[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#912198: stretch-pu: package spamassassin/3.4.2-1~deb9u1



Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Upstream released spamassassin 3.4.2 last month including fixes for
several security issues. Unfortunately, upstream developers have
indicated that the would not recommend, nor would they support, efforts
to backport these fixes to 3.4.1. In an apparent attempt at keeping the
details of the issues private while they worked on them, they did not
indicate which bugs were fixed with specific commits, and have indicated
that the fixes have been spread across many commits, many of which may
be relative to additional changes not in 3.4.1. The specifics of the
issues, and their repros (if any) have not been made public.

After discussions with upstream and with the security team, we decided
that the best course of action would be to forgo a DSA for these issues,
but otherwise accept upstream's recommendation and update to 3.4.2 in
stretch via p-u. In addition to the security issues fixed in 3.4.2, it
also switches from sha1 to sha256 and/or sha512 for validation of rule
updates downloaded by sa-update, which is a change we'll need if we want
sa-update to keep working when they stop publishing sha1 signatures at
some point in the next several months.

I have prepared an upload for stretch that is a backport of the 3.4.2-1
package currently in testing. The changelog entries from 3.4.1-6 to
3.4.2-1~deb9u1 are below. Note that stretch currently contains
3.4.1-6+deb9u1. The changes in that version are included in the 3.4.1-7
entry in the backport.

The debdiff for the debian/ subdirectory is attached. I pruned the
upstream changes, since they result in a large diff, but can provide
them if you want.

spamassassin (3.4.2-1~deb9u1) stretch; urgency=high

  * New upstream release fixes multiple security vulnerabilities
    - CVE-2017-15705: Denial of service issue in which certain unclosed
      tags in emails cause markup to be handled incorrectly leading to
      scan timeouts. (Closes: 908969)
    - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
      script.
    - CVE-2018-11780: potential Remote Code Execution bug with the
      PDFInfo plugin. (Closes: 908970)
    - CVE-2018-11781: local user code injection in the meta rule syntax.
      (Closes: 908971)
    - BayesStore: bayes_expire table grows, remove_running_expire_tok not
      called (Closes: 883775)
    - Fix use of uninitialized variable warning in PDFInfo.pm
      (Closes: 865924)
    - Fix "failed to parse plugin" error in
      Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
  * Don't recursively chown /var/lib/spamassassin during postinst.
    (Closes: 889501)
  * Reload spamd after compiling rules in sa-compile.postinst.
  * Update SysV init script to cope with upstream's change to $0.
  * Remove compiled rules upon removal of the sa-compile package.
  * Ensure that /var/lib/spamassassin/compiled doesn't change modes with
    the cron job's execution. (Closes: 890650)
  * Create /var/lib/spamassassin via dpkg, rather than the postinst.
    (Closes: 891833)
  * Add libbsd-resource-perl to Suggests (Closes: 910434)

 -- Noah Meyerhans <noahm@debian.org>  Sun, 30 Sep 2018 23:44:58 -0700

spamassassin (3.4.1-8) unstable; urgency=medium

  * Fix inappropriate invocation of invoke-rc.d in cron script.
    (Closes: 865514)
  * Update systemd unit dependencies to include network and syslog.
    (Closes: 864810)
  * Migrate packaging to git, finally.
  * Apply upstream patch to fix regex error leading to warnings in perl
    5.26+ (Closes: 869408)
  * Add Multi-Arch: foreign headers to package definitions (Closes:
    #850454)
  * Update standards version to 4.1.0.0
  * Remove references to the obsolete syslog.target dependency in the
    systemd service file.
  * Clarify the use of the perl-major-upgrade dpkg trigger.
  * Fix spamd service management on package upgrades. (Closes: #865356)

 -- Noah Meyerhans <noahm@debian.org>  Sat, 09 Sep 2017 22:37:20 -0700

spamassassin (3.4.1-7) unstable; urgency=medium

  * Ensure that spamd doesn't automatically start upon initial
    installation.
  * Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as
    it requires users to register. (Closes: #861671)
  * Update the systemd unit file to use the same pid file as was
    used in the sysvinit script. (Closes: #808804)
  * Update spamassassin docs to remove outdated gpg version
    compatibility note. (Closes: #853913)

 -- Noah Meyerhans <noahm@debian.org>  Thu, 11 May 2017 19:45:36 -0700
diff -Nru spamassassin-3.4.1/debian/65_debian.cf spamassassin-3.4.2/debian/65_debian.cf
--- spamassassin-3.4.1/debian/65_debian.cf	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/65_debian.cf	2018-09-30 23:44:58.000000000 -0700
@@ -25,3 +25,10 @@
 meta	 D_SENT_BY_CRON		__CRON_FROM && __CRON_HEADER
 score 	 D_SENT_BY_CRON		-5.0
 describe D_SENT_BY_CRON		Sent by Cron Daemon
+
+# As documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861671,
+# the bb.barracudacentral.org blacklist requires users to register, making it
+# unsuitable for use in the default configuration. If you've registered your
+# use of this blacklist, remove the following line in order to re-activate
+# this service:
+score RCVD_IN_BRBL_LASTEXT 0
diff -Nru spamassassin-3.4.1/debian/changelog spamassassin-3.4.2/debian/changelog
--- spamassassin-3.4.1/debian/changelog	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/changelog	2018-09-30 23:44:58.000000000 -0700
@@ -1,3 +1,66 @@
+spamassassin (3.4.2-1~deb9u1) stretch; urgency=high
+
+  * New upstream release fixes multiple security vulnerabilities
+    - CVE-2017-15705: Denial of service issue in which certain unclosed
+      tags in emails cause markup to be handled incorrectly leading to
+      scan timeouts. (Closes: 908969)
+    - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
+      script.
+    - CVE-2018-11780: potential Remote Code Execution bug with the
+      PDFInfo plugin. (Closes: 908970)
+    - CVE-2018-11781: local user code injection in the meta rule syntax.
+      (Closes: 908971)
+    - BayesStore: bayes_expire table grows, remove_running_expire_tok not
+      called (Closes: 883775)
+    - Fix use of uninitialized variable warning in PDFInfo.pm
+      (Closes: 865924)
+    - Fix "failed to parse plugin" error in
+      Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
+  * Don't recursively chown /var/lib/spamassassin during postinst.
+    (Closes: 889501)
+  * Reload spamd after compiling rules in sa-compile.postinst.
+  * Update SysV init script to cope with upstream's change to $0.
+  * Remove compiled rules upon removal of the sa-compile package.
+  * Ensure that /var/lib/spamassassin/compiled doesn't change modes with
+    the cron job's execution. (Closes: 890650)
+  * Create /var/lib/spamassassin via dpkg, rather than the postinst.
+    (Closes: 891833)
+  * Add libbsd-resource-perl to Suggests (Closes: 910434)
+
+ -- Noah Meyerhans <noahm@debian.org>  Sun, 30 Sep 2018 23:44:58 -0700
+
+spamassassin (3.4.1-8) unstable; urgency=medium
+
+  * Fix inappropriate invocation of invoke-rc.d in cron script.
+    (Closes: 865514)
+  * Update systemd unit dependencies to include network and syslog.
+    (Closes: 864810)
+  * Migrate packaging to git, finally.
+  * Apply upstream patch to fix regex error leading to warnings in perl
+    5.26+ (Closes: 869408)
+  * Add Multi-Arch: foreign headers to package definitions (Closes:
+    #850454)
+  * Update standards version to 4.1.0.0
+  * Remove references to the obsolete syslog.target dependency in the
+    systemd service file.
+  * Clarify the use of the perl-major-upgrade dpkg trigger.
+  * Fix spamd service management on package upgrades. (Closes: #865356)
+
+ -- Noah Meyerhans <noahm@debian.org>  Sat, 09 Sep 2017 22:37:20 -0700
+
+spamassassin (3.4.1-7) unstable; urgency=medium
+
+  * Ensure that spamd doesn't automatically start upon initial
+    installation.
+  * Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as
+    it requires users to register. (Closes: #861671)
+  * Update the systemd unit file to use the same pid file as was
+    used in the sysvinit script. (Closes: #808804)
+  * Update spamassassin docs to remove outdated gpg version
+    compatibility note. (Closes: #853913)
+
+ -- Noah Meyerhans <noahm@debian.org>  Thu, 11 May 2017 19:45:36 -0700
+
 spamassassin (3.4.1-6) unstable; urgency=medium
 
   * Import upstream fix for spamassassin bug 7226: Enhance whitelist_from_dkim
diff -Nru spamassassin-3.4.1/debian/control spamassassin-3.4.2/debian/control
--- spamassassin-3.4.1/debian/control	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/control	2018-09-30 23:44:58.000000000 -0700
@@ -3,15 +3,17 @@
 Priority: optional
 Maintainer: Noah Meyerhans <noahm@debian.org>
 Build-Depends: debhelper, perl, libssl-dev, libhtml-parser-perl, 
- libnet-dns-perl, libnetaddr-ip-perl, dh-systemd, libberkeleydb-perl, netbase
-Standards-Version: 3.9.8
-Homepage: http://www.spamassassin.org/
-Vcs-Svn: svn://anonscm.debian.org/collab-maint/deb-maint/spamassassin
-Vcs-Browser: http://svn.debian.org/viewsvn/collab-maint/deb-maint/spamassassin
+ libnet-dns-perl, libnetaddr-ip-perl, debhelper (>= 9.20160709), 
+ libberkeleydb-perl, netbase
+Standards-Version: 4.1.0.0
+Homepage: https://www.spamassassin.org/
+Vcs-Git: https://salsa.debian.org/debian/spamassassin.git
+Vcs-Browser: https://salsa.debian.org/debian/spamassassin
 XS-Testsuite: autopkgtest
 
