Bug#912198: stretch-pu: package spamassassin/3.4.2-1~deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Upstream released spamassassin 3.4.2 last month including fixes for
several security issues. Unfortunately, upstream developers have
indicated that the would not recommend, nor would they support, efforts
to backport these fixes to 3.4.1. In an apparent attempt at keeping the
details of the issues private while they worked on them, they did not
indicate which bugs were fixed with specific commits, and have indicated
that the fixes have been spread across many commits, many of which may
be relative to additional changes not in 3.4.1. The specifics of the
issues, and their repros (if any) have not been made public.
After discussions with upstream and with the security team, we decided
that the best course of action would be to forgo a DSA for these issues,
but otherwise accept upstream's recommendation and update to 3.4.2 in
stretch via p-u. In addition to the security issues fixed in 3.4.2, it
also switches from sha1 to sha256 and/or sha512 for validation of rule
updates downloaded by sa-update, which is a change we'll need if we want
sa-update to keep working when they stop publishing sha1 signatures at
some point in the next several months.
I have prepared an upload for stretch that is a backport of the 3.4.2-1
package currently in testing. The changelog entries from 3.4.1-6 to
3.4.2-1~deb9u1 are below. Note that stretch currently contains
3.4.1-6+deb9u1. The changes in that version are included in the 3.4.1-7
entry in the backport.
The debdiff for the debian/ subdirectory is attached. I pruned the
upstream changes, since they result in a large diff, but can provide
them if you want.
spamassassin (3.4.2-1~deb9u1) stretch; urgency=high
* New upstream release fixes multiple security vulnerabilities
- CVE-2017-15705: Denial of service issue in which certain unclosed
tags in emails cause markup to be handled incorrectly leading to
scan timeouts. (Closes: 908969)
- CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
script.
- CVE-2018-11780: potential Remote Code Execution bug with the
PDFInfo plugin. (Closes: 908970)
- CVE-2018-11781: local user code injection in the meta rule syntax.
(Closes: 908971)
- BayesStore: bayes_expire table grows, remove_running_expire_tok not
called (Closes: 883775)
- Fix use of uninitialized variable warning in PDFInfo.pm
(Closes: 865924)
- Fix "failed to parse plugin" error in
Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
* Don't recursively chown /var/lib/spamassassin during postinst.
(Closes: 889501)
* Reload spamd after compiling rules in sa-compile.postinst.
* Update SysV init script to cope with upstream's change to $0.
* Remove compiled rules upon removal of the sa-compile package.
* Ensure that /var/lib/spamassassin/compiled doesn't change modes with
the cron job's execution. (Closes: 890650)
* Create /var/lib/spamassassin via dpkg, rather than the postinst.
(Closes: 891833)
* Add libbsd-resource-perl to Suggests (Closes: 910434)
-- Noah Meyerhans <noahm@debian.org> Sun, 30 Sep 2018 23:44:58 -0700
spamassassin (3.4.1-8) unstable; urgency=medium
* Fix inappropriate invocation of invoke-rc.d in cron script.
(Closes: 865514)
* Update systemd unit dependencies to include network and syslog.
(Closes: 864810)
* Migrate packaging to git, finally.
* Apply upstream patch to fix regex error leading to warnings in perl
5.26+ (Closes: 869408)
* Add Multi-Arch: foreign headers to package definitions (Closes:
#850454)
* Update standards version to 4.1.0.0
* Remove references to the obsolete syslog.target dependency in the
systemd service file.
* Clarify the use of the perl-major-upgrade dpkg trigger.
* Fix spamd service management on package upgrades. (Closes: #865356)
-- Noah Meyerhans <noahm@debian.org> Sat, 09 Sep 2017 22:37:20 -0700
spamassassin (3.4.1-7) unstable; urgency=medium
* Ensure that spamd doesn't automatically start upon initial
installation.
* Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as
it requires users to register. (Closes: #861671)
* Update the systemd unit file to use the same pid file as was
used in the sysvinit script. (Closes: #808804)
* Update spamassassin docs to remove outdated gpg version
compatibility note. (Closes: #853913)
-- Noah Meyerhans <noahm@debian.org> Thu, 11 May 2017 19:45:36 -0700
diff -Nru spamassassin-3.4.1/debian/65_debian.cf spamassassin-3.4.2/debian/65_debian.cf
--- spamassassin-3.4.1/debian/65_debian.cf 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/65_debian.cf 2018-09-30 23:44:58.000000000 -0700
@@ -25,3 +25,10 @@
meta D_SENT_BY_CRON __CRON_FROM && __CRON_HEADER
score D_SENT_BY_CRON -5.0
describe D_SENT_BY_CRON Sent by Cron Daemon
+
+# As documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861671,
+# the bb.barracudacentral.org blacklist requires users to register, making it
+# unsuitable for use in the default configuration. If you've registered your
+# use of this blacklist, remove the following line in order to re-activate
+# this service:
+score RCVD_IN_BRBL_LASTEXT 0
diff -Nru spamassassin-3.4.1/debian/changelog spamassassin-3.4.2/debian/changelog
--- spamassassin-3.4.1/debian/changelog 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/changelog 2018-09-30 23:44:58.000000000 -0700
@@ -1,3 +1,66 @@
+spamassassin (3.4.2-1~deb9u1) stretch; urgency=high
+
+ * New upstream release fixes multiple security vulnerabilities
+ - CVE-2017-15705: Denial of service issue in which certain unclosed
+ tags in emails cause markup to be handled incorrectly leading to
+ scan timeouts. (Closes: 908969)
+ - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
+ script.
+ - CVE-2018-11780: potential Remote Code Execution bug with the
+ PDFInfo plugin. (Closes: 908970)
+ - CVE-2018-11781: local user code injection in the meta rule syntax.
+ (Closes: 908971)
+ - BayesStore: bayes_expire table grows, remove_running_expire_tok not
+ called (Closes: 883775)
+ - Fix use of uninitialized variable warning in PDFInfo.pm
+ (Closes: 865924)
+ - Fix "failed to parse plugin" error in
+ Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
+ * Don't recursively chown /var/lib/spamassassin during postinst.
+ (Closes: 889501)
+ * Reload spamd after compiling rules in sa-compile.postinst.
+ * Update SysV init script to cope with upstream's change to $0.
+ * Remove compiled rules upon removal of the sa-compile package.
+ * Ensure that /var/lib/spamassassin/compiled doesn't change modes with
+ the cron job's execution. (Closes: 890650)
+ * Create /var/lib/spamassassin via dpkg, rather than the postinst.
+ (Closes: 891833)
+ * Add libbsd-resource-perl to Suggests (Closes: 910434)
+
+ -- Noah Meyerhans <noahm@debian.org> Sun, 30 Sep 2018 23:44:58 -0700
+
+spamassassin (3.4.1-8) unstable; urgency=medium
+
+ * Fix inappropriate invocation of invoke-rc.d in cron script.
+ (Closes: 865514)
+ * Update systemd unit dependencies to include network and syslog.
+ (Closes: 864810)
+ * Migrate packaging to git, finally.
+ * Apply upstream patch to fix regex error leading to warnings in perl
+ 5.26+ (Closes: 869408)
+ * Add Multi-Arch: foreign headers to package definitions (Closes:
+ #850454)
+ * Update standards version to 4.1.0.0
+ * Remove references to the obsolete syslog.target dependency in the
+ systemd service file.
+ * Clarify the use of the perl-major-upgrade dpkg trigger.
+ * Fix spamd service management on package upgrades. (Closes: #865356)
+
+ -- Noah Meyerhans <noahm@debian.org> Sat, 09 Sep 2017 22:37:20 -0700
+
+spamassassin (3.4.1-7) unstable; urgency=medium
+
+ * Ensure that spamd doesn't automatically start upon initial
+ installation.
+ * Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as
+ it requires users to register. (Closes: #861671)
+ * Update the systemd unit file to use the same pid file as was
+ used in the sysvinit script. (Closes: #808804)
+ * Update spamassassin docs to remove outdated gpg version
+ compatibility note. (Closes: #853913)
+
+ -- Noah Meyerhans <noahm@debian.org> Thu, 11 May 2017 19:45:36 -0700
+
spamassassin (3.4.1-6) unstable; urgency=medium
* Import upstream fix for spamassassin bug 7226: Enhance whitelist_from_dkim
diff -Nru spamassassin-3.4.1/debian/control spamassassin-3.4.2/debian/control
--- spamassassin-3.4.1/debian/control 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/control 2018-09-30 23:44:58.000000000 -0700
@@ -3,15 +3,17 @@
Priority: optional
Maintainer: Noah Meyerhans <noahm@debian.org>
Build-Depends: debhelper, perl, libssl-dev, libhtml-parser-perl,
- libnet-dns-perl, libnetaddr-ip-perl, dh-systemd, libberkeleydb-perl, netbase
-Standards-Version: 3.9.8
-Homepage: http://www.spamassassin.org/
-Vcs-Svn: svn://anonscm.debian.org/collab-maint/deb-maint/spamassassin
-Vcs-Browser: http://svn.debian.org/viewsvn/collab-maint/deb-maint/spamassassin
+ libnet-dns-perl, libnetaddr-ip-perl, debhelper (>= 9.20160709),
+ libberkeleydb-perl, netbase
+Standards-Version: 4.1.0.0
+Homepage: https://www.spamassassin.org/
+Vcs-Git: https://salsa.debian.org/debian/spamassassin.git
+Vcs-Browser: https://salsa.debian.org/debian/spamassassin
XS-Testsuite: autopkgtest
Package: spamassassin
Architecture: all
+Multi-Arch: foreign
Depends: perl, libhtml-parser-perl, libsocket6-perl, adduser,
libsys-hostname-long-perl, libarchive-tar-perl, libnet-dns-perl,
libnetaddr-ip-perl, libhttp-date-perl, libmail-dkim-perl,
@@ -20,7 +22,7 @@
libsys-syslog-perl, gnupg, libio-socket-inet6-perl
Suggests: razor, libio-socket-ssl-perl, libdbi-perl, pyzor,
libcompress-zlib-perl, libencode-detect-perl,
- libgeo-ip-perl, libnet-patricia-perl
+ libgeo-ip-perl, libnet-patricia-perl, libbsd-resource-perl
Provides: libmail-spamassassin-perl
Description: Perl-based spam filter using text analysis
SpamAssassin is a very powerful and fully configurable spam filter
@@ -36,6 +38,7 @@
Package: spamc
Architecture: any
+Multi-Arch: foreign
Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: spamassassin
Description: Client for SpamAssassin spam filtering daemon
@@ -51,6 +54,7 @@
Package: sa-compile
Architecture: all
+Multi-Arch: foreign
Enhances: spamassassin
Depends: spamassassin, re2c, gcc, libc6-dev, make, ${misc:Depends}
Description: Tools for compiling SpamAssassin rules into C
diff -Nru spamassassin-3.4.1/debian/patches/10_change_config_paths spamassassin-3.4.2/debian/patches/10_change_config_paths
--- spamassassin-3.4.1/debian/patches/10_change_config_paths 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/10_change_config_paths 2018-09-30 23:44:58.000000000 -0700
@@ -1,7 +1,7 @@
-Index: spamassassin-3.4.1/INSTALL
+Index: spamassassin-3.4.2/INSTALL
===================================================================
---- spamassassin-3.4.1.orig/INSTALL
-+++ spamassassin-3.4.1/INSTALL
+--- spamassassin-3.4.2.orig/INSTALL
++++ spamassassin-3.4.2/INSTALL
@@ -462,7 +462,7 @@ version is too low for them to be used.
perl interpreter. Version 2.83 or later fixes this.
@@ -11,10 +11,10 @@
What Next?
-Index: spamassassin-3.4.1/README
+Index: spamassassin-3.4.2/README
===================================================================
---- spamassassin-3.4.1.orig/README
-+++ spamassassin-3.4.1/README
+--- spamassassin-3.4.2.orig/README
++++ spamassassin-3.4.2/README
@@ -114,13 +114,13 @@ default locations that Apache SpamAssass
not modify these, as they are overwritten when you run
"sa-update".
@@ -57,11 +57,11 @@
just a template, which will be copied to a user's home directory
for them to change.
-Index: spamassassin-3.4.1/UPGRADE
+Index: spamassassin-3.4.2/UPGRADE
===================================================================
---- spamassassin-3.4.1.orig/UPGRADE
-+++ spamassassin-3.4.1/UPGRADE
-@@ -152,7 +152,7 @@ Note for Users Upgrading to SpamAssassin
+--- spamassassin-3.4.2.orig/UPGRADE
++++ spamassassin-3.4.2/UPGRADE
+@@ -253,7 +253,7 @@ Note for Users Upgrading to SpamAssassin
perldoc Mail::SpamAssassin::Plugin::* (ie AWL, DCC, etc)
- There are now multiple files read to enable plugins in the
@@ -70,7 +70,7 @@
read. Now both "init.pre", "v310.pre", and any other files ending
in ".pre" will be read. As future releases are made, new plugins
will be added to new files named according to the release they're
-@@ -310,7 +310,7 @@ Note for Users Upgrading to SpamAssassin
+@@ -411,7 +411,7 @@ Note for Users Upgrading to SpamAssassin
- If you are using a UNIX machine with all database files on local disks,
and no sharing of those databases across NFS filesystems, you can use a
more efficient, but non-NFS-safe, locking mechanism. Do this by adding
@@ -79,10 +79,10 @@
file. This is strongly recommended if you're not using NFS, as it is
much faster than the NFS-safe locker.
-Index: spamassassin-3.4.1/USAGE
+Index: spamassassin-3.4.2/USAGE
===================================================================
---- spamassassin-3.4.1.orig/USAGE
-+++ spamassassin-3.4.1/USAGE
+--- spamassassin-3.4.2.orig/USAGE
++++ spamassassin-3.4.2/USAGE
@@ -117,7 +117,7 @@ Other Installation Notes
CPU-intensive task before they can send mail to you, so we give that
some bonus points. However, it requires that you list what addresses
@@ -109,10 +109,10 @@
override these files.
-Index: spamassassin-3.4.1/ldap/README
+Index: spamassassin-3.4.2/ldap/README
===================================================================
---- spamassassin-3.4.1.orig/ldap/README
-+++ spamassassin-3.4.1/ldap/README
+--- spamassassin-3.4.2.orig/ldap/README
++++ spamassassin-3.4.2/ldap/README
@@ -13,7 +13,7 @@ therefore, the only way to have their ow
database or LDAP server.
@@ -122,10 +122,10 @@
user_scores_dsn ldap://host:port/dc=basedn,dc=de?attr?scope?uid=__USERNAME__
user_scores_ldap_username bind dn
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf.pm
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Conf.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
@@ -40,7 +40,7 @@ Mail::SpamAssassin::Conf - SpamAssassin
=head1 DESCRIPTION
@@ -135,7 +135,7 @@
directories.
The following web page lists the most important configuration settings
-@@ -2619,7 +2619,7 @@ If this option is set to 1 and the messa
+@@ -2673,7 +2673,7 @@ If this option is set to 1 and the messa
These settings differ from the ones above, in that they are considered
'privileged'. Only users running C<spamassassin> from their procmailrc's or
@@ -144,10 +144,10 @@
use them. C<spamd> users cannot use them in their C<user_prefs> files, for
security and efficiency reasons, unless C<allow_user_rules> is enabled (and
then, they may only add rules from below).
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/Test.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/Test.pm
===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/Test.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/Test.pm
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Plugin/Test.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/Test.pm
@@ -27,7 +27,7 @@ Test - test plugin
=head1 DESCRIPTION
@@ -157,10 +157,10 @@
=cut
-Index: spamassassin-3.4.1/lib/spamassassin-run.pod
+Index: spamassassin-3.4.2/lib/spamassassin-run.pod
===================================================================
---- spamassassin-3.4.1.orig/lib/spamassassin-run.pod
-+++ spamassassin-3.4.1/lib/spamassassin-run.pod
+--- spamassassin-3.4.2.orig/lib/spamassassin-run.pod
++++ spamassassin-3.4.2/lib/spamassassin-run.pod
@@ -41,7 +41,7 @@ Options:
