Your message dated Tue, 28 Aug 2012 19:15:50 +0100 with message-id <1346177750.22131.0.camel@jacala.jungle.funky-badger.org> and subject line Re: Bug#686058: unblock: spamassassin/3.3.2-4 has caused the Debian Bug report #686058, regarding unblock: spamassassin/3.3.2-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 686058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686058 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: spamassassin/3.3.2-4
- From: Noah Meyerhans <noahm@debian.org>
- Date: Mon, 27 Aug 2012 22:15:30 -0700
- Message-id: <[🔎] 20120828051447.GA30454@morgul.net>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package spamassassin spamassassin 3.3.2-4 fixes two r-c packaging bugs and also incorporates a fix from upstream that causes spamassassin to fail to properly process certain (potentially intentionally) malformed messages. Details of these bugs: 683431: spamassassin depends on /usr/share/doc/spamassassin/GPG.KEY, in violation of policy §12.3. 684373: spamassassin doesn't re-create /var/lib/spamassassin upon re-install after purge. 684709: the last line of malformed MIME messages is ignored unblock spamassassin/3.3.2-4 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dashdiff -Nru spamassassin-3.3.2/debian/changelog spamassassin-3.3.2/debian/changelog --- spamassassin-3.3.2/debian/changelog 2012-06-14 23:00:17.000000000 -0700 +++ spamassassin-3.3.2/debian/changelog 2012-08-13 22:29:36.000000000 -0700 @@ -1,3 +1,26 @@ +spamassassin (3.3.2-4) unstable; urgency=low + + * Incorporate upstream's fix for a bug where malformed multipart MIME + messages would bypass URIBL rules. (Closes: #684709) + * Update standards version to 3.9.3 (no changes) + + -- Noah Meyerhans <noahm@debian.org> Mon, 13 Aug 2012 21:37:11 -0700 + +spamassassin (3.3.2-3.2) unstable; urgency=low + + * Non-maintainer upload. + * debian/spamassassin.postinst: Create /var/lib/spamassassin. + Closes: #684373. + + -- Bart Martens <bartm@debian.org> Sat, 11 Aug 2012 17:29:42 +0000 + +spamassassin (3.3.2-3.1) unstable; urgency=low + + * Non-maintainer upload. + * move GPG.KEY out of /usr/share/doc per §12.3(Closes: #683431) + + -- Shawn Landden <shawnlandden@gmail.com> Sat, 04 Aug 2012 16:20:46 +0000 + spamassassin (3.3.2-3) unstable; urgency=low * Run sa-update and sa-compile as a non-root user. diff -Nru spamassassin-3.3.2/debian/control spamassassin-3.3.2/debian/control --- spamassassin-3.3.2/debian/control 2012-06-14 23:59:48.000000000 -0700 +++ spamassassin-3.3.2/debian/control 2012-08-13 22:27:52.000000000 -0700 @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 7), perl, libssl-dev, libhtml-parser-perl (>= 3.24), libnet-dns-perl (>= 0.34), libnetaddr-ip-perl, hardening-wrapper -Standards-Version: 3.9.2 +Standards-Version: 3.9.3 Homepage: http://www.spamassassin.org/ Vcs-Svn: svn://svn.debian.org/svn/collab-maint/deb-maint/spamassassin/trunk Vcs-Browser: http://svn.debian.org/viewsvn/collab-maint/deb-maint/spamassassin/trunk/ diff -Nru spamassassin-3.3.2/debian/patches/60_bug_684709 spamassassin-3.3.2/debian/patches/60_bug_684709 --- spamassassin-3.3.2/debian/patches/60_bug_684709 1969-12-31 16:00:00.000000000 -0800 +++ spamassassin-3.3.2/debian/patches/60_bug_684709 2012-08-13 21:36:26.000000000 -0700 @@ -0,0 +1,45 @@ +Index: spamassassin-3.3.2/lib/Mail/SpamAssassin/Message.pm +=================================================================== +--- spamassassin-3.3.2.orig/lib/Mail/SpamAssassin/Message.pm 2011-06-06 16:59:17.000000000 -0700 ++++ spamassassin-3.3.2/lib/Mail/SpamAssassin/Message.pm 2012-08-13 21:36:04.000000000 -0700 +@@ -794,14 +794,30 @@ + my $in_body = 0; + my $header; + my $part_array; ++ my $found_end_boundary; + + my $line_count = @{$body}; + foreach ( @{$body} ) { + # if we're on the last body line, or we find any boundary marker, + # deal with the mime part +- if ( --$line_count == 0 || (defined $boundary && /^--\Q$boundary\E(?:--)?\s*$/) ) { ++ $found_end_boundary = defined $boundary && /^--\Q$boundary\E(?:--)?\s*$/; ++ if ( --$line_count == 0 || $found_end_boundary ) { + my $line = $_; # remember the last line + ++ # If at last line and no end boundary found, the line belongs to body ++ # TODO: ++ # Is $self->{mime_boundary_state}->{$boundary}-- needed here? ++ # Could "missing end boundary" be a useful rule? Mark it somewhere? ++ # If SA processed truncated message from amavis etc, this could also ++ # be hit legimately.. ++ if (!$found_end_boundary) { ++ # TODO: This is duplicate code from few pages down below.. ++ while (length ($_) > MAX_BODY_LINE_LENGTH) { ++ push (@{$part_array}, substr($_, 0, MAX_BODY_LINE_LENGTH)."\n"); ++ substr($_, 0, MAX_BODY_LINE_LENGTH) = ''; ++ } ++ push ( @{$part_array}, $_ ); ++ } + # per rfc 1521, the CRLF before the boundary is part of the boundary: + # NOTE: The CRLF preceding the encapsulation line is conceptually + # attached to the boundary so that it is possible to have a part +@@ -810,7 +826,7 @@ + # CRLFs preceding the encapsulation line, the first of which is part + # of the preceding body part, and the second of which is part of the + # encapsulation boundary. +- if ($part_array) { ++ elsif ($part_array) { + chomp( $part_array->[-1] ); # trim the CRLF that's part of the boundary + splice @{$part_array}, -1 if ( $part_array->[-1] eq '' ); # blank line for the boundary only ... + } diff -Nru spamassassin-3.3.2/debian/patches/series spamassassin-3.3.2/debian/patches/series --- spamassassin-3.3.2/debian/patches/series 2012-06-13 23:03:58.000000000 -0700 +++ spamassassin-3.3.2/debian/patches/series 2012-08-13 21:35:04.000000000 -0700 @@ -3,5 +3,6 @@ 30_edit_README 50_sa-learn_fix_empty_list_handling 55_disable_nagios_epm +60_bug_684709 85_disable_SSLv2 90_pod_cleanup diff -Nru spamassassin-3.3.2/debian/rules spamassassin-3.3.2/debian/rules --- spamassassin-3.3.2/debian/rules 2012-06-14 23:52:38.000000000 -0700 +++ spamassassin-3.3.2/debian/rules 2012-08-01 21:30:09.000000000 -0700 @@ -112,7 +112,8 @@ # dh_installdocs isn't flexible enough to install all the docs to the right place # Do it here! - cp debian/copyright debian/GPG.KEY debian/spamassassin/usr/share/doc/spamassassin/ + cp debian/GPG.KEY debian/spamassassin/usr/share/spamassassin/ + cp debian/copyright debian/spamassassin/usr/share/doc/spamassassin/ cp debian/spamassassin.README.Debian debian/spamassassin/usr/share/doc/spamassassin/README.Debian cp CREDITS README TRADEMARK UPGRADE USAGE NOTICE debian/spamassassin/usr/share/doc/spamassassin/ cp ldap/README debian/spamassassin/usr/share/doc/spamassassin/README.ldap diff -Nru spamassassin-3.3.2/debian/spamassassin.postinst spamassassin-3.3.2/debian/spamassassin.postinst --- spamassassin-3.3.2/debian/spamassassin.postinst 2012-06-13 22:58:26.000000000 -0700 +++ spamassassin-3.3.2/debian/spamassassin.postinst 2012-08-11 10:32:43.000000000 -0700 @@ -16,6 +16,8 @@ if ! getent passwd debian-spamd > /dev/null ; then adduser --system --group --shell /bin/sh --disabled-password \ --home /var/lib/spamassassin debian-spamd + else + mkdir -p /var/lib/spamassassin fi # Fix permissions of spamassassin; A no-op on new installs, lets # debian-spamd claim ownership of spamassassin updates on upgrades. @@ -26,7 +28,7 @@ install -d -o debian-spamd -g debian-spamd -m 700 /var/lib/spamassassin/sa-update-keys su debian-spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys \ - --import /usr/share/doc/spamassassin/GPG.KEY" + --import /usr/share/spamassassin/GPG.KEY" sa_compile fiAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Noah Meyerhans <noahm@debian.org>, 686058-done@bugs.debian.org
- Subject: Re: Bug#686058: unblock: spamassassin/3.3.2-4
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Tue, 28 Aug 2012 19:15:50 +0100
- Message-id: <1346177750.22131.0.camel@jacala.jungle.funky-badger.org>
- In-reply-to: <[🔎] 20120828051447.GA30454@morgul.net>
- References: <[🔎] 20120828051447.GA30454@morgul.net>
On Mon, 2012-08-27 at 22:15 -0700, Noah Meyerhans wrote: > Please unblock package spamassassin > > spamassassin 3.3.2-4 fixes two r-c packaging bugs and also incorporates > a fix from upstream that causes spamassassin to fail to properly process > certain (potentially intentionally) malformed messages. Details of these > bugs: > > 683431: spamassassin depends on /usr/share/doc/spamassassin/GPG.KEY, in > violation of policy §12.3. > > 684373: spamassassin doesn't re-create /var/lib/spamassassin upon > re-install after purge. > > 684709: the last line of malformed MIME messages is ignored Unblocked; thanks. Regards, Adam
--- End Message ---