 Package: spamassassin
 Architecture: all
+Multi-Arch: foreign
 Depends: perl, libhtml-parser-perl, libsocket6-perl, adduser,
  libsys-hostname-long-perl, libarchive-tar-perl, libnet-dns-perl,
  libnetaddr-ip-perl, libhttp-date-perl, libmail-dkim-perl,
@@ -20,7 +22,7 @@
  libsys-syslog-perl, gnupg, libio-socket-inet6-perl
 Suggests: razor, libio-socket-ssl-perl, libdbi-perl, pyzor,
  libcompress-zlib-perl, libencode-detect-perl,
- libgeo-ip-perl, libnet-patricia-perl
+ libgeo-ip-perl, libnet-patricia-perl, libbsd-resource-perl
 Provides: libmail-spamassassin-perl
 Description: Perl-based spam filter using text analysis
  SpamAssassin is a very powerful and fully configurable spam filter
@@ -36,6 +38,7 @@
 
 Package: spamc
 Architecture: any
+Multi-Arch: foreign
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Suggests: spamassassin
 Description: Client for SpamAssassin spam filtering daemon
@@ -51,6 +54,7 @@
 
 Package: sa-compile
 Architecture: all
+Multi-Arch: foreign
 Enhances: spamassassin
 Depends: spamassassin, re2c, gcc, libc6-dev, make, ${misc:Depends}
 Description: Tools for compiling SpamAssassin rules into C
diff -Nru spamassassin-3.4.1/debian/patches/10_change_config_paths spamassassin-3.4.2/debian/patches/10_change_config_paths
--- spamassassin-3.4.1/debian/patches/10_change_config_paths	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/10_change_config_paths	2018-09-30 23:44:58.000000000 -0700
@@ -1,7 +1,7 @@
-Index: spamassassin-3.4.1/INSTALL
+Index: spamassassin-3.4.2/INSTALL
 ===================================================================
---- spamassassin-3.4.1.orig/INSTALL
-+++ spamassassin-3.4.1/INSTALL
+--- spamassassin-3.4.2.orig/INSTALL
++++ spamassassin-3.4.2/INSTALL
 @@ -462,7 +462,7 @@ version is too low for them to be used.
      perl interpreter.  Version 2.83 or later fixes this.
  
@@ -11,10 +11,10 @@
  
  
  What Next?
-Index: spamassassin-3.4.1/README
+Index: spamassassin-3.4.2/README
 ===================================================================
---- spamassassin-3.4.1.orig/README
-+++ spamassassin-3.4.1/README
+--- spamassassin-3.4.2.orig/README
++++ spamassassin-3.4.2/README
 @@ -114,13 +114,13 @@ default locations that Apache SpamAssass
          not modify these, as they are overwritten when you run
          "sa-update".
@@ -57,11 +57,11 @@
          just a template, which will be copied to a user's home directory
          for them to change.
  
-Index: spamassassin-3.4.1/UPGRADE
+Index: spamassassin-3.4.2/UPGRADE
 ===================================================================
---- spamassassin-3.4.1.orig/UPGRADE
-+++ spamassassin-3.4.1/UPGRADE
-@@ -152,7 +152,7 @@ Note for Users Upgrading to SpamAssassin
+--- spamassassin-3.4.2.orig/UPGRADE
++++ spamassassin-3.4.2/UPGRADE
+@@ -253,7 +253,7 @@ Note for Users Upgrading to SpamAssassin
    perldoc Mail::SpamAssassin::Plugin::* (ie AWL, DCC, etc)
  
  - There are now multiple files read to enable plugins in the
@@ -70,7 +70,7 @@
    read.  Now both "init.pre", "v310.pre", and any other files ending
    in ".pre" will be read.  As future releases are made, new plugins
    will be added to new files named according to the release they're
-@@ -310,7 +310,7 @@ Note for Users Upgrading to SpamAssassin
+@@ -411,7 +411,7 @@ Note for Users Upgrading to SpamAssassin
  - If you are using a UNIX machine with all database files on local disks,
    and no sharing of those databases across NFS filesystems, you can use a
    more efficient, but non-NFS-safe, locking mechanism.   Do this by adding
@@ -79,10 +79,10 @@
    file. This is strongly recommended if you're not using NFS, as it is
    much faster than the NFS-safe locker.
  
-Index: spamassassin-3.4.1/USAGE
+Index: spamassassin-3.4.2/USAGE
 ===================================================================
---- spamassassin-3.4.1.orig/USAGE
-+++ spamassassin-3.4.1/USAGE
+--- spamassassin-3.4.2.orig/USAGE
++++ spamassassin-3.4.2/USAGE
 @@ -117,7 +117,7 @@ Other Installation Notes
      CPU-intensive task before they can send mail to you, so we give that
      some bonus points.  However, it requires that you list what addresses
@@ -109,10 +109,10 @@
      override these files.
  
  
-Index: spamassassin-3.4.1/ldap/README
+Index: spamassassin-3.4.2/ldap/README
 ===================================================================
---- spamassassin-3.4.1.orig/ldap/README
-+++ spamassassin-3.4.1/ldap/README
+--- spamassassin-3.4.2.orig/ldap/README
++++ spamassassin-3.4.2/ldap/README
 @@ -13,7 +13,7 @@ therefore, the only way to have their ow
  database or LDAP server.
  
@@ -122,10 +122,10 @@
  
    user_scores_dsn ldap://host:port/dc=basedn,dc=de?attr?scope?uid=__USERNAME__
    user_scores_ldap_username	bind dn
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
 ===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf.pm
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Conf.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
 @@ -40,7 +40,7 @@ Mail::SpamAssassin::Conf - SpamAssassin
  =head1 DESCRIPTION
  
@@ -135,7 +135,7 @@
  directories.
  
  The following web page lists the most important configuration settings
-@@ -2619,7 +2619,7 @@ If this option is set to 1 and the messa
+@@ -2673,7 +2673,7 @@ If this option is set to 1 and the messa
  
  These settings differ from the ones above, in that they are considered
  'privileged'.  Only users running C<spamassassin> from their procmailrc's or
@@ -144,10 +144,10 @@
  use them.   C<spamd> users cannot use them in their C<user_prefs> files, for
  security and efficiency reasons, unless C<allow_user_rules> is enabled (and
  then, they may only add rules from below).
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/Test.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/Test.pm
 ===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/Test.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/Test.pm
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Plugin/Test.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/Test.pm
 @@ -27,7 +27,7 @@ Test - test plugin
  =head1 DESCRIPTION
  
@@ -157,10 +157,10 @@
  
  =cut
  
-Index: spamassassin-3.4.1/lib/spamassassin-run.pod
+Index: spamassassin-3.4.2/lib/spamassassin-run.pod
 ===================================================================
---- spamassassin-3.4.1.orig/lib/spamassassin-run.pod
-+++ spamassassin-3.4.1/lib/spamassassin-run.pod
+--- spamassassin-3.4.2.orig/lib/spamassassin-run.pod
++++ spamassassin-3.4.2/lib/spamassassin-run.pod
 @@ -41,7 +41,7 @@ Options:
   -p prefs, --prefspath=file, --prefs-file=file
                                     Set user preferences file
@@ -179,10 +179,10 @@
  
  =item B<--cf='config line'>
  
-Index: spamassassin-3.4.1/rules/user_prefs.template
+Index: spamassassin-3.4.2/rules/user_prefs.template
 ===================================================================
---- spamassassin-3.4.1.orig/rules/user_prefs.template
-+++ spamassassin-3.4.1/rules/user_prefs.template
+--- spamassassin-3.4.2.orig/rules/user_prefs.template
++++ spamassassin-3.4.2/rules/user_prefs.template
 @@ -5,7 +5,7 @@
  #* directory. At runtime, if a user has no preferences in their home directory
  #* already, it will be copied for them, allowing them to perform personalised
@@ -192,20 +192,20 @@
  ###########################################################################
  
  # How many points before a mail is considered spam.
-Index: spamassassin-3.4.1/sa-compile.raw
+Index: spamassassin-3.4.2/sa-compile.raw
 ===================================================================
---- spamassassin-3.4.1.orig/sa-compile.raw
-+++ spamassassin-3.4.1/sa-compile.raw
-@@ -675,7 +675,7 @@ Options:
+--- spamassassin-3.4.2.orig/sa-compile.raw
++++ spamassassin-3.4.2/sa-compile.raw
+@@ -678,7 +678,7 @@ Options:
    -p prefs, --prefspath=file, --prefs-file=file
                                  Set user preferences file
    --siteconfigpath=path         Path for site configs
--                                (default: /etc/mail/spamassassin)
-+                                (default: /etc/spamassassin)
+-                                (default: @@PREFIX@@/etc/mail/spamassassin)
++                                (default: @@PREFIX@@/etc/spamassassin)
    --updatedir=path              Directory to place updates
            (default: @@LOCAL_STATE_DIR@@/compiled/<perlversion>/@@VERSION@@)
    --cf='config line'            Additional line of configuration
-@@ -740,7 +740,7 @@ Ignore the default directories (usually
+@@ -743,7 +743,7 @@ Ignore the default directories (usually
  =item B<--siteconfigpath>=I<path>
  
  Use the specified path for locating site-specific configuration files.  Ignore
@@ -214,20 +214,20 @@
  