-p prefs, --prefspath=file, --prefs-file=file
Set user preferences file
@@ -179,10 +179,10 @@
=item B<--cf='config line'>
-Index: spamassassin-3.4.1/rules/user_prefs.template
+Index: spamassassin-3.4.2/rules/user_prefs.template
===================================================================
---- spamassassin-3.4.1.orig/rules/user_prefs.template
-+++ spamassassin-3.4.1/rules/user_prefs.template
+--- spamassassin-3.4.2.orig/rules/user_prefs.template
++++ spamassassin-3.4.2/rules/user_prefs.template
@@ -5,7 +5,7 @@
#* directory. At runtime, if a user has no preferences in their home directory
#* already, it will be copied for them, allowing them to perform personalised
@@ -192,20 +192,20 @@
###########################################################################
# How many points before a mail is considered spam.
-Index: spamassassin-3.4.1/sa-compile.raw
+Index: spamassassin-3.4.2/sa-compile.raw
===================================================================
---- spamassassin-3.4.1.orig/sa-compile.raw
-+++ spamassassin-3.4.1/sa-compile.raw
-@@ -675,7 +675,7 @@ Options:
+--- spamassassin-3.4.2.orig/sa-compile.raw
++++ spamassassin-3.4.2/sa-compile.raw
+@@ -678,7 +678,7 @@ Options:
-p prefs, --prefspath=file, --prefs-file=file
Set user preferences file
--siteconfigpath=path Path for site configs
-- (default: /etc/mail/spamassassin)
-+ (default: /etc/spamassassin)
+- (default: @@PREFIX@@/etc/mail/spamassassin)
++ (default: @@PREFIX@@/etc/spamassassin)
--updatedir=path Directory to place updates
(default: @@LOCAL_STATE_DIR@@/compiled/<perlversion>/@@VERSION@@)
--cf='config line' Additional line of configuration
-@@ -740,7 +740,7 @@ Ignore the default directories (usually
+@@ -743,7 +743,7 @@ Ignore the default directories (usually
=item B<--siteconfigpath>=I<path>
Use the specified path for locating site-specific configuration files. Ignore
@@ -214,20 +214,20 @@
=item B<--updatedir>
-Index: spamassassin-3.4.1/sa-learn.raw
+Index: spamassassin-3.4.2/sa-learn.raw
===================================================================
---- spamassassin-3.4.1.orig/sa-learn.raw
-+++ spamassassin-3.4.1/sa-learn.raw
-@@ -653,7 +653,7 @@ Options:
+--- spamassassin-3.4.2.orig/sa-learn.raw
++++ spamassassin-3.4.2/sa-learn.raw
+@@ -655,7 +655,7 @@ Options:
-p prefs, --prefspath=file, --prefs-file=file
Set user preferences file
--siteconfigpath=path Path for site configs
-- (default: /etc/mail/spamassassin)
-+ (default: /etc/spamassassin)
+- (default: @@PREFIX@@/etc/mail/spamassassin)
++ (default: @@PREFIX@@/etc/spamassassin)
--cf='config line' Additional line of configuration
-D, --debug [area=n,...] Print debugging messages
-V, --version Print version
-@@ -810,7 +810,7 @@ Ignore the default directories (usually
+@@ -815,7 +815,7 @@ Ignore the default directories (usually
=item B<--siteconfigpath>=I<path>
Use the specified path for locating site-specific configuration files. Ignore
@@ -236,11 +236,11 @@
=item B<--cf='config line'>
-Index: spamassassin-3.4.1/spamc/spamc.pod
+Index: spamassassin-3.4.2/spamc/spamc.pod
===================================================================
---- spamassassin-3.4.1.orig/spamc/spamc.pod
-+++ spamassassin-3.4.1/spamc/spamc.pod
-@@ -278,8 +278,8 @@ any settings in the configuration file.
+--- spamassassin-3.4.2.orig/spamc/spamc.pod
++++ spamassassin-3.4.2/spamc/spamc.pod
+@@ -288,8 +288,8 @@ any settings in the configuration file.
If the B<-F> switch is specified, that file will be used. Otherwise,
C<spamc> will attempt to load spamc.conf in C<SYSCONFDIR> (default:
@@ -251,10 +251,10 @@
Example:
-Index: spamassassin-3.4.1/spamd/README
+Index: spamassassin-3.4.2/spamd/README
===================================================================
---- spamassassin-3.4.1.orig/spamd/README
-+++ spamassassin-3.4.1/spamd/README
+--- spamassassin-3.4.2.orig/spamd/README
++++ spamassassin-3.4.2/spamd/README
@@ -105,7 +105,7 @@ The Bayesian Classifier
If you plan to use Bayesian classification (the BAYES rules) with spamd,
you will need to either
@@ -264,10 +264,10 @@
tokens, by setting the 'bayes_path' setting to a path all users can read
and write to. You will also need to set the 'bayes_file_mode' setting
to 0666 so that created files are shared, too.
-Index: spamassassin-3.4.1/spamd/README.vpopmail
+Index: spamassassin-3.4.2/spamd/README.vpopmail
===================================================================
---- spamassassin-3.4.1.orig/spamd/README.vpopmail
-+++ spamassassin-3.4.1/spamd/README.vpopmail
+--- spamassassin-3.4.2.orig/spamd/README.vpopmail
++++ spamassassin-3.4.2/spamd/README.vpopmail
@@ -43,7 +43,7 @@ then their user_prefs would be stored in
/home/vpopmail/domains/somedomain.net/4/userid/.spamassassin/user_prefs
@@ -277,11 +277,11 @@
future enhancement would be to add the capability to have personal AWL db.
6. Of course vpopmail must have the seekable patch installed (see
-Index: spamassassin-3.4.1/spamd/spamd.raw
+Index: spamassassin-3.4.2/spamd/spamd.raw
===================================================================
---- spamassassin-3.4.1.orig/spamd/spamd.raw
-+++ spamassassin-3.4.1/spamd/spamd.raw
-@@ -3310,7 +3310,7 @@ Ignore the default directories (usually
+--- spamassassin-3.4.2.orig/spamd/spamd.raw
++++ spamassassin-3.4.2/spamd/spamd.raw
+@@ -3352,7 +3352,7 @@ Ignore the default directories (usually
=item B<--siteconfigpath>=I<path>
Use the specified path for locating site-specific configuration files. Ignore
@@ -290,10 +290,10 @@
=item B<--cf='config line'>
-Index: spamassassin-3.4.1/sql/README
+Index: spamassassin-3.4.2/sql/README
===================================================================
---- spamassassin-3.4.1.orig/sql/README
-+++ spamassassin-3.4.1/sql/README
+--- spamassassin-3.4.2.orig/sql/README
++++ spamassassin-3.4.2/sql/README
@@ -18,7 +18,7 @@ In addition, any config options marked a
SQL preferences.
@@ -303,10 +303,10 @@
user_scores_dsn DBI:driver:connection
user_scores_sql_username dbusername
-Index: spamassassin-3.4.1/sql/README.awl
+Index: spamassassin-3.4.2/sql/README.awl
===================================================================
---- spamassassin-3.4.1.orig/sql/README.awl
-+++ spamassassin-3.4.1/sql/README.awl
+--- spamassassin-3.4.2.orig/sql/README.awl
++++ spamassassin-3.4.2/sql/README.awl
@@ -15,7 +15,7 @@ so:
auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
@@ -316,10 +316,10 @@
user_awl_dsn DBI:driver:database:hostname[:port]
user_awl_sql_username dbusername
-Index: spamassassin-3.4.1/t/data/testplugin.pm
+Index: spamassassin-3.4.2/t/data/testplugin.pm
===================================================================
---- spamassassin-3.4.1.orig/t/data/testplugin.pm
-+++ spamassassin-3.4.1/t/data/testplugin.pm
+--- spamassassin-3.4.2.orig/t/data/testplugin.pm
++++ spamassassin-3.4.2/t/data/testplugin.pm
@@ -1,6 +1,6 @@
=head1 testplugin.pm
diff -Nru spamassassin-3.4.1/debian/patches/20_edit_spamc_pod spamassassin-3.4.2/debian/patches/20_edit_spamc_pod
--- spamassassin-3.4.1/debian/patches/20_edit_spamc_pod 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/20_edit_spamc_pod 2018-09-30 23:44:58.000000000 -0700
@@ -1,8 +1,8 @@
-Index: spamassassin-3.4.0-rc5/spamc/spamc.pod
+Index: spamassassin-3.4.2-pre3/spamc/spamc.pod
===================================================================
---- spamassassin-3.4.0-rc5.orig/spamc/spamc.pod 2014-02-10 21:35:08.896487637 -0800
-+++ spamassassin-3.4.0-rc5/spamc/spamc.pod 2014-02-10 21:35:58.860735402 -0800
-@@ -331,7 +331,7 @@
+--- spamassassin-3.4.2-pre3.orig/spamc/spamc.pod
++++ spamassassin-3.4.2-pre3/spamc/spamc.pod
+@@ -341,7 +341,7 @@ The exit codes used are as follows:
=head1 SEE ALSO
diff -Nru spamassassin-3.4.1/debian/patches/30_edit_README spamassassin-3.4.2/debian/patches/30_edit_README
--- spamassassin-3.4.1/debian/patches/30_edit_README 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/30_edit_README 1969-12-31 16:00:00.000000000 -0800
@@ -1,16 +0,0 @@
-Index: spamassassin-3.4.1/README
-===================================================================
---- spamassassin-3.4.1.orig/README
-+++ spamassassin-3.4.1/README
-@@ -132,11 +132,6 @@ default locations that Apache SpamAssass
- If the files exist in /etc/spamassassin, they will not
- be overwritten during future installs.
-
-- - /usr/share/spamassassin/user_prefs.template:
--
-- Distributed default user preferences. Do not modify this, as it is
-- overwritten when you upgrade.
--
- - /etc/spamassassin/user_prefs.template:
-
- Default user preferences, for system admins to create, modify, and
diff -Nru spamassassin-3.4.1/debian/patches/90_pod_cleanup spamassassin-3.4.2/debian/patches/90_pod_cleanup
--- spamassassin-3.4.1/debian/patches/90_pod_cleanup 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/90_pod_cleanup 2018-09-30 23:44:58.000000000 -0700
@@ -1,8 +1,8 @@
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf.pm
-@@ -3931,7 +3931,7 @@ This option gives the password used by t
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Conf.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
+@@ -3994,7 +3994,7 @@ This option gives the password used by t
Whether to call the services_authorized_for_username plugin hook in BayesSQL.
If the hook does not determine that the user is allowed to use bayes or is
@@ -11,66 +11,20 @@
NOTE: By default the user is considered invalid until a plugin returns
a true value. If you enable this, but do not have a proper plugin
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DCC.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DCC.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DCC.pm
-@@ -1088,3 +1088,4 @@ sub plugin_report {
- }
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
+@@ -17,7 +17,7 @@
- 1;
-+
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DNSEval.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DNSEval.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DNSEval.pm
-@@ -328,6 +328,7 @@ This checks all the from addrs domain na
- =back
-
- =cut
-+
- sub check_rbl_from_domain {
- my ($self, $pms, $rule, $set, $rbl_server, $subtest) = @_;
- _check_rbl_addresses($self, $pms, $rule, $set, $rbl_server, $subtest, $_[1]->all_from_addrs_domains());
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
-@@ -15,6 +15,25 @@
- # limitations under the License.
