Attachment #104697 for bug #144911

View | Details | Raw Unified | Return to bug 144911
Collapse All | Expand All

Lines 6-13 Link Here

(-)./Makefile (-4 / +8 lines)
6	#	6	#
7		7
8	PORTNAME= Mail-SpamAssassin	8	PORTNAME= Mail-SpamAssassin
9	PORTVERSION= 3.3.0	9	PORTVERSION= 3.3.1
10	PORTREVISION= 3
11	CATEGORIES= mail perl5	10	CATEGORIES= mail perl5
12	MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:apache/} ${MASTER_SITE_PERL_CPAN:S/$/:cpan/}	11	MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:apache/} ${MASTER_SITE_PERL_CPAN:S/$/:cpan/}
13	MASTER_SITE_SUBDIR= spamassassin/source/:apache Mail/:cpan	12	MASTER_SITE_SUBDIR= spamassassin/source/:apache Mail/:cpan
Lines 30-36 Link Here
30	${SITE_PERL}/Mail/Internet.pm:${PORTSDIR}/mail/p5-Mail-Tools	29	${SITE_PERL}/Mail/Internet.pm:${PORTSDIR}/mail/p5-Mail-Tools
31		30
32	RUN_DEPENDS= ${BUILD_DEPENDS} \	31	RUN_DEPENDS= ${BUILD_DEPENDS} \
33	${SITE_PERL}/IO/Socket/INET6.pm:${PORTSDIR}/net/p5-IO-INET6 \
34	${SITE_PERL}/${PERL_ARCH}/Time/HiRes.pm:${PORTSDIR}/devel/p5-Time-HiRes	32	${SITE_PERL}/${PERL_ARCH}/Time/HiRes.pm:${PORTSDIR}/devel/p5-Time-HiRes
35		33
36	CONFLICTS= ja-p5-Mail-SpamAssassin-[0-9]*	34	CONFLICTS= ja-p5-Mail-SpamAssassin-[0-9]*
Lines 75-80 Link Here
75	.if defined(WITH_SPF_QUERY)	73	.if defined(WITH_SPF_QUERY)
76	BUILD_DEPENDS+= ${SITE_PERL}/Mail/SPF.pm:${PORTSDIR}/mail/p5-Mail-SPF	74	BUILD_DEPENDS+= ${SITE_PERL}/Mail/SPF.pm:${PORTSDIR}/mail/p5-Mail-SPF
77	.endif	75	.endif
		76	.if !defined(WITHOUT_IPV6)
		77	RUN_DEPENDS+= ${SITE_PERL}/IO/Socket/INET6.pm:${PORTSDIR}/net/p5-IO-INET6
		78	.endif
78		79
79	.if !defined(WITHOUT_SSL)	80	.if !defined(WITHOUT_SSL)
80	.include "${PORTSDIR}/Mk/bsd.openssl.mk"	81	.include "${PORTSDIR}/Mk/bsd.openssl.mk"
Lines 289-295 Link Here
289	@[ -f ${PREFIX}/etc/mail/spamassassin/v320.pre ] \|\| \	290	@[ -f ${PREFIX}/etc/mail/spamassassin/v320.pre ] \|\| \
290	${CP} ${PREFIX}/etc/mail/spamassassin/v320.pre.sample \	291	${CP} ${PREFIX}/etc/mail/spamassassin/v320.pre.sample \
291	${PREFIX}/etc/mail/spamassassin/v320.pre	292	${PREFIX}/etc/mail/spamassassin/v320.pre
292	@PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGDIR}/pkg-install ${PKGNAME} POST-INSTALL	293	@PKG_PREFIX=${PREFIX} BATCH=${BATCH} SU_CMD="${SU_CMD}" ${SH} ${PKGDIR}/pkg-install ${PKGNAME} POST-INSTALL
		294	@[ -f ${PREFIX}/etc/mail/spamassassin/v330.pre ] \|\| \
		295	${CP} ${PREFIX}/etc/mail/spamassassin/v330.pre.sample \
		296	${PREFIX}/etc/mail/spamassassin/v330.pre
293		297
294	.if !defined(NOPORTDOCS)	298	.if !defined(NOPORTDOCS)
295	@${MKDIR} ${DOCSDIR} ${DOCSDIR}/sql ${DOCSDIR}/ldap	299	@${MKDIR} ${DOCSDIR} ${DOCSDIR}/sql ${DOCSDIR}/ldap