  =item B<--updatedir>
  
-Index: spamassassin-3.4.1/sa-learn.raw
+Index: spamassassin-3.4.2/sa-learn.raw
 ===================================================================
---- spamassassin-3.4.1.orig/sa-learn.raw
-+++ spamassassin-3.4.1/sa-learn.raw
-@@ -653,7 +653,7 @@ Options:
+--- spamassassin-3.4.2.orig/sa-learn.raw
++++ spamassassin-3.4.2/sa-learn.raw
+@@ -655,7 +655,7 @@ Options:
   -p prefs, --prefspath=file, --prefs-file=file
                         Set user preferences file
   --siteconfigpath=path Path for site configs
--                       (default: /etc/mail/spamassassin)
-+                       (default: /etc/spamassassin)
+-                       (default:  @@PREFIX@@/etc/mail/spamassassin)
++                       (default:  @@PREFIX@@/etc/spamassassin)
   --cf='config line'    Additional line of configuration
   -D, --debug [area=n,...]  Print debugging messages
   -V, --version         Print version
-@@ -810,7 +810,7 @@ Ignore the default directories (usually
+@@ -815,7 +815,7 @@ Ignore the default directories (usually
  =item B<--siteconfigpath>=I<path>
  
  Use the specified path for locating site-specific configuration files.  Ignore
@@ -236,11 +236,11 @@
  
  =item B<--cf='config line'>
  
-Index: spamassassin-3.4.1/spamc/spamc.pod
+Index: spamassassin-3.4.2/spamc/spamc.pod
 ===================================================================
---- spamassassin-3.4.1.orig/spamc/spamc.pod
-+++ spamassassin-3.4.1/spamc/spamc.pod
-@@ -278,8 +278,8 @@ any settings in the configuration file.
+--- spamassassin-3.4.2.orig/spamc/spamc.pod
++++ spamassassin-3.4.2/spamc/spamc.pod
+@@ -288,8 +288,8 @@ any settings in the configuration file.
  
  If the B<-F> switch is specified, that file will be used.  Otherwise,
  C<spamc> will attempt to load spamc.conf in C<SYSCONFDIR> (default:
@@ -251,10 +251,10 @@
  
  Example:
  
-Index: spamassassin-3.4.1/spamd/README
+Index: spamassassin-3.4.2/spamd/README
 ===================================================================
---- spamassassin-3.4.1.orig/spamd/README
-+++ spamassassin-3.4.1/spamd/README
+--- spamassassin-3.4.2.orig/spamd/README
++++ spamassassin-3.4.2/spamd/README
 @@ -105,7 +105,7 @@ The Bayesian Classifier
  If you plan to use Bayesian classification (the BAYES rules) with spamd,
  you will need to either
@@ -264,10 +264,10 @@
    tokens, by setting the 'bayes_path' setting to a path all users can read
    and write to.  You will also need to set the 'bayes_file_mode' setting
    to 0666 so that created files are shared, too.
-Index: spamassassin-3.4.1/spamd/README.vpopmail
+Index: spamassassin-3.4.2/spamd/README.vpopmail
 ===================================================================
---- spamassassin-3.4.1.orig/spamd/README.vpopmail
-+++ spamassassin-3.4.1/spamd/README.vpopmail
+--- spamassassin-3.4.2.orig/spamd/README.vpopmail
++++ spamassassin-3.4.2/spamd/README.vpopmail
 @@ -43,7 +43,7 @@ then their user_prefs would be stored in
  	/home/vpopmail/domains/somedomain.net/4/userid/.spamassassin/user_prefs
  
@@ -277,11 +277,11 @@
  future enhancement would be to add the capability to have personal AWL db.
  
  6. Of course vpopmail must have the seekable patch installed (see 
-Index: spamassassin-3.4.1/spamd/spamd.raw
+Index: spamassassin-3.4.2/spamd/spamd.raw
 ===================================================================
---- spamassassin-3.4.1.orig/spamd/spamd.raw
-+++ spamassassin-3.4.1/spamd/spamd.raw
-@@ -3310,7 +3310,7 @@ Ignore the default directories (usually
+--- spamassassin-3.4.2.orig/spamd/spamd.raw
++++ spamassassin-3.4.2/spamd/spamd.raw
+@@ -3352,7 +3352,7 @@ Ignore the default directories (usually
  =item B<--siteconfigpath>=I<path>
  
  Use the specified path for locating site-specific configuration files.  Ignore
@@ -290,10 +290,10 @@
  
  =item B<--cf='config line'>
  
-Index: spamassassin-3.4.1/sql/README
+Index: spamassassin-3.4.2/sql/README
 ===================================================================
---- spamassassin-3.4.1.orig/sql/README
-+++ spamassassin-3.4.1/sql/README
+--- spamassassin-3.4.2.orig/sql/README
++++ spamassassin-3.4.2/sql/README
 @@ -18,7 +18,7 @@ In addition, any config options marked a
  SQL preferences.
  
@@ -303,10 +303,10 @@
  
    user_scores_dsn		DBI:driver:connection
    user_scores_sql_username	dbusername
-Index: spamassassin-3.4.1/sql/README.awl
+Index: spamassassin-3.4.2/sql/README.awl
 ===================================================================
---- spamassassin-3.4.1.orig/sql/README.awl
-+++ spamassassin-3.4.1/sql/README.awl
+--- spamassassin-3.4.2.orig/sql/README.awl
++++ spamassassin-3.4.2/sql/README.awl
 @@ -15,7 +15,7 @@ so:
  auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
  
@@ -316,10 +316,10 @@
  
  user_awl_dsn                 DBI:driver:database:hostname[:port]
  user_awl_sql_username        dbusername
-Index: spamassassin-3.4.1/t/data/testplugin.pm
+Index: spamassassin-3.4.2/t/data/testplugin.pm
 ===================================================================
---- spamassassin-3.4.1.orig/t/data/testplugin.pm
-+++ spamassassin-3.4.1/t/data/testplugin.pm
+--- spamassassin-3.4.2.orig/t/data/testplugin.pm
++++ spamassassin-3.4.2/t/data/testplugin.pm
 @@ -1,6 +1,6 @@
  =head1 testplugin.pm
  
diff -Nru spamassassin-3.4.1/debian/patches/20_edit_spamc_pod spamassassin-3.4.2/debian/patches/20_edit_spamc_pod
--- spamassassin-3.4.1/debian/patches/20_edit_spamc_pod	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/20_edit_spamc_pod	2018-09-30 23:44:58.000000000 -0700
@@ -1,8 +1,8 @@
-Index: spamassassin-3.4.0-rc5/spamc/spamc.pod
+Index: spamassassin-3.4.2-pre3/spamc/spamc.pod
 ===================================================================
---- spamassassin-3.4.0-rc5.orig/spamc/spamc.pod	2014-02-10 21:35:08.896487637 -0800
-+++ spamassassin-3.4.0-rc5/spamc/spamc.pod	2014-02-10 21:35:58.860735402 -0800
-@@ -331,7 +331,7 @@
+--- spamassassin-3.4.2-pre3.orig/spamc/spamc.pod
++++ spamassassin-3.4.2-pre3/spamc/spamc.pod
+@@ -341,7 +341,7 @@ The exit codes used are as follows:
  
  =head1 SEE ALSO
  
diff -Nru spamassassin-3.4.1/debian/patches/30_edit_README spamassassin-3.4.2/debian/patches/30_edit_README
--- spamassassin-3.4.1/debian/patches/30_edit_README	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/30_edit_README	1969-12-31 16:00:00.000000000 -0800
@@ -1,16 +0,0 @@
-Index: spamassassin-3.4.1/README
-===================================================================
---- spamassassin-3.4.1.orig/README
-+++ spamassassin-3.4.1/README
-@@ -132,11 +132,6 @@ default locations that Apache SpamAssass
-         If the files exist in /etc/spamassassin, they will not
-         be overwritten during future installs.
- 
--  - /usr/share/spamassassin/user_prefs.template:
--
--	Distributed default user preferences. Do not modify this, as it is
--	overwritten when you upgrade.
--
-   - /etc/spamassassin/user_prefs.template:
- 
- 	Default user preferences, for system admins to create, modify, and
diff -Nru spamassassin-3.4.1/debian/patches/90_pod_cleanup spamassassin-3.4.2/debian/patches/90_pod_cleanup
--- spamassassin-3.4.1/debian/patches/90_pod_cleanup	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/90_pod_cleanup	2018-09-30 23:44:58.000000000 -0700
@@ -1,8 +1,8 @@
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
 ===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf.pm
-@@ -3931,7 +3931,7 @@ This option gives the password used by t
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Conf.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Conf.pm
+@@ -3994,7 +3994,7 @@ This option gives the password used by t
  
  Whether to call the services_authorized_for_username plugin hook in BayesSQL.
  If the hook does not determine that the user is allowed to use bayes or is
@@ -11,66 +11,20 @@
  
  NOTE: By default the user is considered invalid until a plugin returns
  a true value.  If you enable this, but do not have a proper plugin
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DCC.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
 ===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DCC.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DCC.pm
-@@ -1088,3 +1088,4 @@ sub plugin_report {
- }
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
+@@ -17,7 +17,7 @@
  
- 1;
-+
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DNSEval.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DNSEval.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DNSEval.pm
-@@ -328,6 +328,7 @@ This checks all the from addrs domain na
- =back
- 
- =cut
-+
- sub check_rbl_from_domain {
-   my ($self, $pms, $rule, $set, $rbl_server, $subtest) = @_;
-   _check_rbl_addresses($self, $pms, $rule, $set, $rbl_server, $subtest, $_[1]->all_from_addrs_domains());
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
-@@ -15,6 +15,25 @@
- # limitations under the License.
- # </@LICENSE>
+ =head1 NAME
  