- # </@LICENSE>
+ =head1 NAME
-+=head1 NAME
-+
-+Mail::SpamAssassin::Plugin::MIMEEval - perform MIME sanity tests of messages
-+
-+=head1 SYNOPSIS
-+
-+ loadplugin Mail::SpamAssassin::Plugin::MIMEEval
-+
-+ body MULTIPART_ALT_NON_TEXT eval:check_ma_non_text()
-+
-+ body MIME_HTML_ONLY eval:check_for_mime_html_only()
-+ describe MIME_HTML_ONLY Message only has text/html MIME parts
-+
-+=head1 DESCRIPTION
-+
-+Utility functions for examining various MIME encoded message components.
-+
-+=cut
-+
- package Mail::SpamAssassin::Plugin::MIMEEval;
-
- use strict;
-@@ -69,6 +88,7 @@ sub are_more_high_bits_set {
+-MIMEEval - perform various tests against MIME structure and body
++Mail::SpamAssassin::Plugin::MIMEEval - perform various tests against MIME structure and body
- ($numlos <= $numhis && $numhis > 3);
- }
-+
- =over 4
+ =head1 SYNOPSIS
- =item has_check_for_ascii_text_illegal
-@@ -148,6 +168,31 @@ sub check_for_faraway_charset {
+@@ -175,6 +175,31 @@ sub check_for_faraway_charset {
0;
}
@@ -80,8 +34,8 @@
+
+Use in rules such as:
+
-+ rawbody MIME_BASE64_BLANKS eval:check_for_mime('mime_base64_blanks')
-+ describe MIME_BASE64_BLANKS Extra blank lines in base64 encoding
++ rawbody MIME_BASE64 eval:check_for_mime('mime_base64_count')
++ describe MIME_BASE64 Includes a base64 attachment
+
+ mime_base64_count
+ mime_base64_encoded_text
@@ -102,7 +56,7 @@
sub check_for_mime {
my ($self, $pms, undef, $test) = @_;
-@@ -166,7 +211,12 @@ sub check_for_mime_html {
+@@ -193,7 +218,12 @@ sub check_for_mime_html {
return ($pms->{mime_body_html_count} > 0);
}
@@ -116,19 +70,3 @@
sub check_for_mime_html_only {
my ($self, $pms) = @_;
-@@ -474,6 +524,7 @@ sub _check_attachments {
- Adds capability check for "if can()" for check_qp_ratio
-
- =cut
-+
- sub has_check_qp_ratio { 1 }
-
- =item check_qp_ratio
-@@ -484,6 +535,7 @@ quoted printable to total bytes in an em
- =back
-
- =cut
-+
- sub check_qp_ratio {
- my ($self, $pms, undef, $min) = @_;
-
diff -Nru spamassassin-3.4.1/debian/patches/97_bug720499-pod-5.18 spamassassin-3.4.2/debian/patches/97_bug720499-pod-5.18
--- spamassassin-3.4.1/debian/patches/97_bug720499-pod-5.18 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/97_bug720499-pod-5.18 1969-12-31 16:00:00.000000000 -0800
@@ -1,33 +0,0 @@
-Description: fix POD errors with perl 5.18
- Wrap number-like items in C<>, to avoid parser complains
-Author: Damyan Ivanov <dmn@debian.org>
-Bug-Debian: http://bugs.debian.org/720499
-
---- a/sa-check_spamd.raw
-+++ b/sa-check_spamd.raw
-@@ -424,21 +424,21 @@ exiting with one of these values:
-
- =over 4
-
--=item 0
-+=item C<0>
-
- OK: A spamd ping response was received within all threshold times.
-
--=item 1
-+=item C<1>
-
- WARNING: A spamd ping response exceeded the warning threshold but not the
- critical threshold.
-
--=item 2
-+=item C<2>
-
- CRITICAL: A spamd ping response exceeded either the critical threshold or the
- timeout value.
-
--=item 3
-+=item C<3>
-
- UNKNOWN: An error, probably caused by a missing dependency or an invalid
- configuration parameter being supplied, occurred in the sa-check_spamd program.
diff -Nru spamassassin-3.4.1/debian/patches/98_sa-compile-quiet spamassassin-3.4.2/debian/patches/98_sa-compile-quiet
--- spamassassin-3.4.1/debian/patches/98_sa-compile-quiet 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/98_sa-compile-quiet 2018-09-30 23:44:58.000000000 -0700
@@ -1,8 +1,8 @@
-Index: spamassassin-3.4.0~rc5/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
===================================================================
---- spamassassin-3.4.0~rc5.orig/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm 2014-01-11 09:13:23.000000000 -0800
-+++ spamassassin-3.4.0~rc5/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm 2014-02-14 21:34:59.109796791 -0800
-@@ -192,7 +192,8 @@
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
+@@ -191,7 +191,8 @@ NEXT_RULE:
dbg("zoom: giving up on regexp: $eval_stat");
};
diff -Nru spamassassin-3.4.1/debian/patches/bug_760277_net_dns_URIDNSBL spamassassin-3.4.2/debian/patches/bug_760277_net_dns_URIDNSBL
--- spamassassin-3.4.1/debian/patches/bug_760277_net_dns_URIDNSBL 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_760277_net_dns_URIDNSBL 1969-12-31 16:00:00.000000000 -0800
@@ -1,34 +0,0 @@
-Description: Fix uninitialized values in URIDNSBL.pm with Net::DNS 1.01
-Origin: upstream, https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm?r1=1676616&r2=1694126&pathrev=1694126&view=patch
-Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7231
-Bug-Debian: https://bugs.debian.org/760277
-Last-Update: 2016-09-29
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
-+++ b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
-@@ -942,9 +942,8 @@
- next unless (defined($str) && defined($dom));
- dbg("uridnsbl: got($j) NS for $dom: $str");
-
-- if ($str =~ /IN\s+NS\s+(\S+)/) {
-- my $nsmatch = lc $1;
-- $nsmatch =~ s/\.$//;
-+ if ($rr->type eq 'NS') {
-+ my $nsmatch = lc $rr->nsdname; # available since at least Net::DNS 0.14
- my $nsrhblstr = $nsmatch;
- my $fullnsrhblstr = $nsmatch;
-
-@@ -1025,9 +1024,9 @@
- }
- dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
-
-- local $1;
-- if ($str =~ /IN\s+A\s+(\S+)/) {
-- $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
-+ if ($rr->type eq 'A') {
-+ my $ip_address = $rr->rdatastr;
-+ $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
- }
- }
- }
diff -Nru spamassassin-3.4.1/debian/patches/bug_766718-net-dns-vers spamassassin-3.4.2/debian/patches/bug_766718-net-dns-vers
--- spamassassin-3.4.1/debian/patches/bug_766718-net-dns-vers 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_766718-net-dns-vers 2018-09-30 23:44:58.000000000 -0700
@@ -1,9 +1,16 @@
-Improve Net::DNS package version checks. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766718
-Index: spamassassin-3.4.0/lib/Mail/SpamAssassin/Dns.pm
+Description: Improve Net::DNS package version checks.
