLIBS"])
- 	AC_CHECK_LIB(ssl, SSL_CTX_free,[SSLLIBS="-lssl $SSLLIBS"],,-lcrypto)
- 
- 	# before defining SPAMC_SSL check that all its requirements are
- 	# actually available
- 	if test yes = "$ac_cv_header_openssl_crypto_h" && \
-	   test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \
-+	   test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \
- 	   test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then
- 		SSLCFLAGS="-DSPAMC_SSL"
- 	else
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-0db5d27d7b782ff5eadee12b95eae84c  Mail-SpamAssassin-3.4.1.tar.bz2
-4a1cbafbee2d0ae8c4f2f9ac05b4b3aa  Mail-SpamAssassin-rules-3.4.1.r1675274.tgz
+SHA512 (Mail-SpamAssassin-3.4.2.tar.bz2) = fe3d9d1d7b9fed3063549afd071066729f1f4d998be91ded1e5afc29bb37c7a298dc5f8f99a282b75435d317b5b5072a81393134ccfe059a73d953e26a9c3885
+SHA512 (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = 38b5f4dc6e6776937e787123c265ecd9a0a2f60aca1b57d6ed4a8f78cf81550478eddd0829b1255e9e8ce64421e06cc13ae82f1a597e893b65f0d07ba8c53a7f
--- a/spamassassin-3.4.1-dns-warnings.patch
+++ b/spamassassin-3.4.1-dns-warnings.patch
@ -1,28 +0,0 @@
-diff -Nur Mail-SpamAssassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm Mail-SpamAssassin-3.4.1/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
--- Mail-SpamAssassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm	2015-04-28 12:56:47.000000000 -0700
-+++ Mail-SpamAssassin-3.4.1/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm	2017-10-23 16:02:04.798386891 -0700
-@@ -942,9 +942,8 @@
-     next unless (defined($str) && defined($dom));
-     dbg("uridnsbl: got($j) NS for $dom: $str");
- 
-    if ($str =~ /IN\s+NS\s+(\S+)/) {
-      my $nsmatch = lc $1;
-      $nsmatch =~ s/\.$//;
-+    if ($rr->type eq 'NS') {
-+      my $nsmatch = lc $rr->nsdname;  # available since at least Net::DNS 0.14
-       my $nsrhblstr = $nsmatch;
-       my $fullnsrhblstr = $nsmatch;
- 
-@@ -1025,9 +1024,9 @@
-     }
-     dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
- 
-    local $1;
-    if ($str =~ /IN\s+A\s+(\S+)/) {
-      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
-+    if ($rr->type eq 'A') {
-+      my $ip_address = $rr->rdatastr;
-+      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
-     }
-   }
- }
--- a/spamassassin-3.4.1-netdns.patch
+++ b/spamassassin-3.4.1-netdns.patch
@ -1,12 +0,0 @@
-diff -Nur Mail-SpamAssassin-3.4.1.orig/lib/Mail/SpamAssassin/DnsResolver.pm Mail-SpamAssassin-3.4.1/lib/Mail/SpamAssassin/DnsResolver.pm
--- Mail-SpamAssassin-3.4.1.orig/lib/Mail/SpamAssassin/DnsResolver.pm	2015-04-28 13:56:49.000000000 -0600
-+++ Mail-SpamAssassin-3.4.1/lib/Mail/SpamAssassin/DnsResolver.pm	2016-06-11 13:55:15.380517343 -0600
-@@ -592,6 +592,8 @@
-   };
- 
-   if ($packet) {
-+    # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223	
-+    $packet->header->rd(1);
-   # my $udp_payload_size = $self->{res}->udppacketsize;
-     my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
-     if ($udp_payload_size && $udp_payload_size > 512) {
--- a/spamassassin-3.4.1-pname-remove-space.patch
+++ b/spamassassin-3.4.1-pname-remove-space.patch
@ -1,19 +0,0 @@
-commit f6bbb55c24888e97a59bc762f9dab8ec4627d933
-Author: Tomas Korbar <tkorbar@localhost.localdomain>
-Date:   Mon Jul 9 15:58:16 2018 +0200
-
-    Fix https://bugzilla.redhat.com/show_bug.cgi?id=950627
-
-diff --git a/spamd/spamd.raw b/spamd/spamd.raw
-index 821f658..b9104bb 100755
--- a/spamd/spamd.raw
-+++ b/spamd/spamd.raw
-@@ -2958,8 +2958,6 @@ sub serverstarted {
- }
- 
- sub daemonize {
-  # Pretty command line in ps
-  $0 = join (' ', $ORIG_ARG0, @ORIG_ARGV) unless would_log("dbg");
- 
-   # be a nice daemon and chdir to the root so we don't block any
-   # unmount attempts
--- a/spamassassin-3.4.1-salearn.patch
+++ b/spamassassin-3.4.1-salearn.patch
@ -1,24 +0,0 @@
-diff -Nur Mail-SpamAssassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm Mail-SpamAssassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm
--- Mail-SpamAssassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm	2015-04-28 12:56:49.000000000 -0700
-+++ Mail-SpamAssassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm	2017-10-23 16:05:06.703069400 -0700
-@@ -914,16 +914,16 @@
-     $str .= shift @{$ary};
-   }
-   undef $ary;
-  chomp ($str); $str .= " [...]\n";
- 
-   # in case the last line was huge, trim it back to around 200 chars
-   local $1;
-  $str =~ s/^(.{,200}).*$/$1/gs;
-+  $str =~ s/^(.{200}).+$/$1 [...]/gm;
-+  chomp ($str); $str .= "\n";
- 
-   # now, some tidy-ups that make things look a bit prettier
-  $str =~ s/-----Original Message-----.*$//gs;
-+  $str =~ s/-----Original Message-----.*$//gm;
-   $str =~ s/This is a multi-part message in MIME format\.//gs;
-  $str =~ s/[-_\*\.]{10,}//gs;
-+  $str =~ s/[-_*.]{10,}//gs;
-   $str =~ s/\s+/ /gs;
- 
-   # add "Content preview:" ourselves, so that the text aligns
--- a/spamassassin.spec
+++ b/spamassassin.spec
@ -64,20 +64,20 @@
 %{!?perl_vendorlib: %define perl_vendorlib %(eval "`%{__perl} -V:installvendorlib`"; echo $installvendorlib)}