-+=head1 NAME
-+
-+Mail::SpamAssassin::Plugin::MIMEEval - perform MIME sanity tests of messages
-+
-+=head1 SYNOPSIS
-+
-+  loadplugin Mail::SpamAssassin::Plugin::MIMEEval
-+
-+  body MULTIPART_ALT_NON_TEXT     eval:check_ma_non_text()
-+
-+  body MIME_HTML_ONLY             eval:check_for_mime_html_only()
-+  describe MIME_HTML_ONLY         Message only has text/html MIME parts
-+
-+=head1 DESCRIPTION
-+
-+Utility functions for examining various MIME encoded message components.
-+
-+=cut
-+
- package Mail::SpamAssassin::Plugin::MIMEEval;
- 
- use strict;
-@@ -69,6 +88,7 @@ sub are_more_high_bits_set {
+-MIMEEval - perform various tests against MIME structure and body
++Mail::SpamAssassin::Plugin::MIMEEval - perform various tests against MIME structure and body
  
-   ($numlos <= $numhis && $numhis > 3);
- }
-+
- =over 4
+ =head1 SYNOPSIS
  
- =item has_check_for_ascii_text_illegal
-@@ -148,6 +168,31 @@ sub check_for_faraway_charset {
+@@ -175,6 +175,31 @@ sub check_for_faraway_charset {
    0;
  }
  
@@ -80,8 +34,8 @@
 +
 +Use in rules such as:
 +
-+  rawbody MIME_BASE64_BLANKS      eval:check_for_mime('mime_base64_blanks')
-+  describe MIME_BASE64_BLANKS     Extra blank lines in base64 encoding
++  rawbody MIME_BASE64      eval:check_for_mime('mime_base64_count')
++  describe MIME_BASE64     Includes a base64 attachment
 +
 +  mime_base64_count
 +  mime_base64_encoded_text
@@ -102,7 +56,7 @@
  sub check_for_mime {
    my ($self, $pms, undef, $test) = @_;
  
-@@ -166,7 +211,12 @@ sub check_for_mime_html {
+@@ -193,7 +218,12 @@ sub check_for_mime_html {
    return ($pms->{mime_body_html_count} > 0);
  }
  
@@ -116,19 +70,3 @@
  sub check_for_mime_html_only {
    my ($self, $pms) = @_;
  
-@@ -474,6 +524,7 @@ sub _check_attachments {
- Adds capability check for "if can()" for check_qp_ratio
- 
- =cut
-+
- sub has_check_qp_ratio { 1 }
- 
- =item check_qp_ratio
-@@ -484,6 +535,7 @@ quoted printable to total bytes in an em
- =back
- 
- =cut
-+
- sub check_qp_ratio {
-   my ($self, $pms, undef, $min) = @_;
- 
diff -Nru spamassassin-3.4.1/debian/patches/97_bug720499-pod-5.18 spamassassin-3.4.2/debian/patches/97_bug720499-pod-5.18
--- spamassassin-3.4.1/debian/patches/97_bug720499-pod-5.18	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/97_bug720499-pod-5.18	1969-12-31 16:00:00.000000000 -0800
@@ -1,33 +0,0 @@
-Description: fix POD errors with perl 5.18
- Wrap number-like items in C<>, to avoid parser complains
-Author: Damyan Ivanov <dmn@debian.org>
-Bug-Debian: http://bugs.debian.org/720499
-
---- a/sa-check_spamd.raw
-+++ b/sa-check_spamd.raw
-@@ -424,21 +424,21 @@ exiting with one of these values:
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- OK: A spamd ping response was received within all threshold times.
- 
--=item 1
-+=item C<1>
- 
- WARNING: A spamd ping response exceeded the warning threshold but not the
- critical threshold.
- 
--=item 2
-+=item C<2>
- 
- CRITICAL: A spamd ping response exceeded either the critical threshold or the
- timeout value.
- 
--=item 3
-+=item C<3>
- 
- UNKNOWN: An error, probably caused by a missing dependency or an invalid
- configuration parameter being supplied, occurred in the sa-check_spamd program.
diff -Nru spamassassin-3.4.1/debian/patches/98_sa-compile-quiet spamassassin-3.4.2/debian/patches/98_sa-compile-quiet
--- spamassassin-3.4.1/debian/patches/98_sa-compile-quiet	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/98_sa-compile-quiet	2018-09-30 23:44:58.000000000 -0700
@@ -1,8 +1,8 @@
-Index: spamassassin-3.4.0~rc5/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
 ===================================================================
---- spamassassin-3.4.0~rc5.orig/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm	2014-01-11 09:13:23.000000000 -0800
-+++ spamassassin-3.4.0~rc5/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm	2014-02-14 21:34:59.109796791 -0800
-@@ -192,7 +192,8 @@
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
+@@ -191,7 +191,8 @@ NEXT_RULE:
          dbg("zoom: giving up on regexp: $eval_stat");
        };
  
diff -Nru spamassassin-3.4.1/debian/patches/bug_760277_net_dns_URIDNSBL spamassassin-3.4.2/debian/patches/bug_760277_net_dns_URIDNSBL
--- spamassassin-3.4.1/debian/patches/bug_760277_net_dns_URIDNSBL	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_760277_net_dns_URIDNSBL	1969-12-31 16:00:00.000000000 -0800
@@ -1,34 +0,0 @@
-Description: Fix uninitialized values in URIDNSBL.pm with Net::DNS 1.01
-Origin: upstream, https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm?r1=1676616&r2=1694126&pathrev=1694126&view=patch
-Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7231
-Bug-Debian: https://bugs.debian.org/760277
-Last-Update: 2016-09-29
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
-+++ b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
-@@ -942,9 +942,8 @@
-     next unless (defined($str) && defined($dom));
-     dbg("uridnsbl: got($j) NS for $dom: $str");
- 
--    if ($str =~ /IN\s+NS\s+(\S+)/) {
--      my $nsmatch = lc $1;
--      $nsmatch =~ s/\.$//;
-+    if ($rr->type eq 'NS') {
-+      my $nsmatch = lc $rr->nsdname;  # available since at least Net::DNS 0.14
-       my $nsrhblstr = $nsmatch;
-       my $fullnsrhblstr = $nsmatch;
- 
-@@ -1025,9 +1024,9 @@
-     }
-     dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
- 
--    local $1;
--    if ($str =~ /IN\s+A\s+(\S+)/) {
--      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
-+    if ($rr->type eq 'A') {
-+      my $ip_address = $rr->rdatastr;
-+      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
-     }
-   }
- }
diff -Nru spamassassin-3.4.1/debian/patches/bug_766718-net-dns-vers spamassassin-3.4.2/debian/patches/bug_766718-net-dns-vers
--- spamassassin-3.4.1/debian/patches/bug_766718-net-dns-vers	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_766718-net-dns-vers	2018-09-30 23:44:58.000000000 -0700
@@ -1,9 +1,16 @@
-Improve Net::DNS package version checks. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766718
-Index: spamassassin-3.4.0/lib/Mail/SpamAssassin/Dns.pm
+Description: Improve Net::DNS package version checks.
+ This isn't strictly necessary right now, but does make version checks more
+ robust and should be forwarded upstream. In multiple places, spamassassin
+ contains tests against $Net::DNS::VERSION that assume the value is numeric. It
+ is not guaranteed to be numeric, and in cases where it isn't the tests trigger
+ warnings.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766718
+Forwarded: no
+Index: spamassassin-3.4.2/lib/Mail/SpamAssassin/Dns.pm
 ===================================================================
---- spamassassin-3.4.0.orig/lib/Mail/SpamAssassin/Dns.pm	2014-02-07 00:36:28.000000000 -0800
-+++ spamassassin-3.4.0/lib/Mail/SpamAssassin/Dns.pm	2014-11-14 13:38:27.515047348 -0800
-@@ -511,14 +511,15 @@
+--- spamassassin-3.4.2.orig/lib/Mail/SpamAssassin/Dns.pm
++++ spamassassin-3.4.2/lib/Mail/SpamAssassin/Dns.pm
+@@ -520,14 +520,15 @@ sub is_dns_available {
  