+ This isn't strictly necessary right now, but does make version checks more
+ robust and should be forwarded upstream. In multiple places, spamassassin
+ contains tests against $Net::DNS::VERSION that assume the value is numeric. It
+ is not guaranteed to be numeric, and in cases where it isn't the tests trigger
+ warnings.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766718
+Forwarded: no
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Dns.pm
===================================================================
---- spamassassin-3.4.0.orig/lib/Mail/SpamAssassin/Dns.pm 2014-02-07 00:36:28.000000000 -0800
-+++ spamassassin-3.4.0/lib/Mail/SpamAssassin/Dns.pm 2014-11-14 13:38:27.515047348 -0800
-@@ -511,14 +511,15 @@
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Dns.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Dns.pm
+@@ -520,14 +520,15 @@ sub is_dns_available {
# Check version numbers - runtime check only
if (defined $Net::DNS::VERSION) {
@@ -21,18 +28,3 @@
warn("dns: Net::DNS version is $Net::DNS::VERSION, but need 0.34");
return $IS_DNS_AVAILABLE;
}
-Index: spamassassin-3.4.0/lib/Mail/SpamAssassin/Plugin/AskDNS.pm
-===================================================================
---- spamassassin-3.4.0.orig/lib/Mail/SpamAssassin/Plugin/AskDNS.pm 2014-02-07 00:36:27.000000000 -0800
-+++ spamassassin-3.4.0/lib/Mail/SpamAssassin/Plugin/AskDNS.pm 2014-11-14 14:07:51.671795329 -0800
-@@ -211,7 +211,9 @@
-
- $self->set_config($sa_main->{conf});
-
-- $txtdata_can_provide_a_list = Net::DNS->VERSION >= 0.69;
-+ use version 0.77;
-+ $txtdata_can_provide_a_list =
-+ version->parse(Net::DNS->VERSION) >= version->parse('0.69');
-
- return $self;
- }
diff -Nru spamassassin-3.4.1/debian/patches/bug_771408_perl_version spamassassin-3.4.2/debian/patches/bug_771408_perl_version
--- spamassassin-3.4.1/debian/patches/bug_771408_perl_version 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_771408_perl_version 1969-12-31 16:00:00.000000000 -0800
@@ -1,15 +0,0 @@
-upstream fix for bug #771408
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf/Parser.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
-@@ -536,6 +536,9 @@ sub handle_conditional {
- elsif ($token eq 'perl_version') {
- $eval .= $]." ";
- }
-+ elsif ($token eq 'perl_version') {
-+ $eval .= $]." ";
-+ }
- elsif ($token =~ /^\w[\w\:]+$/) { # class name
- my $u = untaint_var($token);
- $eval .= '"' . $u . '" ';
diff -Nru spamassassin-3.4.1/debian/patches/bug_821385_dnsresolver spamassassin-3.4.2/debian/patches/bug_821385_dnsresolver
--- spamassassin-3.4.1/debian/patches/bug_821385_dnsresolver 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_821385_dnsresolver 1969-12-31 16:00:00.000000000 -0800
@@ -1,18 +0,0 @@
-Origin: upstream, https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/DnsResolver.pm?r1=1691992&r2=1691991&pathrev=1691992&view=patch
-Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7223
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821385
-
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/DnsResolver.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/DnsResolver.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/DnsResolver.pm
-@@ -592,6 +592,9 @@ sub new_dns_packet {
- };
-
- if ($packet) {
-+ # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223
-+ $packet->header->rd(1);
-+
- # my $udp_payload_size = $self->{res}->udppacketsize;
- my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
- if ($udp_payload_size && $udp_payload_size > 512) {
diff -Nru spamassassin-3.4.1/debian/patches/bug_828552-openssl-1.1.0 spamassassin-3.4.2/debian/patches/bug_828552-openssl-1.1.0
--- spamassassin-3.4.1/debian/patches/bug_828552-openssl-1.1.0 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_828552-openssl-1.1.0 1969-12-31 16:00:00.000000000 -0800
@@ -1,453 +0,0 @@
-From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
-Date: Thu, 22 Sep 2016 11:19:42 +0000
-Subject: [PATCH] spamassassin: get it compiled against openssl 1.1.0
-
-CRYPTO_lock was part of the old locking API which got removed. I picked
-a different symbol.
-
-Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
----
- spamc/configure | 22 +++++++++++-----------
- spamc/configure.in | 2 +-
- 2 files changed, 12 insertions(+), 12 deletions(-)
-
-Index: spamassassin-3.4.1/spamc/configure
-===================================================================
---- spamassassin-3.4.1.orig/spamc/configure
-+++ spamassassin-3.4.1/spamc/configure
-@@ -943,7 +943,7 @@ esac
- else
- echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi
-- cd "$ac_popdir"
-+ cd $ac_popdir
- done
- fi
-
-@@ -1874,7 +1874,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -1932,7 +1933,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -2048,7 +2050,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -2102,7 +2105,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -2147,7 +2151,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -2191,7 +2196,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -2523,7 +2529,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -2693,7 +2700,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -2764,7 +2772,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -2917,7 +2926,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3069,7 +3079,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3260,7 +3271,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3323,7 +3335,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3388,7 +3401,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3491,7 +3505,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3557,7 +3572,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3628,7 +3644,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3666,9 +3683,9 @@ fi
- SSLLIBS=""
- SSLCFLAGS=""
- if test yes = "$sa_ssl_enabled"; then
-- echo "$as_me:$LINENO: checking for CRYPTO_lock in -lcrypto" >&5
--echo $ECHO_N "checking for CRYPTO_lock in -lcrypto... $ECHO_C" >&6
--if test "${ac_cv_lib_crypto_CRYPTO_lock+set}" = set; then
-+ echo "$as_me:$LINENO: checking for CRYPTO_malloc in -lcrypto" >&5
-+echo $ECHO_N "checking for CRYPTO_malloc in -lcrypto... $ECHO_C" >&6
-+if test "${ac_cv_lib_crypto_CRYPTO_malloc+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
- else
- ac_check_lib_save_LIBS=$LIBS
-@@ -3686,11 +3703,11 @@ extern "C"
- #endif
- /* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
--char CRYPTO_lock ();
-+char CRYPTO_malloc ();
- int
- main ()
- {
--CRYPTO_lock ();
-+CRYPTO_malloc ();
- ;
- return 0;
- }
-@@ -3704,7 +3721,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3716,20 +3734,20 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-- ac_cv_lib_crypto_CRYPTO_lock=yes
-+ ac_cv_lib_crypto_CRYPTO_malloc=yes
- else
- echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
--ac_cv_lib_crypto_CRYPTO_lock=no
-+ac_cv_lib_crypto_CRYPTO_malloc=no
- fi
- rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- LIBS=$ac_check_lib_save_LIBS
- fi
--echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_lock" >&5
--echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_lock" >&6
--if test $ac_cv_lib_crypto_CRYPTO_lock = yes; then
-+echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_malloc" >&5
-+echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_malloc" >&6
-+if test $ac_cv_lib_crypto_CRYPTO_malloc = yes; then
- SSLLIBS="-lcrypto $SSLLIBS"
- fi
-
-@@ -3771,7 +3789,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3804,7 +3823,7 @@ fi
- # before defining SPAMC_SSL check that all its requirements are
- # actually available
- if test yes = "$ac_cv_header_openssl_crypto_h" && \
-- test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \
-+ test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \
- test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then
- SSLCFLAGS="-DSPAMC_SSL"
- else
-@@ -3854,7 +3873,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -3927,7 +3947,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4000,7 +4021,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4073,7 +4095,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4182,7 +4205,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4246,7 +4270,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4311,7 +4336,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4368,7 +4394,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4435,7 +4462,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4500,7 +4528,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4564,7 +4593,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4628,7 +4658,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -4692,7 +4723,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
-- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
-@@ -5527,6 +5559,11 @@ esac
-
-
-
-+ if test x"$ac_file" != x-; then
-+ { echo "$as_me:$LINENO: creating $ac_file" >&5
-+echo "$as_me: creating $ac_file" >&6;}
-+ rm -f "$ac_file"
-+ fi
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
-@@ -5565,12 +5602,6 @@ echo "$as_me: error: cannot find input f
- fi;;
- esac
- done` || { (exit 1); exit 1; }
--
-- if test x"$ac_file" != x-; then
-- { echo "$as_me:$LINENO: creating $ac_file" >&5
--echo "$as_me: creating $ac_file" >&6;}
-- rm -f "$ac_file"
-- fi
- _ACEOF
- cat >>$CONFIG_STATUS <<_ACEOF
- sed "$ac_vpsub
-Index: spamassassin-3.4.1/spamc/configure.in
-===================================================================
---- spamassassin-3.4.1.orig/spamc/configure.in
-+++ spamassassin-3.4.1/spamc/configure.in
-@@ -64,13 +64,13 @@ AC_CHECK_LIB(socket, socket)
- SSLLIBS=""
- SSLCFLAGS=""
- if test yes = "$sa_ssl_enabled"; then
-- AC_CHECK_LIB(crypto, CRYPTO_lock,[SSLLIBS="-lcrypto $SSLLIBS"])
-+ AC_CHECK_LIB(crypto, CRYPTO_malloc,[SSLLIBS="-lcrypto $SSLLIBS"])
- AC_CHECK_LIB(ssl, SSL_CTX_free,[SSLLIBS="-lssl $SSLLIBS"],,-lcrypto)
-
- # before defining SPAMC_SSL check that all its requirements are
- # actually available
- if test yes = "$ac_cv_header_openssl_crypto_h" && \
-- test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \
-+ test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \
- test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then
- SSLCFLAGS="-DSPAMC_SSL"
- else
diff -Nru spamassassin-3.4.1/debian/patches/bug_835494_perl_INC spamassassin-3.4.2/debian/patches/bug_835494_perl_INC
--- spamassassin-3.4.1/debian/patches/bug_835494_perl_INC 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_835494_perl_INC 1969-12-31 16:00:00.000000000 -0800
@@ -1,13 +0,0 @@
-Index: spamassassin-3.4.1/spamc/configure.pl
-===================================================================
---- spamassassin-3.4.1.orig/spamc/configure.pl
-+++ spamassassin-3.4.1/spamc/configure.pl
-@@ -66,7 +66,7 @@ print join(' ', $Config{'perlpath'}, "ve
- # Do the same thing as for the preprocessor below.
- package version_h;
- my $Z = $0;
-- local $0 = "version.h.pl";
-+ local $0 = "./version.h.pl";
- local @ARGV = ();
- # Got to check for defined because the script returns shell error level!