Lines 1-3 Link Here

(-)./distinfo (-3 / +3 lines)
1	MD5 (Mail-SpamAssassin-3.3.0.tar.gz) = 38078b07396c0ab92b46386bc70ef086	1	MD5 (Mail-SpamAssassin-3.3.1.tar.gz) = 5a93f81fda315411560ff5da099382d2
2	SHA256 (Mail-SpamAssassin-3.3.0.tar.gz) = 51676f4c3af787e3b186aeb8c5ca556330f91a6e213c266480fda3518ed53564	2	SHA256 (Mail-SpamAssassin-3.3.1.tar.gz) = a11ca187150d5a8fc2904c4a50f29d3ff739294fa714aaab127ba692d65410ad
3	SIZE (Mail-SpamAssassin-3.3.0.tar.gz) = 1322429	3	SIZE (Mail-SpamAssassin-3.3.1.tar.gz) = 1196842




--- lib/Mail/SpamAssassin/BayesStore/DBM.pm	(revision 903517)
+++ lib/Mail/SpamAssassin/BayesStore/DBM.pm	(working copy)
@@ -1438,6 +1438,9 @@
     # bayes directory
     my $main = $self->{bayes}->{main};
     my $path = $main->sed_path($main->{conf}->{bayes_path});
+
+    # prevent dirname() from tainting the result, it assumes $1 is not tainted
+    local($1,$2,$3);  # Bug 6310
     my $dir = dirname($path);
 
     # make temporary copy since old dbm and new dbm may have same name





--- lib/Mail/SpamAssassin/Conf.pm	(revision 903394)
+++ lib/Mail/SpamAssassin/Conf.pm	(working copy)
@@ -2156,8 +2156,8 @@
 =item header SYMBOLIC_TEST_NAME exists:name_of_header
 
 Define a header existence test.  C<name_of_header> is the name of a
-header to test for existence.  This is just a very simple version of
-the above header tests.
+header field to test for existence.  This is just a very simple version
+of the above header tests.
 
 =item header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
 
@@ -2280,7 +2280,8 @@
           $self->{parser}->add_test ($name, $fn, $TYPE_HEAD_EVALS);
         }
       }
-      elsif ($value =~ /^(\S+)\s+exists:(.*)$/) {
+      elsif ($value =~ /^(\S+)\s+exists:([!-9;-\176]+)$/) {
+        # RFC 5322 section 3.6.8, ftext printable US-ASCII ch not including ":"
         $self->{parser}->add_test ($1, "defined($2)", $TYPE_HEAD_TESTS);
         $self->{descriptions}->{$1} = "Found a $2 header";
       }





--- lib/Mail/SpamAssassin/Plugin/DCC.pm	(revision 905273)
+++ lib/Mail/SpamAssassin/Plugin/DCC.pm	(working copy)
@@ -679,7 +679,7 @@
   my $left;
   my $right;
   my $timeout = $conf->{dcc_timeout};
-  my $opts = $conf->{dcc_options};
+  my $opts = $conf->{dccifd_options};
   my @opts = !defined $opts ? () : split(' ',$opts);
 
   $permsgstatus->enter_helper_run_mode();
@@ -906,7 +906,7 @@
   my $conf = $self->{main}->{conf};
   my $timeout = $conf->{dcc_timeout};
   # instead of header use whatever the report option is
-  my $opts = $conf->{dcc_options};
+  my $opts = $conf->{dccifd_options};
   my @opts = !defined $opts ? () : split(' ',$opts);
 
   $options->{report}->enter_helper_run_mode();





--- lib/Mail/SpamAssassin/Plugin/DKIM.pm	(revision 925052)
+++ lib/Mail/SpamAssassin/Plugin/DKIM.pm	(working copy)
@@ -213,6 +213,19 @@
 in the SpamAssassin distribution.  The whitelist score is lower, because
 these are often targets for abuse of public mailers which sign their mail.
 
+=item unwhitelist_from_dkim author@example.com
+
+Removes an email address from def_whitelist_from_dkim and whitelist_from_dkim
+tables, if it exists. Useful for removing undesired default entries from a
+distributed configuration file by a local.cf file or by a C<user_prefs>.
+Note that a parameter is a single email address - currently that address
+is removed regardless of a signing-domain which may have been specified in a
+whitelisting entry.
+
+The specified email address has to match exactly the address previously
+used in a whitelist_from_dkim or def_whitelist_from_dkim directive
+(with an exception that its domain name part is matched case-insensitively).
+
 =item adsp_override domain [signing-practices]
 