    # Check version numbers - runtime check only
    if (defined $Net::DNS::VERSION) {
@@ -21,18 +28,3 @@
  	warn("dns: Net::DNS version is $Net::DNS::VERSION, but need 0.34");
  	return $IS_DNS_AVAILABLE;
        }
-Index: spamassassin-3.4.0/lib/Mail/SpamAssassin/Plugin/AskDNS.pm
-===================================================================
---- spamassassin-3.4.0.orig/lib/Mail/SpamAssassin/Plugin/AskDNS.pm	2014-02-07 00:36:27.000000000 -0800
-+++ spamassassin-3.4.0/lib/Mail/SpamAssassin/Plugin/AskDNS.pm	2014-11-14 14:07:51.671795329 -0800
-@@ -211,7 +211,9 @@
- 
-   $self->set_config($sa_main->{conf});
- 
--  $txtdata_can_provide_a_list = Net::DNS->VERSION >= 0.69;
-+  use version 0.77;
-+  $txtdata_can_provide_a_list =
-+      version->parse(Net::DNS->VERSION) >= version->parse('0.69');
- 
-   return $self;
- }
diff -Nru spamassassin-3.4.1/debian/patches/bug_771408_perl_version spamassassin-3.4.2/debian/patches/bug_771408_perl_version
--- spamassassin-3.4.1/debian/patches/bug_771408_perl_version	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_771408_perl_version	1969-12-31 16:00:00.000000000 -0800
@@ -1,15 +0,0 @@
-upstream fix for bug #771408
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf/Parser.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
-@@ -536,6 +536,9 @@ sub handle_conditional {
-     elsif ($token eq 'perl_version') {
-       $eval .= $]." ";
-     }
-+    elsif ($token eq 'perl_version') {
-+      $eval .= $]." ";
-+    }
-     elsif ($token =~ /^\w[\w\:]+$/) { # class name
-       my $u = untaint_var($token);
-       $eval .= '"' . $u . '" ';
diff -Nru spamassassin-3.4.1/debian/patches/bug_821385_dnsresolver spamassassin-3.4.2/debian/patches/bug_821385_dnsresolver
--- spamassassin-3.4.1/debian/patches/bug_821385_dnsresolver	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_821385_dnsresolver	1969-12-31 16:00:00.000000000 -0800
@@ -1,18 +0,0 @@
-Origin: upstream, https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/DnsResolver.pm?r1=1691992&r2=1691991&pathrev=1691992&view=patch
-Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7223
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821385
-
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/DnsResolver.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/DnsResolver.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/DnsResolver.pm
-@@ -592,6 +592,9 @@ sub new_dns_packet {
-   };
- 
-   if ($packet) {
-+    # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223	
-+    $packet->header->rd(1);
-+
-   # my $udp_payload_size = $self->{res}->udppacketsize;
-     my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
-     if ($udp_payload_size && $udp_payload_size > 512) {
diff -Nru spamassassin-3.4.1/debian/patches/bug_828552-openssl-1.1.0 spamassassin-3.4.2/debian/patches/bug_828552-openssl-1.1.0
--- spamassassin-3.4.1/debian/patches/bug_828552-openssl-1.1.0	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_828552-openssl-1.1.0	1969-12-31 16:00:00.000000000 -0800
@@ -1,453 +0,0 @@
-From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
-Date: Thu, 22 Sep 2016 11:19:42 +0000
-Subject: [PATCH] spamassassin: get it compiled against openssl 1.1.0
-
-CRYPTO_lock was part of the old locking API which got removed. I picked
-a different symbol.
-
-Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
----
- spamc/configure    | 22 +++++++++++-----------
- spamc/configure.in |  2 +-
- 2 files changed, 12 insertions(+), 12 deletions(-)
-
-Index: spamassassin-3.4.1/spamc/configure
-===================================================================
---- spamassassin-3.4.1.orig/spamc/configure
-+++ spamassassin-3.4.1/spamc/configure
-@@ -943,7 +943,7 @@ esac
-     else
-       echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
-     fi
--    cd "$ac_popdir"
-+    cd $ac_popdir
-   done
- fi
- 
-@@ -1874,7 +1874,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -1932,7 +1933,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -2048,7 +2050,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -2102,7 +2105,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -2147,7 +2151,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -2191,7 +2196,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -2523,7 +2529,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -2693,7 +2700,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -2764,7 +2772,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -2917,7 +2926,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3069,7 +3079,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3260,7 +3271,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3323,7 +3335,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3388,7 +3401,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3491,7 +3505,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3557,7 +3572,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3628,7 +3644,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3666,9 +3683,9 @@ fi
- SSLLIBS=""
- SSLCFLAGS=""
- if test yes = "$sa_ssl_enabled"; then
--	echo "$as_me:$LINENO: checking for CRYPTO_lock in -lcrypto" >&5
--echo $ECHO_N "checking for CRYPTO_lock in -lcrypto... $ECHO_C" >&6
--if test "${ac_cv_lib_crypto_CRYPTO_lock+set}" = set; then
-+	echo "$as_me:$LINENO: checking for CRYPTO_malloc in -lcrypto" >&5
-+echo $ECHO_N "checking for CRYPTO_malloc in -lcrypto... $ECHO_C" >&6
-+if test "${ac_cv_lib_crypto_CRYPTO_malloc+set}" = set; then
-   echo $ECHO_N "(cached) $ECHO_C" >&6
- else
-   ac_check_lib_save_LIBS=$LIBS
-@@ -3686,11 +3703,11 @@ extern "C"
- #endif
- /* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
--char CRYPTO_lock ();
-+char CRYPTO_malloc ();
- int
- main ()
- {
--CRYPTO_lock ();
-+CRYPTO_malloc ();
-   ;
-   return 0;
- }
-@@ -3704,7 +3721,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3716,20 +3734,20 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   ac_status=$?
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); }; }; then
--  ac_cv_lib_crypto_CRYPTO_lock=yes
-+  ac_cv_lib_crypto_CRYPTO_malloc=yes
- else
-   echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
- 
--ac_cv_lib_crypto_CRYPTO_lock=no
-+ac_cv_lib_crypto_CRYPTO_malloc=no
- fi
- rm -f conftest.err conftest.$ac_objext \
-       conftest$ac_exeext conftest.$ac_ext
- LIBS=$ac_check_lib_save_LIBS
- fi
--echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_lock" >&5
--echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_lock" >&6
--if test $ac_cv_lib_crypto_CRYPTO_lock = yes; then
-+echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_malloc" >&5
-+echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_malloc" >&6
-+if test $ac_cv_lib_crypto_CRYPTO_malloc = yes; then
-   SSLLIBS="-lcrypto $SSLLIBS"
- fi
- 
-@@ -3771,7 +3789,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3804,7 +3823,7 @@ fi
- 	# before defining SPAMC_SSL check that all its requirements are
- 	# actually available
- 	if test yes = "$ac_cv_header_openssl_crypto_h" && \
--	   test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \
-+	   test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \
- 	   test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then
- 		SSLCFLAGS="-DSPAMC_SSL"
- 	else
-@@ -3854,7 +3873,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -3927,7 +3947,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4000,7 +4021,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4073,7 +4095,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4182,7 +4205,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4246,7 +4270,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4311,7 +4336,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4368,7 +4394,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4435,7 +4462,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4500,7 +4528,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4564,7 +4593,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4628,7 +4658,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -4692,7 +4723,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
-   cat conftest.err >&5
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } &&
--	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-+	 { ac_try='test -z "$ac_c_werror_flag"
-+			 || test ! -s conftest.err'
-   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-@@ -5527,6 +5559,11 @@ esac
- 
- 
- 
-+  if test x"$ac_file" != x-; then
-+    { echo "$as_me:$LINENO: creating $ac_file" >&5
-+echo "$as_me: creating $ac_file" >&6;}
-+    rm -f "$ac_file"
-+  fi
-   # Let's still pretend it is `configure' which instantiates (i.e., don't
-   # use $as_me), people would be surprised to read:
-   #    /* config.h.  Generated by config.status.  */
-@@ -5565,12 +5602,6 @@ echo "$as_me: error: cannot find input f
- 	 fi;;
-       esac
-     done` || { (exit 1); exit 1; }
--
--  if test x"$ac_file" != x-; then
--    { echo "$as_me:$LINENO: creating $ac_file" >&5
--echo "$as_me: creating $ac_file" >&6;}
--    rm -f "$ac_file"
--  fi
- _ACEOF
- cat >>$CONFIG_STATUS <<_ACEOF
-   sed "$ac_vpsub
-Index: spamassassin-3.4.1/spamc/configure.in
-===================================================================
---- spamassassin-3.4.1.orig/spamc/configure.in
-+++ spamassassin-3.4.1/spamc/configure.in
-@@ -64,13 +64,13 @@ AC_CHECK_LIB(socket, socket)
- SSLLIBS=""
- SSLCFLAGS=""
- if test yes = "$sa_ssl_enabled"; then
--	AC_CHECK_LIB(crypto, CRYPTO_lock,[SSLLIBS="-lcrypto $SSLLIBS"])
-+	AC_CHECK_LIB(crypto, CRYPTO_malloc,[SSLLIBS="-lcrypto $SSLLIBS"])
- 	AC_CHECK_LIB(ssl, SSL_CTX_free,[SSLLIBS="-lssl $SSLLIBS"],,-lcrypto)
- 
- 	# before defining SPAMC_SSL check that all its requirements are
- 	# actually available
- 	if test yes = "$ac_cv_header_openssl_crypto_h" && \
--	   test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \
-+	   test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \
- 	   test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then
- 		SSLCFLAGS="-DSPAMC_SSL"
- 	else
diff -Nru spamassassin-3.4.1/debian/patches/bug_835494_perl_INC spamassassin-3.4.2/debian/patches/bug_835494_perl_INC
--- spamassassin-3.4.1/debian/patches/bug_835494_perl_INC	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/bug_835494_perl_INC	1969-12-31 16:00:00.000000000 -0800
@@ -1,13 +0,0 @@
-Index: spamassassin-3.4.1/spamc/configure.pl
-===================================================================
---- spamassassin-3.4.1.orig/spamc/configure.pl
-+++ spamassassin-3.4.1/spamc/configure.pl
-@@ -66,7 +66,7 @@ print join(' ', $Config{'perlpath'}, "ve
-   # Do the same thing as for the preprocessor below.
-   package version_h;
-   my $Z = $0;
--  local $0    = "version.h.pl";
-+  local $0    = "./version.h.pl";
-   local @ARGV = ();
-   # Got to check for defined because the script returns shell error level!
-   unless (defined do $0) {
diff -Nru spamassassin-3.4.1/debian/patches/disable_sslv3 spamassassin-3.4.2/debian/patches/disable_sslv3
--- spamassassin-3.4.1/debian/patches/disable_sslv3	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/disable_sslv3	1969-12-31 16:00:00.000000000 -0800
@@ -1,276 +0,0 @@
-Index: spamassassin-3.4.1/spamc/libspamc.c
-===================================================================
---- spamassassin-3.4.1.orig/spamc/libspamc.c
-+++ spamassassin-3.4.1/spamc/libspamc.c
-@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp,
-     unsigned int throwaway;
-     SSL_CTX *ctx = NULL;
-     SSL *ssl = NULL;
--    SSL_METHOD *meth;
-+    const SSL_METHOD *meth;
-     char zlib_on = 0;
-     unsigned char *zlib_buf = NULL;
-     int zlib_bufsiz = 0;
-@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp,
-     if (flags & SPAMC_USE_SSL) {
- #ifdef SPAMC_SSL
- 	SSLeay_add_ssl_algorithms();
--	if (flags & SPAMC_TLSV1) {
--	    meth = TLSv1_client_method();
--	} else {
--	    meth = SSLv3_client_method(); /* default */
--	}
-+	meth = SSLv23_client_method();
- 	SSL_load_error_strings();
- 	ctx = SSL_CTX_new(meth);
- #else
-@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c
-     int failureval;
-     SSL_CTX *ctx = NULL;
-     SSL *ssl = NULL;
--    SSL_METHOD *meth;
-+    const SSL_METHOD *meth;
- 
-     assert(tp != NULL);
-     assert(m != NULL);
-@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c
-     if (flags & SPAMC_USE_SSL) {
- #ifdef SPAMC_SSL
- 	SSLeay_add_ssl_algorithms();
--	meth = SSLv3_client_method();
-+	meth = SSLv23_client_method();
- 	SSL_load_error_strings();
- 	ctx = SSL_CTX_new(meth);
- #else
-Index: spamassassin-3.4.1/spamc/spamc.c
-===================================================================
---- spamassassin-3.4.1.orig/spamc/spamc.c
-+++ spamassassin-3.4.1/spamc/spamc.c
-@@ -368,16 +368,11 @@ read_args(int argc, char **argv,
-             case 'S':
-             {
-                 flags |= SPAMC_USE_SSL;
--		if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) {
--		    flags |= SPAMC_SSLV3;
--		}
--		else if (strcmp(spamc_optarg,"tlsv1") == 0) {
--		    flags |= SPAMC_TLSV1;
--		}
--		else {
--		    libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg);
--		    ret = EX_USAGE;
--		}
-+                if(spamc_optarg) {
-+                    libspamc_log(flags, LOG_ERR,
-+                        "Explicit specification of an SSL/TLS version no longer supported.");
-+                    ret = EX_USAGE;
-+                }
-                 break;
-             }
- #endif
-Index: spamassassin-3.4.1/spamd/spamd.raw
-===================================================================