- unless (defined do $0) {
diff -Nru spamassassin-3.4.1/debian/patches/disable_sslv3 spamassassin-3.4.2/debian/patches/disable_sslv3
--- spamassassin-3.4.1/debian/patches/disable_sslv3 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/disable_sslv3 1969-12-31 16:00:00.000000000 -0800
@@ -1,276 +0,0 @@
-Index: spamassassin-3.4.1/spamc/libspamc.c
-===================================================================
---- spamassassin-3.4.1.orig/spamc/libspamc.c
-+++ spamassassin-3.4.1/spamc/libspamc.c
-@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp,
- unsigned int throwaway;
- SSL_CTX *ctx = NULL;
- SSL *ssl = NULL;
-- SSL_METHOD *meth;
-+ const SSL_METHOD *meth;
- char zlib_on = 0;
- unsigned char *zlib_buf = NULL;
- int zlib_bufsiz = 0;
-@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp,
- if (flags & SPAMC_USE_SSL) {
- #ifdef SPAMC_SSL
- SSLeay_add_ssl_algorithms();
-- if (flags & SPAMC_TLSV1) {
-- meth = TLSv1_client_method();
-- } else {
-- meth = SSLv3_client_method(); /* default */
-- }
-+ meth = SSLv23_client_method();
- SSL_load_error_strings();
- ctx = SSL_CTX_new(meth);
- #else
-@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c
- int failureval;
- SSL_CTX *ctx = NULL;
- SSL *ssl = NULL;
-- SSL_METHOD *meth;
-+ const SSL_METHOD *meth;
-
- assert(tp != NULL);
- assert(m != NULL);
-@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c
- if (flags & SPAMC_USE_SSL) {
- #ifdef SPAMC_SSL
- SSLeay_add_ssl_algorithms();
-- meth = SSLv3_client_method();
-+ meth = SSLv23_client_method();
- SSL_load_error_strings();
- ctx = SSL_CTX_new(meth);
- #else
-Index: spamassassin-3.4.1/spamc/spamc.c
-===================================================================
---- spamassassin-3.4.1.orig/spamc/spamc.c
-+++ spamassassin-3.4.1/spamc/spamc.c
-@@ -368,16 +368,11 @@ read_args(int argc, char **argv,
- case 'S':
- {
- flags |= SPAMC_USE_SSL;
-- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) {
-- flags |= SPAMC_SSLV3;
-- }
-- else if (strcmp(spamc_optarg,"tlsv1") == 0) {
-- flags |= SPAMC_TLSV1;
-- }
-- else {
-- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg);
-- ret = EX_USAGE;
-- }
-+ if(spamc_optarg) {
-+ libspamc_log(flags, LOG_ERR,
-+ "Explicit specification of an SSL/TLS version no longer supported.");
-+ ret = EX_USAGE;
-+ }
- break;
- }
- #endif
-Index: spamassassin-3.4.1/spamd/spamd.raw
-===================================================================
---- spamassassin-3.4.1.orig/spamd/spamd.raw
-+++ spamassassin-3.4.1/spamd/spamd.raw
-@@ -409,7 +409,6 @@ GetOptions(
- 'sql-config!' => \$opt{'sql-config'},
- 'ssl' => \$opt{'ssl'},
- 'ssl-port=s' => \$opt{'ssl-port'},
-- 'ssl-version=s' => \$opt{'ssl-version'},
- 'syslog-socket=s' => \$opt{'syslog-socket'},
- 'syslog|s=s' => \$opt{'syslog'},
- 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'},
-@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) {
-
- # Do whitelist later in tmp dir. Side effect: this will be done as -u user.
-
--my $sslversion = $opt{'ssl-version'} || 'sslv3';
--if ($sslversion !~ /^(?:sslv3|tlsv1)$/) {
-- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
--}
--
- $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem";
- $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem";
-
-@@ -898,9 +892,8 @@ sub compose_listen_info_string {
- $socket_info->{ip_addr}, $socket_info->{port}));
-
- } elsif ($socket->isa('IO::Socket::SSL')) {
-- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s",
-- $socket_info->{ip_addr}, $socket_info->{port},
-- $opt{'ssl-version'}||'sslv3'));
-+ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr},
-+ $socket_info->{port}));
- }
- }
-
-@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet {
- $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP'
- && IO::Socket::IP->VERSION >= 0.09;
- %sockopt = (%sockopt, (
-- SSL_version => $sslversion,
- SSL_verify_mode => 0x00,
- SSL_key_file => $opt{'server-key'},
- SSL_cert_file => $opt{'server-cert'},
-@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet {
- if (!$server_inet) {
- $diag = sprintf("could not create %s socket on [%s]:%s: %s",
- $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
-- $adr, $port, $!);
-+ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
-+ "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
- push(@diag_fail, $diag);
- } else {
- $diag = sprintf("created %s socket on [%s]:%s",
-@@ -3232,7 +3225,6 @@ Options:
- -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
- --ssl Enable SSL on TCP connections
- --ssl-port port Override --port setting for SSL connections
-- --ssl-version sslversion Specify SSL protocol version to use
- --server-key keyfile Specify an SSL keyfile
- --server-cert certfile Specify an SSL certificate
- --socketpath=path Listen on a given UNIX domain socket
-@@ -3720,14 +3712,6 @@ Optionally specifies the port number for
- SSL connections (default: whatever --port uses). See B<--ssl> for
- more details.
-
--=item B<--ssl-version>=I<sslversion>
--
--Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>.
--The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
--higher hello handshake, then negotiating use of SSLv3 or TLSv1
--protocol if the client can accept it. Specifying B<--ssl-version>
--implies B<--ssl>.
--
- =item B<--server-key> I<keyfile>
-
- Specify the SSL key file to use for SSL connections.
-Index: spamassassin-3.4.1/spamc/spamc.pod
-===================================================================
---- spamassassin-3.4.1.orig/spamc/spamc.pod
-+++ spamassassin-3.4.1/spamc/spamc.pod
-@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a
- Sleep for I<sleep> seconds between failed spamd filtering attempts.
- The default is 1 second.
-
--=item B<-S>, B<--ssl>, B<--ssl>=I<sslversion>
-+=item B<-S>, B<--ssl>, B<--ssl>
-
- If spamc was built with support for SSL, encrypt data to and from the
- spamd process with SSL; spamd must support SSL as well.
--I<sslversion> specifies the SSL protocol version to use, either
--C<sslv3>, or C<tlsv1>. The default, is C<sslv3>.
-
- =item B<-t> I<timeout>, B<--timeout>=I<timeout>
-
-Index: spamassassin-3.4.1/t/spamd_ssl_tls.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#!/usr/bin/perl
--
--use lib '.'; use lib 't';
--use SATest; sa_t_init("spamd_ssl_tls");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
--
--exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
--
--# ---------------------------------------------------------------------------
--
--%patterns = (
--
--q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
--q{ Subject: There yours for FREE!}, 'subj',
--q{ X-Spam-Status: Yes, score=}, 'status',
--q{ X-Spam-Flag: YES}, 'flag',
--q{ X-Spam-Level: **********}, 'stars',
--q{ TEST_ENDSNUMS}, 'endsinnums',
--q{ TEST_NOREALNAME}, 'noreal',
--q{ This must be the very last line}, 'lastline',
--
--
--);
--
--ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
-- "--ssl=tlsv1 < data/spam/001",
-- \&patterns_run_cb));
--ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl_v3.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#!/usr/bin/perl
--
--use lib '.'; use lib 't';
--use SATest; sa_t_init("spamd_sslv3");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
--
--exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
--
--# ---------------------------------------------------------------------------
--
--%patterns = (
--
--q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
--q{ Subject: There yours for FREE!}, 'subj',
--q{ X-Spam-Status: Yes, score=}, 'status',
--q{ X-Spam-Flag: YES}, 'flag',
--q{ X-Spam-Level: **********}, 'stars',
--q{ TEST_ENDSNUMS}, 'endsinnums',
--q{ TEST_NOREALNAME}, 'noreal',
--q{ This must be the very last line}, 'lastline',
--
--
--);
--
--ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
-- "--ssl=sslv3 < data/spam/001",
-- \&patterns_run_cb));
--ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t
-+++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
-@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la
-
- );
-
--ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
-+ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
- ok (spamcrun ("< data/spam/001", \&patterns_run_cb));
--ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb));
-+ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb));
- ok (stop_spamd ());
-
- ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl.t
-+++ spamassassin-3.4.1/t/spamd_ssl.t
-@@ -2,10 +2,7 @@
-
- use lib '.'; use lib 't';
- use SATest; sa_t_init("spamd_ssl");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9),
-- onfail => sub {
-- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" .
-- "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" };
-+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
-
- exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
-
-Index: spamassassin-3.4.1/MANIFEST
-===================================================================
---- spamassassin-3.4.1.orig/MANIFEST
-+++ spamassassin-3.4.1/MANIFEST
-@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t
- t/spamd_sql_prefs.t
- t/spamd_ssl.t
- t/spamd_ssl_accept_fail.t
--t/spamd_ssl_tls.t
--t/spamd_ssl_v3.t
- t/spamd_stop.t
- t/spamd_symbols.t
- t/spamd_syslog.t
diff -Nru spamassassin-3.4.1/debian/patches/dkim_subdomains spamassassin-3.4.2/debian/patches/dkim_subdomains
--- spamassassin-3.4.1/debian/patches/dkim_subdomains 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/dkim_subdomains 1969-12-31 16:00:00.000000000 -0800
@@ -1,64 +0,0 @@
-Description: Support signer subdomain matching in whitelist_from_dkim
-Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1693414
-Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7226
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DKIM.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm
-@@ -178,13 +178,18 @@ sub set_config {
-
- Works similarly to whitelist_from, except that in addition to matching
- an author address (From) to the pattern in the first parameter, the message
--must also carry a Domain Keys Identified Mail (DKIM) signature made by a
--signing domain (SDID, i.e. the d= tag) that is acceptable to us.
