import spamassassin-3.4.6-1.el8

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/Mail-SpamAssassin-3.4.2.tar.bz2
+SOURCES/Mail-SpamAssassin-3.4.6.tar.bz2
-SOURCES/Mail-SpamAssassin-rules-3.4.2.r1840640.tgz
+SOURCES/Mail-SpamAssassin-rules-3.4.6.r1888502.tgz

.spamassassin.metadata

@@ -1,2 +1,2 @@
-9d3128dfe943be5e429edbd77883179138f40536 SOURCES/Mail-SpamAssassin-3.4.2.tar.bz2
+26390aa8c9176c7d280252e4f01defe031373d32 SOURCES/Mail-SpamAssassin-3.4.6.tar.bz2
-c93006e1572297f816a0e186a98cbbae246a4945 SOURCES/Mail-SpamAssassin-rules-3.4.2.r1840640.tgz
+bc4a64ed49f6df75d6bce8396fa476548a66d755 SOURCES/Mail-SpamAssassin-rules-3.4.6.r1888502.tgz

SOURCES/0001-Drop-the-ResourceLimits-plugin.patch

@@ -1,44 +0,0 @@
-diff --git a/MANIFEST b/MANIFEST
-index 95e2af5..d1aa471 100644
---- a/MANIFEST
-+++ b/MANIFEST
-@@ -100,7 +100,6 @@ lib/Mail/SpamAssassin/Plugin/Pyzor.pm
- lib/Mail/SpamAssassin/Plugin/Razor2.pm
- lib/Mail/SpamAssassin/Plugin/RelayCountry.pm
- lib/Mail/SpamAssassin/Plugin/RelayEval.pm
--lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
- lib/Mail/SpamAssassin/Plugin/ReplaceTags.pm
- lib/Mail/SpamAssassin/Plugin/Reuse.pm
- lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
-diff --git a/lib/Mail/SpamAssassin/Util/DependencyInfo.pm b/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
-index 7467744..3d92c7d 100644
---- a/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
-+++ b/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
-@@ -257,12 +257,6 @@ our @OPTIONAL_MODULES = (
-   check for both Net::DNS and Net::DNS::Nameserver.  However, 
-   Net::DNS::Nameserver is only used in make test as of June 2014.',
- },
--{
--  module => 'BSD::Resource',
--  version => 0,
--  desc => 'BSD::Resource provides BSD process resource limit and priority 
--  functions.  It is used by the optional ResourceLimits Plugin.',
--},
- );
- 
- our @BINARIES = ();
-diff --git a/rules/v342.pre b/rules/v342.pre
-index 4ab7736..9b425fd 100644
---- a/rules/v342.pre
-+++ b/rules/v342.pre
-@@ -19,10 +19,6 @@
- # HashBL - Use EBL email blocklist
- # loadplugin Mail::SpamAssassin::Plugin::HashBL
- 
--# ResourceLimits - assure your spamd child processes
--# do not exceed specified CPU or memory limit
--# loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
--
- 
- # FromNameSpoof - help stop spam that tries to spoof other domains using 
- # the from name

SOURCES/README.RHEL.Fedora

@@ -26,9 +26,6 @@ override the daemon check in /etc/sysconfig/sa-update
 All sa-update channels are defined in files contained in this directory.
 See the existing config files as examples for writing your own config file.
 
-4) SOUGHT Anti-Fraud Rule Channel is Enabled by Default
-http://wiki.apache.org/spamassassin/SoughtRules
-
 General Warnings
 ================
 * DO NOT USE SARE or OpenProtect rules.  They are old and outdated, and

SOURCES/sought.conf

@@ -1,47 +0,0 @@
-# http://wiki.apache.org/spamassassin/SoughtRules
-CHANNELURL=sought.rules.yerp.org
-KEYID=6C6191E3
-# Ignore everything below.
-return 0
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.1 (GNU/Linux)
-
-mQGiBEa/l+YRBACC+uJfIThEoEWrNxdDD/1tAwb5L8v7H3gGt+LtuOwwn5ZU7XsT
-s1DOok1oZVRnTQJYdlth7QlU9wqijwLEVzW1LDWnxXXKwPmlTlkcdGoBcb+cBbYI
-miJ/TlAetvbprcZdROS4Ey31GjPRmWPPnVE2Xcwy+e4+RmnhqfZBmOaE7wCgo1GG
-pkik2OPD1le4LGGOGHL5HiED/0TyvTiSS3NnUtoDFQAPrnezOCjxv8zMjYEnJs/I
-h7uyIgHRsbB75cD2O1LWyO8Vz8r/snVuG35zcZagPf/7Tc9AJoaxVmCIk9DEmWZp
-iuvqpMhwHAbNvY3jY2oKsDl1rNx0IIctoJwjXia99kvNTHK/Yz/HqhIyLModhiMB
-aYYZA/wIdPOHGHaP5vjlbWBwGlRR9m0Rf4ob5sul8MjCyehOYcRVLwfOEfzX308v
-0enOGnbbBKXU2QvA0Z068aBmJkJaaPhlIjZApQJDsb7pt6k8jMPj/Xpr779wAFQ8
-IZC7Tw21OtqkjrUb3dZlEljrTwWNc6FVxuIidBBg7HCdP24WKLRESnVzdGluIE1h
-c29uIFNpZ25pbmcgS2V5IChDb2RlIFNpZ25pbmcgT25seSkgPHNpZ25pbmdrZXlA
-am1hc29uLm9yZz6IZAQTEQIAJAUCRr+X5gIbAwUJEswDAAYLCQgHAwIDFQIDAxYC
-AQIeAQIXgAAKCRDchTQfbGGR4/GJAKCC6X6AF8nM+H00b/XeZl9vYihXBgCcDYuU
-AtXjWWxndkneakmbnD0O4Z25BA0ERr+YdxAQAIYYUQHMzVsRAzpIRLfni0aeczrr
-armwXMJ8y5p74lVLbJyQOjkQyIJWP80twrN8SjNyUFBr/52SlOPOuAbGZY1ZKpux
-vkbsug2wWvkoj8xGjnexrSDahRgpNhf/otLRNTyUFZTM6mjZt0ItnYDl6xszY4kd
-O5rVzjQuivNB4BsHcd8qQ7zVo9+VZ5R77iM4dtk6t5ycpXlAom5pD8qLb7ZzTVe0
-SuhzOeynF51rwjS+wa3hzZisvJqZA5uJcAyYslgP1UTW+2e5wutSktSZmL/XnlEF
-p86GPjAgDPL2Q0TgzVL6sPt0blNCyzOJrcBqBHrgZfraYgqtmGepLpk72q4VD23c
-aV2wTqjnfJAsNR3y8jgVNwF8LpXtlbxrBByFRwEqsc/gzdMEnJ728XBDqT2IhZLY
-maL/WxiDKNWD/Mae69HTyInIYgrfT7nJKDeKQA81+e5+UmqBVoi5/AICMlDm1DgR
-gG6bbOXGhLVPh+gHjGG4Jdd/ZLedncUsjW9KyK261sqM3tSDSfgnF99w2/32ToFu
-ChN8JOfQ6VZ7QbL1BWRtQWZ3tyauUUXmsrYDv1w1nx51MqxQdlitnmTRWaRW0GmD
-b5XapJfSK+FiGXaynl3HHxHHpcUauX9zBa/LRp8oXiGPLfJEWmjWcGCyGZawASj3
-pTTJUnbkYs0fUyUXAAQND/42mh8f3mTA+24I3lY4K8mxH9GSFgOkLoYwok8xL5Md
-OUJAyvs34ixqvM2u560YJkegEO/xzg2abddfoqL8eNnjfvG3bI7KOCT+m+mM/5Cg
-ul8XFSnHIEivuOXNtc/x/dwYSidKM8atkdpKtv++psd6hVbJQMfLlzf0S2QyiaGk
-yXur/pM3A97lvkjAgvIKQt8NbJ/sITFlrN2TFxcbE8OED7LC4nBo54TJ1AxVsHlT
-LB5XPKU8pBv0fABZrNKxf6a2iXx9jT9sSYdnb0y+hBjnoWZUNbhxo6jpAqt1quUy
-buGWugvG8J75JvT6X+lwEEkg1lplmm+HuaFtegOqTUTKmffKduY+E00le+3Kh8gW
-bLR8P1qp/xnxQxZJYcQ+mT4QsYpj6Pkcj0ON3NQO5wP6dr2UGhGcSzS2Cxv8TERN
-7HSdFbFXQWPCekx+i7OjeRSY/XTUf2zYquPNP2oU0MjgnXhnkHq+6EaQPpM59fMd
-MyLeOiUMOxpPOkeaAC8Ku0Oj2aZU/eyizuBDnhq1PAxBprSW5SSkxP4kz9BnA42x
-tkMKMzzPohdfMIRI6zSu0chr76w2UeoViSsMtmWnR6qAXbQvzR+HHxhhB/Rzp6Gc
-u9gybrv58IBkybn5ztST6NqgIgcQ/E7XIsB0Eooohfw+QiPlCdoghSxspbzwqcEZ
-B4hPBBgRAgAPBQJGv5h3AhsMBQkSzAMAAAoJENyFNB9sYZHjUh0AnA3u5TNYHGLQ
-DXLPP0qWHkTeOz8dAJ4wkrLBTaXz3CPCjoTdoBiQsNt3fw==
-=nK43
------END PGP PUBLIC KEY BLOCK-----

SOURCES/spamassassin-3.4.2-fix-file-handle-leaks.patch

@@ -1,18 +0,0 @@
---- a/spamc/spamc.c	2018/10/02 16:54:17	1842644
-+++ b/spamc/spamc.c	2018/10/02 17:40:43	1842645
-@@ -616,6 +616,7 @@
- 	        fprintf(stderr,"Exceeded max line size (%d) in %s\n",
-                         CONFIG_MAX_LINE_SIZE-2, config_file);
- 	    }
-+	    fclose(config);
- 	    return EX_CONFIG;
- 	}
- 
-@@ -629,6 +630,7 @@
-             if (*combo_argc >= COMBO_ARGV_SIZE) {
- 	        fprintf(stderr,"Exceeded max number of arguments (%d) in %s\n",
- 	                COMBO_ARGV_SIZE, config_file);
-+		fclose(config);
- 	        return EX_CONFIG;
-             }
-             combo_argv[*combo_argc] = strdup(tok);