---- spamassassin-3.4.1.orig/spamd/spamd.raw
-+++ spamassassin-3.4.1/spamd/spamd.raw
-@@ -409,7 +409,6 @@ GetOptions(
-   'sql-config!'              => \$opt{'sql-config'},
-   'ssl'                      => \$opt{'ssl'},
-   'ssl-port=s'               => \$opt{'ssl-port'},
--  'ssl-version=s'            => \$opt{'ssl-version'},
-   'syslog-socket=s'          => \$opt{'syslog-socket'},
-   'syslog|s=s'               => \$opt{'syslog'},
-   'log-timestamp-fmt:s'      => \$opt{'log-timestamp-fmt'},
-@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) {
- 
- # Do whitelist later in tmp dir. Side effect: this will be done as -u user.
- 
--my $sslversion = $opt{'ssl-version'} || 'sslv3';
--if ($sslversion !~ /^(?:sslv3|tlsv1)$/) {
--  die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
--}
--
- $opt{'server-key'}  ||= "$LOCAL_RULES_DIR/certs/server-key.pem";
- $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem";
- 
-@@ -898,9 +892,8 @@ sub compose_listen_info_string {
-                       $socket_info->{ip_addr}, $socket_info->{port}));
- 
-     } elsif ($socket->isa('IO::Socket::SSL')) {
--      push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s",
--                      $socket_info->{ip_addr}, $socket_info->{port},
--                      $opt{'ssl-version'}||'sslv3'));
-+      push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr},
-+                      $socket_info->{port}));
-     }
-   }
- 
-@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet {
-     $sockopt{V6Only} = 1  if $io_socket_module_name eq 'IO::Socket::IP'
-                              && IO::Socket::IP->VERSION >= 0.09;
-     %sockopt = (%sockopt, (
--      SSL_version     => $sslversion,
-       SSL_verify_mode => 0x00,
-       SSL_key_file    => $opt{'server-key'},
-       SSL_cert_file   => $opt{'server-cert'},
-@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet {
-     if (!$server_inet) {
-       $diag = sprintf("could not create %s socket on [%s]:%s: %s",
-                       $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
--                      $adr, $port, $!);
-+                      $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
-+                      "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
-       push(@diag_fail, $diag);
-     } else {
-       $diag = sprintf("created %s socket on [%s]:%s",
-@@ -3232,7 +3225,6 @@ Options:
-  -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
-  --ssl                             Enable SSL on TCP connections
-  --ssl-port port                   Override --port setting for SSL connections
-- --ssl-version sslversion          Specify SSL protocol version to use
-  --server-key keyfile              Specify an SSL keyfile
-  --server-cert certfile            Specify an SSL certificate
-  --socketpath=path                 Listen on a given UNIX domain socket
-@@ -3720,14 +3712,6 @@ Optionally specifies the port number for
- SSL connections (default: whatever --port uses).  See B<--ssl> for
- more details.
- 
--=item B<--ssl-version>=I<sslversion>
--
--Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>.
--The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
--higher hello handshake, then negotiating use of SSLv3 or TLSv1
--protocol if the client can accept it.  Specifying B<--ssl-version>
--implies B<--ssl>.
--
- =item B<--server-key> I<keyfile>
- 
- Specify the SSL key file to use for SSL connections.
-Index: spamassassin-3.4.1/spamc/spamc.pod
-===================================================================
---- spamassassin-3.4.1.orig/spamc/spamc.pod
-+++ spamassassin-3.4.1/spamc/spamc.pod
-@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a
- Sleep for I<sleep> seconds between failed spamd filtering attempts.
- The default is 1 second.
- 
--=item B<-S>, B<--ssl>, B<--ssl>=I<sslversion>
-+=item B<-S>, B<--ssl>, B<--ssl>
- 
- If spamc was built with support for SSL, encrypt data to and from the
- spamd process with SSL; spamd must support SSL as well.
--I<sslversion> specifies the SSL protocol version to use, either
--C<sslv3>, or C<tlsv1>. The default, is C<sslv3>.
- 
- =item B<-t> I<timeout>, B<--timeout>=I<timeout>
- 
-Index: spamassassin-3.4.1/t/spamd_ssl_tls.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#!/usr/bin/perl
--
--use lib '.'; use lib 't';
--use SATest; sa_t_init("spamd_ssl_tls");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
--
--exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
--
--# ---------------------------------------------------------------------------
--
--%patterns = (
--
--q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
--q{ Subject: There yours for FREE!}, 'subj',
--q{ X-Spam-Status: Yes, score=}, 'status',
--q{ X-Spam-Flag: YES}, 'flag',
--q{ X-Spam-Level: **********}, 'stars',
--q{ TEST_ENDSNUMS}, 'endsinnums',
--q{ TEST_NOREALNAME}, 'noreal',
--q{ This must be the very last line}, 'lastline',
--
--
--);
--
--ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
--           "--ssl=tlsv1 < data/spam/001",
--           \&patterns_run_cb));
--ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl_v3.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#!/usr/bin/perl
--
--use lib '.'; use lib 't';
--use SATest; sa_t_init("spamd_sslv3");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
--
--exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
--
--# ---------------------------------------------------------------------------
--
--%patterns = (
--
--q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
--q{ Subject: There yours for FREE!}, 'subj',
--q{ X-Spam-Status: Yes, score=}, 'status',
--q{ X-Spam-Flag: YES}, 'flag',
--q{ X-Spam-Level: **********}, 'stars',
--q{ TEST_ENDSNUMS}, 'endsinnums',
--q{ TEST_NOREALNAME}, 'noreal',
--q{ This must be the very last line}, 'lastline',
--
--
--);
--
--ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
--           "--ssl=sslv3 < data/spam/001",
--           \&patterns_run_cb));
--ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t
-+++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
-@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la
- 
- );
- 
--ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
-+ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
- ok (spamcrun ("< data/spam/001", \&patterns_run_cb));
--ok (spamcrun ("--ssl=sslv3  < data/spam/001", \&patterns_run_cb));
-+ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb));
- ok (stop_spamd ());
- 
- ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl.t
-+++ spamassassin-3.4.1/t/spamd_ssl.t
-@@ -2,10 +2,7 @@
- 
- use lib '.'; use lib 't';
- use SATest; sa_t_init("spamd_ssl");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9),
--    onfail => sub {
--	warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" .
--	    "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" };
-+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
- 
- exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
- 
-Index: spamassassin-3.4.1/MANIFEST
-===================================================================
---- spamassassin-3.4.1.orig/MANIFEST
-+++ spamassassin-3.4.1/MANIFEST
-@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t
- t/spamd_sql_prefs.t
- t/spamd_ssl.t
- t/spamd_ssl_accept_fail.t
--t/spamd_ssl_tls.t
--t/spamd_ssl_v3.t
- t/spamd_stop.t
- t/spamd_symbols.t
- t/spamd_syslog.t
diff -Nru spamassassin-3.4.1/debian/patches/dkim_subdomains spamassassin-3.4.2/debian/patches/dkim_subdomains
--- spamassassin-3.4.1/debian/patches/dkim_subdomains	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/dkim_subdomains	1969-12-31 16:00:00.000000000 -0800
@@ -1,64 +0,0 @@
-Description: Support signer subdomain matching in whitelist_from_dkim
-Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1693414
-Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7226
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DKIM.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm
-@@ -178,13 +178,18 @@ sub set_config {
- 
- Works similarly to whitelist_from, except that in addition to matching
- an author address (From) to the pattern in the first parameter, the message
--must also carry a Domain Keys Identified Mail (DKIM) signature made by a
--signing domain (SDID, i.e. the d= tag) that is acceptable to us.
-+must also carry a valid Domain Keys Identified Mail (DKIM) signature made by
-+a signing domain (SDID, i.e. the d= tag) that is acceptable to us.
- 
- Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
- Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
- are allowed for the From address (the first parameter), just like with
--C<whitelist_from_rcvd>. The second parameter does not accept wildcards.
-+C<whitelist_from_rcvd>.
-+
-+The second parameter (the signing-domain) does not accept full file-glob style
-+wildcards, although a simple '*.' (or just a '.') prefix to a domain name
-+is recognized and implies any subdomain of the specified domain (but not
-+the domain itself).
- 
- If no signing-domain parameter is specified, the only acceptable signature
- will be an Author Domain Signature (sometimes called first-party signature)
-@@ -205,7 +210,8 @@ Examples of whitelisting based on third-
-   whitelist_from_dkim jane@example.net      example.org
-   whitelist_from_dkim rick@info.example.net example.net
-   whitelist_from_dkim *@info.example.net    example.net
--  whitelist_from_dkim *@*                   remailer.example.com
-+  whitelist_from_dkim *@*                   mail7.remailer.example.com
-+  whitelist_from_dkim *@*                   *.remailer.example.com
- 
- =item def_whitelist_from_dkim author@example.com [signing-domain]
- 
-@@ -376,7 +382,8 @@ some valid signature on a message has no
- associated with a particular domain), regardless of its key size - anyone can
- prepend its own signature on a copy of some third party mail and re-send it,
- which makes it no more trustworthy than without such signature. This is also
--a reason for a rule DKIM_VALID to have a near-zero score.
-+a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit
-+is only informational.
- 
- =cut
- 
-@@ -1257,8 +1264,12 @@ sub _wlcheck_list {
-         # identity (AUID). Nevertheless, be prepared to accept the full e-mail
-         # address there for compatibility, and just ignore its local-part.
- 
--        $acceptable_sdid = $1  if $acceptable_sdid =~ /\@([^\@]*)\z/;
--        $matches = 1  if $sdid eq lc $acceptable_sdid;
-+        $acceptable_sdid = $1  if $acceptable_sdid =~ /\@([^\@]*)\z/s;
-+        if ($acceptable_sdid =~ s/^\*?\.//s) {
-+          $matches = 1  if $sdid =~ /\.\Q$acceptable_sdid\E\z/si;
-+        } else {
-+          $matches = 1  if $sdid eq lc $acceptable_sdid;
-+        }
-       }
-       if ($matches) {
-         if (would_log("dbg","dkim")) {
diff -Nru spamassassin-3.4.1/debian/patches/fix-uninitialized-concat spamassassin-3.4.2/debian/patches/fix-uninitialized-concat
--- spamassassin-3.4.1/debian/patches/fix-uninitialized-concat	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/fix-uninitialized-concat	1969-12-31 16:00:00.000000000 -0800
@@ -1,25 +0,0 @@
-Description: Import upstream fix for uninitialized value warning in Mail::SpamAssassin::PerMsgStatus::get_names_of_tests_hit_with_scores()
-Origin: https://svn.apache.org/viewvc?view=revision&revision=1685843
-Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7212
-Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm
-===================================================================
---- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm
-+++ spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm
-@@ -738,7 +738,7 @@ test names and individual scores of the
- sub get_names_of_tests_hit_with_scores_hash {
-   my ($self) = @_;
- 
--  my ($line, %testsscores);
-+  my (%testsscores);
- 
-   #BASED ON CODE FOR TESTSSCORES TAG - KAM 2014-04-24
-   foreach my $test (@{$self->{test_names_hit}}) {
-@@ -763,6 +763,8 @@ sub get_names_of_tests_hit_with_scores {
- 
-   my ($line, %testsscores);
- 
-+  $line = '';
-+
-   #BASED ON CODE FOR TESTSSCORES TAG - KAM 2014-04-24
-   foreach my $test (sort @{$self->{test_names_hit}}) {
-     my $score = $self->{conf}->{scores}->{$test};
diff -Nru spamassassin-3.4.1/debian/patches/series spamassassin-3.4.2/debian/patches/series
--- spamassassin-3.4.1/debian/patches/series	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/patches/series	2018-09-30 23:44:58.000000000 -0700
@@ -1,16 +1,6 @@
 10_change_config_paths
 20_edit_spamc_pod
-30_edit_README
 55_disable_nagios_epm
 90_pod_cleanup
-97_bug720499-pod-5.18
 98_sa-compile-quiet
 bug_766718-net-dns-vers
-bug_771408_perl_version
-disable_sslv3
-bug_821385_dnsresolver
-bug_835494_perl_INC
-bug_760277_net_dns_URIDNSBL
-dkim_subdomains
-fix-uninitialized-concat
-bug_828552-openssl-1.1.0
diff -Nru spamassassin-3.4.1/debian/rules spamassassin-3.4.2/debian/rules
--- spamassassin-3.4.1/debian/rules	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/rules	2018-09-30 23:44:58.000000000 -0700
@@ -125,11 +125,13 @@
 	dh_testroot -i
 	dh_installman -i sa-awl.1p sa-check_spamd.1p
 	dh_installdocs -i
-	dh_systemd_enable --no-enable
 	dh_installexamples -i
-	dh_installinit -i -- defaults 19 21
+	dh_systemd_enable -i --no-enable
+	dh_installinit -i --no-start -- defaults 19 21
+	dh_systemd_start -i --no-start
 	dh_installcron -i
 	dh_installchangelogs Changes -i
+	dh_lintian
 	dh_link -i
 	dh_compress -i -XGPG.KEY
 	dh_fixperms -i
@@ -143,7 +145,7 @@
 