 Currently few domains publish their signing practices (RFC 5617 - ADSP),
@@ -362,6 +375,7 @@
       }
       my $address = $1;
       my $sdid = defined $2 ? $2 : '';  # empty implies author domain signature
+      $address =~ s/(\@[^@]*)\z/lc($1)/e; # lowercase the email address domain
       $self->{parser}->add_to_addrlist_rcvd('whitelist_from_dkim',
                                             $address, $sdid);
     }
@@ -381,12 +395,32 @@
       }
       my $address = $1;
       my $sdid = defined $2 ? $2 : '';  # empty implies author domain signature
+      $address =~ s/(\@[^@]*)\z/lc($1)/e; # lowercase the email address domain
       $self->{parser}->add_to_addrlist_rcvd('def_whitelist_from_dkim',
                                             $address, $sdid);
     }
   });
 
   push (@cmds, {
+    setting => 'unwhitelist_from_dkim',
+    type => $Mail::SpamAssassin::Conf::CONF_TYPE_ADDRLIST,
+    code => sub {
+      my ($self, $key, $value, $line) = @_;
+      unless (defined $value && $value !~ /^$/) {
+        return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
+      }
+      unless ($value =~ /^\S+$/) {
+        return $Mail::SpamAssassin::Conf::INVALID_VALUE;
+      }
+      $value =~ s/(\@[^@]*)\z/lc($1)/e;  # lowercase the email address domain
+      $self->{parser}->remove_from_addrlist_rcvd('whitelist_from_dkim',
+                                                 $value);
+      $self->{parser}->remove_from_addrlist_rcvd('def_whitelist_from_dkim',
+                                                 $value);
+    }
+  });
+
+  push (@cmds, {
     setting => 'adsp_override',
     type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
     code => sub {




Lines 1-11 Link Here

(-)./files/patch-Message.pm (-11 lines)
1	--- lib/Mail/SpamAssassin/Message.pm.orig 2010/01/29 15:48:09 904525
2	+++ lib/Mail/SpamAssassin/Message.pm 2010/01/29 15:48:29 904526
3	@@ -114,6 +114,7 @@
4	$self->{pristine_body} = '';
5	$self->{mime_boundary_state} = {};
6	$self->{line_ending} = "\012";
7	+ $self->{master_deadline} = $opts->{'master_deadline'};
8	$self->{suppl_attrib} = $opts->{'suppl_attrib'};
9
10	bless($self,$class);
11




--- lib/Mail/SpamAssassin/Conf/Parser.pm	(revision 903394)
+++ lib/Mail/SpamAssassin/Conf/Parser.pm	(working copy)
@@ -1127,7 +1127,8 @@
   }
   if ($type == $Mail::SpamAssassin::Conf::TYPE_HEAD_TESTS)
   {
-    if ($text =~ /^!?defined\([A-Za-z][A-Za-z0-9-]*\)$/) {
+    # RFC 5322 section 3.6.8, ftext printable US-ASCII chars not including ":"
+    if ($text =~ /^!?defined\([!-9;-\176]+\)$/) {
       # fine, implements 'exists:'
     } else {
       my ($pat) = ($text =~ /^\s*\S+\s*(?:\=|\!)\~\s*(\S.*?\S)\s*$/);





--- lib/Mail/SpamAssassin.pm.orig	2010/01/29 15:48:09	904525
+++ lib/Mail/SpamAssassin.pm	2010/01/29 15:48:29	904526
@@ -75,6 +75,7 @@
 use Mail::SpamAssassin::Message;
 use Mail::SpamAssassin::PluginHandler;
 use Mail::SpamAssassin::DnsResolver;
+use Mail::SpamAssassin::Util qw(untaint_var);
 use Mail::SpamAssassin::Util::ScopedTimer;
 
 use Errno qw(ENOENT EACCES);
@@ -490,20 +490,21 @@
   $self->init(1);
   my $timer = $self->time_method("parse");
 
-  my $msg = Mail::SpamAssassin::Message->new({
-    message=>$message, parsenow=>$parsenow,
-    normalize=>$self->{conf}->{normalize_charset},
-    suppl_attrib=>$suppl_attrib });
-
+  my $master_deadline;
   if (ref $suppl_attrib && exists $suppl_attrib->{master_deadline}) {
-    $msg->{master_deadline} = $suppl_attrib->{master_deadline};  # may be undef
+    $master_deadline = $suppl_attrib->{master_deadline};  # may be undef
   } elsif ($self->{conf}->{time_limit}) {  # defined and nonzero
-    $msg->{master_deadline} = $start_time + $self->{conf}->{time_limit};
+    $master_deadline = $start_time + $self->{conf}->{time_limit};
   }
-  if (defined $msg->{master_deadline}) {
-    dbg("config: time limit %.1f s", $msg->{master_deadline} - $start_time);
+  if (defined $master_deadline) {
+    dbg("config: time limit %.1f s", $master_deadline - $start_time);
   }
 
+  my $msg = Mail::SpamAssassin::Message->new({
+    message=>$message, parsenow=>$parsenow,
+    normalize=>$self->{conf}->{normalize_charset},
+    master_deadline=>$master_deadline, suppl_attrib=>$suppl_attrib });
+
   # bug 5069: The goal here is to get rendering plugins to do things
   # like OCR, convert doc and pdf to text, etc, though it could be anything

@@ -1935,7 +1936,7 @@
       close IN  or die "error closing $defprefs: $!";
 
       if (($< == 0) && ($> == 0) && defined($user)) { # chown it
-        my ($uid,$gid) = (getpwnam($user))[2,3];
+        my ($uid,$gid) = (getpwnam(untaint_var($user)))[2,3];
         unless (chown($uid, $gid, $fname)) {
           warn "config: couldn't chown $fname to $uid:$gid for $user: $!\n";
         }





--- lib/Mail/SpamAssassin/Plugin/Bayes.pm	2010/01/26 12:13:41	903191
+++ lib/Mail/SpamAssassin/Plugin/Bayes.pm	2010/02/03 16:44:07	906120
@@ -832,7 +832,7 @@
             });
 
   $permsgstatus->set_tag ('TOKENSUMMARY', sub {
-              if( defined $self->{tag_data}{BAYESTC} )
+              if ( defined $permsgstatus->{tag_data}{BAYESTC} )
                 {
                   my $tcount_neutral = $permsgstatus->{tag_data}{BAYESTCLEARNED}
                                     - $permsgstatus->{tag_data}{BAYESTCSPAMMY}
 




--- spamd/spamd.raw.orig	2008-04-24 09:50:46.000000000 +0200
+++ spamd/spamd.raw	2008-04-24 09:52:55.000000000 +0200
@@ -1381,8 +1381,9 @@
   
   # Now parse *only* the message headers; the MIME tree won't be generated 
   # yet, it will be done on demand later on.
-  my $mail = $spamtest->parse(\@msglines, 0, !$timeout_child ? () :
-                         { master_deadline => $start_time + $timeout_child } );
+  my $mail = $spamtest->parse(\@msglines, 0,
+                       !$timeout_child || !$start_time ? ()
+                       : { master_deadline => $start_time + $timeout_child } );
 
   return ($mail, $actual_length);
 }
@@ -1705,8 +1706,9 @@
   my $resp = "EX_OK";
 
   # generate mail object from input
-  my ($mail, $actual_length) = parse_body($client, $expected_length,
-                $compress_zlib);
+  my($mail, $actual_length) =
+    parse_body($client, $expected_length, $compress_zlib, $start_time);
+
   return 0 unless defined($mail);       # error
 
   if ($compress_zlib) {
@@ -2276,8 +2276,14 @@
 
 sub handle_user_setuid_with_sql {
   my $username = shift;
+
+  # Bug 6313: interestingly, if $username is not tainted than $pwd, $gcos and
+  # $etc end up tainted but other fields not;  if $username _is_ tainted,
+  # getpwnam does not complain, but all returned fields are tainted (which
+  # makes sense, but is worth remembering)
+  #
   my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
-      getpwnam($username);
+      getpwnam(untaint_var($username));
 
   if (!$spamtest->{'paranoid'} && !defined($uid)) {
     # if we are given a username, but can't look it up, maybe name
@@ -2300,7 +2306,7 @@
   }
 
   my $spam_conf_dir = $dir . '/.spamassassin'; # needed for Bayes, etc.
-  if (! -d $spam_conf_dir) {
+  if ($opt{'user-config'} && ! -d $spam_conf_dir) {
     if (mkdir $spam_conf_dir, 0700) {
       info("spamd: created $spam_conf_dir for $username");
     }





                echo "Please answer yes or no."
        done
}

    if [ ! -e ${PKG_PREFIX}/etc/mail/spamassassin/v320.pre ]; then
       echo "***********************************************"
       echo "*__        ___    ____  _   _ ___ _   _  ____ *"
       echo "*\ \      / / \  |  _ \| \ | |_ _| \ | |/ ___|*"
       echo "* \ \ /\ / / _ \ | |_) |  \| || ||  \| | |  _ *"
       echo "*  \ V  V / ___ \|  _ <| |\  || || |\  | |_| |*"
       echo "*   \_/\_/_/   \_\_| \_\_| \_|___|_| \_|\____|*"
       echo "*                                             *"
       echo "*You must install rules before starting spamd!*"
       echo "***********************************************"
       if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
           sleep 10;
       fi
       if yesno "Do you wish to run sa-update to fetch new rules" "N";then
           ${PKG_PREFIX}/bin/sa-update || true
       fi
       grep '^load.*Rule2XSBody' ${PKG_PREFIX}/etc/mail/spamassassin/v320.pre > /dev/null
       if [ $? -eq 0 ];then
         if yesno "Do you wish to compile rules with re2c (will take a long time)" "N";then
           ${PKG_PREFIX}/bin/sa-compile || true
         fi
       fi
    fi
    
    if ! pw groupshow "${GROUP}" 2>/dev/null 1>&2; then
    	if pw groupadd ${GROUP} -g ${GID}; then
    		echo "Added group \"${GROUP}\"."

    
    # Create pid directory
    mkdir /var/run/spamd 2> /dev/null && chown ${USER}:${GROUP} /var/run/spamd
    /usr/bin/su root -c "${PKG_PREFIX}/bin/spamassassin -x -L --lint"
    
    if [ ${?} -eq 255 ];then
fi  # post-install

if [ "$2" = "PRE-INSTALL" ]; then
    if [ ! -e ${PKG_PREFIX}/etc/mail/spamassassin/v320.pre ]; then
        echo "***********************************************"
        echo "*__        ___    ____  _   _ ___ _   _  ____ *"
        echo "*\ \      / / \  |  _ \| \ | |_ _| \ | |/ ___|*"

        echo "*You must install rules before starting spamd!*"
        echo "***********************************************"
        if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
           if yesno "Do you wish to run sa-update to fetch new rules" "N";then
              ${PKG_PREFIX}/bin/sa-update || true
	   else
              echo ""
           fi
           /usr/bin/su root -c  "${PKG_PREFIX}/bin/spamassassin -x -L --lint"
           if [ ${?} -eq 0 ] && grep '^load.*Rule2XSBody' ${PKG_PREFIX}/etc/mail/spamassassin/v320.pre > /dev/null ;then
              if yesno "Do you wish to compile rules with re2c (will take a long time)" "N";then
                ${PKG_PREFIX}/bin/sa-compile || true
        fi
    fi
       fi
    fi
    
    exit 0
fi  # post-install

exit 0

Return to bug 144911

Lines 1-13 Link Here

(-)./files/patch-BayesStore-DBM.pm (-13 lines)
1	--- lib/Mail/SpamAssassin/BayesStore/DBM.pm (revision 903517)
2	+++ lib/Mail/SpamAssassin/BayesStore/DBM.pm (working copy)
3	@@ -1438,6 +1438,9 @@
4	# bayes directory
5	my $main = $self->{bayes}->{main};
6	my $path = $main->sed_path($main->{conf}->{bayes_path});
7	+
8	+ # prevent dirname() from tainting the result, it assumes $1 is not tainted
9	+ local($1,$2,$3); # Bug 6310
10	my $dir = dirname($path);
11
12	# make temporary copy since old dbm and new dbm may have same name
13

Lines 1-24 Link Here

(-)./files/patch-Conf.pm (-24 lines)
1	--- lib/Mail/SpamAssassin/Conf.pm (revision 903394)
2	+++ lib/Mail/SpamAssassin/Conf.pm (working copy)
3	@@ -2156,8 +2156,8 @@
4	=item header SYMBOLIC_TEST_NAME exists:name_of_header
5
6	Define a header existence test. C<name_of_header> is the name of a
7	-header to test for existence. This is just a very simple version of
8	-the above header tests.
9	+header field to test for existence. This is just a very simple version
10	+of the above header tests.
11
12	=item header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
13
14	@@ -2280,7 +2280,8 @@
15	$self->{parser}->add_test ($name, $fn, $TYPE_HEAD_EVALS);
16	}
17	}
18	- elsif ($value =~ /^(\S+)\s+exists:(.*)$/) {
19	+ elsif ($value =~ /^(\S+)\s+exists:([!-9;-\176]+)$/) {
20	+ # RFC 5322 section 3.6.8, ftext printable US-ASCII ch not including ":"
21	$self->{parser}->add_test ($1, "defined($2)", $TYPE_HEAD_TESTS);
22	$self->{descriptions}->{$1} = "Found a $2 header";
23	}
24

Lines 1-21 Link Here

(-)./files/patch-DCC.pm (-21 lines)
1	--- lib/Mail/SpamAssassin/Plugin/DCC.pm (revision 905273)
2	+++ lib/Mail/SpamAssassin/Plugin/DCC.pm (working copy)
3	@@ -679,7 +679,7 @@
4	my $left;
5	my $right;
6	my $timeout = $conf->{dcc_timeout};
7	- my $opts = $conf->{dcc_options};
8	+ my $opts = $conf->{dccifd_options};
9	my @opts = !defined $opts ? () : split(' ',$opts);
10
11	$permsgstatus->enter_helper_run_mode();
12	@@ -906,7 +906,7 @@
13	my $conf = $self->{main}->{conf};
14	my $timeout = $conf->{dcc_timeout};
15	# instead of header use whatever the report option is
16	- my $opts = $conf->{dcc_options};
17	+ my $opts = $conf->{dccifd_options};
18	my @opts = !defined $opts ? () : split(' ',$opts);
19
20	$options->{report}->enter_helper_run_mode();
21

Line 0 Link Here

(-)./files/patch-DKIM.pm (+66 lines)
	1	--- lib/Mail/SpamAssassin/Plugin/DKIM.pm (revision 925052)
	2	+++ lib/Mail/SpamAssassin/Plugin/DKIM.pm (working copy)
	3	@@ -213,6 +213,19 @@
	4	in the SpamAssassin distribution. The whitelist score is lower, because
	5	these are often targets for abuse of public mailers which sign their mail.
	6
	7	+=item unwhitelist_from_dkim author@example.com
	8	+
	9	+Removes an email address from def_whitelist_from_dkim and whitelist_from_dkim
	10	+tables, if it exists. Useful for removing undesired default entries from a
	11	+distributed configuration file by a local.cf file or by a C<user_prefs>.
	12	+Note that a parameter is a single email address - currently that address
	13	+is removed regardless of a signing-domain which may have been specified in a
	14	+whitelisting entry.
	15	+
	16	+The specified email address has to match exactly the address previously
	17	+used in a whitelist_from_dkim or def_whitelist_from_dkim directive
	18	+(with an exception that its domain name part is matched case-insensitively).
	19	+
	20	=item adsp_override domain [signing-practices]
	21
	22	Currently few domains publish their signing practices (RFC 5617 - ADSP),
	23	@@ -362,6 +375,7 @@
	24	}
	25	my $address = $1;
	26	my $sdid = defined $2 ? $2 : ''; # empty implies author domain signature
	27	+ $address =~ s/(\@[^@]*)\z/lc($1)/e; # lowercase the email address domain
	28	$self->{parser}->add_to_addrlist_rcvd('whitelist_from_dkim',
	29	$address, $sdid);
	30	}
	31	@@ -381,12 +395,32 @@
	32	}
	33	my $address = $1;
	34	my $sdid = defined $2 ? $2 : ''; # empty implies author domain signature
	35	+ $address =~ s/(\@[^@]*)\z/lc($1)/e; # lowercase the email address domain
	36	$self->{parser}->add_to_addrlist_rcvd('def_whitelist_from_dkim',
	37	$address, $sdid);
	38	}
	39	});
	40
	41	push (@cmds, {
	42	+ setting => 'unwhitelist_from_dkim',
	43	+ type => $Mail::SpamAssassin::Conf::CONF_TYPE_ADDRLIST,
	44	+ code => sub {
	45	+ my ($self, $key, $value, $line) = @_;
	46	+ unless (defined $value && $value !~ /^$/) {
	47	+ return $Mail::SpamAssassin::Conf::MISSING_REQUIRED_VALUE;
	48	+ }
	49	+ unless ($value =~ /^\S+$/) {
	50	+ return $Mail::SpamAssassin::Conf::INVALID_VALUE;
	51	+ }
	52	+ $value =~ s/(\@[^@]*)\z/lc($1)/e; # lowercase the email address domain
	53	+ $self->{parser}->remove_from_addrlist_rcvd('whitelist_from_dkim',
	54	+ $value);
	55	+ $self->{parser}->remove_from_addrlist_rcvd('def_whitelist_from_dkim',
	56	+ $value);
	57	+ }
	58	+ });
	59	+
	60	+ push (@cmds, {
	61	setting => 'adsp_override',
	62	type => $Mail::SpamAssassin::Conf::CONF_TYPE_HASH_KEY_VALUE,
	63	code => sub {
	64
65
66

Lines 1-13 Link Here

(-)./files/patch-Parser.pm (-13 lines)
1	--- lib/Mail/SpamAssassin/Conf/Parser.pm (revision 903394)
2	+++ lib/Mail/SpamAssassin/Conf/Parser.pm (working copy)
3	@@ -1127,7 +1127,8 @@
4	}
5	if ($type == $Mail::SpamAssassin::Conf::TYPE_HEAD_TESTS)
6	{
7	- if ($text =~ /^!?defined\([A-Za-z][A-Za-z0-9-]*\)$/) {
8	+ # RFC 5322 section 3.6.8, ftext printable US-ASCII chars not including ":"
9	+ if ($text =~ /^!?defined\([!-9;-\176]+\)$/) {
10	# fine, implements 'exists:'
11	} else {
12	my ($pat) = ($text =~ /^\s\S+\s(?:\=\|\!)\~\s(\S.?\S)\s*$/);
13

Lines 1-51 Link Here

(-)./files/patch-SpamAssassin.pm (-51 lines)
1	--- lib/Mail/SpamAssassin.pm.orig 2010/01/29 15:48:09 904525
2	+++ lib/Mail/SpamAssassin.pm 2010/01/29 15:48:29 904526
3	@@ -75,6 +75,7 @@
4	use Mail::SpamAssassin::Message;
5	use Mail::SpamAssassin::PluginHandler;
6	use Mail::SpamAssassin::DnsResolver;
7	+use Mail::SpamAssassin::Util qw(untaint_var);
8	use Mail::SpamAssassin::Util::ScopedTimer;
9
10	use Errno qw(ENOENT EACCES);
11	@@ -490,20 +490,21 @@
12	$self->init(1);
13	my $timer = $self->time_method("parse");
14
15	- my $msg = Mail::SpamAssassin::Message->new({
16	- message=>$message, parsenow=>$parsenow,
17	- normalize=>$self->{conf}->{normalize_charset},
18	- suppl_attrib=>$suppl_attrib });
19	-
20	+ my $master_deadline;
21	if (ref $suppl_attrib && exists $suppl_attrib->{master_deadline}) {
22	- $msg->{master_deadline} = $suppl_attrib->{master_deadline}; # may be undef
23	+ $master_deadline = $suppl_attrib->{master_deadline}; # may be undef
24	} elsif ($self->{conf}->{time_limit}) { # defined and nonzero
25	- $msg->{master_deadline} = $start_time + $self->{conf}->{time_limit};
26	+ $master_deadline = $start_time + $self->{conf}->{time_limit};
27	}
28	- if (defined $msg->{master_deadline}) {
29	- dbg("config: time limit %.1f s", $msg->{master_deadline} - $start_time);
30	+ if (defined $master_deadline) {
31	+ dbg("config: time limit %.1f s", $master_deadline - $start_time);
32	}
33
34	+ my $msg = Mail::SpamAssassin::Message->new({
35	+ message=>$message, parsenow=>$parsenow,
36	+ normalize=>$self->{conf}->{normalize_charset},
37	+ master_deadline=>$master_deadline, suppl_attrib=>$suppl_attrib });
38	+
39	# bug 5069: The goal here is to get rendering plugins to do things
40	# like OCR, convert doc and pdf to text, etc, though it could be anything
41
42	@@ -1935,7 +1936,7 @@
43	close IN or die "error closing $defprefs: $!";
44
45	if (($< == 0) && ($> == 0) && defined($user)) { # chown it
46	- my ($uid,$gid) = (getpwnam($user))[2,3];
47	+ my ($uid,$gid) = (getpwnam(untaint_var($user)))[2,3];
48	unless (chown($uid, $gid, $fname)) {
49	warn "config: couldn't chown $fname to $uid:$gid for $user: $!\n";
50	}
51

Lines 1-12 Link Here

(-)./files/patch-bayes.pm (-12 lines)
1	--- lib/Mail/SpamAssassin/Plugin/Bayes.pm 2010/01/26 12:13:41 903191
2	+++ lib/Mail/SpamAssassin/Plugin/Bayes.pm 2010/02/03 16:44:07 906120
3	@@ -832,7 +832,7 @@
4	});
5
6	$permsgstatus->set_tag ('TOKENSUMMARY', sub {
7	- if( defined $self->{tag_data}{BAYESTC} )
8	+ if ( defined $permsgstatus->{tag_data}{BAYESTC} )
9	{
10	my $tcount_neutral = $permsgstatus->{tag_data}{BAYESTCLEARNED}
11	- $permsgstatus->{tag_data}{BAYESTCSPAMMY}
12

Lines 1-52 Link Here

(-)./files/patch-spamd_spamd.raw (-52 lines)
1	--- spamd/spamd.raw.orig 2008-04-24 09:50:46.000000000 +0200
2	+++ spamd/spamd.raw 2008-04-24 09:52:55.000000000 +0200
3	@@ -1381,8 +1381,9 @@
4
5	# Now parse only the message headers; the MIME tree won't be generated
6	# yet, it will be done on demand later on.
7	- my $mail = $spamtest->parse(\@msglines, 0, !$timeout_child ? () :
8	- { master_deadline => $start_time + $timeout_child } );
9	+ my $mail = $spamtest->parse(\@msglines, 0,
10	+ !$timeout_child \|\| !$start_time ? ()
11	+ : { master_deadline => $start_time + $timeout_child } );
12
13	return ($mail, $actual_length);
14	}
15	@@ -1705,8 +1706,9 @@
16	my $resp = "EX_OK";
17
18	# generate mail object from input
19	- my ($mail, $actual_length) = parse_body($client, $expected_length,
20	- $compress_zlib);
21	+ my($mail, $actual_length) =
22	+ parse_body($client, $expected_length, $compress_zlib, $start_time);
23	+
24	return 0 unless defined($mail); # error
25
26	if ($compress_zlib) {
27	@@ -2276,8 +2276,14 @@
28
29	sub handle_user_setuid_with_sql {
30	my $username = shift;
31	+
32	+ # Bug 6313: interestingly, if $username is not tainted than $pwd, $gcos and
33	+ # $etc end up tainted but other fields not; if $username _is_ tainted,
34	+ # getpwnam does not complain, but all returned fields are tainted (which
35	+ # makes sense, but is worth remembering)
36	+ #
37	my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
38	- getpwnam($username);
39	+ getpwnam(untaint_var($username));
40
41	if (!$spamtest->{'paranoid'} && !defined($uid)) {
42	# if we are given a username, but can't look it up, maybe name
43	@@ -2300,7 +2306,7 @@
44	}
45
46	my $spam_conf_dir = $dir . '/.spamassassin'; # needed for Bayes, etc.
47	- if (! -d $spam_conf_dir) {
48	+ if ($opt{'user-config'} && ! -d $spam_conf_dir) {
49	if (mkdir $spam_conf_dir, 0700) {
50	info("spamd: created $spam_conf_dir for $username");
51	}
52

Lines 32-62 Link Here

(-)./pkg-install (-32 / +15 lines)
32	echo "Please answer yes or no."	33	echo "Please answer yes or no."
33	done	34	done
34	}	35	}
35
36	if [ ! -e ${PKG_PREFIX}/etc/mail/spamassassin/v320.pre ]; then
37	echo "***********************************************"
38	echo "__ ___ ____ _ _ ___ _ _ ____ "
39	echo "\ \ / / \ \| _ \\| \ \| \|_ _\| \ \| \|/ ___\|"
40	echo "* \ \ /\ / / _ \ \| \|_) \| \\| \|\| \|\| \\| \| \| _ *"
41	echo "* \ V V / ___ \\| _ <\| \|\ \|\| \|\| \|\ \| \|_\| \|*"
42	echo "* \_/\_/_/ \_\_\| \_\_\| \_\|___\|_\| \_\|\____\|*"
43	echo "* *"
44	echo "You must install rules before starting spamd!"
45	echo "***********************************************"
46	if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
47	sleep 10;
48	fi
49	if yesno "Do you wish to run sa-update to fetch new rules" "N";then
50	${PKG_PREFIX}/bin/sa-update \|\| true
51	fi
52	grep '^load.*Rule2XSBody' ${PKG_PREFIX}/etc/mail/spamassassin/v320.pre > /dev/null
53	if [ $? -eq 0 ];then
54	if yesno "Do you wish to compile rules with re2c (will take a long time)" "N";then
55	${PKG_PREFIX}/bin/sa-compile \|\| true
56	fi
57	fi
58	fi
59
60	if ! pw groupshow "${GROUP}" 2>/dev/null 1>&2; then	36	if ! pw groupshow "${GROUP}" 2>/dev/null 1>&2; then
61	if pw groupadd ${GROUP} -g ${GID}; then	37	if pw groupadd ${GROUP} -g ${GID}; then
62	echo "Added group \"${GROUP}\"."	38	echo "Added group \"${GROUP}\"."
Lines 81-92 Link Here
81		57
82	# Create pid directory	58	# Create pid directory
83	mkdir /var/run/spamd 2> /dev/null && chown ${USER}:${GROUP} /var/run/spamd	59	mkdir /var/run/spamd 2> /dev/null && chown ${USER}:${GROUP} /var/run/spamd
		60	/usr/bin/su root -c "${PKG_PREFIX}/bin/spamassassin -x -L --lint"
84		61
85	exit 0	62	if [ ${?} -eq 255 ];then
86	fi # post-install
87
88	if [ "$2" = "PRE-INSTALL" ]; then
89	if [ ! -e ${PKG_PREFIX}/etc/mail/spamassassin/v320.pre ]; then
90	echo "***********************************************"	63	echo "***********************************************"
91	echo "__ ___ ____ _ _ ___ _ _ ____ "	64	echo "__ ___ ____ _ _ ___ _ _ ____ "
92	echo "\ \ / / \ \| _ \\| \ \| \|_ _\| \ \| \|/ ___\|"	65	echo "\ \ / / \ \| _ \\| \ \| \|_ _\| \ \| \|/ ___\|"
Lines 97-106 Link Here
97	echo "You must install rules before starting spamd!"	70	echo "You must install rules before starting spamd!"
98	echo "***********************************************"	71	echo "***********************************************"
99	if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then	72	if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
100	sleep 10;	73	if yesno "Do you wish to run sa-update to fetch new rules" "N";then
		74	${PKG_PREFIX}/bin/sa-update \|\| true
		75	else
		76	echo ""
		77	fi
		78	/usr/bin/su root -c "${PKG_PREFIX}/bin/spamassassin -x -L --lint"
		79	if [ ${?} -eq 0 ] && grep '^load.*Rule2XSBody' ${PKG_PREFIX}/etc/mail/spamassassin/v320.pre > /dev/null ;then
		80	if yesno "Do you wish to compile rules with re2c (will take a long time)" "N";then
		81	${PKG_PREFIX}/bin/sa-compile \|\| true
101	fi	82	fi
102	fi	83	fi
		84	fi
		85	fi
		86
103	exit 0	87	exit 0
104	fi	88	fi # post-install
105		89
106	exit 0	90	exit 0