SOURCES/spamassassin-3.4.2-fix-rawbody-rules-documentation.patch

@@ -1,63 +0,0 @@
---- a/lib/Mail/SpamAssassin/Conf.pm	2019/08/01 12:28:38	1864149
-+++ b/lib/Mail/SpamAssassin/Conf.pm	2019/08/08 08:11:36	1864686
-@@ -3066,12 +3066,19 @@
- as per the header tests, C<#> must be escaped (C<\#>) or else it is considered
- the beginning of a comment.
- 
--The 'body' in this case is the textual parts of the message body;
--any non-text MIME parts are stripped, and the message decoded from
--Quoted-Printable or Base-64-encoded format if necessary.  The message
--Subject header is considered part of the body and becomes the first
--paragraph when running the rules.  All HTML tags and line breaks will
--be removed before matching.
-+The 'body' in this case is the textual parts of the message body; any
-+non-text MIME parts are stripped, and the message decoded from
-+Quoted-Printable or Base-64-encoded format if necessary.  Parts declared as
-+text/html will be rendered from HTML to text.
-+
-+All body paragraphs (double-newline-separated blocks text) are turned into a
-+line breaks removed, whitespace normalized single line.  Any lines longer
-+than 2kB are split into shorter separate lines (from a boundary when
-+possible), this may unexpectedly prevent pattern from matching.  Patterns
-+are matched independently against each of these lines.
-+
-+Note that the message Subject header is considered part of the body and
-+becomes the first line when running the rules.
- 
- =item body SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
- 
-@@ -3152,6 +3159,10 @@
- tags and line breaks will still be present.  Multiline expressions will
- need to be used to match strings that are broken by line breaks.
- 
-+Note that the text is split into 2-4kB chunks (from a word boundary when
-+possible), this may unexpectedly prevent pattern from matching.  Patterns
-+are matched independently against each of these chunks.
-+
- =item rawbody SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
- 
- Define a raw-body eval test.  See above.
---- a/lib/Mail/SpamAssassin/PerMsgStatus.pm	2019/08/03 13:55:00	1864336
-+++ b/lib/Mail/SpamAssassin/PerMsgStatus.pm	2019/08/08 08:11:36	1864686
-@@ -1769,8 +1769,10 @@
- Returns the message body, with B<base64> or B<quoted-printable> encodings
- decoded, and non-text parts or non-inline attachments stripped.
- 
--It is returned as an array of strings, with each string representing
--one newline-separated line of the body.
-+This is the same result text as used in 'rawbody' rules.
-+
-+It is returned as an array of strings, with each string being a 2-4kB chunk
-+of the body, split from boundaries if possible.
- 
- =cut
- 
-@@ -1784,6 +1786,8 @@
- get_decoded_body_text_array()), with HTML rendered, and with whitespace
- normalized.
- 
-+This is the same result text as used in 'body' rules.
-+
- It will always render text/html, and will use a heuristic to determine if other
- text/* parts should be considered text/html.
- 

SOURCES/spamassassin-3.4.2-fix-use-after-free.patch

@@ -1,10 +0,0 @@
---- a/spamc/getopt.c	2018/09/20 06:52:49	1841432
-+++ b/spamc/getopt.c	2018/09/20 07:18:53	1841433
-@@ -274,7 +274,6 @@
-             } else if(longopts[i].has_arg == optional_argument) {
-                if(((spamc_optind < argc) && (argv[spamc_optind]) && (argv[spamc_optind][0] != '-')) || 
-                      (opt != NULL)) {
--		  free(opt);
-                   if(opt != NULL) {
-                      spamc_optarg = opt;
-                   } else {

SOURCES/spamassassin-3.4.6-Drop-the-ResourceLimits-plugin.patch

@@ -0,0 +1,193 @@
+diff --git a/MANIFEST b/MANIFEST
+index e16e0da..601f886 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -101,7 +101,6 @@ lib/Mail/SpamAssassin/Plugin/Pyzor.pm
+ lib/Mail/SpamAssassin/Plugin/Razor2.pm
+ lib/Mail/SpamAssassin/Plugin/RelayCountry.pm
+ lib/Mail/SpamAssassin/Plugin/RelayEval.pm
+-lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
+ lib/Mail/SpamAssassin/Plugin/ReplaceTags.pm
+ lib/Mail/SpamAssassin/Plugin/Reuse.pm
+ lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
+diff --git a/lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm b/lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
+deleted file mode 100644
+index 9179b93..0000000
+--- a/lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
++++ /dev/null
+@@ -1,143 +0,0 @@
+-# <@LICENSE>
+-# Licensed to the Apache Software Foundation (ASF) under one or more
+-# contributor license agreements.  See the NOTICE file distributed with
+-# this work for additional information regarding copyright ownership.
+-# The ASF licenses this file to you under the Apache License, Version 2.0
+-# (the "License"); you may not use this file except in compliance with
+-# the License.  You may obtain a copy of the License at:
+-#
+-#     http://www.apache.org/licenses/LICENSE-2.0
+-#
+-# Unless required by applicable law or agreed to in writing, software
+-# distributed under the License is distributed on an "AS IS" BASIS,
+-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-# See the License for the specific language governing permissions and
+-# limitations under the License.
+-# </@LICENSE>
+-
+-=head1 NAME
+-
+-Mail::SpamAssassin::Plugin::ResourceLimits - Limit the memory and/or CPU of child spamd processes
+-
+-=head1 SYNOPSIS
+-
+-  # This plugin is for admin only and cannot be specified in user config.
+-  loadplugin     Mail::SpamAssassin::Plugin::ResourceLimits
+-
+-  # Sets to RLIMIT_CPU from BSD::Resource. The quota is based on max CPU Time seconds.
+-  resource_limit_cpu 120
+-
+-  # Sets to RLIMIT_RSS and RLIMIT_AS via BSD::Resource.
+-  resource_limit_cpu 536870912
+-
+-=head1 DESCRIPTION
+-
+-This module leverages BSD::Resource to assure your spamd child processes do not exceed
+-specified CPU or memory limit. If this happens, the child process will die.
+-See the L<BSD::Resource> for more details.
+-
+-NOTE: Because this plugin uses BSD::Resource, it will not function on Windows.
+-
+-=head1 ADMINISTRATOR SETTINGS
+-
+-=over 4
+-
+-=item resource_limit_cpu 120	(default: 0 or no limit)
+-
+-How many cpu cycles are allowed on this process before it dies.
+-
+-=item resource_limit_mem 536870912	(default: 0 or no limit)
+-
+-The maximum number of bytes of memory allowed both for:
+-
+-=over
+-
+-=item *
+-
+-(virtual) address space bytes
+-
+-=item *
+-
+-resident set size
+-
+-=back
+-
+-=back
+-
+-=cut
+-
+-package Mail::SpamAssassin::Plugin::ResourceLimits;
+-
+-use Mail::SpamAssassin::Plugin ();
+-use Mail::SpamAssassin::Logger ();
+-use Mail::SpamAssassin::Util   ();
+-use Mail::SpamAssassin::Constants qw(:sa);
+-
+-use strict;
+-use warnings;
+-
+-use BSD::Resource qw(RLIMIT_RSS RLIMIT_AS RLIMIT_CPU);
+-
+-our @ISA = qw(Mail::SpamAssassin::Plugin);
+-
+-sub new {
+-    my $class        = shift;
+-    my $mailsaobject = shift;
+-
+-    $class = ref($class) || $class;
+-    my $self = $class->SUPER::new($mailsaobject);
+-    bless( $self, $class );
+-
+-    $self->set_config( $mailsaobject->{conf} );
+-    return $self;
+-}
+-
+-sub set_config {
+-    my ( $self, $conf ) = @_;
+-    my @cmds = ();
+-
+-    push(
+-        @cmds,
+-        {
+-            setting  => 'resource_limit_mem',
+-            is_admin => 1,
+-            default  => '0',
+-            type     => $Mail::SpamAssassin::Conf::CONF_TYPE_NUMERIC
+-        }
+-    );
+-
+-    push(
+-        @cmds,
+-        {
+-            setting  => 'resource_limit_cpu',
+-            is_admin => 1,
+-            default  => '0',
+-            type     => $Mail::SpamAssassin::Conf::CONF_TYPE_NUMERIC
+-        }
+-    );
+-
+-    $conf->{parser}->register_commands( \@cmds );
+-}
+-
+-sub spamd_child_init {
+-    my ($self) = @_;
+-
+-    # Set CPU Resource limits if they were specified.
+-    Mail::SpamAssassin::Util::dbg("resourcelimitplugin: In spamd_child_init");
+-    Mail::SpamAssassin::Util::dbg( "resourcelimitplugin: cpu limit: " . $self->{main}->{conf}->{resource_limit_cpu} );
+-    if ( $self->{main}->{conf}->{resource_limit_cpu} ) {
+-        BSD::Resource::setrlimit( RLIMIT_CPU, $self->{main}->{conf}->{resource_limit_cpu}, $self->{main}->{conf}->{resource_limit_cpu} )
+-          || info("resourcelimitplugin: Unable to set RLIMIT_CPU");
+-    }
+-
+-    # Set  Resource limits if they were specified.
+-    Mail::SpamAssassin::Util::dbg( "resourcelimitplugin: mem limit: " . $self->{main}->{conf}->{resource_limit_mem} );
+-    if ( $self->{main}->{conf}->{resource_limit_mem} ) {
+-        BSD::Resource::setrlimit( RLIMIT_RSS, $self->{main}->{conf}->{resource_limit_mem}, $self->{main}->{conf}->{resource_limit_mem} )
+-          || info("resourcelimitplugin: Unable to set RLIMIT_RSS");
+-        BSD::Resource::setrlimit( RLIMIT_AS, $self->{main}->{conf}->{resource_limit_mem}, $self->{main}->{conf}->{resource_limit_mem} )
+-          || info("resourcelimitplugin: Unable to set RLIMIT_AS");
+-    }
+-}
+-
+-1;
+diff --git a/lib/Mail/SpamAssassin/Util/DependencyInfo.pm b/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
+index b5b05cf..8223b26 100644
+--- a/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
++++ b/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
+@@ -234,12 +234,6 @@ our @OPTIONAL_MODULES = (
+   check for both Net::DNS and Net::DNS::Nameserver.  However, 
+   Net::DNS::Nameserver is only used in make test as of June 2014.',
+ },
+-{
+-  module => 'BSD::Resource',
+-  version => 0,
+-  desc => 'BSD::Resource provides BSD process resource limit and priority 
+-  functions.  It is used by the optional ResourceLimits Plugin.',
+-},
+ {
+   module => 'Archive::Zip',
+   version => 0,
+diff --git a/rules/v342.pre b/rules/v342.pre
+index 8e0fb07..c4758e9 100644
+--- a/rules/v342.pre
++++ b/rules/v342.pre
+@@ -19,10 +19,6 @@
+ # HashBL - Query hashed/unhashed strings, emails, uris etc from DNS lists
+ # loadplugin Mail::SpamAssassin::Plugin::HashBL
+ 
+-# ResourceLimits - assure your spamd child processes
+-# do not exceed specified CPU or memory limit
+-# loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
+-
+ # FromNameSpoof - help stop spam that tries to spoof other domains using 
+ # the from name
+ # loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof

SOURCES/spamassassin-3.4.6-drop-geoip.patch

@@ -1,20 +1,8 @@
-From cab335f2c6b096f847402c35ee896a3f3d82958c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Mon, 23 Jul 2018 13:28:39 +0200
-Subject: [PATCH] Dropped GeoIP and optional plugins requiring it
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Namely URILocalBL and RelayCountry.
-
-Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
-
 diff --git a/MANIFEST b/MANIFEST
-index 2b1b291..a6bbcdb 100644
+index 7b1bab2..e16e0da 100644
 --- a/MANIFEST
 +++ b/MANIFEST
-@@ -117,7 +117,6 @@ lib/Mail/SpamAssassin/Plugin/VBounce.pm
+@@ -118,7 +118,6 @@ lib/Mail/SpamAssassin/Plugin/VBounce.pm
  lib/Mail/SpamAssassin/Plugin/WLBLEval.pm
  lib/Mail/SpamAssassin/Plugin/WhiteListSubject.pm
  lib/Mail/SpamAssassin/PluginHandler.pm
@@ -24,10 +12,10 @@ index 2b1b291..a6bbcdb 100644
  lib/Mail/SpamAssassin/SQLBasedAddrList.pm
 diff --git a/lib/Mail/SpamAssassin/Plugin/RelayCountry.pm b/lib/Mail/SpamAssassin/Plugin/RelayCountry.pm
 deleted file mode 100644
-index 2e172f3..0000000
+index 38ec1e3..0000000
 --- a/lib/Mail/SpamAssassin/Plugin/RelayCountry.pm
 +++ /dev/null
-@@ -1,280 +0,0 @@
+@@ -1,407 +0,0 @@
 -# <@LICENSE>
 -# Licensed to the Apache Software Foundation (ASF) under one or more
 -# contributor license agreements.  See the NOTICE file distributed with
@@ -57,8 +45,29 @@ index 2e172f3..0000000
 -
 -The RelayCountry plugin attempts to determine the domain country codes
 -of each relay used in the delivery path of messages and add that information
--to the message metadata as "X-Relay-Countries", or the C<_RELAYCOUNTRY_>
+-to the message metadata.
--header markup.
+-
+-Following metadata headers and tags are added:
+-
+- X-Relay-Countries           _RELAYCOUNTRY_
+-   All untrusted relays. Contains all relays starting from the
+-   trusted_networks border. This method has been used by default since
+-   early SA versions.
+-
+- X-Relay-Countries-External  _RELAYCOUNTRYEXT_
+-   All external relays. Contains all relays starting from the
+-   internal_networks border. Could be useful in some cases when
+-   trusted/msa_networks extend beyond the internal border and those
+-   need to be checked too.
+-
+- X-Relay-Countries-All       _RELAYCOUNTRYALL_
+-   All possible relays (internal + external).
+-
+- X-Relay-Countries-Auth      _RELAYCOUNTRYAUTH_
+-   Auth will contain all relays starting from the first relay that used
+-   authentication. For example, this could be used to check for hacked
+-   local users coming in from unexpected countries. If there are no
+-   authenticated relays, this will be empty.
 -
 -=head1 REQUIREMENT
 -
@@ -81,11 +90,6 @@ index 2e172f3..0000000
 -
 -our @ISA = qw(Mail::SpamAssassin::Plugin);
 -
--my $db;
--my $dbv6;
--my $db_info;  # will hold database info
--my $db_type;  # will hold database type
--
 -# constructor: register the eval rule
 -sub new {
 -  my $class = shift;
@@ -127,10 +131,9 @@ index 2e172f3..0000000
 -    type => $Mail::SpamAssassin::Conf::CONF_TYPE_STRING,
 -    code => sub {
 -      my ($self, $key, $value, $line) = @_;
--      if ( $value !~ /GeoIP|GeoIP2|DB_File|Fast/) {
+-      if ($value !~ /^(?:GeoIP|GeoIP2|DB_File|Fast)$/) {
 -        return $Mail::SpamAssassin::Conf::INVALID_VALUE;
 -      }
--
 -      $self->{country_db_type} = $value;
 -    }
 -  });
@@ -141,6 +144,15 @@ index 2e172f3..0000000
 -
 -This option tells SpamAssassin where to find MaxMind GeoIP2 or IP::Country::DB_File database.
 -
+-If not defined, GeoIP2 default search includes:
+- /usr/local/share/GeoIP/GeoIP2-Country.mmdb
+- /usr/share/GeoIP/GeoIP2-Country.mmdb
+- /var/lib/GeoIP/GeoIP2-Country.mmdb
+- /usr/local/share/GeoIP/GeoLite2-Country.mmdb
+- /usr/share/GeoIP/GeoLite2-Country.mmdb
+- /var/lib/GeoIP/GeoLite2-Country.mmdb
+- (and same paths again for -City.mmdb, which also has country functionality)
+-
 -=back
 -
 -=cut
@@ -154,84 +166,186 @@ index 2e172f3..0000000
 -      if (!defined $value || !length $value) {
 -        return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
 -      }
--      if (!-f $value) {
+-      if (!-e $value) {
 -        info("config: country_db_path \"$value\" is not accessible");
 -        $self->{country_db_path} = $value;
 -        return $Mail::SpamAssassin::Conf::INVALID_VALUE;
 -      }
--
 -      $self->{country_db_path} = $value;
 -    }
 -  });
+-
+-  push (@cmds, {
+-    setting => 'geoip2_default_db_path',
+-    default => [
+-      '/usr/local/share/GeoIP/GeoIP2-Country.mmdb',
+-      '/usr/share/GeoIP/GeoIP2-Country.mmdb',
+-      '/var/lib/GeoIP/GeoIP2-Country.mmdb',
+-      '/usr/local/share/GeoIP/GeoLite2-Country.mmdb',
+-      '/usr/share/GeoIP/GeoLite2-Country.mmdb',
+-      '/var/lib/GeoIP/GeoLite2-Country.mmdb',
+-      '/usr/local/share/GeoIP/GeoIP2-City.mmdb',
+-      '/usr/share/GeoIP/GeoIP2-City.mmdb',
+-      '/var/lib/GeoIP/GeoIP2-City.mmdb',
+-      '/usr/local/share/GeoIP/GeoLite2-City.mmdb',
+-      '/usr/share/GeoIP/GeoLite2-City.mmdb',
+-      '/var/lib/GeoIP/GeoLite2-City.mmdb',
+-      ],
+-    type => $Mail::SpamAssassin::Conf::CONF_TYPE_STRINGLIST,
+-    code => sub {
+-      my ($self, $key, $value, $line) = @_;
+-      if ($value eq '') {
+-        return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
+-      }
+-      push(@{$self->{geoip2_default_db_path}}, split(/\s+/, $value));
+-    }
+-  });
 -  
 -  $conf->{parser}->register_commands(\@cmds);
 -}
 -
+-sub get_country {
+-    my ($self, $ip, $db, $dbv6, $country_db_type) = @_;
+-    my $cc;
+-    my $IP_PRIVATE = IP_PRIVATE;
+-    my $IPV4_ADDRESS = IPV4_ADDRESS;
+-
+-    # Private IPs will always be returned as '**'
+-    if ($ip =~ /^$IP_PRIVATE$/o) {
+-      $cc = "**";
+-    }
+-    elsif ($country_db_type eq "GeoIP") {
+-      if ($ip =~ /^$IPV4_ADDRESS$/o) {
+-        $cc = $db->country_code_by_addr($ip);
+-      } elsif (defined $dbv6) {
+-        $cc = $dbv6->country_code_by_addr_v6($ip);
+-      }
+-    }
+-    elsif ($country_db_type eq "GeoIP2") {
+-      my ($country, $country_rec);
+-      eval {
+-        if (index($db->metadata()->description()->{en}, 'City') != -1) {
+-          $country = $db->city( ip => $ip );
+-        } else {
+-          $country = $db->country( ip => $ip );
+-        }
+-        $country_rec = $country->country();
+-        $cc = $country_rec->iso_code();
+-        1;
+-      } or do {
+-        $@ =~ s/\s+Trace begun.*//s;
+-        dbg("metadata: RelayCountry: GeoIP2 failed: $@");
+-      }
+-    }
+-    elsif ($country_db_type eq "DB_File") {
+-      if ($ip =~ /^$IPV4_ADDRESS$/o ) {
+-        $cc = $db->inet_atocc($ip);
+-      } else {
+-        $cc = $db->inet6_atocc($ip);
+-      }
+-    }
+-    elsif ($country_db_type eq "Fast") {
+-      $cc = $db->inet_atocc($ip);
+-    }
+-
+-    $cc ||= 'XX';
+-
+-    return $cc;
+-}
+-
 -sub extract_metadata {
 -  my ($self, $opts) = @_;
--  my $geo;
+-  my $pms = $opts->{permsgstatus};
--  my $cc;
 -
--  my $conf_country_db_type = $self->{'main'}{'resolver'}{'conf'}->{country_db_type};
+-  my $db;
--  my $conf_country_db_path = $self->{'main'}{'resolver'}{'conf'}->{country_db_path};
+-  my $dbv6;
+-  my $db_info;  # will hold database info
+-  my $db_type;  # will hold database type
 -
--  if ( $conf_country_db_type eq "GeoIP") {
+-  my $country_db_type = $opts->{conf}->{country_db_type};
+-  my $country_db_path = $opts->{conf}->{country_db_path};
+-
+-  if ($country_db_type eq "GeoIP") {
 -    eval {
 -      require Geo::IP;
 -      $db = Geo::IP->open_type(Geo::IP->GEOIP_COUNTRY_EDITION, Geo::IP->GEOIP_STANDARD);
 -      die "GeoIP.dat not found" unless $db;
 -      # IPv6 requires version Geo::IP 1.39+ with GeoIP C API 1.4.7+
 -      if (Geo::IP->VERSION >= 1.39 && Geo::IP->api eq 'CAPI') {
--       $dbv6 = Geo::IP->open_type(Geo::IP->GEOIP_COUNTRY_EDITION_V6, Geo::IP->GEOIP_STANDARD);
+-        $dbv6 = Geo::IP->open_type(Geo::IP->GEOIP_COUNTRY_EDITION_V6, Geo::IP->GEOIP_STANDARD);
--       if (!$dbv6) {
+-        if (!$dbv6) {
--         dbg("metadata: RelayCountry: IPv6 support not enabled, GeoIPv6.dat not found");
+-          dbg("metadata: RelayCountry: GeoIP: IPv6 support not enabled, GeoIPv6.dat not found");
--       }
+-        }
--       $db_info = sub { return "Geo::IP " . ($db->database_info || '?') };
 -      } else {
--       dbg("metadata: RelayCountry: IPv6 support not enabled, versions Geo::IP 1.39, GeoIP C API 1.4.7 required");
+-        dbg("metadata: RelayCountry: GeoIP: IPv6 support not enabled, versions Geo::IP 1.39, GeoIP C API 1.4.7 required");
+-      }
+-      $db_info = sub { return "Geo::IP IPv4: " . ($db->database_info || '?')." / IPv6: ".($dbv6 ? $dbv6->database_info || '?' : '?') };
+-      1;
+-    } or do {
+-      # Fallback to IP::Country::Fast
+-      dbg("metadata: RelayCountry: GeoIP: GeoIP.dat not found, trying IP::Country::Fast as fallback");
+-      $country_db_type = "Fast";
+-    }
+-  }
+-  elsif ($country_db_type eq "GeoIP2") {
+-    if (!$country_db_path) {
+-      # Try some default locations
+-      foreach (@{$opts->{conf}->{geoip2_default_db_path}}) {