 %global saversion 3.004001
-#%global prerev rc2
+#%%global prerev rc2

 Summary: Spam filter for email which can be invoked from mail delivery agents
 Name: spamassassin
-Version: 3.4.1
-#Release: 0.8.%{prerev}%{?dist}
-Release: 25%{?dist}
+Version: 3.4.2
+#Release: 0.8.%%{prerev}%%{?dist}
+Release: 1%{?dist}
 License: ASL 2.0
 Group: Applications/Internet
-URL: http://spamassassin.apache.org/
-Source0: http://www.apache.org/dist/%{name}/source/%{real_name}-%{version}.tar.bz2
-#Source0: %{real_name}-%{version}-%{prerev}.tar.bz2
-Source1: http://www.apache.org/dist/%{name}/source/%{real_name}-rules-%{version}.r1675274.tgz
-#Source1: %{real_name}-rules-%{version}.%{prerev}.tgz
+URL: https://spamassassin.apache.org/
+Source0: https://www.apache.org/dist/%{name}/source/%{real_name}-%{version}.tar.bz2
+#Source0: %%{real_name}-%%{version}-%%{prerev}.tar.bz2
+Source1: https://www.apache.org/dist/%{name}/source/%{real_name}-rules-%{version}.r1840640.tgz
+#Source1: %%{real_name}-rules-%%{version}.%%{prerev}.tgz
 Source2: redhat_local.cf
 Source3: spamassassin-default.rc
 Source4: spamassassin-spamc.rc
@ -102,20 +102,8 @@ Source17: sa-update.timer
 # Switch to using gnupg2 instead of gnupg1
 Patch0: spamassassin-3.3.2-gnupg2.patch
 Patch1: spamassassin-3.4.1-add-logfile-homedir-options.patch
-Patch2: spamassassin-3.4.1-pname-remove-space.patch
 # Patches 100+ are SVN backports (DO NOT REUSE!)
-Patch100: spamassassin-3.4.1-netdns.patch
-# Openssl 1.1.x support
-# https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7361
-Patch101: CRYPTO_malloc.patch
-Patch102: spamassassin-3.4.1-Fix-building-on-Perl-without-dot-in-INC.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1364932
-# https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm?r1=1676616&r2=1694126&pathrev=1694126&view=patch
-Patch103: spamassassin-3.4.1-dns-warnings.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1505317
-# https://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm?r1=1791010&r2=1791009&pathrev=1791010&view=patch
-Patch104: spamassassin-3.4.1-salearn.patch
-
+#Patch102: spamassassin-3.4.1-Fix-building-on-Perl-without-dot-in-INC.patch
 # end of patches
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 %if %{use_systemd} == 0
@ -204,13 +192,7 @@ To filter spam for all users, add that line to /etc/procmailrc
 # Patches 0-99 are RH specific
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
 # Patches 100+ are SVN backports (DO NOT REUSE!)
-%patch100 -p1
-%patch101 -p1
-%patch102 -p1
-%patch103 -p1
-%patch104 -p1
 # end of patches

 echo "RHEL=%{rhel} FEDORA=%{fedora}"
@ -274,8 +256,6 @@ find $RPM_BUILD_ROOT -type d -depth -exec rmdir {} 2>/dev/null ';'
 cd $RPM_BUILD_ROOT%{_datadir}/spamassassin/
 tar xfvz %{SOURCE1}
 sed -i -e 's|\@\@VERSION\@\@|%{saversion}|' *.cf
-# Disable AHBL score as they no longer exist. See https://bugzilla.redhat.com/show_bug.cgi?id=1180338
-sed -i -e 's|score DNS_FROM_AHBL_RHSBL 0 2.438 0 2.699 # n=0 n=2||' 50_scores.cf
 cd -

 find $RPM_BUILD_ROOT/usr -type f -print |
@ -393,6 +373,10 @@ exit 0
 %endif

 %changelog
+* Sun Sep 16 2018 Kevin Fenzi <kevin@scrye.com> - 3.4.2-1
+- Update to 3.4.2
+- Fixes: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
+
 * Mon Jul 23 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 3.4.1-25
 - perl-Razor-Agent and perl-Net-Patricia not used on RHEL