Bug#686058: marked as done (unblock: spamassassin/3.3.2-4)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 28 Aug 2012 19:15:50 +0100
with message-id <1346177750.22131.0.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#686058: unblock: spamassassin/3.3.2-4
has caused the Debian Bug report #686058,
regarding unblock: spamassassin/3.3.2-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
686058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686058
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: spamassassin/3.3.2-4
• From: Noah Meyerhans <noahm@debian.org>
• Date: Mon, 27 Aug 2012 22:15:30 -0700
• Message-id: <[🔎] 20120828051447.GA30454@morgul.net>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package spamassassin

spamassassin 3.3.2-4 fixes two r-c packaging bugs and also incorporates
a fix from upstream that causes spamassassin to fail to properly process
certain (potentially intentionally) malformed messages. Details of these
bugs:

683431: spamassassin depends on /usr/share/doc/spamassassin/GPG.KEY, in
violation of policy §12.3.

684373: spamassassin doesn't re-create /var/lib/spamassassin upon
re-install after purge.

684709: the last line of malformed MIME messages is ignored

unblock spamassassin/3.3.2-4

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru spamassassin-3.3.2/debian/changelog spamassassin-3.3.2/debian/changelog
--- spamassassin-3.3.2/debian/changelog	2012-06-14 23:00:17.000000000 -0700
+++ spamassassin-3.3.2/debian/changelog	2012-08-13 22:29:36.000000000 -0700
@@ -1,3 +1,26 @@
+spamassassin (3.3.2-4) unstable; urgency=low
+
+  * Incorporate upstream's fix for a bug where malformed multipart MIME
+    messages would bypass URIBL rules. (Closes: #684709)
+  * Update standards version to 3.9.3 (no changes)
+
+ -- Noah Meyerhans <noahm@debian.org>  Mon, 13 Aug 2012 21:37:11 -0700
+
+spamassassin (3.3.2-3.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/spamassassin.postinst: Create /var/lib/spamassassin.
+    Closes: #684373.
+
+ -- Bart Martens <bartm@debian.org>  Sat, 11 Aug 2012 17:29:42 +0000
+
+spamassassin (3.3.2-3.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * move GPG.KEY out of /usr/share/doc per §12.3(Closes: #683431)
+
+ -- Shawn Landden <shawnlandden@gmail.com>  Sat, 04 Aug 2012 16:20:46 +0000
+
 spamassassin (3.3.2-3) unstable; urgency=low
 
   * Run sa-update and sa-compile as a non-root user. 
diff -Nru spamassassin-3.3.2/debian/control spamassassin-3.3.2/debian/control
--- spamassassin-3.3.2/debian/control	2012-06-14 23:59:48.000000000 -0700
+++ spamassassin-3.3.2/debian/control	2012-08-13 22:27:52.000000000 -0700
@@ -6,7 +6,7 @@
 Build-Depends: debhelper (>= 7), perl, libssl-dev,
  libhtml-parser-perl (>= 3.24), libnet-dns-perl (>= 0.34), libnetaddr-ip-perl,
  hardening-wrapper
-Standards-Version: 3.9.2
+Standards-Version: 3.9.3
 Homepage: http://www.spamassassin.org/
 Vcs-Svn: svn://svn.debian.org/svn/collab-maint/deb-maint/spamassassin/trunk
 Vcs-Browser: http://svn.debian.org/viewsvn/collab-maint/deb-maint/spamassassin/trunk/
diff -Nru spamassassin-3.3.2/debian/patches/60_bug_684709 spamassassin-3.3.2/debian/patches/60_bug_684709
--- spamassassin-3.3.2/debian/patches/60_bug_684709	1969-12-31 16:00:00.000000000 -0800
+++ spamassassin-3.3.2/debian/patches/60_bug_684709	2012-08-13 21:36:26.000000000 -0700
@@ -0,0 +1,45 @@
+Index: spamassassin-3.3.2/lib/Mail/SpamAssassin/Message.pm
+===================================================================
+--- spamassassin-3.3.2.orig/lib/Mail/SpamAssassin/Message.pm	2011-06-06 16:59:17.000000000 -0700
++++ spamassassin-3.3.2/lib/Mail/SpamAssassin/Message.pm	2012-08-13 21:36:04.000000000 -0700
+@@ -794,14 +794,30 @@
+   my $in_body = 0;
+   my $header;
+   my $part_array;
++  my $found_end_boundary;
+ 
+   my $line_count = @{$body};
+   foreach ( @{$body} ) {
+     # if we're on the last body line, or we find any boundary marker,
+     # deal with the mime part
+-    if ( --$line_count == 0 || (defined $boundary && /^--\Q$boundary\E(?:--)?\s*$/) ) {
++    $found_end_boundary = defined $boundary && /^--\Q$boundary\E(?:--)?\s*$/;
++    if ( --$line_count == 0 || $found_end_boundary ) {
+       my $line = $_; # remember the last line
+ 
++      # If at last line and no end boundary found, the line belongs to body
++      # TODO:
++      #  Is $self->{mime_boundary_state}->{$boundary}-- needed here?
++      #  Could "missing end boundary" be a useful rule? Mark it somewhere?
++      #  If SA processed truncated message from amavis etc, this could also
++      #  be hit legimately..
++      if (!$found_end_boundary) {
++        # TODO: This is duplicate code from few pages down below..
++        while (length ($_) > MAX_BODY_LINE_LENGTH) {
++          push (@{$part_array}, substr($_, 0, MAX_BODY_LINE_LENGTH)."\n");
++          substr($_, 0, MAX_BODY_LINE_LENGTH) = '';
++        }
++        push ( @{$part_array}, $_ );
++      }
+       # per rfc 1521, the CRLF before the boundary is part of the boundary:
+       # NOTE: The CRLF preceding the encapsulation line is conceptually
+       # attached to the boundary so that it is possible to have a part
+@@ -810,7 +826,7 @@
+       # CRLFs preceding the encapsulation line, the first of which is part
+       # of the preceding body part, and the second of which is part of the
+       # encapsulation boundary.
+-      if ($part_array) {
++      elsif ($part_array) {
+         chomp( $part_array->[-1] );  # trim the CRLF that's part of the boundary
+         splice @{$part_array}, -1 if ( $part_array->[-1] eq '' ); # blank line for the boundary only ...
+       }
diff -Nru spamassassin-3.3.2/debian/patches/series spamassassin-3.3.2/debian/patches/series
--- spamassassin-3.3.2/debian/patches/series	2012-06-13 23:03:58.000000000 -0700
+++ spamassassin-3.3.2/debian/patches/series	2012-08-13 21:35:04.000000000 -0700
@@ -3,5 +3,6 @@
 30_edit_README
 50_sa-learn_fix_empty_list_handling
 55_disable_nagios_epm
+60_bug_684709
 85_disable_SSLv2
 90_pod_cleanup
diff -Nru spamassassin-3.3.2/debian/rules spamassassin-3.3.2/debian/rules
--- spamassassin-3.3.2/debian/rules	2012-06-14 23:52:38.000000000 -0700
+++ spamassassin-3.3.2/debian/rules	2012-08-01 21:30:09.000000000 -0700
@@ -112,7 +112,8 @@
 
 #	dh_installdocs isn't flexible enough to install all the docs to the right place
 #	Do it here!
-	cp debian/copyright debian/GPG.KEY		debian/spamassassin/usr/share/doc/spamassassin/
+	cp debian/GPG.KEY				debian/spamassassin/usr/share/spamassassin/
+	cp debian/copyright				debian/spamassassin/usr/share/doc/spamassassin/
 	cp debian/spamassassin.README.Debian		debian/spamassassin/usr/share/doc/spamassassin/README.Debian
 	cp CREDITS README TRADEMARK UPGRADE USAGE NOTICE 	debian/spamassassin/usr/share/doc/spamassassin/
 	cp ldap/README 					debian/spamassassin/usr/share/doc/spamassassin/README.ldap
diff -Nru spamassassin-3.3.2/debian/spamassassin.postinst spamassassin-3.3.2/debian/spamassassin.postinst
--- spamassassin-3.3.2/debian/spamassassin.postinst	2012-06-13 22:58:26.000000000 -0700
+++ spamassassin-3.3.2/debian/spamassassin.postinst	2012-08-11 10:32:43.000000000 -0700
@@ -16,6 +16,8 @@
         if ! getent passwd debian-spamd > /dev/null ; then
             adduser --system --group --shell /bin/sh --disabled-password \
                 --home /var/lib/spamassassin debian-spamd
+        else
+            mkdir -p /var/lib/spamassassin
         fi
         # Fix permissions of spamassassin; A no-op on new installs, lets 
         # debian-spamd claim ownership of spamassassin updates on upgrades.
@@ -26,7 +28,7 @@
         install -d -o debian-spamd -g debian-spamd -m 700 /var/lib/spamassassin/sa-update-keys
 
     su debian-spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys \
-        --import /usr/share/doc/spamassassin/GPG.KEY"
+        --import /usr/share/spamassassin/GPG.KEY"
 
     sa_compile
 fi

Attachment: signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

• To: Noah Meyerhans <noahm@debian.org>, 686058-done@bugs.debian.org
• Subject: Re: Bug#686058: unblock: spamassassin/3.3.2-4
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Tue, 28 Aug 2012 19:15:50 +0100
• Message-id: <1346177750.22131.0.camel@jacala.jungle.funky-badger.org>
• In-reply-to: <[🔎] 20120828051447.GA30454@morgul.net>
• References: <[🔎] 20120828051447.GA30454@morgul.net>

On Mon, 2012-08-27 at 22:15 -0700, Noah Meyerhans wrote:
> Please unblock package spamassassin
> 
> spamassassin 3.3.2-4 fixes two r-c packaging bugs and also incorporates
> a fix from upstream that causes spamassassin to fail to properly process
> certain (potentially intentionally) malformed messages. Details of these
> bugs:
> 
> 683431: spamassassin depends on /usr/share/doc/spamassassin/GPG.KEY, in
> violation of policy §12.3.
> 
> 684373: spamassassin doesn't re-create /var/lib/spamassassin upon
> re-install after purge.
> 
> 684709: the last line of malformed MIME messages is ignored

Unblocked; thanks.

Regards,

Adam

--- End Message ---