+-        if (-f $_) {
+-          $country_db_path = $_;
+-          last;
+-        }
+-      }
+-    }
+-    if (-f $country_db_path) {
+-      eval {
+-        require GeoIP2::Database::Reader;
+-        $db = GeoIP2::Database::Reader->new(
+-          file => $country_db_path,
+-          locales => [ 'en' ]
+-        );
+-        die "unknown error" unless $db;
+-        $db_info = sub {
+-          my $m = $db->metadata();
+-          return "GeoIP2 ".$m->description()->{en}." / ".localtime($m->build_epoch());
+-        };
+-        1;
+-      } or do {
+-        # Fallback to IP::Country::Fast
+-        $@ =~ s/\s+Trace begun.*//s;
+-        dbg("metadata: RelayCountry: GeoIP2: ${country_db_path} load failed: $@, trying IP::Country::Fast as fallback");
+-        $country_db_type = "Fast";
 -      }
--   } or do {
--     # Fallback to IP::Country::Fast
--     dbg("metadata: RelayCountry: GeoIP.dat not found, IP::Country::Fast enabled as fallback");
--     $conf_country_db_type = "Fast";
--   }
--  } elsif ( $conf_country_db_type eq "GeoIP2" ) {
--     if ( -f $conf_country_db_path ) {
--       eval {
--         require GeoIP2::Database::Reader;
--         $db = GeoIP2::Database::Reader->new(
--            file => $conf_country_db_path,
--            locales	=> [ 'en' ]
--	   );
--         die "${conf_country_db_path} not found" unless $db;
--         $db_info = sub { return "GeoIP2 " . ($db->metadata()->description()->{en} || '?') };
--         1;
--       } or do {
--         # Fallback to IP::Country::Fast
--         dbg("metadata: RelayCountry: ${conf_country_db_path} not found, IP::Country::Fast enabled as fallback");
--         $conf_country_db_type = "Fast";
--       }
--     } else {
--         # Fallback to IP::Country::Fast
--         dbg("metadata: RelayCountry: ${conf_country_db_path} not found, IP::Country::Fast enabled as fallback");
--         $conf_country_db_type = "Fast";
--     }
--  } elsif ( $conf_country_db_type eq "DB_File") {
--    if ( -f $conf_country_db_path ) {
--      require IP::Country::DB_File;
--      $db = IP::Country::DB_File->new($conf_country_db_path);
--      die "Country db not found, please see build_ipcc.pl(1)" unless $db;
--      $db_info = sub { return "IP::Country::DB_File ".localtime($db->db_time()); };
--      1;     
 -    } else {
 -      # Fallback to IP::Country::Fast
--      dbg("metadata: RelayCountry: ${conf_country_db_path} not found, IP::Country::Fast enabled as fallback");
+-      my $err = $country_db_path ?
--      $conf_country_db_type = "Fast";
+-        "$country_db_path not found" : "database not found from default locations";
+-      dbg("metadata: RelayCountry: GeoIP2: $err, trying IP::Country::Fast as fallback");
+-      $country_db_type = "Fast";
+-    }
+-  }
+-  elsif ($country_db_type eq "DB_File") {
+-    if (-f $country_db_path) {
+-      eval {
+-        require IP::Country::DB_File;
+-        $db = IP::Country::DB_File->new($country_db_path);
+-        die "unknown error" unless $db;
+-        $db_info = sub { return "IP::Country::DB_File ".localtime($db->db_time()); };
+-        1;
+-      } or do {
+-        # Fallback to IP::Country::Fast
+-        dbg("metadata: RelayCountry: DB_File: ${country_db_path} load failed: $@, trying IP::Country::Fast as fallback");
+-        $country_db_type = "Fast";
+-      }
+-    } else {
+-      # Fallback to IP::Country::Fast
+-      dbg("metadata: RelayCountry: DB_File: ${country_db_path} not found, trying IP::Country::Fast as fallback");
+-      $country_db_type = "Fast";
 -    }
 -  } 
--  if( $conf_country_db_type eq "Fast") {
+-
+-  if ($country_db_type eq "Fast") {
 -    my $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
--    # Try IP::Country::Fast as backup
 -    eval {
 -      require IP::Country::Fast;
 -      $db = IP::Country::Fast->new();
@@ -241,79 +355,80 @@ index 2e172f3..0000000
 -      my $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
 -      dbg("metadata: RelayCountry: failed to load 'IP::Country::Fast', skipping: $eval_stat");
 -      return 1;
--    };
+-    }
--  };
+-  }
 -
--  return 1 unless $db;
+-  if (!$db) {
+-    return 1;
+-  }
 -
 -  dbg("metadata: RelayCountry: Using database: ".$db_info->());
 -  my $msg = $opts->{msg};
 -
--  my $countries = '';
+-  my @cc_untrusted;
--  my $IP_PRIVATE = IP_PRIVATE;
--  my $IPV4_ADDRESS = IPV4_ADDRESS;
 -  foreach my $relay (@{$msg->{metadata}->{relays_untrusted}}) {
 -    my $ip = $relay->{ip};
--    # Private IPs will always be returned as '**'
+-    my $cc = $self->get_country($ip, $db, $dbv6, $country_db_type);
--    if ( $conf_country_db_type eq "GeoIP" ) {
+-    push @cc_untrusted, $cc;
--	  if ( $ip !~ /^$IPV4_ADDRESS$/o ) {
--	    if ( defined $dbv6 ) {
--	    	$geo = $dbv6->country_code_by_addr_v6($ip) || "XX";
--	    } else {
--		$geo = "XX";
--	    }
--	  } else {
--	    $geo = $db->country_code_by_addr($ip) || "XX";
--	  }
--    } elsif ($conf_country_db_type eq "GeoIP2" ) {
--      if ( $ip !~ /^$IP_PRIVATE$/o ) {
--        my $country = $db->country( ip => $ip );
--        my $country_rec = $country->country();
--        $geo = $country_rec->iso_code() || "XX";
--        $cc = $ip =~ /^$IP_PRIVATE$/o ? '**' : $geo;
--      } else {
--        $cc = '**';
--      }
--    } elsif ( $conf_country_db_type eq "DB_File" ) {
--      if ( $ip !~ /^$IPV4_ADDRESS$/o ) {
--        $geo = $db->inet6_atocc($ip) || "XX";
--      } else {
--        $geo = $db->inet_atocc($ip) || "XX";
--      }		        
--    } elsif ( $conf_country_db_type eq "Fast" ) {
--        $geo = $db->inet_atocc($ip) || "XX";
--    }
--    $cc = $ip =~ /^$IP_PRIVATE$/o ? '**' : $geo;
--    $countries .= $cc." ";
 -  }
 -
--  chop $countries;
+-  my @cc_external;
--  $msg->put_metadata("X-Relay-Countries", $countries);
+-  foreach my $relay (@{$msg->{metadata}->{relays_external}}) {
--  dbg("metadata: X-Relay-Countries: $countries");
+-    my $ip = $relay->{ip};
+-    my $cc = $self->get_country($ip, $db, $dbv6, $country_db_type);
+-    push @cc_external, $cc;
+-  }
 -
--  return 1;
+-  my @cc_auth;
--}
+-  my $found_auth;
+-  foreach my $relay (@{$msg->{metadata}->{relays_trusted}}) {
+-    if ($relay->{auth}) {
+-      $found_auth = 1;
+-    }
+-    if ($found_auth) {
+-      my $ip = $relay->{ip};
+-      my $cc = $self->get_country($ip, $db, $dbv6, $country_db_type);
+-      push @cc_auth, $cc;
+-    }
+-  }
 -
--sub parsed_metadata {
+-  my @cc_all;
--  my ($self, $opts) = @_;
+-  foreach my $relay (@{$msg->{metadata}->{relays_internal}}, @{$msg->{metadata}->{relays_external}}) {
+-    my $ip = $relay->{ip};
+-    my $cc = $self->get_country($ip, $db, $dbv6, $country_db_type);
+-    push @cc_all, $cc;
+-  }
 -
--  return 1 unless $db;
+-  my $ccstr = join(' ', @cc_untrusted);
+-  $msg->put_metadata("X-Relay-Countries", $ccstr);
+-  dbg("metadata: X-Relay-Countries: $ccstr");
+-  $pms->set_tag("RELAYCOUNTRY", @cc_untrusted == 1 ? $cc_untrusted[0] : \@cc_untrusted);
+-
+-  $ccstr = join(' ', @cc_external);
+-  $msg->put_metadata("X-Relay-Countries-External", $ccstr);
+-  dbg("metadata: X-Relay-Countries-External: $ccstr");
+-  $pms->set_tag("RELAYCOUNTRYEXT", @cc_external == 1 ? $cc_external[0] : \@cc_external);
+-
+-  $ccstr = join(' ', @cc_auth);
+-  $msg->put_metadata("X-Relay-Countries-Auth", $ccstr);
+-  dbg("metadata: X-Relay-Countries-Auth: $ccstr");
+-  $pms->set_tag("RELAYCOUNTRYAUTH", @cc_auth == 1 ? $cc_auth[0] : \@cc_auth);
+-
+-  $ccstr = join(' ', @cc_all);
+-  $msg->put_metadata("X-Relay-Countries-All", $ccstr);
+-  dbg("metadata: X-Relay-Countries-All: $ccstr");
+-  $pms->set_tag("RELAYCOUNTRYALL", @cc_all == 1 ? $cc_all[0] : \@cc_all);
 -
--  my $countries =
--    $opts->{permsgstatus}->get_message->get_metadata('X-Relay-Countries');
--  my @c_list = split(' ', $countries);
--  $opts->{permsgstatus}->set_tag("RELAYCOUNTRY",
--                                 @c_list == 1 ? $c_list[0] : \@c_list);
 -  return 1;
 -}
 -
 -1;
 diff --git a/lib/Mail/SpamAssassin/Plugin/URILocalBL.pm b/lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
 deleted file mode 100644
-index e190fab..0000000
+index 4def393..0000000
 --- a/lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
 +++ /dev/null
-@@ -1,658 +0,0 @@
+@@ -1,705 +0,0 @@
 -# <@LICENSE>
 -# Licensed to the Apache Software Foundation (ASF) under one or more
 -# contributor license agreements.  See the NOTICE file distributed with
@@ -417,9 +532,9 @@ index e190fab..0000000
 -package Mail::SpamAssassin::Plugin::URILocalBL;
 -use Mail::SpamAssassin::Plugin;
 -use Mail::SpamAssassin::Logger;
+-use Mail::SpamAssassin::Constants qw(:ip);
 -use Mail::SpamAssassin::Util qw(untaint_var);
 -
--use Net::CIDR::Lite;
 -use Socket;
 -
 -use strict;
@@ -432,6 +547,7 @@ index e190fab..0000000
 -
 -use constant HAS_GEOIP => eval { require Geo::IP; };
 -use constant HAS_GEOIP2 => eval { require GeoIP2::Database::Reader; };
+-use constant HAS_CIDR => eval { require Net::CIDR::Lite; };
 -
 -# constructor
 -sub new {
@@ -463,6 +579,7 @@ index e190fab..0000000
 -
 -  push (@cmds, {
 -    setting => 'uri_block_cc',
+-    type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
 -    is_priv => 1,
 -    code => sub {
 -      my ($self, $key, $value, $line) = @_;
@@ -504,6 +621,7 @@ index e190fab..0000000
 -
 -  push (@cmds, {
 -    setting => 'uri_block_cont',
+-    type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
 -    is_priv => 1,
 -    code => sub {
 -      my ($self, $key, $value, $line) = @_;
@@ -545,6 +663,7 @@ index e190fab..0000000
 -  
 -  push (@cmds, {
 -    setting => 'uri_block_isp',
+-    type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
 -    is_priv => 1,
 -    code => sub {
 -      my ($self, $key, $value, $line) = @_;
@@ -584,10 +703,16 @@ index e190fab..0000000
 -
 -  push (@cmds, {
 -    setting => 'uri_block_cidr',
+-    type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
 -    is_priv => 1,
 -    code => sub {
 -      my ($self, $key, $value, $line) = @_;
 -
+-      if (!HAS_CIDR) {
+-        warn "config: uri_block_cidr not supported, required module Net::CIDR::Lite missing\n";
+-        return $Mail::SpamAssassin::Conf::INVALID_VALUE;
+-      }
+-
 -      if ($value !~ /^(\S+)\s+(.+)$/) {
 -	return $Mail::SpamAssassin::Conf::INVALID_VALUE;
 -      }
@@ -629,6 +754,7 @@ index e190fab..0000000
 -
 -  push (@cmds, {
 -    setting => 'uri_block_exclude',
+-    type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
 -    is_priv => 1,
 -    code => sub {
 -      my ($self, $key, $value, $line) = @_;
@@ -673,7 +799,7 @@ index e190fab..0000000
 -=item uri_country_db_path STRING
 -
 -This option tells SpamAssassin where to find the MaxMind country GeoIP2 
--database.
+-database. Country or City database are both supported.
 -
 -=back
 -
@@ -745,6 +871,7 @@ index e190fab..0000000
 -  # If country_db_path is set I am using GeoIP2 api
 -  if ( HAS_GEOIP2 and ( ( defined $conf_country_db_path ) or ( defined $conf_country_db_isp_path ) ) ) {
 -
+-   eval {
 -    $self->{geoip} = GeoIP2::Database::Reader->new(
 -  		file	=> $conf_country_db_path,
 -  		locales	=> [ 'en' ]
@@ -762,6 +889,13 @@ index e190fab..0000000
 -      warn "$conf_country_db_isp_path not found" unless $self->{geoisp};
 -    }
 -    $self->{use_geoip2} = 1;
+-   };
+-   if ($@ || !($self->{geoip} || $self->{geoisp})) {
+-     $@ =~ s/\s+Trace begun.*//s;
+-     warn "URILocalBL: GeoIP2 load failed: $@\n";
+-     return 0;
+-   }
+-
 -  } elsif ( HAS_GEOIP ) {
 -    BEGIN {
 -      Geo::IP->import( qw(GEOIP_MEMORY_CACHE GEOIP_CHECK_CACHE GEOIP_ISP_EDITION) );
@@ -775,20 +909,32 @@ index e190fab..0000000
 -
 -    # this code burps an ugly message if it fails, but that's redirected elsewhere
 -    my $flags = 0;
--    eval '$flags = Geo::IP::GEOIP_SILENCE' if ($gip_wanted >= $gip_have);
+-    my $flag_isp = 0;
+-    my $flag_silent = 0;
+-    eval '$flags = GEOIP_MEMORY_CACHE | GEOIP_CHECK_CACHE' if ($gip_have >= $gip_wanted);
+-    eval '$flag_silent = GEOIP_SILENCE' if ($gip_have >= $gip_wanted);
+-    eval '$flag_isp = GEOIP_ISP_EDITION' if ($gip_have >= $gip_wanted);
 -
--    if ($flags && $gic_wanted >= $gic_have) {
+-   eval {
--      $self->{geoip} = Geo::IP->new(GEOIP_MEMORY_CACHE | GEOIP_CHECK_CACHE | $flags);
+-    if ($flag_silent && $gic_have >= $gic_wanted) {
--      $self->{geoisp} = Geo::IP->open_type(GEOIP_ISP_EDITION, GEOIP_MEMORY_CACHE | GEOIP_CHECK_CACHE | $flags);
+-      $self->{geoip} = Geo::IP->new($flags | $flag_silent);
+-      $self->{geoisp} = Geo::IP->open_type($flag_isp, $flag_silent | $flags);
 -    } else {
 -      open(OLDERR, ">&STDERR");
 -      open(STDERR, ">", "/dev/null");
--      $self->{geoip} = Geo::IP->new(GEOIP_MEMORY_CACHE | GEOIP_CHECK_CACHE);
+-      $self->{geoip} = Geo::IP->new($flags);
--      $self->{geoisp} = Geo::IP->open_type(GEOIP_ISP_EDITION, GEOIP_MEMORY_CACHE | GEOIP_CHECK_CACHE);
+-      $self->{geoisp} = Geo::IP->open_type($flag_isp);
 -      open(STDERR, ">&OLDERR");
 -      close(OLDERR);
 -    }
--  $db_info = sub { return "Geo::IP " . ($self->{geoip}->database_info || '?') };
+-   };
+-    if ($@ || !($self->{geoip} || $self->{geoisp})) {
+-      $@ =~ s/\s+Trace begun.*//s;
+-      warn "URILocalBL: GeoIP load failed: $@\n";
+-      return 0;
+-    }
+-
+-    $db_info = sub { return "Geo::IP " . ($self->{geoip}->database_info || '?') };
 -  } else {
 -    dbg("No GeoIP module available");
 -    return 0;
@@ -800,6 +946,8 @@ index e190fab..0000000
 -
 -  my %hit_tests;
 -  my $got_hit = 0;
+-  my @addrs;
+-  my $IP_ADDRESS = IP_ADDRESS;
 -  
 -  if ( defined $self->{geoip} ) {
 -    dbg("check: uri_local_bl evaluating rule %s using database %s\n", $test, $db_info->());
@@ -807,12 +955,14 @@ index e190fab..0000000
 -    dbg("check: uri_local_bl evaluating rule %s\n", $test);
 -  }
 -
+-  my $dns_available = $permsg->is_dns_available();
+-
 -  while (my ($raw, $info) = each %uri_detail) {
 -
 -    next unless $info->{hosts};
 -
 -    # look for W3 links only
--    next unless (defined $info->{types}->{a});
+-    next unless (defined $info->{types}->{a} || defined $info->{types}->{parsed});
 -
 -    while (my($host, $domain) = each %{$info->{hosts}}) {
 -
@@ -822,11 +972,18 @@ index e190fab..0000000
 -        next;
 -      }
 -
--      # this would be best cached from prior lookups
+-      if($host !~ /^$IP_ADDRESS$/) {
--      my @addrs = gethostbyname($host);
+-       if (!$dns_available) {
--
+-         dbg("check: uri_local_bl skipping $host, dns not available");
--      # convert to string values address list
+-         next;
--      @addrs = map { inet_ntoa($_); } @addrs[4..$#addrs];
+-       }
+-       # this would be best cached from prior lookups
+-       @addrs = gethostbyname($host);
+-       # convert to string values address list
+-       @addrs = map { inet_ntoa($_); } @addrs[4..$#addrs];
+-      } else {
+-       @addrs = ($host);
+-      }
 -
 -      dbg("check: uri_local_bl %s addrs %s\n", $host, join(', ', @addrs));
 -
@@ -841,7 +998,12 @@ index e190fab..0000000
 -          dbg("check: uri_local_bl countries %s\n", join(' ', sort keys %{$rule->{countries}}));
 -
 -          if ( $self->{use_geoip2} == 1 ) {
--            my $country = $self->{geoip}->country( ip => $ip );
+-            my $country;
+-            if (index($self->{geoip}->metadata()->description()->{en}, 'City') != -1) {
+-              $country = $self->{geoip}->city( ip => $ip );
+-            } else {
+-              $country = $self->{geoip}->country( ip => $ip );
+-            }
 -            my $country_rec = $country->country();
 -            $cc = $country_rec->iso_code();
 -          } else {
@@ -973,14 +1135,22 @@ index e190fab..0000000
 -1;
 -
 diff --git a/lib/Mail/SpamAssassin/Util/DependencyInfo.pm b/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
-index 8127595..17aacbc 100644
+index e55c863..b5b05cf 100644
 --- a/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
 +++ b/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
-@@ -124,30 +124,6 @@ our @OPTIONAL_MODULES = (
+@@ -125,46 +125,6 @@ our @OPTIONAL_MODULES = (
    desc => 'Used to check DNS Sender Policy Framework (SPF) records to fight email
    address forgery and make it easier to identify spams.',
  },
 -{
+-  module => 'GeoIP2::Database::Reader',
+-  version => 0,
+-  desc => 'Used by the RelayCountry plugin (not enabled by default) to
+-  determine the domain country codes of each relay in the path of an email. 
+-  Also used by the URILocalBL plugin (not enabled by default) to provide ISP
+-  and Country code based filtering.',
+-},
+-{
 -  module => 'Geo::IP',
 -  version => 0,
 -  desc => 'Used by the RelayCountry plugin (not enabled by default) to determine
@@ -988,6 +1158,14 @@ index 8127595..17aacbc 100644
 -  the URILocalBL plugin to provide ISP and Country code based filtering.',
 -},
 -{
+-  module => 'IP::Country::DB_File',
+-  version => 0,
+-  desc => 'Used by the RelayCountry plugin (not enabled by default) to
+-  determine the domain country codes of each relay in the path of an email. 
+-  Also used by the URILocalBL plugin (not enabled by default) to provide
+-  Country code based filtering.',
+-},
+-{
 -  module => 'Net::CIDR::Lite',
 -  version => 0,
 -  desc => 'Used by the URILocalBL plugin to process IP address ranges.',
@@ -1008,7 +1186,7 @@ index 8127595..17aacbc 100644
  # module => 'Net::Ident',
  # version => 0,
 diff --git a/rules/init.pre b/rules/init.pre
-index a330bad..6313a03 100644
+index f9ee06a..0539b29 100644
 --- a/rules/init.pre
 +++ b/rules/init.pre
 @@ -14,13 +14,6 @@
@@ -1041,10 +1219,10 @@ index 489dd4c..7ff8e84 100644
  # PDFInfo - Use several methods to detect a PDF file's ham/spam traits
  # loadplugin Mail::SpamAssassin::Plugin::PDFInfo
 diff --git a/spamassassin.raw b/spamassassin.raw
-index 9d03d4f..443e154 100755
+index 4b52ef9..959297a 100755
 --- a/spamassassin.raw
 +++ b/spamassassin.raw
-@@ -881,9 +881,6 @@ from the SpamAssassin distribution.
+@@ -872,9 +872,6 @@ from the SpamAssassin distribution.
      Mail::SpamAssassin::Plugin::Hashcash
  	perform hashcash verification tests
  
@@ -1054,6 +1232,3 @@ index 9d03d4f..443e154 100755
      Mail::SpamAssassin::Plugin::SPF
  	perform SPF verification tests
  
--- 
-2.14.4
-

SOURCES/spamassassin-disable_tests_for_deleted_modules.patch

@@ -0,0 +1,40 @@
+diff --git a/t/all_modules.t b/t/all_modules.t
+index 855395f..a976012 100755
+--- a/t/all_modules.t
++++ b/t/all_modules.t
+@@ -12,15 +12,7 @@ plan tests => 5;
+ 
+ my $plugins = '';
+ 
+-if (eval { require BSD::Resource; }) {
+-    $plugins .= "loadplugin Mail::SpamAssassin::Plugin::ResourceLimits\n"
+-}
+-if (eval { require Net::CIDR::Lite; }) {
+-    $plugins .= "loadplugin Mail::SpamAssassin::Plugin::URILocalBL\n";
+-}
+-
+ tstpre ("
+-loadplugin Mail::SpamAssassin::Plugin::RelayCountry
+ loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
+ loadplugin Mail::SpamAssassin::Plugin::Hashcash
+ loadplugin Mail::SpamAssassin::Plugin::SPF
+diff --git a/t/data/01_test_rules.pre b/t/data/01_test_rules.pre
+index c4681ca..1694ddf 100644
+--- a/t/data/01_test_rules.pre
++++ b/t/data/01_test_rules.pre
+@@ -21,7 +21,6 @@ loadplugin Mail::SpamAssassin::Plugin::WLBLEval
+ loadplugin Mail::SpamAssassin::Plugin::VBounce
+ 
+ # Try to load some non-default plugins also
+-loadplugin Mail::SpamAssassin::Plugin::RelayCountry
+ loadplugin Mail::SpamAssassin::Plugin::DCC
+ loadplugin Mail::SpamAssassin::Plugin::AntiVirus
+ loadplugin Mail::SpamAssassin::Plugin::AWL
+@@ -32,7 +31,6 @@ loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
+ loadplugin Mail::SpamAssassin::Plugin::ASN
+ #loadplugin Mail::SpamAssassin::Plugin::PhishTag
+ #loadplugin Mail::SpamAssassin::Plugin::TxRep
+-loadplugin Mail::SpamAssassin::Plugin::URILocalBL
+ loadplugin Mail::SpamAssassin::Plugin::PDFInfo
+ loadplugin Mail::SpamAssassin::Plugin::HashBL
+ #loadplugin Mail::SpamAssassin::Plugin::ResourceLimits

SOURCES/spamassassin-sql92_syntax.patch

@@ -0,0 +1,354 @@
+diff --git a/lib/Mail/SpamAssassin/AutoWhitelist.pm b/lib/Mail/SpamAssassin/AutoWhitelist.pm
+index 627e249..cc3c97b 100644
+--- a/lib/Mail/SpamAssassin/AutoWhitelist.pm
++++ b/lib/Mail/SpamAssassin/AutoWhitelist.pm
+@@ -128,35 +128,35 @@ sub check_address {
+   my $entry = $self->{checker}->get_addr_entry ($fulladdr, $signedby);
+   $self->{entry} = $entry;
+ 
+-  if (!$entry->{msgcount}) {
++  if (!$entry->{count}) {
+     # no entry found
+     if (defined $origip) {
+       # try upgrading a default entry (probably from "add-addr-to-foo")
+       my $noipaddr = $self->pack_addr ($addr, undef);
+       my $noipent = $self->{checker}->get_addr_entry ($noipaddr, undef);
+ 
+-      if (defined $noipent->{msgcount} && $noipent->{msgcount} > 0) {
++      if (defined $noipent->{count} && $noipent->{count} > 0) {
+ 	dbg("auto-whitelist: found entry w/o IP address for $addr: replacing with $origip");
+ 	$self->{checker}->remove_entry($noipent);
+         # Now assign proper entry the count and totscore values of the
+         # no-IP entry instead of assigning the whole value to avoid
+         # wiping out any information added to the previous entry.
+-	$entry->{msgcount} = $noipent->{msgcount};
++	$entry->{count} = $noipent->{count};
+ 	$entry->{totscore} = $noipent->{totscore};
+       }
+     }
+   }
+ 
+-  if ($entry->{msgcount} < 0 ||
+-      $entry->{msgcount} != $entry->{msgcount} ||  # test for NaN
++  if ($entry->{count} < 0 ||
++      $entry->{count} != $entry->{count} ||  # test for NaN
+       $entry->{totscore} != $entry->{totscore})
+   {
+     warn "auto-whitelist: resetting bad data for ($addr, $origip), ".
+-         "count: $entry->{msgcount}, totscore: $entry->{totscore}\n";
+-    $entry->{msgcount} = $entry->{totscore} = 0;
++         "count: $entry->{count}, totscore: $entry->{totscore}\n";
++    $entry->{count} = $entry->{totscore} = 0;
+   }
+ 
+-  return !$entry->{msgcount} ? undef : $entry->{totscore} / $entry->{msgcount};
++  return !$entry->{count} ? undef : $entry->{totscore} / $entry->{count};
+ }
+ 
+ ###########################################################################
+@@ -170,7 +170,7 @@ whitelist correction.
+ 
+ sub count {
+   my $self = shift;
+-  return $self->{entry}->{msgcount};
++  return $self->{entry}->{count};
+ }
+ 
+ 
+@@ -195,7 +195,7 @@ sub add_score {
+     return;		# don't try to add a NaN
+   }
+ 
+-  $self->{entry}->{msgcount} ||= 0;
++  $self->{entry}->{count} ||= 0;
+   $self->{checker}->add_score($self->{entry}, $score);
+ }
+ 
+diff --git a/lib/Mail/SpamAssassin/DBBasedAddrList.pm b/lib/Mail/SpamAssassin/DBBasedAddrList.pm
+index 6aaed86..a1adca3 100644
+--- a/lib/Mail/SpamAssassin/DBBasedAddrList.pm
++++ b/lib/Mail/SpamAssassin/DBBasedAddrList.pm
+@@ -125,10 +125,10 @@ sub get_addr_entry {
+ 	addr			=> $addr,
+   };
+ 
+-  $entry->{msgcount} = $self->{accum}->{$addr} || 0;
++  $entry->{count} = $self->{accum}->{$addr} || 0;
+   $entry->{totscore} = $self->{accum}->{$addr.'|totscore'} || 0;
+ 
+-  dbg("auto-whitelist: db-based $addr scores ".$entry->{msgcount}.'/'.$entry->{totscore});
++  dbg("auto-whitelist: db-based $addr scores ".$entry->{count}.'/'.$entry->{totscore});
+   return $entry;
+ }
+ 
+@@ -137,15 +137,15 @@ sub get_addr_entry {
+ sub add_score {
+     my($self, $entry, $score) = @_;
+ 
+-    $entry->{msgcount} ||= 0;
++    $entry->{count} ||= 0;
+     $entry->{addr}  ||= '';
+ 
+-    $entry->{msgcount}++;
++    $entry->{count}++;
+     $entry->{totscore} += $score;
+ 
+-    dbg("auto-whitelist: add_score: new count: ".$entry->{msgcount}.", new totscore: ".$entry->{totscore});
++    dbg("auto-whitelist: add_score: new count: ".$entry->{count}.", new totscore: ".$entry->{totscore});
+ 
+-    $self->{accum}->{$entry->{addr}} = $entry->{msgcount};
++    $self->{accum}->{$entry->{addr}} = $entry->{count};
+     $self->{accum}->{$entry->{addr}.'|totscore'} = $entry->{totscore};
+     return $entry;
+ }
+diff --git a/lib/Mail/SpamAssassin/Plugin/TxRep.pm b/lib/Mail/SpamAssassin/Plugin/TxRep.pm
+index 2ef3ddc..08b432b 100644
+--- a/lib/Mail/SpamAssassin/Plugin/TxRep.pm
++++ b/lib/Mail/SpamAssassin/Plugin/TxRep.pm
+@@ -1521,7 +1521,7 @@ sub check_reputation {
+ #--------------------------------------------------------------------------
+ 
+ ###########################################################################
+-sub count {my $self=shift;  return (defined $self->{checker})? $self->{entry}->{msgcount}    : undef;}
++sub count {my $self=shift;  return (defined $self->{checker})? $self->{entry}->{count}    : undef;}
+ sub total {my $self=shift;  return (defined $self->{checker})? $self->{entry}->{totscore} : undef;}
+ ###########################################################################
+ 
+@@ -1538,11 +1538,11 @@ sub get_sender {
+   $self->{entry} = $entry;
+   $origip        = $origip || 'none';
+ 
+-  if ($entry->{msgcount}<0 || $entry->{msgcount}=~/^(nan|)$/ || $entry->{totscore}=~/^(nan|)$/) {
+-    warn "TxRep: resetting bad data for ($addr, $origip), count: $entry->{msgcount}, totscore: $entry->{totscore}\n";
+-    $self->{entry}->{msgcount} = $self->{entry}->{totscore} = 0;
++  if ($entry->{count}<0 || $entry->{count}=~/^(nan|)$/ || $entry->{totscore}=~/^(nan|)$/) {
++    warn "TxRep: resetting bad data for ($addr, $origip), count: $entry->{count}, totscore: $entry->{totscore}\n";
++    $self->{entry}->{count} = $self->{entry}->{totscore} = 0;
+   }
+-  return $self->{entry}->{msgcount};
++  return $self->{entry}->{count};
+ }
+ 
+ 
+@@ -1557,7 +1557,7 @@ sub add_score {
+     warn "TxRep: attempt to add a $score to TxRep entry ignored\n";
+     return;                                       # don't try to add a NaN
+   }
+-  $self->{entry}->{msgcount} ||= 0;
++  $self->{entry}->{count} ||= 0;
+ 
+   # performing the dilution aging correction
+   if (defined $self->total() && defined $self->count() && defined $self->{txrep_dilution_factor}) {
+@@ -1587,9 +1587,9 @@ sub remove_score {
+   }
+   # no reversal dilution aging correction (not easily possible),
+   # just removing the original message score
+-  if ($self->{entry}->{msgcount} > 2)
+-        {$self->{entry}->{msgcount} -= 2;}
+-  else  {$self->{entry}->{msgcount}  = 0;}
++  if ($self->{entry}->{count} > 2)
++        {$self->{entry}->{count} -= 2;}
++  else  {$self->{entry}->{count}  = 0;}
+   # subtract 2, and add a score; hence decrementing by 1
+   $self->{checker}->add_score($self->{entry}, -1*$score);
+ }
+diff --git a/lib/Mail/SpamAssassin/SQLBasedAddrList.pm b/lib/Mail/SpamAssassin/SQLBasedAddrList.pm
+index 278f792..f3f40b4 100644
+--- a/lib/Mail/SpamAssassin/SQLBasedAddrList.pm
++++ b/lib/Mail/SpamAssassin/SQLBasedAddrList.pm
+@@ -45,7 +45,7 @@ CREATE TABLE awl (
+   username varchar(100) NOT NULL default '',
+   email varchar(255) NOT NULL default '',
+   ip varchar(40) NOT NULL default '',
+-  msgcount int(11) NOT NULL default '0',
++  count int(11) NOT NULL default '0',
+   totscore float NOT NULL default '0',
+   signedby varchar(255) NOT NULL default '',
+   PRIMARY KEY (username,email,signedby,ip)
+@@ -191,7 +191,7 @@ sub get_addr_entry {
+ 
+   my $entry = { addr     => $addr,
+                 exists_p => 0,
+-                msgcount    => 0,
++                count    => 0,
+                 totscore => 0,
+                 signedby => $signedby,
+               };
+@@ -200,7 +200,7 @@ sub get_addr_entry {
+ 
+   return $entry  unless $email ne '' && (defined $ip || defined $signedby);
+ 
+-  my $sql = "SELECT msgcount, totscore FROM $self->{tablename} " .
++  my $sql = "SELECT count, totscore FROM $self->{tablename} " .
+             "WHERE username = ? AND email = ?";
+   my @args = ( $email );
+   if (!$self->{_with_awl_signer}) {
+@@ -225,7 +225,7 @@ sub get_addr_entry {
+   if (!$rc) { # there was an error, but try to go on
+     info("auto-whitelist: sql-based get_addr_entry %s: SQL error: %s",
+          join('|',@args), $sth->errstr);
+-    $entry->{msgcount} = 0;
++    $entry->{count} = 0;
+     $entry->{totscore} = 0;
+   }
+   else {
+@@ -234,8 +234,8 @@ sub get_addr_entry {
+     # how to combine data if there are several entries (like signed by
+     # an author domain and by a remailer)?  for now just take an average
+     while ( defined($aryref = $sth->fetchrow_arrayref()) ) {
+-      if (defined $entry->{msgcount} && defined $aryref->[1]) {
+-        $entry->{msgcount} = $aryref->[0];
++      if (defined $entry->{count} && defined $aryref->[1]) {
++        $entry->{count} = $aryref->[0];
+         $entry->{totscore} = $aryref->[1];
+       }
+       $entry->{exists_p} = 1;
+@@ -247,8 +247,8 @@ sub get_addr_entry {
+   }
+   $sth->finish();
+ 
+-  dbg("auto-whitelist: sql-based %s scores %s, msgcount %s",
+-      join('|',@args), $entry->{totscore}, $entry->{msgcount});
++  dbg("auto-whitelist: sql-based %s scores %s, count %s",
++      join('|',@args), $entry->{totscore}, $entry->{count});
+ 
+   return $entry;
+ }
+@@ -275,7 +275,7 @@ sub add_score {
+   
+   my ($email, $ip) = $self->_unpack_addr($entry->{addr});
+ 
+-  $entry->{msgcount} += 1;
++  $entry->{count} += 1;
+   $entry->{totscore} += $score;
+   my $signedby = $entry->{signedby};
+   
+@@ -286,7 +286,7 @@ sub add_score {
+ 
+   my $inserted = 0;
+ 
+-  { my @fields = qw(username email ip msgcount totscore);
++  { my @fields = qw(username email ip count totscore);
+     my @signedby;
+     if ($self->{_with_awl_signer}) {
+       push(@fields, 'signedby');
+@@ -327,9 +327,9 @@ sub add_score {
+     # insert failed, assume primary key constraint, so try the update
+ 
+     my $sql = "UPDATE $self->{tablename} ".
+-              "SET msgcount = ?, totscore = totscore + ? ".
++              "SET count = ?, totscore = totscore + ? ".
+               "WHERE username = ? AND email = ?";
+-    my(@args) = ($entry->{msgcount}, $score, $self->{_username}, $email);
++    my(@args) = ($entry->{count}, $score, $self->{_username}, $email);
+     if ($self->{_with_awl_signer}) {
+       my @signedby = !defined $signedby ? () : split(' ', lc $signedby);
+       if (!@signedby) {
+@@ -352,8 +352,8 @@ sub add_score {
+            join('|',@args), $sth->errstr);
+     } else {
+       dbg("auto-whitelist: sql-based add_score/update ".
+-          "new msgcount: %s, new totscore: %s for %s",
+-          $entry->{msgcount}, $entry->{totscore}, join('|',@args));
++          "new count: %s, new totscore: %s for %s",
++          $entry->{count}, $entry->{totscore}, join('|',@args));
+       $entry->{exists_p} = 1;
+     }
+   }
+diff --git a/sql/README.awl b/sql/README.awl
+index 68de4a1..a1ddf40 100644
+--- a/sql/README.awl
++++ b/sql/README.awl
+@@ -75,7 +75,7 @@ setting: "awl") with at least these fields:
+   username varchar(100)	  # this is the username whose e-mail is being filtered
+   email varchar(200)      # this is the address key
+   ip    varchar(40)       # this is the ip key (fits IPv4 or IPv6)
+-  msgcount int(11)        # this is the message counter
++  count int(11)           # this is the message counter
+   totscore float          # this is the total calculated score
+   signedby varchar(255)   # a DKIM or DomainKeys signing domain(s)
+ 
+@@ -109,7 +109,7 @@ CREATE TABLE awl (
+   username varchar(100) NOT NULL default '',
+   email varchar(255) NOT NULL default '',
+   ip varchar(40) NOT NULL default '',
+-  msgcount int(11) NOT NULL default '0',
++  count int(11) NOT NULL default '0',
+   totscore float NOT NULL default '0',
+   signedby varchar(255) NOT NULL default '',
+   PRIMARY KEY (username,email,signedby,ip)
+diff --git a/sql/awl_mysql.sql b/sql/awl_mysql.sql
+index a8b6926..0bfa99a 100644
+--- a/sql/awl_mysql.sql
++++ b/sql/awl_mysql.sql
+@@ -2,7 +2,7 @@ CREATE TABLE awl (
+   username varchar(100) NOT NULL default '',
+   email varbinary(255) NOT NULL default '',
+   ip varchar(40) NOT NULL default '',
+-  msgcount int(11) NOT NULL default '0',
++  count int(11) NOT NULL default '0',
+   totscore float NOT NULL default '0',
+   signedby varchar(255) NOT NULL default '',
+   last_hit timestamp NOT NULL default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+diff --git a/sql/awl_pg.sql b/sql/awl_pg.sql
+index 2cb3f3e..4f59d72 100644
+--- a/sql/awl_pg.sql
++++ b/sql/awl_pg.sql
+@@ -2,7 +2,7 @@ CREATE TABLE awl (
+   username varchar(100) NOT NULL default '',
+   email varchar(255) NOT NULL default '',
+   ip varchar(40) NOT NULL default '',
+-  msgcount bigint NOT NULL default '0',
++  count bigint NOT NULL default '0',
+   totscore float NOT NULL default '0',
+   signedby varchar(255) NOT NULL default '',
+   last_hit timestamp NOT NULL default CURRENT_TIMESTAMP,
+diff --git a/sql/txrep_mysql.sql b/sql/txrep_mysql.sql
+index 9a4888b..bbe6b95 100644
+--- a/sql/txrep_mysql.sql
++++ b/sql/txrep_mysql.sql
+@@ -2,7 +2,7 @@ CREATE TABLE txrep (
+   username varchar(100) NOT NULL default '',
+   email varchar(255) NOT NULL default '',
+   ip varchar(40) NOT NULL default '',
+-  msgcount int(11) NOT NULL default '0',
++  count int(11) NOT NULL default '0',
+   totscore float NOT NULL default '0',
+   signedby varchar(255) NOT NULL default '',
+   last_hit timestamp NOT NULL default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+diff --git a/sql/txrep_pg.sql b/sql/txrep_pg.sql
+index 191074c..463006b 100644
+--- a/sql/txrep_pg.sql
++++ b/sql/txrep_pg.sql
+@@ -2,7 +2,7 @@ CREATE TABLE txrep (
+   username varchar(100) NOT NULL default '',
+   email varchar(255) NOT NULL default '',
+   ip varchar(40) NOT NULL default '',
+-  msgcount bigint NOT NULL default '0',
++  count bigint NOT NULL default '0',
+   totscore float NOT NULL default '0',
+   signedby varchar(255) NOT NULL default '',
+   last_hit timestamp NOT NULL default CURRENT_TIMESTAMP,
+diff --git a/UPGRADE b/UPGRADE
+index cfd31ab..b555b0b 100644
+--- a/UPGRADE
++++ b/UPGRADE
+@@ -24,18 +24,6 @@ Note for Users Upgrading to SpamAssassin 3.4.3
+   This is to make sure all the legacy installations and wiki guides etc
+   still using it needlessly get fixed.
+ 
+-- TxRep and Awl plugins has been modified to be compatible 
+-  with latest Postgresql versions.
+-  You should upgrade your sql database running the following command:
+-  MySQL:
+-  "ALTER TABLE `txrep` CHANGE `count` `msgcount` INT(11) NOT NULL DEFAULT '0';"
+-  "ALTER TABLE `awl` CHANGE `count` `msgcount` INT(11) NOT NULL DEFAULT '0';"
+-  "ALTER TABLE `awl` ADD last_hit timestamp NOT NULL default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP;"
+-  PostgreSQL:
+-  "ALTER TABLE txrep RENAME COLUMN count TO msgcount;"
+-  "ALTER TABLE awl RENAME COLUMN count TO msgcount;"
+-  "ALTER TABLE awl ADD last_hit timestamp NOT NULL default CURRENT_TIMESTAMP;"
+-
+ - body_part_scan_size 50000, rawbody_part_scan_size 500000 defaults added (Bug 6582)
+   These enable safer and faster scanning of large emails.
+ 

SPECS/spamassassin.spec

@@ -53,21 +53,21 @@
 %define real_name Mail-SpamAssassin
 %{!?perl_vendorlib: %define perl_vendorlib %(eval "`%{__perl} -V:installvendorlib`"; echo $installvendorlib)}
 
-%global saversion 3.004002
+%global saversion 3.004006
 #%%global prerev rc2
 
 Summary: Spam filter for email which can be invoked from mail delivery agents
 Name: spamassassin
-Version: 3.4.2
+Version: 3.4.6
 #Release: 0.8.%%{prerev}%%{?dist}
-Release: 7%{?dist}
+Release: 1%{?dist}
 License: ASL 2.0
 Group: Applications/Internet
 URL: https://spamassassin.apache.org/
-Source0: https://www.apache.org/dist/%{name}/source/%{real_name}-%{version}.tar.bz2
 #Source0: %%{real_name}-%%{version}-%%{prerev}.tar.bz2
-Source1: https://www.apache.org/dist/%{name}/source/%{real_name}-rules-%{version}.r1840640.tgz
+Source0: https://dlcdn.apache.org/dist/%{name}/source/%{real_name}-%{version}.tar.bz2
 #Source1: %%{real_name}-rules-%%{version}.%%{prerev}.tgz
+Source1: https://dlcdn.apache.org/dist/%{name}/source/%{real_name}-rules-%{version}.r1888502.tgz
 Source2: redhat_local.cf
 Source3: spamassassin-default.rc
 Source4: spamassassin-spamc.rc
@@ -78,7 +78,6 @@ Source8: sa-update.cronscript
 Source9: sa-update.force-sysconfig
 Source10: spamassassin-helper.sh
 Source11: spamassassin-official.conf
-Source12: sought.conf
 Source13: README.RHEL.Fedora
 %if %{use_systemd}
 Source14: spamassassin.service
@@ -93,14 +92,12 @@ Source17: sa-update.timer
 Patch0: spamassassin-3.3.2-gnupg2.patch
 Patch1: spamassassin-3.4.1-add-logfile-homedir-options.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1607372
-Patch2: spamassassin-3.4.2-drop-geoip.patch
+Patch2: spamassassin-3.4.6-drop-geoip.patch
-Patch3: 0001-Drop-the-ResourceLimits-plugin.patch
+Patch3: spamassassin-3.4.6-Drop-the-ResourceLimits-plugin.patch
-
+%if 0%{?rhel} <= 8
-# Patches 100+ are SVN backports (DO NOT REUSE!)
+Patch4: spamassassin-sql92_syntax.patch
-Patch100: spamassassin-3.4.2-fix-use-after-free.patch
+%endif
-Patch101: spamassassin-3.4.2-fix-file-handle-leaks.patch
+Patch5: spamassassin-disable_tests_for_deleted_modules.patch
-Patch102: spamassassin-3.4.2-fix-rawbody-rules-documentation.patch
-
 # end of patches
 
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -117,16 +114,44 @@ BuildRequires: perl(Time::HiRes)
 BuildRequires: perl(HTML::Parser)
 BuildRequires: perl(NetAddr::IP)
 BuildRequires: openssl-devel
+
+
 %if %{use_systemd}
 BuildRequires: systemd-units
 %endif
 
+# BuildRequires for test suite
+BuildRequires: perl(Test::Builder)
+BuildRequires: perl(Test) perl(Test::More)
+BuildRequires: perl(Net::DNS::Nameserver)
+BuildRequires: perl(DB_File)
+BuildRequires: perl(DBI) perl(DBD::mysql)
+BuildRequires: perl(Mail::DKIM)
+BuildRequires: perl(LWP::UserAgent)
+BuildRequires: perl(Archive::Zip)
+BuildRequires: perl(IO::String)
+buildrequires: wget
+
+%if 0%{?fedora}
+BuildRequires: perl(Devel::Cycle)
+BuildRequires: perl(Net::Patricia)
+%endif
+
+BuildRequires: perl(Mail::SPF)
+BuildRequires: perl(IO::Socket::INET6)
+BuildRequires: perl(IO::Socket::SSL)
+BuildRequires: perl(Encode::Detect::Detector)
+
+
+
+
 Requires: perl(HTTP::Date)
 Requires: perl(LWP::UserAgent)
 Requires: perl(Net::DNS)
 Requires: perl(Time::HiRes)
 Requires: perl(DB_File)
 Requires: perl(Mail::SPF)
+Requires: perl(IO::String)
 %if %{require_encode_detect}
 Requires: perl(Encode::Detect)
 %endif
@@ -206,13 +231,12 @@ To filter spam for all users, add that line to /etc/procmailrc
 # Drop the ResourceLimits plugin - it requires perl(BSD::Resource)
 # which is not in RHEL-8
 %patch3 -p1
-rm -f lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
+# Reverting this in thel8 to not complicate update process
-
+# https://github.com/apache/spamassassin/commit/f7d39bfd3ef2e5ef4a9de480764ee1d73be9349
-# Patches 100+ are SVN backports (DO NOT REUSE!)
+%if 0%{?rhel} == 8
-%patch100 -p1
+%patch4 -p1
-%patch101 -p1
+%endif
-%patch102 -p1
+%patch5 -p1
-
 # end of patches
 
 echo "RHEL=%{?rhel} FEDORA=%{?fedora}"
@@ -295,13 +319,16 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/spamassassin
 mkdir   -m 0700             $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/sa-update-keys/
 mkdir   -m 0755             $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
 install -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
-install -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
 
 install -m 0644 %{SOURCE13} $RPM_BUILD_DIR/Mail-SpamAssassin-%{version}/
 %if %{razor_deps}
 mkdir   -m 0700 -p          $RPM_BUILD_ROOT%{_sharedstatedir}/razor/
 %endif
 
+%check
+rm -f t/relaycountry* t/urilocal*
+make disttest
+
 %files -f %{name}-%{version}-filelist
 %doc LICENSE NOTICE CREDITS Changes README TRADEMARK UPGRADE
 %doc USAGE sample-nonspam.txt sample-spam.txt 
@@ -396,6 +423,36 @@ exit 0
 %endif
 
 %changelog
+* Mon Dec 13 2021 Martin Osvald <mosvald@redhat.com> - 3.4.6-1
+- Rebase to v3.4.6
+- Resolves: #1943848
+
+* Thu Jul 29 2021 Pavel Zhukov <pzhukov@redhat.com> - 3.4.4-4.el4
+- Fix header parsing
+
+* Tue Oct  6 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.4.4-3
+- Add tests BRs
+
+* Tue Oct  6 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.4.4-2
+- New version v3.4.4
+- Enable tests
+
+* Mon Jun 15 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-10
+- Fixed CVE-2018-11805
+- Resolves: rhbz#1787514
+- Fixed CVE-2020-1930
+- Resolves: rhbz#1820649
+- Fixed CVE-2020-1931
+- Resolves: rhbz#1820650
+
+* Thu Apr 09 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-9
+- Fix CVE-2019-12420
+- Resolves: rhbz#1812977
+
+* Wed Mar 18 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-8
+- Removed the obsolete SOUGHT channel for rule updates
+- Resolves: rhbz#1630362
+
 * Tue Oct 01 2019 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-7
 - Fix rawbody rules documentation
 - Resolves: rhbz#1639251