 build-arch: build-arch-stamp
 #build-arch-stamp: configure debian/po/templates.pot
-build-arch-stamp: configure
+build-arch-stamp: configure-stamp
 
 	dh_testdir
 
@@ -157,7 +159,7 @@
 	touch build-arch-stamp
 
 install-arch: DH_OPTIONS=
-install-arch: build-arch
+install-arch: build-arch-stamp
 	dh_testdir
 	dh_testroot
 	dh_prep
@@ -165,7 +167,7 @@
 
 	cp spamc/spamc debian/spamc/usr/bin/spamc
 
-binary-arch: build-arch install-arch
+binary-arch: build-arch-stamp install-arch
 	dh_testdir -a
 	dh_testroot -a
 	dh_installdocs -a
diff -Nru spamassassin-3.4.1/debian/sa-compile.postinst spamassassin-3.4.2/debian/sa-compile.postinst
--- spamassassin-3.4.1/debian/sa-compile.postinst	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/sa-compile.postinst	2018-09-30 23:44:58.000000000 -0700
@@ -8,6 +8,17 @@
     if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile ]; then
         echo "Running sa-compile (may take a long time)"
         su - $OWNER -c "sa-compile --quiet"
+        # Fixup perms -- group and other should be able to
+        # read and execute, but never write.  Works around
+        # sa-compile's failure to obey umask.
+        runuser -u debian-spamd -- \
+                chmod -R go-w,go+rX /var/lib/spamassassin/compiled
+        if command -v invoke-rc.d >/dev/null 2>&1; then
+            invoke-rc.d --quiet spamassassin status > /dev/null && \
+              invoke-rc.d spamassassin reload > /dev/null 2>&1 || true
+        else
+            /etc/init.d/spamassassin reload > /dev/null 2>&1 || true
+        fi
     fi
 }
 
diff -Nru spamassassin-3.4.1/debian/sa-compile.postrm spamassassin-3.4.2/debian/sa-compile.postrm
--- spamassassin-3.4.1/debian/sa-compile.postrm	1969-12-31 16:00:00.000000000 -0800
+++ spamassassin-3.4.2/debian/sa-compile.postrm	2018-09-30 23:44:58.000000000 -0700
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e 
+
+#DEBHELPER#
+
+if [ "$1" = "remove" ]; then
+# Remove the compiled rules and restart spamd to complete unloading of
+# Mail::SpamAssassin::Plugin::Rule2XSBody
+    rm -Rf /var/lib/spamassassin/compiled
+    invoke-rc.d spamassassin restart
+fi
diff -Nru spamassassin-3.4.1/debian/sa-compile.triggers spamassassin-3.4.2/debian/sa-compile.triggers
--- spamassassin-3.4.1/debian/sa-compile.triggers	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/sa-compile.triggers	2018-09-30 23:44:58.000000000 -0700
@@ -1 +1 @@
-interest perl-major-upgrade
+interest-noawait perl-major-upgrade
diff -Nru spamassassin-3.4.1/debian/sa-update.postrm spamassassin-3.4.2/debian/sa-update.postrm
--- spamassassin-3.4.1/debian/sa-update.postrm	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/sa-update.postrm	1969-12-31 16:00:00.000000000 -0800
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-set -e 
-
-#DEBHELPER#
-
-if [ "$1" = "remove" ]; then
-# Remove the compiled rules and restart spamd to complete unloading of
-# Mail::SpamAssassin::Plugin::Rule2XSBody
-    rm -Rf /var/lib/spamassassin/compiled
-    invoke-rc.d spamassassin restart
-fi
diff -Nru spamassassin-3.4.1/debian/spamassassin.cron.daily spamassassin-3.4.2/debian/spamassassin.cron.daily
--- spamassassin-3.4.1/debian/spamassassin.cron.daily	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.cron.daily	2018-09-30 23:44:58.000000000 -0700
@@ -42,7 +42,8 @@
         # Fixup perms -- group and other should be able to
         # read and execute, but never write.  Works around
         # sa-compile's failure to obey umask.
-        chmod -R go-w,go+rX /var/lib/spamassassin/compiled
+        runuser -u debian-spamd -- \
+                chmod -R go-w,go+rX /var/lib/spamassassin/compiled
     fi
 }
 
@@ -53,8 +54,7 @@
         invoke-rc.d --quiet spamassassin status > /dev/null && \
           invoke-rc.d spamassassin reload > /dev/null
     else
-        invoke-rc.d --quiet spamassassin status > /dev/null && \
-          /etc/init.d/spamassassin reload > /dev/null
+        /etc/init.d/spamassassin reload > /dev/null
     fi
     if [ -d /etc/spamassassin/sa-update-hooks.d ]; then
         run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d
diff -Nru spamassassin-3.4.1/debian/spamassassin.dirs spamassassin-3.4.2/debian/spamassassin.dirs
--- spamassassin-3.4.1/debian/spamassassin.dirs	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.dirs	2018-09-30 23:44:58.000000000 -0700
@@ -8,3 +8,4 @@
 usr/share/spamassassin
 usr/share/man/man8
 usr/sbin
+/var/lib/spamassassin
diff -Nru spamassassin-3.4.1/debian/spamassassin.docs spamassassin-3.4.2/debian/spamassassin.docs
--- spamassassin-3.4.1/debian/spamassassin.docs	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.docs	2018-09-30 23:44:58.000000000 -0700
@@ -5,7 +5,6 @@
 USAGE
 NOTICE
 #ldap/README
-rules/STATISTICS*.txt
 #spamd/README
 spamd/README.vpopmail
 sql/
diff -Nru spamassassin-3.4.1/debian/spamassassin.init spamassassin-3.4.2/debian/spamassassin.init
--- spamassassin-3.4.1/debian/spamassassin.init	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.init	2018-09-30 23:44:58.000000000 -0700
@@ -36,6 +36,9 @@
 
 DOPTIONS="-d --pidfile=$PIDFILE"
 
+# Note: check_enabled should go away as soon as possible after the
+# next stable release to complete the transition away from using
+# ENABLED=1 in /etc/default/spamassassin
 check_enabled() {
     if [ "$ENABLED" = "0" ]; then
 	echo "$DESC: disabled, see /etc/default/spamassassin"
@@ -51,30 +54,30 @@
   start)
 	check_enabled
 	echo -n "Starting $DESC: "
-	start-stop-daemon --start --pidfile $PIDFILE --name $DAEMON \
+	start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
 	    $NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
 	echo "$NAME."
 	;;
 
   stop)
 	echo -n "Stopping $DESC: "
-	start-stop-daemon --stop --pidfile $PIDFILE --name $DAEMON --oknodo
+	start-stop-daemon --stop --pidfile $PIDFILE --name $NAME --oknodo
 	echo "$NAME."
 	;;
 
   reload|force-reload)
 	check_enabled
 	echo -n "Reloading $DESC: "
-	start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $DAEMON
+	start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $NAME
 	echo "$NAME."
 	;;
 
   restart)
 	check_enabled
 	echo -n "Restarting $DESC: "
-	start-stop-daemon --stop --pidfile $PIDFILE --name $DAEMON \
+	start-stop-daemon --stop --pidfile $PIDFILE --name $NAME \
 	    --retry 5 --oknodo
-	start-stop-daemon --start --pidfile $PIDFILE --name $DAEMON \
+	start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
 	    $NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
 
 	echo "$NAME."
diff -Nru spamassassin-3.4.1/debian/spamassassin.lintian-overrides spamassassin-3.4.2/debian/spamassassin.lintian-overrides
--- spamassassin-3.4.1/debian/spamassassin.lintian-overrides	1969-12-31 16:00:00.000000000 -0800
+++ spamassassin-3.4.2/debian/spamassassin.lintian-overrides	2018-09-30 23:44:58.000000000 -0700
@@ -0,0 +1,3 @@
+# These will go away as soon as we've cleanly transitioned from ENABLED=1
+init.d-script-should-always-start-service
+duplicate-updaterc.d-calls-in-postinst
diff -Nru spamassassin-3.4.1/debian/spamassassin.postinst spamassassin-3.4.2/debian/spamassassin.postinst
--- spamassassin-3.4.1/debian/spamassassin.postinst	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.postinst	2018-09-30 23:44:58.000000000 -0700
@@ -11,9 +11,8 @@
     # If a new install, or an upgrade from 3.3.2-2 or earlier...
     if ! getent passwd debian-spamd > /dev/null ; then
         adduser --system --group --shell /bin/sh --disabled-password \
-            --home /var/lib/spamassassin debian-spamd
-    else
-        mkdir -p /var/lib/spamassassin
+		--home /var/lib/spamassassin --no-create-home \
+		debian-spamd
     fi
 
     OWNER=$(stat -c '%U' /var/lib/spamassassin)
@@ -23,7 +22,7 @@
     # unless the user has overridden.
     if ! dpkg-statoverride --list /var/lib/spamassassin/* >/dev/null && \
         [ "$OWNER:$GROUP" != "debian-spamd:debian-spamd" ]; then
-        chown -R debian-spamd:debian-spamd /var/lib/spamassassin
+        chown debian-spamd:debian-spamd /var/lib/spamassassin
         OWNER=debian-spamd
         GROUP=debian-spamd
     fi
@@ -43,3 +42,9 @@
 fi
 
 #DEBHELPER#
+
+if [ "$1" = "configure" ] && [ -n "$2" ]; then
+    if deb-systemd-helper was-enabled spamassassin.service > /dev/null 2>&1; then
+	invoke-rc.d spamassassin restart
+    fi
+fi
diff -Nru spamassassin-3.4.1/debian/spamassassin.preinst spamassassin-3.4.2/debian/spamassassin.preinst
--- spamassassin-3.4.1/debian/spamassassin.preinst	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.preinst	2018-09-30 23:44:58.000000000 -0700
@@ -32,6 +32,15 @@
         rm_conffile spamassassin "/etc/logcheck/ignore.d.paranoid/spamassassin"
         rm_conffile spamassassin "/etc/logcheck/violations.ignore.d/spamassassin"
     fi
+    if dpkg --compare-versions "$2" lt-nl "3.4.2" &&
+       ! command -v systemctl > /dev/null; then
+	# spamd changed its process name in 3.4.2. If we're running a
+	# previous version under sysvinit, we need to stop the old
+	# version
+	start-stop-daemon --stop --oknodo \
+			  --pidfile /var/run/spamd.pid \
+			  --name /usr/sbin/spamd
+    fi
 esac
 
 #DEBHELPER#
diff -Nru spamassassin-3.4.1/debian/spamassassin.prerm spamassassin-3.4.2/debian/spamassassin.prerm
--- spamassassin-3.4.1/debian/spamassassin.prerm	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.prerm	2018-09-30 23:44:58.000000000 -0700
@@ -9,6 +9,7 @@
 # /etc/spamassassin without causing dpkg to complain on purge.
 
 if [ "$1" = "remove" ]; then
+    invoke-rc.d --quiet spamassassin stop || true
     rm -Rf /var/lib/spamassassin
     rm -Rf /etc/spamassassin/sa-update-keys
 fi
diff -Nru spamassassin-3.4.1/debian/spamassassin.README.Debian spamassassin-3.4.2/debian/spamassassin.README.Debian
--- spamassassin-3.4.1/debian/spamassassin.README.Debian	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.README.Debian	2018-09-30 23:44:58.000000000 -0700
@@ -12,7 +12,7 @@
 /var/lib/spamassassin. If sa-compile is installed, the rule updates
 will be automatically compiled after download (see below).
 
-Note that sa-update requires gnupg 1.x in order to function. Because the
+Note that sa-update requires gnupg in order to function. Because the
 sa-update functionality is optional, the gnupg package is listed as a
 "Recommends" for spamassassin, not "Depends", and it is possible to
 install spamassassin without having gnupg installed. If you install
diff -Nru spamassassin-3.4.1/debian/spamassassin.service spamassassin-3.4.2/debian/spamassassin.service
--- spamassassin-3.4.1/debian/spamassassin.service	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.service	2018-09-30 23:44:58.000000000 -0700
@@ -1,12 +1,16 @@
 [Unit]
 Description=Perl-based spam filter using text analysis
+After=network.target
 
 [Service]
 Type=forking
-PIDFile=/var/run/spamassassin.pid
+PIDFile=/var/run/spamd.pid
 EnvironmentFile=-/etc/default/spamassassin
-ExecStart=/usr/sbin/spamd -d --pidfile=/var/run/spamassassin.pid $OPTIONS
+ExecStart=/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid $OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
+StandardOutput=null
+StandardError=null
+Restart=always
 
 [Install]
 WantedBy=multi-user.target
diff -Nru spamassassin-3.4.1/debian/spamassassin.triggers spamassassin-3.4.2/debian/spamassassin.triggers
--- spamassassin-3.4.1/debian/spamassassin.triggers	2016-10-30 09:39:27.000000000 -0700
+++ spamassassin-3.4.2/debian/spamassassin.triggers	2018-09-30 23:44:58.000000000 -0700
@@ -1 +1 @@
-interest perl-major-upgrade
+interest-noawait perl-major-upgrade

Reply to: