thomas: server/spamassassin .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 kolab.patch, NONE, 1.1 spamassassin-cve-2007-0451.patch, NONE, 1.1
cvs at kolab.org
cvs at kolab.org
Tue Apr 17 16:05:19 CEST 2007
Author: thomas
Update of /kolabrepository/server/spamassassin
In directory doto:/tmp/cvs-serv18438/spamassassin
Added Files:
.cvsignore Makefile kolab.patch
spamassassin-cve-2007-0451.patch
Log Message:
New spamassassin package fixing security and policy issues.
--- NEW FILE: .cvsignore ---
*.src.rpm
--- NEW FILE: Makefile ---
ifeq "x$(KOLABPKGURI)" "x"
KOLABPKGURI = ftp://ftp.openpkg.org/release/2.5/UPD
endif
ifeq "x$(KOLABRPMSRC)" "x"
KOLABRPMSRC = /kolab/RPM/SRC
endif
ifeq "x$(KOLABRPMPKG)" "x"
KOLABRPMPKG = /kolab/RPM/PKG
endif
ifeq "x$(KOLABCVSDIR)" "x"
KOLABCVSDIR = $(CURDIR)
endif
PACKAGE=spamassassin
VERSION=3.1.0
RELEASE=2.5.1
KOLABRELEASE=2.5.1_kolab
RPM=/kolab/bin/openpkg rpm
KOLABPKGURI:=`/kolab/bin/openpkg register -R $(KOLABPKGURI)`
all: $(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm
$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm: $(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm spamassassin-cve-2007-0451.patch kolab.patch
$(RPM) -ihv $(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm
cp $(KOLABCVSDIR)/spamassassin-cve-2007-0451.patch $(KOLABRPMSRC)/$(PACKAGE)/
cp $(KOLABCVSDIR)/kolab.patch $(KOLABRPMSRC)/$(PACKAGE)/
cd $(KOLABRPMSRC)/$(PACKAGE) && patch < $(KOLABCVSDIR)/kolab.patch && $(RPM) -ba $(PACKAGE).spec
cp -p $(KOLABRPMPKG)/$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm $(KOLABCVSDIR)
$(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm:
wget -c $(KOLABPKGURI)/$(PACKAGE)-$(VERSION)-$(RELEASE).src.rpm
dist: all
cp -p $(KOLABCVSDIR)/$(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm ../stage/
clean:
rm -rf /kolab/RPM/TMP/$(PACKAGE)-$(VERSION)
--- NEW FILE: kolab.patch ---
--- spamassassin.spec.orig 2006-02-25 18:41:01.000000000 +0100
+++ spamassassin.spec 2007-04-17 15:23:34.976179000 +0200
@@ -38,7 +38,7 @@
Group: Mail
License: ASF
Version: %{V_here}
-Release: 2.5.1
+Release: 2.5.1_kolab
# package options
%option with_fsl yes
@@ -49,6 +49,9 @@
Source2: local.cf
Source3: fsl.spamassassin
+# list of patches
+Patch0: spamassassin-cve-2007-0451.patch
+
# build information
Prefix: %{l_prefix}
BuildRoot: %{l_buildroot}
@@ -81,6 +84,7 @@
%prep
%setup -q -n Mail-SpamAssassin-%{V_sdir}
+ %patch -p1 -P 0
%build
# configure package
--- local.cf.orig 2004-10-15 22:26:31.000000000 +0200
+++ local.cf 2007-04-17 15:48:21.286179000 +0200
@@ -11,3 +11,77 @@
#whitelist_from someone at somewhere.com
#whitelist_to someone at somewhere.com
+
+# ignore headers inserted on the receiving side for bayes filtering
+bayes_ignore_header Return-Path
+bayes_ignore_header Delivered-To
+bayes_ignore_header X-Label
+bayes_ignore_header X-Envelope-To
+bayes_ignore_header X-Envelope-From
+bayes_ignore_header X-Quarantine-id
+bayes_ignore_header ReSent-Date
+bayes_ignore_header ReSent-From
+bayes_ignore_header ReSent-Message-ID
+bayes_ignore_header ReSent-Subject
+bayes_ignore_header ReSent-To
+bayes_ignore_header Resent-Date
+bayes_ignore_header Resent-From
+bayes_ignore_header Resent-Message-Id
+bayes_ignore_header Resent-Subject
+bayes_ignore_header Resent-To
+bayes_ignore_header X-KMail-EncryptionState
+bayes_ignore_header X-KMail-SignatureState
+bayes_ignore_header X-KMail-MDN-Sent
+
+
+# disable all DNS blacklists (from 20_dnsbl_tests.cf)
+# (some require payment if used for many mailboxes)
+score RCVD_IN_NJABL_RELAY 0
+score RCVD_IN_NJABL_DUL 0
+score RCVD_IN_NJABL_SPAM 0
+score RCVD_IN_NJABL_MULTI 0
+score RCVD_IN_NJABL_CGI 0
+score RCVD_IN_NJABL_PROXY 0
+score RCVD_IN_SORBS_HTTP 0
+score RCVD_IN_SORBS_SOCKS 0
+score RCVD_IN_SORBS_MISC 0
+score RCVD_IN_SORBS_SMTP 0
+score RCVD_IN_SORBS_WEB 0
+score RCVD_IN_SORBS_BLOCK 0
+score RCVD_IN_SORBS_ZOMBIE 0
+score RCVD_IN_SORBS_DUL 0
+score RCVD_IN_SBL 0
+score RCVD_IN_XBL 0
+score DNS_FROM_RFC_DSN 0
+score DNS_FROM_RFC_POST 0
+score DNS_FROM_RFC_ABUSE 0
+score DNS_FROM_RFC_WHOIS 0
+score DNS_FROM_RFC_BOGUSMX 0
+score RCVD_IN_WHOIS_BOGONS 0
+score RCVD_IN_WHOIS_HIJACKED 0
+score RCVD_IN_WHOIS_INVALID 0
+score RCVD_IN_DSBL 0
+score DNS_FROM_AHBL_RHSBL 0
+score DNS_FROM_SECURITYSAGE 0
+score RCVD_IN_BL_SPAMCOP_NET 0
+score RCVD_IN_MAPS_RBL 0
+score RCVD_IN_MAPS_DUL 0
+score RCVD_IN_MAPS_RSS 0
+score RCVD_IN_MAPS_NML 0
+score RCVD_IN_BSP_TRUSTED 0
+score RCVD_IN_BSP_OTHER 0
+score RCVD_IN_IADB_VOUCHED 0
+score HABEAS_ACCREDITED_COI 0
+score HABEAS_ACCREDITED_SOI 0
+score HABEAS_CHECKED 0
+
+# disable all URI blacklists (from 25_uribl.cf)
+# (some require payment if used for many mailboxes)
+score URIBL_AB_SURBL 0
+score URIBL_JP_SURBL 0
+score URIBL_OB_SURBL 0
+score URIBL_PH_SURBL 0
+score URIBL_SBL 0
+score URIBL_SC_SURBL 0
+score URIBL_WS_SURBL 0
+
--- NEW FILE: spamassassin-cve-2007-0451.patch ---
diff -urN Mail-SpamAssassin-3.1.0.orig/lib/Mail/SpamAssassin/Constants.pm Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/Constants.pm
--- Mail-SpamAssassin-3.1.0.orig/lib/Mail/SpamAssassin/Constants.pm 2005-08-12 02:38:47.000000000 +0200
+++ Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/Constants.pm 2007-04-17 15:11:07.926179000 +0200
@@ -37,6 +37,7 @@
META_TEST_MIN_PRIORITY HARVEST_DNSBL_PRIORITY MBX_SEPARATOR
MAX_BODY_LINE_LENGTH MAX_HEADER_KEY_LENGTH MAX_HEADER_VALUE_LENGTH
MAX_HEADER_LENGTH ARITH_EXPRESSION_LEXER AI_TIME_UNKNOWN
+ MAX_URI_LENGTH
);
%EXPORT_TAGS = (
@@ -172,6 +173,9 @@
# maximum byte length of entire header
use constant MAX_HEADER_LENGTH => 65536;
+# maximum byte length of any given URI
+use constant MAX_URI_LENGTH => 1024;
+
# used for meta rules and "if" conditionals in Conf::Parser
use constant ARITH_EXPRESSION_LEXER => qr/(?:
[\-\+\d\.]+| # A Number
diff -urN Mail-SpamAssassin-3.1.0.orig/lib/Mail/SpamAssassin/HTML.pm Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/HTML.pm
--- Mail-SpamAssassin-3.1.0.orig/lib/Mail/SpamAssassin/HTML.pm 2005-08-12 02:38:47.000000000 +0200
+++ Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/HTML.pm 2007-04-17 15:08:38.716179000 +0200
@@ -25,6 +25,7 @@
use HTML::Parser 3.24 ();
use Mail::SpamAssassin::Logger;
+use Mail::SpamAssassin::Constants qw(:sa);
use vars qw($re_loose $re_strict $re_other @ISA @EXPORT @EXPORT_OK);
@@ -142,6 +143,7 @@
$self->put_results(anchor => $self->{anchor});
$self->put_results(uri_detail => $self->{uri});
+ $self->put_results(uri_truncated => $self->{uri_truncated});
# final results scalars
$self->put_results(image_area => $self->{image_area});
@@ -354,9 +356,7 @@
sub push_uri {
my ($self, $type, $uri) = @_;
- # URIs don't have leading/trailing whitespace ...
- $uri =~ s/^\s+//;
- $uri =~ s/\s+$//;
+ $uri = $self->canon_uri($uri);
my $target = target_uri($self->{base_href} || "", $uri);
@@ -366,6 +366,22 @@
}
}
+sub canon_uri {
+ my ($self, $uri) = @_;
+
+ # URIs don't have leading/trailing whitespace ...
+ $uri =~ s/^\s+//;
+ $uri =~ s/\s+$//;
+
+ # Make sure all the URIs are nice and short
+ if (length $uri > MAX_URI_LENGTH) {
+ $self->{'uri_truncated'} = 1;
+ $uri = substr $uri, 0, MAX_URI_LENGTH;
+ }
+
+ return $uri;
+}
+
sub html_uri {
my ($self, $tag, $attr) = @_;
@@ -392,6 +408,8 @@
}
elsif ($tag eq "base") {
if (my $uri = $attr->{href}) {
+ $uri = $self->canon_uri($uri);
+
# use <BASE HREF="URI"> to turn relative links into absolute links
# even if it is a base URI, handle like a normal URI as well
@@ -694,7 +712,7 @@
# special text delimiters - <a> and <title>
if ($tag eq "a") {
- $self->{anchor_last} = (exists $attr->{href} ? $attr->{href} : "");
+ $self->{anchor_last} = (exists $attr->{href} ? $self->canon_uri($attr->{href}) : "");
push(@{$self->{uri}->{$self->{anchor_last}}->{anchor_text}}, '');
push(@{$self->{anchor}}, '');
}
diff -urN Mail-SpamAssassin-3.1.0.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/PerMsgStatus.pm
--- Mail-SpamAssassin-3.1.0.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm 2005-09-14 04:07:31.000000000 +0200
+++ Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/PerMsgStatus.pm 2007-04-17 15:08:38.716179000 +0200
@@ -1971,6 +1971,7 @@
# get URIs from HTML parsing
# use the metadata version since $self->{html} may not be setup
my $detail = $self->{msg}->{metadata}->{html}->{uri_detail} || { };
+ $self->{'uri_truncated'} = 1 if $self->{msg}->{metadata}->{html}->{uri_truncated};
# don't keep dereferencing ...
my $redirector_patterns = $self->{conf}->{redirector_patterns};
@@ -2108,6 +2109,14 @@
}
}
+ # Make sure all the URIs are nice and short
+ foreach my $uri ( @uris ) {
+ if (length $uri > MAX_URI_LENGTH) {
+ $self->{'uri_truncated'} = 1;
+ $uri = substr $uri, 0, MAX_URI_LENGTH;
+ }
+ }
+
# setup the cache and return
$self->{parsed_uri_list} = \@uris;
}
diff -urN Mail-SpamAssassin-3.1.0.orig/rules/20_body_tests.cf Mail-SpamAssassin-3.1.0/rules/20_body_tests.cf
--- Mail-SpamAssassin-3.1.0.orig/rules/20_body_tests.cf 2005-08-12 02:38:50.000000000 +0200
+++ Mail-SpamAssassin-3.1.0/rules/20_body_tests.cf 2007-04-17 15:11:49.916179000 +0200
@@ -143,5 +143,8 @@
body HTTPS_IP_MISMATCH eval:check_https_ip_mismatch()
describe HTTPS_IP_MISMATCH IP to HTTPS link found in HTML
+body URI_TRUNCATED eval:check_uri_truncated()
+describe URI_TRUNCATED Message contained a URI which was truncated
+
rawbody INTERRUPTUS /(?:[a-zA-Z0-9]<[\/ ]{0,2}?(?!br)(?!p)(?!sup)(?!li)(?!b)(?!i)(?!option)(?!a (?:href|name))(?:\b|!--)[^>]{0,64}?>[a-zA-Z0-9].{0,64}){3}/i
describe INTERRUPTUS Message looks to contain HTML-interrupted text
More information about the commits
mailing list