-+must also carry a valid Domain Keys Identified Mail (DKIM) signature made by
-+a signing domain (SDID, i.e. the d= tag) that is acceptable to us.
-
- Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
- Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
- are allowed for the From address (the first parameter), just like with
--C<whitelist_from_rcvd>. The second parameter does not accept wildcards.
-+C<whitelist_from_rcvd>.
-+
-+The second parameter (the signing-domain) does not accept full file-glob style
-+wildcards, although a simple '*.' (or just a '.') prefix to a domain name
-+is recognized and implies any subdomain of the specified domain (but not
-+the domain itself).
-
- If no signing-domain parameter is specified, the only acceptable signature
- will be an Author Domain Signature (sometimes called first-party signature)
-@@ -205,7 +210,8 @@ Examples of whitelisting based on third-
- whitelist_from_dkim jane@example.net example.org
- whitelist_from_dkim rick@info.example.net example.net
- whitelist_from_dkim *@info.example.net example.net
-- whitelist_from_dkim *@* remailer.example.com
-+ whitelist_from_dkim *@* mail7.remailer.example.com
-+ whitelist_from_dkim *@* *.remailer.example.com
-
- =item def_whitelist_from_dkim author@example.com [signing-domain]
-
-@@ -376,7 +382,8 @@ some valid signature on a message has no
- associated with a particular domain), regardless of its key size - anyone can
- prepend its own signature on a copy of some third party mail and re-send it,
- which makes it no more trustworthy than without such signature. This is also
--a reason for a rule DKIM_VALID to have a near-zero score.
-+a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit
-+is only informational.
-
- =cut
-
-@@ -1257,8 +1264,12 @@ sub _wlcheck_list {
- # identity (AUID). Nevertheless, be prepared to accept the full e-mail
- # address there for compatibility, and just ignore its local-part.
-
-- $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/;
-- $matches = 1 if $sdid eq lc $acceptable_sdid;
-+ $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/s;
-+ if ($acceptable_sdid =~ s/^\*?\.//s) {
-+ $matches = 1 if $sdid =~ /\.\Q$acceptable_sdid\E\z/si;
-+ } else {
-+ $matches = 1 if $sdid eq lc $acceptable_sdid;
-+ }
- }
- if ($matches) {
- if (would_log("dbg","dkim")) {
diff -Nru spamassassin-3.4.1/debian/patches/fix-uninitialized-concat spamassassin-3.4.2/debian/patches/fix-uninitialized-concat
--- spamassassin-3.4.1/debian/patches/fix-uninitialized-concat 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/fix-uninitialized-concat 1969-12-31 16:00:00.000000000 -0800
@@ -1,25 +0,0 @@
-Description: Import upstream fix for uninitialized value warning in Mail::SpamAssassin::PerMsgStatus::get_names_of_tests_hit_with_scores()
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1685843
-Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7212
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm
-@@ -738,7 +738,7 @@ test names and individual scores of the
- sub get_names_of_tests_hit_with_scores_hash {
- my ($self) = @_;
-
-- my ($line, %testsscores);
-+ my (%testsscores);
-
- #BASED ON CODE FOR TESTSSCORES TAG - KAM 2014-04-24
- foreach my $test (@{$self->{test_names_hit}}) {
-@@ -763,6 +763,8 @@ sub get_names_of_tests_hit_with_scores {
-
- my ($line, %testsscores);
-
-+ $line = '';
-+
- #BASED ON CODE FOR TESTSSCORES TAG - KAM 2014-04-24
- foreach my $test (sort @{$self->{test_names_hit}}) {
- my $score = $self->{conf}->{scores}->{$test};
diff -Nru spamassassin-3.4.1/debian/patches/series spamassassin-3.4.2/debian/patches/series
--- spamassassin-3.4.1/debian/patches/series 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/series 2018-09-30 23:44:58.000000000 -0700
@@ -1,16 +1,6 @@
10_change_config_paths
20_edit_spamc_pod
-30_edit_README
55_disable_nagios_epm
90_pod_cleanup
-97_bug720499-pod-5.18
98_sa-compile-quiet
bug_766718-net-dns-vers
-bug_771408_perl_version
-disable_sslv3
-bug_821385_dnsresolver
-bug_835494_perl_INC
-bug_760277_net_dns_URIDNSBL
-dkim_subdomains
-fix-uninitialized-concat
-bug_828552-openssl-1.1.0
diff -Nru spamassassin-3.4.1/debian/rules spamassassin-3.4.2/debian/rules
--- spamassassin-3.4.1/debian/rules 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/rules 2018-09-30 23:44:58.000000000 -0700
@@ -125,11 +125,13 @@
dh_testroot -i
dh_installman -i sa-awl.1p sa-check_spamd.1p
dh_installdocs -i
- dh_systemd_enable --no-enable
dh_installexamples -i
- dh_installinit -i -- defaults 19 21
+ dh_systemd_enable -i --no-enable
+ dh_installinit -i --no-start -- defaults 19 21
+ dh_systemd_start -i --no-start
dh_installcron -i
dh_installchangelogs Changes -i
+ dh_lintian
dh_link -i
dh_compress -i -XGPG.KEY
dh_fixperms -i
@@ -143,7 +145,7 @@
build-arch: build-arch-stamp
#build-arch-stamp: configure debian/po/templates.pot
-build-arch-stamp: configure
+build-arch-stamp: configure-stamp
dh_testdir
@@ -157,7 +159,7 @@
touch build-arch-stamp
install-arch: DH_OPTIONS=
-install-arch: build-arch
+install-arch: build-arch-stamp
dh_testdir
dh_testroot
dh_prep
@@ -165,7 +167,7 @@
cp spamc/spamc debian/spamc/usr/bin/spamc
-binary-arch: build-arch install-arch
+binary-arch: build-arch-stamp install-arch
dh_testdir -a
dh_testroot -a
dh_installdocs -a
diff -Nru spamassassin-3.4.1/debian/sa-compile.postinst spamassassin-3.4.2/debian/sa-compile.postinst
--- spamassassin-3.4.1/debian/sa-compile.postinst 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/sa-compile.postinst 2018-09-30 23:44:58.000000000 -0700
@@ -8,6 +8,17 @@
if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile ]; then
echo "Running sa-compile (may take a long time)"
su - $OWNER -c "sa-compile --quiet"
+ # Fixup perms -- group and other should be able to
+ # read and execute, but never write. Works around
+ # sa-compile's failure to obey umask.
+ runuser -u debian-spamd -- \
+ chmod -R go-w,go+rX /var/lib/spamassassin/compiled
+ if command -v invoke-rc.d >/dev/null 2>&1; then
+ invoke-rc.d --quiet spamassassin status > /dev/null && \
+ invoke-rc.d spamassassin reload > /dev/null 2>&1 || true
+ else
+ /etc/init.d/spamassassin reload > /dev/null 2>&1 || true
+ fi
fi
}
diff -Nru spamassassin-3.4.1/debian/sa-compile.postrm spamassassin-3.4.2/debian/sa-compile.postrm
--- spamassassin-3.4.1/debian/sa-compile.postrm 1969-12-31 16:00:00.000000000 -0800
+++ spamassassin-3.4.2/debian/sa-compile.postrm 2018-09-30 23:44:58.000000000 -0700
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" = "remove" ]; then
+# Remove the compiled rules and restart spamd to complete unloading of
+# Mail::SpamAssassin::Plugin::Rule2XSBody
+ rm -Rf /var/lib/spamassassin/compiled
+ invoke-rc.d spamassassin restart
+fi
diff -Nru spamassassin-3.4.1/debian/sa-compile.triggers spamassassin-3.4.2/debian/sa-compile.triggers
--- spamassassin-3.4.1/debian/sa-compile.triggers 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/sa-compile.triggers 2018-09-30 23:44:58.000000000 -0700
@@ -1 +1 @@
-interest perl-major-upgrade
+interest-noawait perl-major-upgrade
diff -Nru spamassassin-3.4.1/debian/sa-update.postrm spamassassin-3.4.2/debian/sa-update.postrm
--- spamassassin-3.4.1/debian/sa-update.postrm 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/sa-update.postrm 1969-12-31 16:00:00.000000000 -0800
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-set -e
-
-#DEBHELPER#
-
-if [ "$1" = "remove" ]; then
-# Remove the compiled rules and restart spamd to complete unloading of
-# Mail::SpamAssassin::Plugin::Rule2XSBody
- rm -Rf /var/lib/spamassassin/compiled
- invoke-rc.d spamassassin restart
-fi
diff -Nru spamassassin-3.4.1/debian/spamassassin.cron.daily spamassassin-3.4.2/debian/spamassassin.cron.daily
--- spamassassin-3.4.1/debian/spamassassin.cron.daily 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.cron.daily 2018-09-30 23:44:58.000000000 -0700
@@ -42,7 +42,8 @@
# Fixup perms -- group and other should be able to
# read and execute, but never write. Works around
# sa-compile's failure to obey umask.
- chmod -R go-w,go+rX /var/lib/spamassassin/compiled
+ runuser -u debian-spamd -- \
+ chmod -R go-w,go+rX /var/lib/spamassassin/compiled
fi
}
@@ -53,8 +54,7 @@
invoke-rc.d --quiet spamassassin status > /dev/null && \
invoke-rc.d spamassassin reload > /dev/null
else
- invoke-rc.d --quiet spamassassin status > /dev/null && \
- /etc/init.d/spamassassin reload > /dev/null
+ /etc/init.d/spamassassin reload > /dev/null
fi
if [ -d /etc/spamassassin/sa-update-hooks.d ]; then
run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d
diff -Nru spamassassin-3.4.1/debian/spamassassin.dirs spamassassin-3.4.2/debian/spamassassin.dirs
--- spamassassin-3.4.1/debian/spamassassin.dirs 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.dirs 2018-09-30 23:44:58.000000000 -0700
@@ -8,3 +8,4 @@
usr/share/spamassassin
usr/share/man/man8
usr/sbin
+/var/lib/spamassassin
diff -Nru spamassassin-3.4.1/debian/spamassassin.docs spamassassin-3.4.2/debian/spamassassin.docs
--- spamassassin-3.4.1/debian/spamassassin.docs 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.docs 2018-09-30 23:44:58.000000000 -0700
@@ -5,7 +5,6 @@
USAGE
NOTICE
#ldap/README
-rules/STATISTICS*.txt
#spamd/README
spamd/README.vpopmail
sql/
diff -Nru spamassassin-3.4.1/debian/spamassassin.init spamassassin-3.4.2/debian/spamassassin.init
--- spamassassin-3.4.1/debian/spamassassin.init 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.init 2018-09-30 23:44:58.000000000 -0700
@@ -36,6 +36,9 @@
DOPTIONS="-d --pidfile=$PIDFILE"
+# Note: check_enabled should go away as soon as possible after the
+# next stable release to complete the transition away from using
+# ENABLED=1 in /etc/default/spamassassin
check_enabled() {
if [ "$ENABLED" = "0" ]; then
echo "$DESC: disabled, see /etc/default/spamassassin"
@@ -51,30 +54,30 @@
start)
check_enabled
echo -n "Starting $DESC: "
- start-stop-daemon --start --pidfile $PIDFILE --name $DAEMON \
+ start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
$NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
- start-stop-daemon --stop --pidfile $PIDFILE --name $DAEMON --oknodo
+ start-stop-daemon --stop --pidfile $PIDFILE --name $NAME --oknodo
echo "$NAME."
;;
reload|force-reload)
check_enabled
echo -n "Reloading $DESC: "
- start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $DAEMON
+ start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $NAME
echo "$NAME."
;;
restart)
check_enabled
echo -n "Restarting $DESC: "
- start-stop-daemon --stop --pidfile $PIDFILE --name $DAEMON \
+ start-stop-daemon --stop --pidfile $PIDFILE --name $NAME \
--retry 5 --oknodo
- start-stop-daemon --start --pidfile $PIDFILE --name $DAEMON \
+ start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
$NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
echo "$NAME."
diff -Nru spamassassin-3.4.1/debian/spamassassin.lintian-overrides spamassassin-3.4.2/debian/spamassassin.lintian-overrides
--- spamassassin-3.4.1/debian/spamassassin.lintian-overrides 1969-12-31 16:00:00.000000000 -0800
+++ spamassassin-3.4.2/debian/spamassassin.lintian-overrides 2018-09-30 23:44:58.000000000 -0700
@@ -0,0 +1,3 @@
+# These will go away as soon as we've cleanly transitioned from ENABLED=1
+init.d-script-should-always-start-service
+duplicate-updaterc.d-calls-in-postinst
diff -Nru spamassassin-3.4.1/debian/spamassassin.postinst spamassassin-3.4.2/debian/spamassassin.postinst
--- spamassassin-3.4.1/debian/spamassassin.postinst 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.postinst 2018-09-30 23:44:58.000000000 -0700
@@ -11,9 +11,8 @@
# If a new install, or an upgrade from 3.3.2-2 or earlier...
if ! getent passwd debian-spamd > /dev/null ; then
adduser --system --group --shell /bin/sh --disabled-password \
- --home /var/lib/spamassassin debian-spamd
- else
- mkdir -p /var/lib/spamassassin
+ --home /var/lib/spamassassin --no-create-home \
+ debian-spamd
fi
OWNER=$(stat -c '%U' /var/lib/spamassassin)
@@ -23,7 +22,7 @@
# unless the user has overridden.
if ! dpkg-statoverride --list /var/lib/spamassassin/* >/dev/null && \
[ "$OWNER:$GROUP" != "debian-spamd:debian-spamd" ]; then
- chown -R debian-spamd:debian-spamd /var/lib/spamassassin
+ chown debian-spamd:debian-spamd /var/lib/spamassassin
OWNER=debian-spamd
GROUP=debian-spamd
fi
@@ -43,3 +42,9 @@
fi
#DEBHELPER#
+
+if [ "$1" = "configure" ] && [ -n "$2" ]; then
+ if deb-systemd-helper was-enabled spamassassin.service > /dev/null 2>&1; then
+ invoke-rc.d spamassassin restart
+ fi
+fi
diff -Nru spamassassin-3.4.1/debian/spamassassin.preinst spamassassin-3.4.2/debian/spamassassin.preinst
--- spamassassin-3.4.1/debian/spamassassin.preinst 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.preinst 2018-09-30 23:44:58.000000000 -0700
@@ -32,6 +32,15 @@
rm_conffile spamassassin "/etc/logcheck/ignore.d.paranoid/spamassassin"
rm_conffile spamassassin "/etc/logcheck/violations.ignore.d/spamassassin"
fi
+ if dpkg --compare-versions "$2" lt-nl "3.4.2" &&
+ ! command -v systemctl > /dev/null; then
+ # spamd changed its process name in 3.4.2. If we're running a
+ # previous version under sysvinit, we need to stop the old
+ # version
+ start-stop-daemon --stop --oknodo \
+ --pidfile /var/run/spamd.pid \
+ --name /usr/sbin/spamd
+ fi
esac
#DEBHELPER#
diff -Nru spamassassin-3.4.1/debian/spamassassin.prerm spamassassin-3.4.2/debian/spamassassin.prerm
--- spamassassin-3.4.1/debian/spamassassin.prerm 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.prerm 2018-09-30 23:44:58.000000000 -0700
@@ -9,6 +9,7 @@
# /etc/spamassassin without causing dpkg to complain on purge.
if [ "$1" = "remove" ]; then
+ invoke-rc.d --quiet spamassassin stop || true
rm -Rf /var/lib/spamassassin
rm -Rf /etc/spamassassin/sa-update-keys
fi
diff -Nru spamassassin-3.4.1/debian/spamassassin.README.Debian spamassassin-3.4.2/debian/spamassassin.README.Debian
--- spamassassin-3.4.1/debian/spamassassin.README.Debian 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.README.Debian 2018-09-30 23:44:58.000000000 -0700
@@ -12,7 +12,7 @@
/var/lib/spamassassin. If sa-compile is installed, the rule updates
will be automatically compiled after download (see below).
-Note that sa-update requires gnupg 1.x in order to function. Because the
+Note that sa-update requires gnupg in order to function. Because the
sa-update functionality is optional, the gnupg package is listed as a
"Recommends" for spamassassin, not "Depends", and it is possible to
install spamassassin without having gnupg installed. If you install
diff -Nru spamassassin-3.4.1/debian/spamassassin.service spamassassin-3.4.2/debian/spamassassin.service
--- spamassassin-3.4.1/debian/spamassassin.service 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.service 2018-09-30 23:44:58.000000000 -0700
@@ -1,12 +1,16 @@
[Unit]
Description=Perl-based spam filter using text analysis
+After=network.target
[Service]
Type=forking
-PIDFile=/var/run/spamassassin.pid
+PIDFile=/var/run/spamd.pid
EnvironmentFile=-/etc/default/spamassassin
-ExecStart=/usr/sbin/spamd -d --pidfile=/var/run/spamassassin.pid $OPTIONS
+ExecStart=/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
+StandardOutput=null
+StandardError=null
+Restart=always
[Install]
WantedBy=multi-user.target
diff -Nru spamassassin-3.4.1/debian/spamassassin.triggers spamassassin-3.4.2/debian/spamassassin.triggers
--- spamassassin-3.4.1/debian/spamassassin.triggers 2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.triggers 2018-09-30 23:44:58.000000000 -0700
@@ -1 +1 @@
-interest perl-major-upgrade
+interest-noawait perl-major-upgrade
Reply to: