pkgsrc-changes: CVS commit: pkgsrc/mail/spamassassin

Subject: CVS commit: pkgsrc/mail/spamassassin
To: None <pkgsrc-changes@NetBSD.org>
From: Klaus Heinz <heinz@netbsd.org>
List: pkgsrc-changes
Date: 06/12/2007 21:43:30
Module Name:	pkgsrc
Committed By:	heinz
Date:		Tue Jun 12 21:43:30 UTC 2007

Modified Files:
	pkgsrc/mail/spamassassin: Makefile distinfo
	pkgsrc/mail/spamassassin/patches: patch-ab patch-ae patch-aq

Log Message:
Updated to version 3.2.1.

Pkgsrc changes:
  - Added some comments to patch files.
  - Adapting patch-aq to changes in the README file.
  - Added forgotten direct requirement for p5-Compress-Zlib.
  - Since 3.2.0 at least version 3.43 of p5-HTML-Parser is needed.
  - Installation to DESTDIR is possible as root.
  - Substituted correct paths in spamc.pod (source file for spamc.1).
  - Added VARBASE to BUILD_DEFS to silence pkglint warnings.

Changes since version 3.2.0:
============================
3.2.1 is a major bug-fix release, including a potential local DoS.  The
major highlights are:

- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
  vulnerability. It only affects systems where spamd is run as root, is used
  with vpopmail or virtual users via the "-v"/"--vpopmail" OR
  "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
  WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
  This is not default on any distro package, and is not a common configuration.
  More details of the vulnerability can be read at
  <http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.

- bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB and
  FH_HOST_EQ_D_D_D_D.

- bug 5257: re-raise autolearn ham threshold to 1.0; the lower value
  used in 3.2.0 was creating problems.

- bug 5422: in spamd, deleting hash entries from the SIGCHLD signal handler is
  unsafe, causes corruption of the data structure, and results in 'prefork:
  ordered child N to accept, but they reported state '1', killing rogue'
  errors.  fix.

- bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs.

- bug 5457: spamc build and test should handle not having zlib available.

- bug 5379: spamd could crash at startup if its preloading temporary directory
  already exists. fix.

- bug 4616: spamc config can cause command line options to be ignored. fix.

- bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll always fire
  due to defaults (unless there's an explicit SIGNALL policy).

- bug 5492: VBounce rule was looking in header instead of body for whitelisted
  relays. fix.

- bug 5487: prevent multiple "urirhssub"s using the same zone from overwriting
  each other.

- bug 5432 - Change default in Win32 build to not build spamc.

- bug 5446: add --updatedir option to sa-compile and remove inaccurate re2c
  required version info from pod.

- bug 5436: add omitted "ifplugin" statements to the configuration, which would
  otherwise cause lint errors if the default plugins were disabled.

- bug 5477: prevent Rule2XSBody info message from appearing on stderr during
  spamd startup.


To generate a diff of this commit:
cvs rdiff -r1.80 -r1.81 pkgsrc/mail/spamassassin/Makefile
cvs rdiff -r1.44 -r1.45 pkgsrc/mail/spamassassin/distinfo
cvs rdiff -r1.13 -r1.14 pkgsrc/mail/spamassassin/patches/patch-ab
cvs rdiff -r1.12 -r1.13 pkgsrc/mail/spamassassin/patches/patch-ae
cvs rdiff -r1.6 -r1.7 pkgsrc/mail/spamassassin/patches/patch-aq

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.