Module Name:	pkgsrc
Committed By:	ghen
Date:		Wed Jun 13 08:05:05 UTC 2007

Modified Files:
	pkgsrc/mail/spamassassin [pkgsrc-2007Q1]: Makefile distinfo

Log Message:
Pullup ticket 2111 - requested by heinz
security update for spamassassin

- pkgsrc/mail/spamassassin/Makefile			patch
- pkgsrc/mail/spamassassin/distinfo			patch

   Update to SpamAssassin 3.1.9 to fix a denial of service vulnerability.  The
   package has been updated to SpamAssassin 3.2.1 on pkgsrc-HEAD but this major
   new version will not be pulled up to the stable branch.

   Changes in Spamassassin 3.1.9:

   - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
     vulnerability. It only affects systems where spamd is run as root, is used
     with vpopmail or virtual users via the "-v"/"--vpopmail" OR
     "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
     WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell"
     switch.  This is not default on any distro package, and is not a common
     configuration.  More details of the vulnerability can be read at
     <http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.

   - bug 5353 - meta rule parsing should handle not equal ("!=") syntax.

   - set the score for URI_TRUNCATED to 0.001.

   - bug 5337: change the start order for Fedora such that spamd starts before
     the MTA.


To generate a diff of this commit:
cvs rdiff -r1.79 -r1.79.2.1 pkgsrc/mail/spamassassin/Makefile
cvs rdiff -r1.43 -r1.43.2.1 pkgsrc/mail/spamassassin/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.