UPDATE: mail/p5-Mail-SpamAssassin

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

UPDATE: mail/p5-Mail-SpamAssassin

Giovanni Bechis-7
Hi,
update to latest version, this a major update, there are many new features
and a lot of bug fixed.
Some CVE has been fixed and a old SA versions will not be compatible with
new rules sooner or later.
I used several iterations of this diff in production, ok to put it in
before 6.4 ?

More info here:
http://svn.apache.org/repos/asf/spamassassin/trunk/build/announcements/3.4.2.txt

 Thanks & Cheers
  Giovanni

p5-Mail-SpamAssassin-3.4.2.diff (53K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: mail/p5-Mail-SpamAssassin

Pierre-Emmanuel Andre
On Mon, Sep 17, 2018 at 09:14:43AM +0200, Giovanni Bechis wrote:

> Hi,
> update to latest version, this a major update, there are many new features
> and a lot of bug fixed.
> Some CVE has been fixed and a old SA versions will not be compatible with
> new rules sooner or later.
> I used several iterations of this diff in production, ok to put it in
> before 6.4 ?
>
> More info here:
> http://svn.apache.org/repos/asf/spamassassin/trunk/build/announcements/3.4.2.txt
>
>  Thanks & Cheers
>   Giovanni


Works fine on my small setup.
ok pea@

Any plans to backport CVE to -stable ?



> Index: Makefile
> ===================================================================
> RCS file: /var/cvs/ports/mail/p5-Mail-SpamAssassin/Makefile,v
> retrieving revision 1.109
> diff -u -p -r1.109 Makefile
> --- Makefile 4 Sep 2018 12:46:15 -0000 1.109
> +++ Makefile 17 Sep 2018 06:59:30 -0000
> @@ -2,11 +2,10 @@
>  
>  COMMENT= mailfilter to identify and mark spam
>  
> -VER= 3.4.1
> +VER= 3.4.2
>  DISTNAME= Mail-SpamAssassin-${VER}
>  PKGNAME= p5-${DISTNAME}
> -REVISION= 15
> -RULESNAME= Mail-SpamAssassin-rules-${VER}.r1675274.tgz
> +RULESNAME= Mail-SpamAssassin-rules-${VER}.r1840640.tgz
>  CATEGORIES= mail perl5
>  
>  DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${RULESNAME}
> @@ -33,8 +32,9 @@ COMMON_DEPENDS= www/p5-HTML-Parser>=3.3
>  BUILD_DEPENDS= ${COMMON_DEPENDS}
>  RUN_DEPENDS= ${COMMON_DEPENDS} \
>   devel/re2c \
> + devel/p5-BSD-Resource \
>   p5-Mail-SPF-*|p5-Mail-SPF-Query-*:mail/p5-Mail-SPF \
> - net/p5-Geo-IP \
> + p5-Geo-IP-*|p5-IP-Country-DB_File-*|p5-IP-Country-*:net/p5-Geo-IP \
>   net/p5-Net-LibIDN \
>   net/p5-Net-Patricia \
>   security/gnupg \
> Index: distinfo
> ===================================================================
> RCS file: /var/cvs/ports/mail/p5-Mail-SpamAssassin/distinfo,v
> retrieving revision 1.38
> diff -u -p -r1.38 distinfo
> --- distinfo 30 Apr 2015 14:41:53 -0000 1.38
> +++ distinfo 17 Sep 2018 06:59:56 -0000
> @@ -1,4 +1,4 @@
> -SHA256 (Mail-SpamAssassin-3.4.1.tar.bz2) = oMHJgI8GhLOJWU64ssy6zmSGVGWTST+TCMlVRWPRRlE=
> -SHA256 (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = OC9+4WCpahWq5Vn1PfksNvLhdkexnFlU7+3oYUn40Ss=
> -SIZE (Mail-SpamAssassin-3.4.1.tar.bz2) = 2710985
> -SIZE (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = 270622
> +SHA256 (Mail-SpamAssassin-3.4.2.tar.bz2) = zwMEWkmRdSFF7tAH51c38+TH80zyJdtBHOP9NZKA6No=
> +SHA256 (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = jUgaIIHx5ioleSOPZrWNIST3ounzz6PUqisD/nsBmbs=
> +SIZE (Mail-SpamAssassin-3.4.2.tar.bz2) = 2700016
> +SIZE (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = 284758
> Index: patches/patch-Makefile_PL
> ===================================================================
> RCS file: /var/cvs/ports/mail/p5-Mail-SpamAssassin/patches/patch-Makefile_PL,v
> retrieving revision 1.13
> diff -u -p -r1.13 patch-Makefile_PL
> --- patches/patch-Makefile_PL 30 Apr 2015 14:41:53 -0000 1.13
> +++ patches/patch-Makefile_PL 13 Apr 2018 14:26:57 -0000
> @@ -1,7 +1,8 @@
>  $OpenBSD: patch-Makefile_PL,v 1.13 2015/04/30 14:41:53 sthen Exp $
> ---- Makefile.PL.orig Tue Apr 28 20:57:01 2015
> -+++ Makefile.PL Thu Apr 30 14:25:54 2015
> -@@ -832,7 +832,7 @@ sub MY::install {
> +Index: Makefile.PL
> +--- Makefile.PL.orig
> ++++ Makefile.PL
> +@@ -856,7 +856,7 @@ sub MY::install {
>  
>     foreach (@code) {
>       # Add our install targets as a dependency to all top-level install targets
> Index: patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
> --- patches/patch-lib_Mail_SpamAssassin_BayesStore_pm 31 Oct 2017 07:41:51 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,15 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_BayesStore_pm,v 1.1 2017/10/31 07:41:51 giovanni Exp $
> -
> -# bug 7340: remove expire flag after token expiration is done
> -
> -Index: lib/Mail/SpamAssassin/BayesStore.pm
> ---- lib/Mail/SpamAssassin/BayesStore.pm.orig
> -+++ lib/Mail/SpamAssassin/BayesStore.pm
> -@@ -419,6 +419,7 @@ sub expire_old_tokens_trapped {
> -     dbg("bayes: $msg: $msg2");
> -   }
> -
> -+  $self->remove_running_expire_tok();
> -   return 1;
> - }
> -
> Index: patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
> --- patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm 13 Mar 2018 07:51:59 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,218 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Conf_Parser_pm,v 1.2 2018/03/13 07:51:59 giovanni Exp $
> -
> -Index: lib/Mail/SpamAssassin/Conf/Parser.pm
> ---- lib/Mail/SpamAssassin/Conf/Parser.pm.orig
> -+++ lib/Mail/SpamAssassin/Conf/Parser.pm
> -@@ -142,15 +142,11 @@ use Mail::SpamAssassin::NetSet;
> -
> - use strict;
> - use warnings;
> --use bytes;
> -+# use bytes;
> - use re 'taint';
> -
> --use vars qw{
> --  @ISA
> --};
> -+our @ISA = qw();
> -
> --@ISA = qw();
> --
> - ###########################################################################
> -
> - sub new {
> -@@ -263,6 +259,7 @@ sub parse {
> -   while (defined ($line = shift @conf_lines)) {
> -     local ($1);         # bug 3838: prevent random taint flagging of $1
> -
> -+   if (index($line,'#') > -1) {
> -     # bug 5545: used to support testing rules in the ruleqa system
> -     if ($keepmetadata && $line =~ /^\#testrules/) {
> -       $self->{file_scoped_attrs}->{testrules}++;
> -@@ -278,8 +275,12 @@ sub parse {
> -
> -     $line =~ s/(?<!\\)#.*$//; # remove comments
> -     $line =~ s/\\#/#/g; # hash chars are escaped, so unescape them
> -+   }
> -+
> -+   if ($line =~ tr{ \t\r\n\f}{}) {
> -     $line =~ s/^\s+//;  # remove leading whitespace
> -     $line =~ s/\s+$//;  # remove tailing whitespace
> -+  }
> -     next unless($line); # skip empty lines
> -
> -     # handle i18n
> -@@ -288,7 +289,7 @@ sub parse {
> -     my($key, $value) = split(/\s+/, $line, 2);
> -     $key = lc $key;
> -     # convert all dashes in setting name to underscores.
> --    $key =~ s/-/_/g;
> -+    $key =~ tr/-/_/;
> -     $value = '' unless defined($value);
> -
> - #   # Do a better job untainting this info ...
> -@@ -338,26 +339,26 @@ sub parse {
> -     }
> -
> -     # now handle the commands.
> --    if ($key eq 'include') {
> -+    elsif ($key eq 'include') {
> -       $value = $self->fix_path_relative_to_current_file($value);
> -       my $text = $conf->{main}->read_cf($value, 'included file');
> -       unshift (@conf_lines, split (/\n/, $text));
> -       next;
> -     }
> -
> --    if ($key eq 'ifplugin') {
> -+    elsif ($key eq 'ifplugin') {
> -       $self->handle_conditional ($key, "plugin ($value)",
> -                         \@if_stack, \$skip_parsing);
> -       next;
> -     }
> -
> --    if ($key eq 'if') {
> -+    elsif ($key eq 'if') {
> -       $self->handle_conditional ($key, $value,
> -                         \@if_stack, \$skip_parsing);
> -       next;
> -     }
> -
> --    if ($key eq 'else') {
> -+    elsif ($key eq 'else') {
> -       # TODO: if/else/else won't get flagged here :(
> -       if (!@if_stack) {
> -         $parse_error = "config: found else without matching conditional";
> -@@ -369,7 +370,7 @@ sub parse {
> -     }
> -
> -     # and the endif statement:
> --    if ($key eq 'endif') {
> -+    elsif ($key eq 'endif') {
> -       my $lastcond = pop @if_stack;
> -       if (!defined $lastcond) {
> -         $parse_error = "config: found endif without matching conditional";
> -@@ -508,7 +509,7 @@ sub handle_conditional {
> -   my $conf = $self->{conf};
> -
> -   my $lexer = ARITH_EXPRESSION_LEXER;
> --  my @tokens = ($value =~ m/($lexer)/g);
> -+  my @tokens = ($value =~ m/($lexer)/og);
> -
> -   my $eval = '';
> -   my $bad = 0;
> -@@ -573,6 +574,10 @@ sub cond_clause_plugin_loaded {
> -
> - sub cond_clause_can {
> -   my ($self, $method) = @_;
> -+  if ($self->{currentfile} =~ q!/user_prefs$! ) {
> -+    warn "config: 'if can $method' not available in user_prefs";
> -+    return 0
> -+  }
> -   $self->cond_clause_can_or_has('can', $method);
> - }
> -
> -@@ -591,7 +596,7 @@ sub cond_clause_can_or_has {
> -   } elsif ($method =~ /^(.*)::([^:]+)$/) {
> -     no strict "refs";
> -     my($module, $meth) = ($1, $2);
> --    return 1  if UNIVERSAL::can($module,$meth) &&
> -+    return 1  if $module->can($meth) &&
> -                  ( $fn_name eq 'has' || &{$method}() );
> -   } else {
> -     $self->lint_warn("bad 'if' line, cannot find '::' in $fn_name($method), ".
> -@@ -984,14 +989,14 @@ sub _meta_deps_recurse {
> -
> -   # Lex the rule into tokens using a rather simple RE method ...
> -   my $lexer = ARITH_EXPRESSION_LEXER;
> --  my @tokens = ($rule =~ m/$lexer/g);
> -+  my @tokens = ($rule =~ m/$lexer/og);
> -
> -   # Go through each token in the meta rule
> -   my $conf_tests = $conf->{tests};
> -   foreach my $token (@tokens) {
> -     # has to be an alpha+numeric token
> --  # next if $token =~ /^(?:\W+|[+-]?\d+(?:\.\d+)?)$/;
> --    next if $token !~ /^[A-Za-z_][A-Za-z0-9_]*\z/s;  # faster
> -+    next if $token =~ tr{A-Za-z0-9_}{}c || substr($token,0,1) =~ tr{A-Za-z_}{}c; # even faster
> -+
> -     # and has to be a rule name
> -     next unless exists $conf_tests->{$token};
> -
> -@@ -1178,25 +1183,25 @@ sub add_test {
> -   my $conf = $self->{conf};
> -
> -   # Don't allow invalid names ...
> --  if ($name !~ /^\D\w*$/) {
> -+  if ($name !~ /^[_[:alpha:]]\w*$/) {
> -     $self->lint_warn("config: error: rule '$name' has invalid characters ".
> -   "(not Alphanumeric + Underscore + starting with a non-digit)\n", $name);
> -     return;
> -   }
> -
> --  # Also set a hard limit for ALL rules (rule names longer than 242
> -+  # Also set a hard limit for ALL rules (rule names longer than 40
> -   # characters throw warnings).  Check this separately from the above
> -   # pattern to avoid vague error messages.
> --  if (length $name > 200) {
> --    $self->lint_warn("config: error: rule '$name' is way too long ".
> -+  if (length $name > 100) {
> -+    $self->lint_warn("config: error: rule '$name' is too long ".
> -   "(recommended maximum length is 22 characters)\n", $name);
> -     return;
> -   }
> -
> -   # Warn about, but use, long rule names during --lint
> -   if ($conf->{lint_rules}) {
> --    if (length($name) > 50 && $name !~ /^__/ && $name !~ /^T_/) {
> --      $self->lint_warn("config: warning: rule name '$name' is over 50 chars ".
> -+    if (length($name) > 40 && $name !~ /^__/ && $name !~ /^T_/) {
> -+      $self->lint_warn("config: warning: rule name '$name' is over 40 chars ".
> -     "(recommended maximum length is 22 characters)\n", $name);
> -     }
> -   }
> -@@ -1286,12 +1291,18 @@ sub add_regression_test {
> - sub is_meta_valid {
> -   my ($self, $name, $rule) = @_;
> -
> -+  # $meta is a degenerate translation of the rule, replacing all variables (i.e. rule names) with 0.
> -   my $meta = '';
> -   $rule = untaint_var($rule);  # must be careful below
> -+  # Bug #7557 code injection
> -+  if ( $rule =~ /\S(::|->)\S/ )  {
> -+    warn("is_meta_valid: Bogus rule $name: $rule") ;
> -+    return 0;
> -+  }
> -
> -   # Lex the rule into tokens using a rather simple RE method ...
> -   my $lexer = ARITH_EXPRESSION_LEXER;
> --  my @tokens = ($rule =~ m/$lexer/g);
> -+  my @tokens = ($rule =~ m/$lexer/og);
> -   if (length($name) == 1) {
> -     for (@tokens) {
> -       print "$name $_\n "  or die "Error writing token: $!";
> -@@ -1299,16 +1310,20 @@ sub is_meta_valid {
> -   }
> -   # Go through each token in the meta rule
> -   foreach my $token (@tokens) {
> --    # Numbers can't be rule names
> --    if ($token !~ /^[A-Za-z_][A-Za-z0-9_]*\z/s) {
> -+    # If the token is a syntactically legal rule name, make it zero
> -+    if ($token =~ /^[_[:alpha:]]\w+\z/s) {
> -+      $meta .= "0 ";
> -+    }
> -+    # if it is a number or a string of 1 or 2 punctuation characters (i.e. operators) tack it onto the degenerate rule
> -+    elsif ( $token =~ /^(\d+|[[:punct:]]{1,2})\z/s ) {
> -       $meta .= "$token ";
> -     }
> --    # Zero will probably cause more errors
> -+    # WTF is it? Just warn, for now. Bug #7557
> -     else {
> --      $meta .= "0 ";
> -+      $self->lint_warn("config: Strange rule token: $token", $name);
> -+      $meta .= "$token ";
> -     }
> -   }
> --
> -   my $evalstr = 'my $x = ' . $meta . '; 1;';
> -   if (eval $evalstr) {
> -     return 1;
> Index: patches/patch-lib_Mail_SpamAssassin_Conf_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Conf_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Conf_pm
> --- patches/patch-lib_Mail_SpamAssassin_Conf_pm 13 Mar 2018 07:51:59 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,43 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Conf_pm,v 1.1 2018/03/13 07:51:59 giovanni Exp $
> -
> -Index: lib/Mail/SpamAssassin/Conf.pm
> ---- lib/Mail/SpamAssassin/Conf.pm.orig
> -+++ lib/Mail/SpamAssassin/Conf.pm
> -@@ -2836,8 +2836,8 @@ C<header SYMBOLIC_TEST_NAME header =~ /\S/> rule as de
> - =item header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
> -
> - Define a header eval test.  C<name_of_eval_method> is the name of
> --a method on the C<Mail::SpamAssassin::EvalTests> object.  C<arguments>
> --are optional arguments to the function call.
> -+a method registered by a C<Mail::SpamAssassin::Plugin> object.
> -+C<arguments> are optional arguments to the function call.
> -
> - =item header SYMBOLIC_TEST_NAME eval:check_rbl('set', 'zone' [, 'sub-test'])
> -
> -@@ -2950,7 +2950,10 @@ name.
> -       local ($1,$2);
> -       if ($value =~ /^(\S+)\s+(?:rbl)?eval:(.*)$/) {
> -         my ($rulename, $fn) = ($1, $2);
> --
> -+        dbg("config: header eval rule name is $rulename function is $fn");
> -+        if ($fn !~ /^\w+(\(.*\))?$/) {
> -+          return $INVALID_VALUE;
> -+        }
> -         if ($fn =~ /^check_(?:rbl|dns)/) {
> -           $self->{parser}->add_test ($rulename, $fn, $TYPE_RBL_EVALS);
> -         }
> -@@ -3008,7 +3011,13 @@ Define a body eval test.  See above.
> -       my ($self, $key, $value, $line) = @_;
> -       local ($1,$2);
> -       if ($value =~ /^(\S+)\s+eval:(.*)$/) {
> --        $self->{parser}->add_test ($1, $2, $TYPE_BODY_EVALS);
> -+        my ($rulename, $fn) = ($1, $2);
> -+        dbg("config: body eval rule name is $rulename function is $fn");
> -+
> -+        if ($fn !~ /^\w+(\(.*\))?$/) {
> -+          return $INVALID_VALUE;
> -+        }
> -+        $self->{parser}->add_test ($rulename, $fn, $TYPE_BODY_EVALS);
> -       }
> -       else {
> - my @values = split(/\s+/, $value, 2);
> Index: patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
> --- patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm 4 Mar 2016 00:05:35 -0000 1.4
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,82 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_DnsResolver_pm,v 1.4 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/DnsResolver.pm.orig Tue Apr 28 20:56:49 2015
> -+++ lib/Mail/SpamAssassin/DnsResolver.pm Thu Mar  3 23:59:55 2016
> -@@ -592,6 +592,9 @@ sub new_dns_packet {
> -   };
> -
> -   if ($packet) {
> -+    # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223
> -+    $packet->header->rd(1);
> -+
> -   # my $udp_payload_size = $self->{res}->udppacketsize;
> -     my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
> -     if ($udp_payload_size && $udp_payload_size > 512) {
> -@@ -722,6 +725,37 @@ sub bgsend {
> -
> - ###########################################################################
> -
> -+=item $id = $res->bgread()
> -+
> -+Similar to C<Net::DNS::Resolver::bgread>.  Reads a DNS packet from
> -+a supplied socket, decodes it, and returns a Net::DNS::Packet object
> -+if successful.  Dies on error.
> -+
> -+=cut
> -+
> -+sub bgread() {
> -+  my ($self) = @_;
> -+  my $sock = $self->{sock};
> -+  my $packetsize = $self->{res}->udppacketsize;
> -+  $packetsize = 512  if $packetsize < 512;  # just in case
> -+  my $data = '';
> -+  my $peeraddr = $sock->recv($data, $packetsize+256);  # with some size margin for troubleshooting
> -+  defined $peeraddr or die "bgread: recv() failed: $!";
> -+  my $peerhost = $sock->peerhost;
> -+  $data ne '' or die "bgread: received empty packet from $peerhost";
> -+  dbg("dns: bgread: received %d bytes from %s", length($data), $peerhost);
> -+  my($answerpkt, $decoded_length) = Net::DNS::Packet->new(\$data);
> -+  $answerpkt or die "bgread: decoding DNS packet failed: $@";
> -+  $answerpkt->answerfrom($peerhost);
> -+  if ($decoded_length ne length($data)) {
> -+    warn sprintf("bgread: received a %d bytes packet from %s, decoded %d bytes\n",
> -+                 length($data), $peerhost, $decoded_length);
> -+  }
> -+  return $answerpkt;
> -+}
> -+
> -+###########################################################################
> -+
> - =item $nfound = $res->poll_responses()
> -
> - See if there are any C<bgsend> reply packets ready, and return
> -@@ -769,13 +803,25 @@ sub poll_responses {
> -     $timeout = 0;  # next time around collect whatever is available, then exit
> -     last  if $nfound == 0;
> -
> --    my $packet = $self->{res}->bgread($self->{sock});
> -+    my $packet;
> -+    eval {
> -+      $packet = $self->bgread();
> -+    } or do {
> -+      undef $packet;
> -+      my $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
> -+      # resignal if alarm went off
> -+      die $eval_stat  if $eval_stat =~ /__alarm__ignore__\(.*\)/s;
> -+      info("dns: bad dns reply: %s", $eval_stat);
> -+    };
> -
> -+#   Bug 7265, use our own bgread()
> -+#   my $packet = $self->{res}->bgread($self->{sock});
> -+
> -     if (!$packet) {
> --      my $dns_err = $self->{res}->errorstring;
> --      # resignal if alarm went off
> --      die "dns (3) $dns_err\n"  if $dns_err =~ /__alarm__ignore__\(.*\)/s;
> --      info("dns: bad dns reply: $dns_err");
> -+      # error already reported above
> -+#     my $dns_err = $self->{res}->errorstring;
> -+#     die "dns (3) $dns_err\n"  if $dns_err =~ /__alarm__ignore__\(.*\)/s;
> -+#     info("dns: bad dns reply: $dns_err");
> -     } else {
> -       my $header = $packet->header;
> -       if (!$header) {
> Index: patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
> --- patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm 4 Mar 2016 00:05:35 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,25 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/Message/Metadata/Received.pm.orig Tue Apr 28 20:56:48 2015
> -+++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm Thu Mar  3 23:59:55 2016
> -@@ -434,7 +434,8 @@ sub parse_received_line {
> -     $auth = 'Postfix';
> -   }
> -   # Communigate Pro - Bug 6495 adds HTTP as possible transmission method
> --  elsif (/CommuniGate Pro (HTTP|SMTP)/ && / \(account /) {
> -+  # Bug 7277: XIMSS used by Pronto and other custom apps, IMAP supports XMIT extension
> -+  elsif (/CommuniGate Pro (HTTP|SMTP|XIMSS|IMAP)/ && / \(account /) {
> -     $auth = 'Communigate';
> -   }
> -   # Microsoft Exchange (complete with syntax error)
> -@@ -714,6 +715,11 @@ sub parse_received_line {
> -     # Received: from sc8-sf-sshgate.sourceforge.net (HELO sc8-sf-netmisc.sourceforge.net) (66.35.250.220) by la.mx.develooper.com (qpsmtpd/0.27-dev) with ESMTP; Fri, 02 Jan 2004 14:44:41 -0800
> -     # Received: from mx10.topofferz.net (HELO ) (69.6.60.10) by blazing.arsecandle.org with SMTP; 3 Mar 2004 20:34:38 -0000
> -     if (/^(\S+) \((?:HELO|EHLO) (\S*)\) \((${IP_ADDRESS})\) by (\S+) \(qpsmtpd\/\S+\) with (?:ESMTP|SMTP)/) {
> -+      $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
> -+    }
> -+
> -+    # Received: from mail-backend.DDDD.com (LHLO mail-backend.DDDD.com) (10.2.2.20) by mail-backend.DDDD.com with LMTP; Thu, 18 Jun 2015 16:50:56 -0700 (PDT)
> -+    if (/^(\S+) \(LHLO (\S*)\) \((${IP_ADDRESS})\) by (\S+) with LMTP/) {
> -       $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
> -     }
> -
> Index: patches/patch-lib_Mail_SpamAssassin_Message_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Message_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Message_pm
> --- patches/patch-lib_Mail_SpamAssassin_Message_pm 31 Oct 2017 07:41:51 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,27 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Message_pm,v 1.2 2017/10/31 07:41:51 giovanni Exp $
> -
> -# bug 7447: Delete parse_queue in Message::finish() to prevent memory leak.
> -
> -Index: lib/Mail/SpamAssassin/Message.pm
> ---- lib/Mail/SpamAssassin/Message.pm.orig
> -+++ lib/Mail/SpamAssassin/Message.pm
> -@@ -628,6 +628,9 @@ sub finish {
> -   delete $self->{'line_ending'};
> -   delete $self->{'missing_head_body_separator'};
> -
> -+  # Remove the queue variable, in case the body has not been parsed
> -+  delete $self->{'parse_queue'};
> -+
> -   my @toclean = ( $self );
> -
> -   # Go ahead and clean up all of the Message::Node parts
> -@@ -1045,6 +1048,9 @@ sub _parse_normal {
> -   }
> -   elsif ($ct[3]) {
> -     $msg->{'name'} = $ct[3];
> -+  }
> -+  if ($msg->{'name'}) {
> -+    $msg->{'name'} = Encode::decode("MIME-Header", $msg->{'name'});
> -   }
> -
> -   $msg->{'boundary'} = $boundary;
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm 4 Mar 2016 00:05:35 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,87 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/Plugin/DKIM.pm.orig Tue Apr 28 20:56:47 2015
> -+++ lib/Mail/SpamAssassin/Plugin/DKIM.pm Thu Mar  3 23:59:55 2016
> -@@ -178,14 +178,19 @@ sub set_config {
> -
> - Works similarly to whitelist_from, except that in addition to matching
> - an author address (From) to the pattern in the first parameter, the message
> --must also carry a Domain Keys Identified Mail (DKIM) signature made by a
> --signing domain (SDID, i.e. the d= tag) that is acceptable to us.
> -+must also carry a valid Domain Keys Identified Mail (DKIM) signature made by
> -+a signing domain (SDID, i.e. the d= tag) that is acceptable to us.
> -
> - Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
> - Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
> - are allowed for the From address (the first parameter), just like with
> --C<whitelist_from_rcvd>. The second parameter does not accept wildcards.
> -+C<whitelist_from_rcvd>.
> -
> -+The second parameter (the signing-domain) does not accept full file-glob style
> -+wildcards, although a simple '*.' (or just a '.') prefix to a domain name
> -+is recognized and implies any subdomain of the specified domain (but not
> -+the domain itself).
> -+
> - If no signing-domain parameter is specified, the only acceptable signature
> - will be an Author Domain Signature (sometimes called first-party signature)
> - which is a signature where the signing domain (SDID) of a signature matches
> -@@ -205,7 +210,8 @@ Examples of whitelisting based on third-party signatur
> -   whitelist_from_dkim [hidden email]      example.org
> -   whitelist_from_dkim [hidden email] example.net
> -   whitelist_from_dkim *@info.example.net    example.net
> --  whitelist_from_dkim *@*                   remailer.example.com
> -+  whitelist_from_dkim *@*                   mail7.remailer.example.com
> -+  whitelist_from_dkim *@*                   *.remailer.example.com
> -
> - =item def_whitelist_from_dkim [hidden email] [signing-domain]
> -
> -@@ -376,7 +382,8 @@ some valid signature on a message has no reputational
> - associated with a particular domain), regardless of its key size - anyone can
> - prepend its own signature on a copy of some third party mail and re-send it,
> - which makes it no more trustworthy than without such signature. This is also
> --a reason for a rule DKIM_VALID to have a near-zero score.
> -+a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit
> -+is only informational.
> -
> - =cut
> -
> -@@ -786,7 +793,8 @@ sub _check_dkim_signature {
> -         # Only do so if EDNS0 provides a reasonably-sized UDP payload size,
> -         # as our interface does not provide a DNS fallback to TCP, unlike
> -         # the Net::DNS::Resolver::send which does provide it.
> --        my $res = $self->{main}->{resolver}->get_resolver;
> -+        my $res = $self->{main}->{resolver};
> -+        dbg("dkim: providing our own resolver: %s", ref $res);
> -         Mail::DKIM::DNS::resolver($res);
> -       }
> -     }
> -@@ -892,13 +900,13 @@ sub _check_dkim_signature {
> -         }
> -       }
> -       if (would_log("dbg","dkim")) {
> --        dbg("dkim: %s %s, i=%s, d=%s, s=%s, a=%s, c=%s, %s, %s",
> -+        dbg("dkim: %s %s, i=%s, d=%s, s=%s, a=%s, c=%s, %s, %s, %s",
> -           $info,
> -           $signature->isa('Mail::DKIM::DkSignature') ? 'DK' : 'DKIM',
> -           map(!defined $_ ? '(undef)' : $_,
> -             $signature->identity, $d, $signature->selector,
> -             $signature->algorithm, scalar($signature->canonicalization),
> --            $key_size ? "key_bits=$key_size" : (),
> -+            $key_size ? "key_bits=$key_size" : "unknown key size",
> -             ($sig_result_supported ? $signature : $verifier)->result ),
> -           defined $d && $pms->{dkim_author_domains}->{$d}
> -             ? 'matches author domain'
> -@@ -1257,8 +1265,12 @@ sub _wlcheck_list {
> -         # identity (AUID). Nevertheless, be prepared to accept the full e-mail
> -         # address there for compatibility, and just ignore its local-part.
> -
> --        $acceptable_sdid = $1  if $acceptable_sdid =~ /\@([^\@]*)\z/;
> --        $matches = 1  if $sdid eq lc $acceptable_sdid;
> -+        $acceptable_sdid = $1  if $acceptable_sdid =~ /\@([^\@]*)\z/s;
> -+        if ($acceptable_sdid =~ s/^\*?\.//s) {
> -+          $matches = 1  if $sdid =~ /\.\Q$acceptable_sdid\E\z/si;
> -+        } else {
> -+          $matches = 1  if $sdid eq lc $acceptable_sdid;
> -+        }
> -       }
> -       if ($matches) {
> -         if (would_log("dbg","dkim")) {
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm 8 Mar 2018 07:30:00 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,99 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm,v 1.1 2018/03/08 07:30:00 giovanni Exp $
> -
> -Index: lib/Mail/SpamAssassin/Plugin/PDFInfo.pm
> ---- lib/Mail/SpamAssassin/Plugin/PDFInfo.pm.orig
> -+++ lib/Mail/SpamAssassin/Plugin/PDFInfo.pm
> -@@ -31,7 +31,7 @@ This plugin helps detected spam using attached PDF fil
> -
> - =item See "Usage:" below - more documentation see 20_pdfinfo.cf
> -
> -- Original info kept for history.
> -+ Original info kept for history. For later changes see SVN repo
> -  -------------------------------------------------------
> -  PDFInfo Plugin for SpamAssassin
> -  Version: 0.8
> -@@ -40,7 +40,6 @@ This plugin helps detected spam using attached PDF fil
> -  Modified: 2007-08-10
> -  By: Dallas Engelken
> -
> --
> -  Changes:
> -    0.8 - added .fdf detection (thanks John Lundin) [axb]
> -    0.7 - fixed empty body/pdf count buglet(thanks Jeremy) [axb]
> -@@ -76,7 +75,6 @@ This plugin helps detected spam using attached PDF fil
> -          - removed all support for png, gif, and jpg from the code.
> -          - prepended pdf_ to all function names to avoid conflicts with ImageInfo in SA 3.2.
> -
> --
> -  Usage:
> -
> -   pdf_count()
> -@@ -144,14 +142,14 @@ package Mail::SpamAssassin::Plugin::PDFInfo;
> -
> - use Mail::SpamAssassin::Plugin;
> - use Mail::SpamAssassin::Logger;
> -+use Mail::SpamAssassin::Util;
> - use strict;
> - use warnings;
> --use bytes;
> -+# use bytes;
> - use Digest::MD5 qw(md5_hex);
> - use MIME::QuotedPrint;
> -
> --use vars qw(@ISA);
> --@ISA = qw(Mail::SpamAssassin::Plugin);
> -+our @ISA = qw(Mail::SpamAssassin::Plugin);
> -
> - # constructor: register the eval rule
> - sub new {
> -@@ -413,9 +411,9 @@ sub _find_pdf_mime_parts {
> -
> -   foreach my $p (@parts) {
> -     my $type = $p->{'type'} =~ m@/([\w\-]+)$@;
> --    my $name = $p->{'name'};
> -+    my $name = $p->{'name'} || '';
> -
> --    my $cte = lc $p->get_header('content-transfer-encoding') || '';
> -+    my $cte = lc( $p->get_header('content-transfer-encoding') || '' );
> -
> -     dbg("pdfinfo: found part, type=".($type ? $type : '')." file=".($name ? $name : '')." cte=".($cte ? $cte : '')."");
> -
> -@@ -441,7 +439,6 @@ sub _find_pdf_mime_parts {
> -
> - }
> -
> --
> - # ----------------------------------------
> -
> - sub pdf_named {
> -@@ -476,8 +473,12 @@ sub pdf_name_regex {
> -
> -   my $hit = 0;
> -   foreach my $name (keys %{$pms->{'pdfinfo'}->{"names_pdf"}}) {
> --    my $eval = 'if (q{'.$name.'} =~  '.$re.') {  $hit = 1; } ';
> --    eval $eval;
> -+    eval {
> -+        my $regex = Mail::SpamAssassin::Util::make_qr($re);
> -+        if ( $name =~ m/$regex/ ) {
> -+            $hit = 1;
> -+        }
> -+    };
> -     dbg("pdfinfo: error in regex $re - $@") if $@;
> -     if ($hit) {
> -       dbg("pdfinfo: pdf_name_regex hit on $name");
> -@@ -722,9 +723,12 @@ sub pdf_match_details {
> -   return unless $check_value;
> -
> -   my $hit = 0;
> --  $check_value =~ s/[\{\}\\]//g;
> --  my $eval = 'if (q{'.$check_value.'} =~ '.$regex.') { $hit = 1; }';
> --  eval $eval;
> -+  eval {
> -+      my $re = Mail::SpamAssassin::Util::make_qr($regex);
> -+      if ( $check_value =~ m/$re/ ) {
> -+          $hit = 1;
> -+      }
> -+  };
> -   dbg("pdfinfo: error in regex $regex - $@") if $@;
> -   if ($hit) {
> -     dbg("pdfinfo: pdf_match_details $detail $regex matches $check_value");
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm 4 Mar 2016 00:05:35 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,24 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_SPF_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/Plugin/SPF.pm.orig Tue Apr 28 20:56:47 2015
> -+++ lib/Mail/SpamAssassin/Plugin/SPF.pm Thu Mar  3 23:59:55 2016
> -@@ -232,7 +232,7 @@ working downwards until results are successfully parse
> - =item has_check_for_spf_errors
> -
> - Adds capability check for "if can()" for check_for_spf_permerror, check_for_spf_temperror, check_for_spf_helo_permerror and check_for_spf_helo_permerror
> --  
> -+
> - =cut
> -
> - sub has_check_for_spf_errors { 1 }
> -@@ -506,9 +506,9 @@ sub _check_spf {
> -       $self->{spf_server} = Mail::SPF::Server->new(
> - hostname     => $scanner->get_tag('HOSTNAME'),
> - dns_resolver => $self->{main}->{resolver},
> -- max_dns_interactive_terms => 15);
> -+ max_dns_interactive_terms => 20);
> -       # Bug 7112: max_dns_interactive_terms defaults to 10, but even 14 is
> --      # not enough for ebay.com, setting it to 15
> -+      # not enough for ebay.com, setting it to 15 NOTE: raising to 20 per bug 7182
> -       1;
> -     } or do {
> -       $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm 4 Mar 2016 00:05:35 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,28 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm.orig Tue Apr 28 20:56:47 2015
> -+++ lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm Thu Mar  3 23:59:55 2016
> -@@ -942,9 +942,8 @@ sub complete_ns_lookup {
> -     next unless (defined($str) && defined($dom));
> -     dbg("uridnsbl: got($j) NS for $dom: $str");
> -
> --    if ($str =~ /IN\s+NS\s+(\S+)/) {
> --      my $nsmatch = lc $1;
> --      $nsmatch =~ s/\.$//;
> -+    if ($rr->type eq 'NS') {
> -+      my $nsmatch = lc $rr->nsdname;  # available since at least Net::DNS 0.14
> -       my $nsrhblstr = $nsmatch;
> -       my $fullnsrhblstr = $nsmatch;
> -
> -@@ -1025,9 +1024,9 @@ sub complete_a_lookup {
> -     }
> -     dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
> -
> --    local $1;
> --    if ($str =~ /IN\s+A\s+(\S+)/) {
> --      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
> -+    if ($rr->type eq 'A') {
> -+      my $ip_address = $rr->rdatastr;
> -+      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
> -     }
> -   }
> - }
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm 6 Feb 2018 07:58:03 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,34 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm,v 1.1 2018/02/06 07:58:03 giovanni Exp $
> -
> -Compatibility patches for perl 5.23+
> -
> -Index: lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
> ---- lib/Mail/SpamAssassin/Plugin/URILocalBL.pm.orig
> -+++ lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
> -@@ -350,7 +350,7 @@ sub check_uri_local_bl {
> -     # look for W3 links only
> -     next unless (defined $info->{types}->{a});
> -
> --    while (my($host, $domain) = each $info->{hosts}) {
> -+    while (my($host, $domain) = each %{$info->{hosts}}) {
> -
> -       # skip if the domain name was matched
> -       if (exists $rule->{exclusions} && exists $rule->{exclusions}->{$domain}) {
> -@@ -374,7 +374,7 @@ sub check_uri_local_bl {
> -         }
> -
> -         if (exists $rule->{countries}) {
> --          dbg("check: uri_local_bl countries %s\n", join(' ', sort keys $rule->{countries}));
> -+          dbg("check: uri_local_bl countries %s\n", join(' ', sort keys %{$rule->{countries}}));
> -
> -           my $cc = $self->{geoip}->country_code_by_addr($ip);
> -
> -@@ -403,7 +403,7 @@ sub check_uri_local_bl {
> -         }
> -
> -         if (exists $rule->{isps}) {
> --          dbg("check: uri_local_bl isps %s\n", join(' ', map { '"' . $_ . '"'; } sort keys $rule->{isps}));
> -+          dbg("check: uri_local_bl isps %s\n", join(' ', map { '"' . $_ . '"'; } sort keys %{$rule->{isps}}));
> -
> -           my $isp = $self->{geoisp}->isp_by_name($ip);
> -
> Index: patches/patch-lib_Mail_SpamAssassin_Util_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Util_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Util_pm
> --- patches/patch-lib_Mail_SpamAssassin_Util_pm 23 Feb 2018 17:07:35 -0000 1.4
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,96 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Util_pm,v 1.4 2018/02/23 17:07:35 giovanni Exp $
> -Index: lib/Mail/SpamAssassin/Util.pm
> ---- lib/Mail/SpamAssassin/Util.pm.orig
> -+++ lib/Mail/SpamAssassin/Util.pm
> -@@ -62,7 +62,8 @@ BEGIN {
> -   @EXPORT_OK = qw(&local_tz &base64_decode &untaint_var &untaint_file_path
> -                   &exit_status_str &proc_status_ok &am_running_on_windows
> -                   &reverse_ip_address &decode_dns_question_entry
> --                  &secure_tmpfile &secure_tmpdir &uri_list_canonicalize);
> -+                  &secure_tmpfile &secure_tmpdir &uri_list_canonicalize
> -+                  &get_user_groups);
> - }
> -
> - use Mail::SpamAssassin;
> -@@ -108,7 +109,7 @@ BEGIN {
> -     if ( !$displayed_path++ ) {
> -       dbg("util: current PATH is: ".join($Config{'path_sep'},File::Spec->path()));
> -     }
> --    foreach my $path (File::Spec->path()) {
> -+    foreach my $path (File::Spec->path(), qw(${LOCALBASE}/bin ${LOCALBASE}/sbin)) {
> -       my $fname = File::Spec->catfile ($path, $filename);
> -       if ( -f $fname ) {
> -         if (-x $fname) {
> -@@ -988,6 +989,18 @@ sub parse_content_type {
> -   my($charset) = $ct =~ /\bcharset\s*=\s*["']?(.*?)["']?(?:;|$)/i;
> -   my($name) = $ct =~ /\b(?:file)?name\s*=\s*["']?(.*?)["']?(?:;|$)/i;
> -
> -+  # RFC 2231 section 3: Parameter Value Continuations
> -+  # support continuations for name values
> -+  #
> -+  if (!$name && $ct =~ /\b(?:file)?name\*0\s*=/i) {
> -+
> -+    my @name;
> -+    $name[$1] = $2
> -+      while ($ct =~ /\b(?:file)?name\*(\d+)\s*=\s*["']?(.*?)["']?(?:;|$)/ig);
> -+
> -+    $name = join "", grep defined, @name;
> -+  }
> -+
> -   # Get the actual MIME type out ...
> -   # Note: the header content may not be whitespace unfolded, so make sure the
> -   # REs do /s when appropriate.
> -@@ -1493,13 +1506,43 @@ sub receive_date {
> - }
> -
> - ###########################################################################
> -+sub get_user_groups {
> -+  my $suid = shift;
> -+  dbg("get_user_groups: uid is $suid\n");
> -+  my ( $user, $passwd, $uid, $gid, $quota, $comment, $gcos, $dir, $shell, $expire ) = getpwuid($suid);
> -+  my $rgids="$gid ";
> -+  while ( my($name,$pw,$gid,$members) = getgrent() ) {
> -+    if ( $members =~ m/\b$user\b/ ) {
> -+      $rgids .= "$gid ";
> -+      dbg("get_user_groups: added $gid ($name) to group list which is now: $rgids\n");
> -+    }
> -+  }
> -+  endgrent;
> -+  chop $rgids;
> -+  return ($rgids);
> -+}
> -
> -+
> -+
> - sub setuid_to_euid {
> -   return if (RUNNING_ON_WINDOWS);
> -
> -   # remember the target uid, the first number is the important one
> -   my $touid = $>;
> --
> -+  my $gids = get_user_groups($touid);
> -+  my ( $pgid, $supgs ) = split (' ',$gids,2);
> -+  defined $supgs or $supgs=$pgid;
> -+  if ($( != $pgid) {
> -+    # Gotta be root for any of this to work
> -+    $> = 0 ;
> -+    dbg("util: changing real primary gid from $( to $pgid and supplemental groups to $supgs to match effective uid $touid");
> -+    POSIX::setgid($pgid);
> -+    dbg("util: POSIX::setgid($pgid) set errno to $!");  
> -+    $! = 0;
> -+    $( = $pgid;
> -+    $) = "$pgid $supgs";
> -+    dbg("util: assignment  \$) = $pgid $supgs set errno to $!");  
> -+  }
> -   if ($< != $touid) {
> -     dbg("util: changing real uid from $< to match effective uid $touid");
> -     # bug 3586: kludges needed to work around platform dependent behavior assigning to $<
> -@@ -1574,7 +1617,7 @@ sub helper_app_pipe_open_unix {
> -   eval {
> -     # go setuid...
> -     setuid_to_euid();
> --    dbg("util: setuid: ruid=$< euid=$>");
> -+    info("util: setuid: ruid=$< euid=$> rgid=$( egid=$) ");
> -
> -     # now set up the fds.  due to some wierdness, we may have to ensure that
> -     # we *really* close the correct fd number, since some other code may have
> Index: patches/patch-spamc_libspamc_c
> ===================================================================
> RCS file: patches/patch-spamc_libspamc_c
> diff -N patches/patch-spamc_libspamc_c
> --- patches/patch-spamc_libspamc_c 23 May 2015 14:18:55 -0000 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,21 +0,0 @@
> -$OpenBSD: patch-spamc_libspamc_c,v 1.3 2015/05/23 14:18:55 bluhm Exp $
> ---- spamc/libspamc.c.orig Tue Apr 28 21:56:59 2015
> -+++ spamc/libspamc.c Wed May 20 19:53:07 2015
> -@@ -1216,7 +1216,7 @@ int message_filter(struct transport *tp, const char *u
> - if (flags & SPAMC_TLSV1) {
> -    meth = TLSv1_client_method();
> - } else {
> --    meth = SSLv3_client_method(); /* default */
> -+    meth = SSLv23_client_method(); /* default */
> - }
> - SSL_load_error_strings();
> - ctx = SSL_CTX_new(meth);
> -@@ -1604,7 +1604,7 @@ int message_tell(struct transport *tp, const char *use
> -     if (flags & SPAMC_USE_SSL) {
> - #ifdef SPAMC_SSL
> - SSLeay_add_ssl_algorithms();
> -- meth = SSLv3_client_method();
> -+ meth = SSLv23_client_method();
> - SSL_load_error_strings();
> - ctx = SSL_CTX_new(meth);
> - #else
> Index: patches/patch-spamd_spamd_raw
> ===================================================================
> RCS file: patches/patch-spamd_spamd_raw
> diff -N patches/patch-spamd_spamd_raw
> --- patches/patch-spamd_spamd_raw 23 Feb 2018 17:07:35 -0000 1.9
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,98 +0,0 @@
> -$OpenBSD: patch-spamd_spamd_raw,v 1.9 2018/02/23 17:07:35 giovanni Exp $
> -Index: spamd/spamd.raw
> ---- spamd/spamd.raw.orig
> -+++ spamd/spamd.raw
> -@@ -246,7 +246,8 @@ use Mail::SpamAssassin::SubProcBackChannel;
> - use Mail::SpamAssassin::SpamdForkScaling qw(:pfstates);
> - use Mail::SpamAssassin::Logger qw(:DEFAULT log_message);
> - use Mail::SpamAssassin::Util qw(untaint_var untaint_file_path
> --                                exit_status_str am_running_on_windows);
> -+                                exit_status_str am_running_on_windows
> -+                                get_user_groups);
> - use Mail::SpamAssassin::Timeout;
> -
> - use Getopt::Long;
> -@@ -1071,7 +1072,6 @@ sub server_sock_setup_inet {
> -     $sockopt{V6Only} = 1  if $io_socket_module_name eq 'IO::Socket::IP'
> -                              && IO::Socket::IP->VERSION >= 0.09;
> -     %sockopt = (%sockopt, (
> --      SSL_version     => $sslversion,
> -       SSL_verify_mode => 0x00,
> -       SSL_key_file    => $opt{'server-key'},
> -       SSL_cert_file   => $opt{'server-cert'},
> -@@ -1092,7 +1092,8 @@ sub server_sock_setup_inet {
> -     if (!$server_inet) {
> -       $diag = sprintf("could not create %s socket on [%s]:%s: %s",
> -                       $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
> --                      $adr, $port, $!);
> -+                      $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
> -+                      "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
> -       push(@diag_fail, $diag);
> -     } else {
> -       $diag = sprintf("created %s socket on [%s]:%s",
> -@@ -1369,10 +1370,20 @@ sub spawn {
> -       # bug 5518: assignments to $) and $( don't always work on all platforms
> -       # bug 3900: assignments to $> and $< problems with BSD perl bug
> -       # use the POSIX functions to hide the platform specific workarounds
> -+      dbg("spamd: Privilege de-escalation from user $< and groups $(\n");
> -+      $! = 0;
> -       POSIX::setgid($ugid);  # set effective and real gid
> -+      dbg("spamd: setgid ERRNO is $!\n");
> -+      $( = $ugid;
> -+      $) = "$ugid ".(get_user_groups($uuid));  # set effective and real gid/grouplist another way because we lack initgroups in Perl
> -+      dbg("spamd: group assignment ERRNO is $!\n");
> -       POSIX::setuid($uuid);  # set effective and real UID
> -+      dbg("spamd: setuid ERRNO is $!\n");
> -       $< = $uuid; $> = $uuid;   # bug 5574
> -+      dbg("spamd: uid assignment ERRNO is $!\n");
> -+      dbg("spamd: real user is $< \neff user is $> \nreal groups are $( \neff groups are $) \n");
> -
> -+
> -       # keep the sanity check to catch problems like bug 3900 just in case
> -       if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) {
> -         die "spamd: setuid to uid $uuid failed (> = $>, < = $<)\n";
> -@@ -1521,7 +1532,7 @@ sub accept_from_any_server_socket {
> -     } # end multiple sockets case
> -
> -     if ($selected_socket_info) {
> --      my $socket = $selected_socket_info->{socket};
> -+      $socket = $selected_socket_info->{socket};
> -       $socket or die "no socket???, impossible";
> -       dbg("spamd: accept() on fd %d", $selected_socket_info->{fd});
> -       $client = $socket->accept;
> -@@ -1726,7 +1737,7 @@ sub handle_setuid_to_user {
> -     my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
> -         getpwnam('nobody');
> -  
> --    $) = "$gid $gid";                   # eGID
> -+    $) = (get_user_groups($uid));       # eGID
> -     $> = $uid;                          # eUID
> -     if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
> -       die("spamd: setuid to nobody failed");
> -@@ -2488,7 +2499,7 @@ sub handle_user_setuid_basic {
> -   }
> -
> -   if ($setuid_to_user) {
> --    $) = "$gid $gid";                 # change eGID
> -+    $) = (get_user_groups($uid));     # change eGID
> -     $> = $uid;                        # change eUID
> -     if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
> -       # make it fatal to avoid security breaches
> -@@ -2710,7 +2721,7 @@ sub handle_user_setuid_with_sql {
> -   }
> -
> -   if ($setuid_to_user) {
> --    $) = "$gid $gid";                 # change eGID
> -+    $) = (get_user_groups($uid));     # change eGID
> -     $> = $uid;                        # change eUID
> -     if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
> -       # make it fatal to avoid security breaches
> -@@ -2755,7 +2766,7 @@ sub handle_user_setuid_with_ldap {
> -   }
> -
> -   if ($setuid_to_user) {
> --    $) = "$gid $gid";    # change eGID
> -+    $) = (get_user_groups($uid));    # change eGID
> -     $> = $uid;           # change eUID
> -     if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
> -       # make it fatal to avoid security breaches
> Index: patches/patch-t_SATest_pm
> ===================================================================
> RCS file: patches/patch-t_SATest_pm
> diff -N patches/patch-t_SATest_pm
> --- patches/patch-t_SATest_pm 7 Nov 2017 07:39:07 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,14 +0,0 @@
> -$OpenBSD: patch-t_SATest_pm,v 1.1 2017/11/07 07:39:07 giovanni Exp $
> -
> -Index: t/SATest.pm
> ---- t/SATest.pm.orig
> -+++ t/SATest.pm
> -@@ -1027,7 +1027,7 @@ sub can_use_net_dns_safely {
> -   # (which is used by Net::DNS)
> -
> -   return 1 if ($< != 0);
> --  return 1 if ($^O =~ /^(linux|mswin|dos|os2)/oi);
> -+  return 1 if ($^O =~ /^(linux|mswin|dos|os2|openbsd)/oi);
> -
> -   my $has_unsafe_hostname =
> -     eval { require Sys::Hostname::Long && Sys::Hostname::Long->VERSION < 1.4 };
> Index: patches/patch-t_sa_compile_t
> ===================================================================
> RCS file: /var/cvs/ports/mail/p5-Mail-SpamAssassin/patches/patch-t_sa_compile_t,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-t_sa_compile_t
> --- patches/patch-t_sa_compile_t 23 May 2015 14:18:55 -0000 1.3
> +++ patches/patch-t_sa_compile_t 25 Aug 2018 17:29:40 -0000
> @@ -1,21 +1,14 @@
>  $OpenBSD: patch-t_sa_compile_t,v 1.3 2015/05/23 14:18:55 bluhm Exp $
> ---- t/sa_compile.t.orig Tue Apr 28 21:56:58 2015
> -+++ t/sa_compile.t Tue May 12 22:36:36 2015
> -@@ -8,8 +8,7 @@ use Config;
> +Index: t/sa_compile.t
> +--- t/sa_compile.t.orig
> ++++ t/sa_compile.t
> +@@ -12,8 +12,7 @@ use Config;
>   use File::Basename;
>   use File::Path qw/mkpath/;
>  
>  -my $temp_binpath = $Config{sitebinexp};
> --$temp_binpath =~ s/^\Q$Config{prefix}\E//;
> +-$temp_binpath =~ s|^\Q$Config{siteprefixexp}\E/||;
>  +my $temp_binpath = "bin";
>  
> - # called from BEGIN
> - sub re2c_version_new_enough {
> -@@ -65,6 +64,7 @@ sub new_instdir {
> -   $instdir = $instbase.".".(shift);
> -   print "\nsetting new instdir: $instdir\n";
> -   $INST_FROM_SCRATCH and system("rm -rf $instdir; mkdir $instdir");
> -+  system("mkdir -p $instdir/foo/etc/mail/spamassassin");
> - }
> -
> - sub run_makefile_pl {
> + use Test::More;
> + plan skip_all => "Long running tests disabled" unless conf_bool('run_long_tests');
> Index: patches/patch-t_spf_t
> ===================================================================
> RCS file: patches/patch-t_spf_t
> diff -N patches/patch-t_spf_t
> --- patches/patch-t_spf_t 7 Nov 2017 07:39:07 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,22 +0,0 @@
> -$OpenBSD: patch-t_spf_t,v 1.1 2017/11/07 07:39:07 giovanni Exp $
> -
> -Index: t/spf.t
> ---- t/spf.t.orig
> -+++ t/spf.t
> -@@ -12,6 +12,7 @@ use constant HAS_MAILSPF => eval { require Mail::SPF;
> - # on non-Linux unices as root, due to a bug in Sys::Hostname::Long
> - # (it is used by Mail::SPF::Query, which is now obsoleted by Mail::SPF)
> - use constant IS_LINUX   => $^O eq 'linux';
> -+use constant IS_OPENBSD => $^O eq 'openbsd';
> - use constant IS_WINDOWS => ($^O =~ /^(mswin|dos|os2)/oi);
> - use constant AM_ROOT    => $< == 0;
> -
> -@@ -20,7 +21,7 @@ use constant HAS_UNSAFE_HOSTNAME =>  # Bug 3806 - modu
> -
> - use constant DO_RUN =>
> -   TEST_ENABLED && (HAS_SPFQUERY || HAS_MAILSPF) &&
> --  (!HAS_UNSAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS);
> -+  (!HAS_UNSAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS || IS_OPENBSD);
> -
> - BEGIN {
> -
> Index: pkg/PLIST
> ===================================================================
> RCS file: /var/cvs/ports/mail/p5-Mail-SpamAssassin/pkg/PLIST,v
> retrieving revision 1.36
> diff -u -p -r1.36 PLIST
> --- pkg/PLIST 4 Sep 2018 12:46:15 -0000 1.36
> +++ pkg/PLIST 10 Sep 2018 07:35:40 -0000
> @@ -3,6 +3,12 @@
>  @newgroup _spamdaemon:506
>  @newuser _spamdaemon:506:506:daemon:SpamAssassin:${LOCALSTATEDIR}:/sbin/nologin
>  @extraunexec rm -rf ${CONFDIR}/sa-update-keys
> +@rcscript ${RCDIR}/spamassassin
> +@owner _spamdaemon
> +@group _spamdaemon
> +@sample ${LOCALSTATEDIR}/
> +@owner
> +@group
>  bin/sa-awl
>  bin/sa-check_spamd
>  bin/sa-compile
> @@ -79,8 +85,10 @@ ${P5SITE}/Mail/SpamAssassin/Plugin/DCC.p
>  ${P5SITE}/Mail/SpamAssassin/Plugin/DKIM.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/DNSEval.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/FreeMail.pm
> +${P5SITE}/Mail/SpamAssassin/Plugin/FromNameSpoof.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/HTMLEval.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm
> +${P5SITE}/Mail/SpamAssassin/Plugin/HashBL.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Hashcash.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/HeaderEval.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/ImageInfo.pm
> @@ -89,11 +97,13 @@ ${P5SITE}/Mail/SpamAssassin/Plugin/MIMEH
>  ${P5SITE}/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/PDFInfo.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/PhishTag.pm
> +${P5SITE}/Mail/SpamAssassin/Plugin/Phishing.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Pyzor.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Razor2.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/RelayCountry.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/RelayEval.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/ReplaceTags.pm
> +${P5SITE}/Mail/SpamAssassin/Plugin/ResourceLimits.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Reuse.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/SPF.pm
> @@ -118,9 +128,9 @@ ${P5SITE}/Mail/SpamAssassin/SubProcBackC
>  ${P5SITE}/Mail/SpamAssassin/Timeout.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/
>  ${P5SITE}/Mail/SpamAssassin/Util.pm
> +@comment ${P5SITE}/Mail/SpamAssassin/Util.pm.beforesubst
>  ${P5SITE}/Mail/SpamAssassin/Util/DependencyInfo.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/Progress.pm
> -${P5SITE}/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/ScopedTimer.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/TieOneStringHash.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/TinyRedis.pm
> @@ -174,16 +184,20 @@ ${P5SITE}/spamassassin-run.pod
>  @man man/man3p/Mail::SpamAssassin::Plugin::DCC.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::DKIM.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::DNSEval.3p
> +@man man/man3p/Mail::SpamAssassin::Plugin::FromNameSpoof.3p
> +@man man/man3p/Mail::SpamAssassin::Plugin::HashBL.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Hashcash.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::MIMEEval.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::MIMEHeader.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::PDFInfo.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::PhishTag.3p
> +@man man/man3p/Mail::SpamAssassin::Plugin::Phishing.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Pyzor.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Razor2.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::RelayCountry.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::ReplaceTags.3p
> +@man man/man3p/Mail::SpamAssassin::Plugin::ResourceLimits.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Reuse.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Rule2XSBody.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::SPF.3p
> @@ -205,7 +219,6 @@ ${P5SITE}/spamassassin-run.pod
>  @man man/man3p/Mail::SpamAssassin::Util.3p
>  @man man/man3p/Mail::SpamAssassin::Util::DependencyInfo.3p
>  @man man/man3p/Mail::SpamAssassin::Util::Progress.3p
> -@man man/man3p/Mail::SpamAssassin::Util::RegistrarBoundaries.3p
>  @man man/man3p/spamassassin-run.3p
>  share/doc/SpamAssassin/
>  share/doc/SpamAssassin/CREDITS
> @@ -242,6 +255,7 @@ share/examples/SpamAssassin/init.pre
>  @sample ${CONFDIR}/init.pre
>  share/examples/SpamAssassin/local.cf
>  @sample ${CONFDIR}/local.cf
> +@comment share/examples/SpamAssassin/svn_only.pre
>  share/examples/SpamAssassin/v310.pre
>  @sample ${CONFDIR}/v310.pre
>  share/examples/SpamAssassin/v312.pre
> @@ -254,6 +268,8 @@ share/examples/SpamAssassin/v340.pre
>  @sample ${CONFDIR}/v340.pre
>  share/examples/SpamAssassin/v341.pre
>  @sample ${CONFDIR}/v341.pre
> +share/examples/SpamAssassin/v342.pre
> +@sample ${CONFDIR}/v342.pre
>  share/spamassassin/
>  share/spamassassin/10_default_prefs.cf
>  share/spamassassin/10_hasbase.cf
> @@ -303,7 +319,9 @@ share/spamassassin/50_scores.cf
>  share/spamassassin/60_adsp_override_dkim.cf
>  share/spamassassin/60_awl.cf
>  share/spamassassin/60_shortcircuit.cf
> +share/spamassassin/60_txrep.cf
>  share/spamassassin/60_whitelist.cf
> +share/spamassassin/60_whitelist_auth.cf
>  share/spamassassin/60_whitelist_dkim.cf
>  share/spamassassin/60_whitelist_spf.cf
>  share/spamassassin/60_whitelist_subject.cf
> @@ -319,7 +337,3 @@ share/spamassassin/local.cf
>  share/spamassassin/regression_tests.cf
>  share/spamassassin/sa-update-pubkey.txt
>  share/spamassassin/user_prefs.template
> -@rcscript ${RCDIR}/spamassassin
> -@owner _spamdaemon
> -@group _spamdaemon
> -@sample ${LOCALSTATEDIR}/
> Index: pkg/spamassassin.rc
> ===================================================================
> RCS file: /var/cvs/ports/mail/p5-Mail-SpamAssassin/pkg/spamassassin.rc,v
> retrieving revision 1.6
> diff -u -p -r1.6 spamassassin.rc
> --- pkg/spamassassin.rc 11 Jan 2018 19:27:03 -0000 1.6
> +++ pkg/spamassassin.rc 25 Aug 2018 17:57:33 -0000
> @@ -7,6 +7,6 @@ daemon_flags="-u _spamdaemon -P"
>  
>  . /etc/rc.d/rc.subr
>  
> -pexp="perl: ${daemon}${daemon_flags:+ ${daemon_flags}}"
> +pexp="/usr/bin/perl -T -w ${daemon}${daemon_flags:+ ${daemon_flags}}"
>  
>  rc_cmd $1

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: mail/p5-Mail-SpamAssassin

Giovanni Bechis-7
On Mon, Sep 17, 2018 at 07:50:03PM +0200, Pierre-Emmanuel André wrote:

> On Mon, Sep 17, 2018 at 09:14:43AM +0200, Giovanni Bechis wrote:
> > Hi,
> > update to latest version, this a major update, there are many new features
> > and a lot of bug fixed.
> > Some CVE has been fixed and a old SA versions will not be compatible with
> > new rules sooner or later.
> > I used several iterations of this diff in production, ok to put it in
> > before 6.4 ?
> >
> > More info here:
> > http://svn.apache.org/repos/asf/spamassassin/trunk/build/announcements/3.4.2.txt
> >
> >  Thanks & Cheers
> >   Giovanni
>
>
> Works fine on my small setup.
> ok pea@
>
> Any plans to backport CVE to -stable ?
>
some of them has been backported before a CVE has been assigned, anyway I feel
more confident in updating to 3.4.2 in -stable as well.
Diff follows.
 Giovanni

p5-Mail-SpamAssassin-3.4.2.diff (52K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: mail/p5-Mail-SpamAssassin

Pierre-Emmanuel Andre
On Tue, Sep 18, 2018 at 09:13:24AM +0200, Giovanni Bechis wrote:

> On Mon, Sep 17, 2018 at 07:50:03PM +0200, Pierre-Emmanuel André wrote:
> > On Mon, Sep 17, 2018 at 09:14:43AM +0200, Giovanni Bechis wrote:
> > > Hi,
> > > update to latest version, this a major update, there are many new features
> > > and a lot of bug fixed.
> > > Some CVE has been fixed and a old SA versions will not be compatible with
> > > new rules sooner or later.
> > > I used several iterations of this diff in production, ok to put it in
> > > before 6.4 ?
> > >
> > > More info here:
> > > http://svn.apache.org/repos/asf/spamassassin/trunk/build/announcements/3.4.2.txt
> > >
> > >  Thanks & Cheers
> > >   Giovanni
> >
> >
> > Works fine on my small setup.
> > ok pea@
> >
> > Any plans to backport CVE to -stable ?
> >
> some of them has been backported before a CVE has been assigned, anyway I feel
> more confident in updating to 3.4.2 in -stable as well.
> Diff follows.
>  Giovanni


Looks good to me.
ok pea@ FWIW


> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/Makefile,v
> retrieving revision 1.108
> diff -u -p -r1.108 Makefile
> --- Makefile 13 Mar 2018 07:51:59 -0000 1.108
> +++ Makefile 18 Sep 2018 07:08:03 -0000
> @@ -2,11 +2,10 @@
>  
>  COMMENT= mailfilter to identify and mark spam
>  
> -VER= 3.4.1
> +VER= 3.4.2
>  DISTNAME= Mail-SpamAssassin-${VER}
>  PKGNAME= p5-${DISTNAME}
> -REVISION= 14
> -RULESNAME= Mail-SpamAssassin-rules-${VER}.r1675274.tgz
> +RULESNAME= Mail-SpamAssassin-rules-${VER}.r1840640.tgz
>  CATEGORIES= mail perl5
>  
>  DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${RULESNAME}
> @@ -33,8 +32,9 @@ COMMON_DEPENDS= www/p5-HTML-Parser>=3.3
>  BUILD_DEPENDS= ${COMMON_DEPENDS}
>  RUN_DEPENDS= ${COMMON_DEPENDS} \
>   devel/re2c \
> + devel/p5-BSD-Resource \
>   p5-Mail-SPF-*|p5-Mail-SPF-Query-*:mail/p5-Mail-SPF \
> - net/p5-Geo-IP \
> + p5-Geo-IP-*|p5-IP-Country-DB_File-*|p5-IP-Country-*:net/p5-Geo-IP \
>   net/p5-Net-LibIDN \
>   net/p5-Net-Patricia \
>   security/gnupg \
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/distinfo,v
> retrieving revision 1.38
> diff -u -p -r1.38 distinfo
> --- distinfo 30 Apr 2015 14:41:53 -0000 1.38
> +++ distinfo 18 Sep 2018 07:08:03 -0000
> @@ -1,4 +1,4 @@
> -SHA256 (Mail-SpamAssassin-3.4.1.tar.bz2) = oMHJgI8GhLOJWU64ssy6zmSGVGWTST+TCMlVRWPRRlE=
> -SHA256 (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = OC9+4WCpahWq5Vn1PfksNvLhdkexnFlU7+3oYUn40Ss=
> -SIZE (Mail-SpamAssassin-3.4.1.tar.bz2) = 2710985
> -SIZE (Mail-SpamAssassin-rules-3.4.1.r1675274.tgz) = 270622
> +SHA256 (Mail-SpamAssassin-3.4.2.tar.bz2) = zwMEWkmRdSFF7tAH51c38+TH80zyJdtBHOP9NZKA6No=
> +SHA256 (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = jUgaIIHx5ioleSOPZrWNIST3ounzz6PUqisD/nsBmbs=
> +SIZE (Mail-SpamAssassin-3.4.2.tar.bz2) = 2700016
> +SIZE (Mail-SpamAssassin-rules-3.4.2.r1840640.tgz) = 284758
> Index: patches/patch-Makefile_PL
> ===================================================================
> RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/patches/patch-Makefile_PL,v
> retrieving revision 1.13
> diff -u -p -r1.13 patch-Makefile_PL
> --- patches/patch-Makefile_PL 30 Apr 2015 14:41:53 -0000 1.13
> +++ patches/patch-Makefile_PL 18 Sep 2018 07:08:03 -0000
> @@ -1,7 +1,8 @@
>  $OpenBSD: patch-Makefile_PL,v 1.13 2015/04/30 14:41:53 sthen Exp $
> ---- Makefile.PL.orig Tue Apr 28 20:57:01 2015
> -+++ Makefile.PL Thu Apr 30 14:25:54 2015
> -@@ -832,7 +832,7 @@ sub MY::install {
> +Index: Makefile.PL
> +--- Makefile.PL.orig
> ++++ Makefile.PL
> +@@ -856,7 +856,7 @@ sub MY::install {
>  
>     foreach (@code) {
>       # Add our install targets as a dependency to all top-level install targets
> Index: patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_BayesStore_pm
> --- patches/patch-lib_Mail_SpamAssassin_BayesStore_pm 31 Oct 2017 07:41:51 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,15 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_BayesStore_pm,v 1.1 2017/10/31 07:41:51 giovanni Exp $
> -
> -# bug 7340: remove expire flag after token expiration is done
> -
> -Index: lib/Mail/SpamAssassin/BayesStore.pm
> ---- lib/Mail/SpamAssassin/BayesStore.pm.orig
> -+++ lib/Mail/SpamAssassin/BayesStore.pm
> -@@ -419,6 +419,7 @@ sub expire_old_tokens_trapped {
> -     dbg("bayes: $msg: $msg2");
> -   }
> -
> -+  $self->remove_running_expire_tok();
> -   return 1;
> - }
> -
> Index: patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm
> --- patches/patch-lib_Mail_SpamAssassin_Conf_Parser_pm 13 Mar 2018 07:51:59 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,218 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Conf_Parser_pm,v 1.2 2018/03/13 07:51:59 giovanni Exp $
> -
> -Index: lib/Mail/SpamAssassin/Conf/Parser.pm
> ---- lib/Mail/SpamAssassin/Conf/Parser.pm.orig
> -+++ lib/Mail/SpamAssassin/Conf/Parser.pm
> -@@ -142,15 +142,11 @@ use Mail::SpamAssassin::NetSet;
> -
> - use strict;
> - use warnings;
> --use bytes;
> -+# use bytes;
> - use re 'taint';
> -
> --use vars qw{
> --  @ISA
> --};
> -+our @ISA = qw();
> -
> --@ISA = qw();
> --
> - ###########################################################################
> -
> - sub new {
> -@@ -263,6 +259,7 @@ sub parse {
> -   while (defined ($line = shift @conf_lines)) {
> -     local ($1);         # bug 3838: prevent random taint flagging of $1
> -
> -+   if (index($line,'#') > -1) {
> -     # bug 5545: used to support testing rules in the ruleqa system
> -     if ($keepmetadata && $line =~ /^\#testrules/) {
> -       $self->{file_scoped_attrs}->{testrules}++;
> -@@ -278,8 +275,12 @@ sub parse {
> -
> -     $line =~ s/(?<!\\)#.*$//; # remove comments
> -     $line =~ s/\\#/#/g; # hash chars are escaped, so unescape them
> -+   }
> -+
> -+   if ($line =~ tr{ \t\r\n\f}{}) {
> -     $line =~ s/^\s+//;  # remove leading whitespace
> -     $line =~ s/\s+$//;  # remove tailing whitespace
> -+  }
> -     next unless($line); # skip empty lines
> -
> -     # handle i18n
> -@@ -288,7 +289,7 @@ sub parse {
> -     my($key, $value) = split(/\s+/, $line, 2);
> -     $key = lc $key;
> -     # convert all dashes in setting name to underscores.
> --    $key =~ s/-/_/g;
> -+    $key =~ tr/-/_/;
> -     $value = '' unless defined($value);
> -
> - #   # Do a better job untainting this info ...
> -@@ -338,26 +339,26 @@ sub parse {
> -     }
> -
> -     # now handle the commands.
> --    if ($key eq 'include') {
> -+    elsif ($key eq 'include') {
> -       $value = $self->fix_path_relative_to_current_file($value);
> -       my $text = $conf->{main}->read_cf($value, 'included file');
> -       unshift (@conf_lines, split (/\n/, $text));
> -       next;
> -     }
> -
> --    if ($key eq 'ifplugin') {
> -+    elsif ($key eq 'ifplugin') {
> -       $self->handle_conditional ($key, "plugin ($value)",
> -                         \@if_stack, \$skip_parsing);
> -       next;
> -     }
> -
> --    if ($key eq 'if') {
> -+    elsif ($key eq 'if') {
> -       $self->handle_conditional ($key, $value,
> -                         \@if_stack, \$skip_parsing);
> -       next;
> -     }
> -
> --    if ($key eq 'else') {
> -+    elsif ($key eq 'else') {
> -       # TODO: if/else/else won't get flagged here :(
> -       if (!@if_stack) {
> -         $parse_error = "config: found else without matching conditional";
> -@@ -369,7 +370,7 @@ sub parse {
> -     }
> -
> -     # and the endif statement:
> --    if ($key eq 'endif') {
> -+    elsif ($key eq 'endif') {
> -       my $lastcond = pop @if_stack;
> -       if (!defined $lastcond) {
> -         $parse_error = "config: found endif without matching conditional";
> -@@ -508,7 +509,7 @@ sub handle_conditional {
> -   my $conf = $self->{conf};
> -
> -   my $lexer = ARITH_EXPRESSION_LEXER;
> --  my @tokens = ($value =~ m/($lexer)/g);
> -+  my @tokens = ($value =~ m/($lexer)/og);
> -
> -   my $eval = '';
> -   my $bad = 0;
> -@@ -573,6 +574,10 @@ sub cond_clause_plugin_loaded {
> -
> - sub cond_clause_can {
> -   my ($self, $method) = @_;
> -+  if ($self->{currentfile} =~ q!/user_prefs$! ) {
> -+    warn "config: 'if can $method' not available in user_prefs";
> -+    return 0
> -+  }
> -   $self->cond_clause_can_or_has('can', $method);
> - }
> -
> -@@ -591,7 +596,7 @@ sub cond_clause_can_or_has {
> -   } elsif ($method =~ /^(.*)::([^:]+)$/) {
> -     no strict "refs";
> -     my($module, $meth) = ($1, $2);
> --    return 1  if UNIVERSAL::can($module,$meth) &&
> -+    return 1  if $module->can($meth) &&
> -                  ( $fn_name eq 'has' || &{$method}() );
> -   } else {
> -     $self->lint_warn("bad 'if' line, cannot find '::' in $fn_name($method), ".
> -@@ -984,14 +989,14 @@ sub _meta_deps_recurse {
> -
> -   # Lex the rule into tokens using a rather simple RE method ...
> -   my $lexer = ARITH_EXPRESSION_LEXER;
> --  my @tokens = ($rule =~ m/$lexer/g);
> -+  my @tokens = ($rule =~ m/$lexer/og);
> -
> -   # Go through each token in the meta rule
> -   my $conf_tests = $conf->{tests};
> -   foreach my $token (@tokens) {
> -     # has to be an alpha+numeric token
> --  # next if $token =~ /^(?:\W+|[+-]?\d+(?:\.\d+)?)$/;
> --    next if $token !~ /^[A-Za-z_][A-Za-z0-9_]*\z/s;  # faster
> -+    next if $token =~ tr{A-Za-z0-9_}{}c || substr($token,0,1) =~ tr{A-Za-z_}{}c; # even faster
> -+
> -     # and has to be a rule name
> -     next unless exists $conf_tests->{$token};
> -
> -@@ -1178,25 +1183,25 @@ sub add_test {
> -   my $conf = $self->{conf};
> -
> -   # Don't allow invalid names ...
> --  if ($name !~ /^\D\w*$/) {
> -+  if ($name !~ /^[_[:alpha:]]\w*$/) {
> -     $self->lint_warn("config: error: rule '$name' has invalid characters ".
> -   "(not Alphanumeric + Underscore + starting with a non-digit)\n", $name);
> -     return;
> -   }
> -
> --  # Also set a hard limit for ALL rules (rule names longer than 242
> -+  # Also set a hard limit for ALL rules (rule names longer than 40
> -   # characters throw warnings).  Check this separately from the above
> -   # pattern to avoid vague error messages.
> --  if (length $name > 200) {
> --    $self->lint_warn("config: error: rule '$name' is way too long ".
> -+  if (length $name > 100) {
> -+    $self->lint_warn("config: error: rule '$name' is too long ".
> -   "(recommended maximum length is 22 characters)\n", $name);
> -     return;
> -   }
> -
> -   # Warn about, but use, long rule names during --lint
> -   if ($conf->{lint_rules}) {
> --    if (length($name) > 50 && $name !~ /^__/ && $name !~ /^T_/) {
> --      $self->lint_warn("config: warning: rule name '$name' is over 50 chars ".
> -+    if (length($name) > 40 && $name !~ /^__/ && $name !~ /^T_/) {
> -+      $self->lint_warn("config: warning: rule name '$name' is over 40 chars ".
> -     "(recommended maximum length is 22 characters)\n", $name);
> -     }
> -   }
> -@@ -1286,12 +1291,18 @@ sub add_regression_test {
> - sub is_meta_valid {
> -   my ($self, $name, $rule) = @_;
> -
> -+  # $meta is a degenerate translation of the rule, replacing all variables (i.e. rule names) with 0.
> -   my $meta = '';
> -   $rule = untaint_var($rule);  # must be careful below
> -+  # Bug #7557 code injection
> -+  if ( $rule =~ /\S(::|->)\S/ )  {
> -+    warn("is_meta_valid: Bogus rule $name: $rule") ;
> -+    return 0;
> -+  }
> -
> -   # Lex the rule into tokens using a rather simple RE method ...
> -   my $lexer = ARITH_EXPRESSION_LEXER;
> --  my @tokens = ($rule =~ m/$lexer/g);
> -+  my @tokens = ($rule =~ m/$lexer/og);
> -   if (length($name) == 1) {
> -     for (@tokens) {
> -       print "$name $_\n "  or die "Error writing token: $!";
> -@@ -1299,16 +1310,20 @@ sub is_meta_valid {
> -   }
> -   # Go through each token in the meta rule
> -   foreach my $token (@tokens) {
> --    # Numbers can't be rule names
> --    if ($token !~ /^[A-Za-z_][A-Za-z0-9_]*\z/s) {
> -+    # If the token is a syntactically legal rule name, make it zero
> -+    if ($token =~ /^[_[:alpha:]]\w+\z/s) {
> -+      $meta .= "0 ";
> -+    }
> -+    # if it is a number or a string of 1 or 2 punctuation characters (i.e. operators) tack it onto the degenerate rule
> -+    elsif ( $token =~ /^(\d+|[[:punct:]]{1,2})\z/s ) {
> -       $meta .= "$token ";
> -     }
> --    # Zero will probably cause more errors
> -+    # WTF is it? Just warn, for now. Bug #7557
> -     else {
> --      $meta .= "0 ";
> -+      $self->lint_warn("config: Strange rule token: $token", $name);
> -+      $meta .= "$token ";
> -     }
> -   }
> --
> -   my $evalstr = 'my $x = ' . $meta . '; 1;';
> -   if (eval $evalstr) {
> -     return 1;
> Index: patches/patch-lib_Mail_SpamAssassin_Conf_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Conf_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Conf_pm
> --- patches/patch-lib_Mail_SpamAssassin_Conf_pm 13 Mar 2018 07:51:59 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,43 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Conf_pm,v 1.1 2018/03/13 07:51:59 giovanni Exp $
> -
> -Index: lib/Mail/SpamAssassin/Conf.pm
> ---- lib/Mail/SpamAssassin/Conf.pm.orig
> -+++ lib/Mail/SpamAssassin/Conf.pm
> -@@ -2836,8 +2836,8 @@ C<header SYMBOLIC_TEST_NAME header =~ /\S/> rule as de
> - =item header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
> -
> - Define a header eval test.  C<name_of_eval_method> is the name of
> --a method on the C<Mail::SpamAssassin::EvalTests> object.  C<arguments>
> --are optional arguments to the function call.
> -+a method registered by a C<Mail::SpamAssassin::Plugin> object.
> -+C<arguments> are optional arguments to the function call.
> -
> - =item header SYMBOLIC_TEST_NAME eval:check_rbl('set', 'zone' [, 'sub-test'])
> -
> -@@ -2950,7 +2950,10 @@ name.
> -       local ($1,$2);
> -       if ($value =~ /^(\S+)\s+(?:rbl)?eval:(.*)$/) {
> -         my ($rulename, $fn) = ($1, $2);
> --
> -+        dbg("config: header eval rule name is $rulename function is $fn");
> -+        if ($fn !~ /^\w+(\(.*\))?$/) {
> -+          return $INVALID_VALUE;
> -+        }
> -         if ($fn =~ /^check_(?:rbl|dns)/) {
> -           $self->{parser}->add_test ($rulename, $fn, $TYPE_RBL_EVALS);
> -         }
> -@@ -3008,7 +3011,13 @@ Define a body eval test.  See above.
> -       my ($self, $key, $value, $line) = @_;
> -       local ($1,$2);
> -       if ($value =~ /^(\S+)\s+eval:(.*)$/) {
> --        $self->{parser}->add_test ($1, $2, $TYPE_BODY_EVALS);
> -+        my ($rulename, $fn) = ($1, $2);
> -+        dbg("config: body eval rule name is $rulename function is $fn");
> -+
> -+        if ($fn !~ /^\w+(\(.*\))?$/) {
> -+          return $INVALID_VALUE;
> -+        }
> -+        $self->{parser}->add_test ($rulename, $fn, $TYPE_BODY_EVALS);
> -       }
> -       else {
> - my @values = split(/\s+/, $value, 2);
> Index: patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
> --- patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm 4 Mar 2016 00:05:35 -0000 1.4
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,82 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_DnsResolver_pm,v 1.4 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/DnsResolver.pm.orig Tue Apr 28 20:56:49 2015
> -+++ lib/Mail/SpamAssassin/DnsResolver.pm Thu Mar  3 23:59:55 2016
> -@@ -592,6 +592,9 @@ sub new_dns_packet {
> -   };
> -
> -   if ($packet) {
> -+    # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223
> -+    $packet->header->rd(1);
> -+
> -   # my $udp_payload_size = $self->{res}->udppacketsize;
> -     my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
> -     if ($udp_payload_size && $udp_payload_size > 512) {
> -@@ -722,6 +725,37 @@ sub bgsend {
> -
> - ###########################################################################
> -
> -+=item $id = $res->bgread()
> -+
> -+Similar to C<Net::DNS::Resolver::bgread>.  Reads a DNS packet from
> -+a supplied socket, decodes it, and returns a Net::DNS::Packet object
> -+if successful.  Dies on error.
> -+
> -+=cut
> -+
> -+sub bgread() {
> -+  my ($self) = @_;
> -+  my $sock = $self->{sock};
> -+  my $packetsize = $self->{res}->udppacketsize;
> -+  $packetsize = 512  if $packetsize < 512;  # just in case
> -+  my $data = '';
> -+  my $peeraddr = $sock->recv($data, $packetsize+256);  # with some size margin for troubleshooting
> -+  defined $peeraddr or die "bgread: recv() failed: $!";
> -+  my $peerhost = $sock->peerhost;
> -+  $data ne '' or die "bgread: received empty packet from $peerhost";
> -+  dbg("dns: bgread: received %d bytes from %s", length($data), $peerhost);
> -+  my($answerpkt, $decoded_length) = Net::DNS::Packet->new(\$data);
> -+  $answerpkt or die "bgread: decoding DNS packet failed: $@";
> -+  $answerpkt->answerfrom($peerhost);
> -+  if ($decoded_length ne length($data)) {
> -+    warn sprintf("bgread: received a %d bytes packet from %s, decoded %d bytes\n",
> -+                 length($data), $peerhost, $decoded_length);
> -+  }
> -+  return $answerpkt;
> -+}
> -+
> -+###########################################################################
> -+
> - =item $nfound = $res->poll_responses()
> -
> - See if there are any C<bgsend> reply packets ready, and return
> -@@ -769,13 +803,25 @@ sub poll_responses {
> -     $timeout = 0;  # next time around collect whatever is available, then exit
> -     last  if $nfound == 0;
> -
> --    my $packet = $self->{res}->bgread($self->{sock});
> -+    my $packet;
> -+    eval {
> -+      $packet = $self->bgread();
> -+    } or do {
> -+      undef $packet;
> -+      my $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
> -+      # resignal if alarm went off
> -+      die $eval_stat  if $eval_stat =~ /__alarm__ignore__\(.*\)/s;
> -+      info("dns: bad dns reply: %s", $eval_stat);
> -+    };
> -
> -+#   Bug 7265, use our own bgread()
> -+#   my $packet = $self->{res}->bgread($self->{sock});
> -+
> -     if (!$packet) {
> --      my $dns_err = $self->{res}->errorstring;
> --      # resignal if alarm went off
> --      die "dns (3) $dns_err\n"  if $dns_err =~ /__alarm__ignore__\(.*\)/s;
> --      info("dns: bad dns reply: $dns_err");
> -+      # error already reported above
> -+#     my $dns_err = $self->{res}->errorstring;
> -+#     die "dns (3) $dns_err\n"  if $dns_err =~ /__alarm__ignore__\(.*\)/s;
> -+#     info("dns: bad dns reply: $dns_err");
> -     } else {
> -       my $header = $packet->header;
> -       if (!$header) {
> Index: patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
> --- patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm 4 Mar 2016 00:05:35 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,25 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/Message/Metadata/Received.pm.orig Tue Apr 28 20:56:48 2015
> -+++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm Thu Mar  3 23:59:55 2016
> -@@ -434,7 +434,8 @@ sub parse_received_line {
> -     $auth = 'Postfix';
> -   }
> -   # Communigate Pro - Bug 6495 adds HTTP as possible transmission method
> --  elsif (/CommuniGate Pro (HTTP|SMTP)/ && / \(account /) {
> -+  # Bug 7277: XIMSS used by Pronto and other custom apps, IMAP supports XMIT extension
> -+  elsif (/CommuniGate Pro (HTTP|SMTP|XIMSS|IMAP)/ && / \(account /) {
> -     $auth = 'Communigate';
> -   }
> -   # Microsoft Exchange (complete with syntax error)
> -@@ -714,6 +715,11 @@ sub parse_received_line {
> -     # Received: from sc8-sf-sshgate.sourceforge.net (HELO sc8-sf-netmisc.sourceforge.net) (66.35.250.220) by la.mx.develooper.com (qpsmtpd/0.27-dev) with ESMTP; Fri, 02 Jan 2004 14:44:41 -0800
> -     # Received: from mx10.topofferz.net (HELO ) (69.6.60.10) by blazing.arsecandle.org with SMTP; 3 Mar 2004 20:34:38 -0000
> -     if (/^(\S+) \((?:HELO|EHLO) (\S*)\) \((${IP_ADDRESS})\) by (\S+) \(qpsmtpd\/\S+\) with (?:ESMTP|SMTP)/) {
> -+      $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
> -+    }
> -+
> -+    # Received: from mail-backend.DDDD.com (LHLO mail-backend.DDDD.com) (10.2.2.20) by mail-backend.DDDD.com with LMTP; Thu, 18 Jun 2015 16:50:56 -0700 (PDT)
> -+    if (/^(\S+) \(LHLO (\S*)\) \((${IP_ADDRESS})\) by (\S+) with LMTP/) {
> -       $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
> -     }
> -
> Index: patches/patch-lib_Mail_SpamAssassin_Message_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Message_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Message_pm
> --- patches/patch-lib_Mail_SpamAssassin_Message_pm 31 Oct 2017 07:41:51 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,27 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Message_pm,v 1.2 2017/10/31 07:41:51 giovanni Exp $
> -
> -# bug 7447: Delete parse_queue in Message::finish() to prevent memory leak.
> -
> -Index: lib/Mail/SpamAssassin/Message.pm
> ---- lib/Mail/SpamAssassin/Message.pm.orig
> -+++ lib/Mail/SpamAssassin/Message.pm
> -@@ -628,6 +628,9 @@ sub finish {
> -   delete $self->{'line_ending'};
> -   delete $self->{'missing_head_body_separator'};
> -
> -+  # Remove the queue variable, in case the body has not been parsed
> -+  delete $self->{'parse_queue'};
> -+
> -   my @toclean = ( $self );
> -
> -   # Go ahead and clean up all of the Message::Node parts
> -@@ -1045,6 +1048,9 @@ sub _parse_normal {
> -   }
> -   elsif ($ct[3]) {
> -     $msg->{'name'} = $ct[3];
> -+  }
> -+  if ($msg->{'name'}) {
> -+    $msg->{'name'} = Encode::decode("MIME-Header", $msg->{'name'});
> -   }
> -
> -   $msg->{'boundary'} = $boundary;
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm 4 Mar 2016 00:05:35 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,87 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/Plugin/DKIM.pm.orig Tue Apr 28 20:56:47 2015
> -+++ lib/Mail/SpamAssassin/Plugin/DKIM.pm Thu Mar  3 23:59:55 2016
> -@@ -178,14 +178,19 @@ sub set_config {
> -
> - Works similarly to whitelist_from, except that in addition to matching
> - an author address (From) to the pattern in the first parameter, the message
> --must also carry a Domain Keys Identified Mail (DKIM) signature made by a
> --signing domain (SDID, i.e. the d= tag) that is acceptable to us.
> -+must also carry a valid Domain Keys Identified Mail (DKIM) signature made by
> -+a signing domain (SDID, i.e. the d= tag) that is acceptable to us.
> -
> - Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
> - Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
> - are allowed for the From address (the first parameter), just like with
> --C<whitelist_from_rcvd>. The second parameter does not accept wildcards.
> -+C<whitelist_from_rcvd>.
> -
> -+The second parameter (the signing-domain) does not accept full file-glob style
> -+wildcards, although a simple '*.' (or just a '.') prefix to a domain name
> -+is recognized and implies any subdomain of the specified domain (but not
> -+the domain itself).
> -+
> - If no signing-domain parameter is specified, the only acceptable signature
> - will be an Author Domain Signature (sometimes called first-party signature)
> - which is a signature where the signing domain (SDID) of a signature matches
> -@@ -205,7 +210,8 @@ Examples of whitelisting based on third-party signatur
> -   whitelist_from_dkim [hidden email]      example.org
> -   whitelist_from_dkim [hidden email] example.net
> -   whitelist_from_dkim *@info.example.net    example.net
> --  whitelist_from_dkim *@*                   remailer.example.com
> -+  whitelist_from_dkim *@*                   mail7.remailer.example.com
> -+  whitelist_from_dkim *@*                   *.remailer.example.com
> -
> - =item def_whitelist_from_dkim [hidden email] [signing-domain]
> -
> -@@ -376,7 +382,8 @@ some valid signature on a message has no reputational
> - associated with a particular domain), regardless of its key size - anyone can
> - prepend its own signature on a copy of some third party mail and re-send it,
> - which makes it no more trustworthy than without such signature. This is also
> --a reason for a rule DKIM_VALID to have a near-zero score.
> -+a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit
> -+is only informational.
> -
> - =cut
> -
> -@@ -786,7 +793,8 @@ sub _check_dkim_signature {
> -         # Only do so if EDNS0 provides a reasonably-sized UDP payload size,
> -         # as our interface does not provide a DNS fallback to TCP, unlike
> -         # the Net::DNS::Resolver::send which does provide it.
> --        my $res = $self->{main}->{resolver}->get_resolver;
> -+        my $res = $self->{main}->{resolver};
> -+        dbg("dkim: providing our own resolver: %s", ref $res);
> -         Mail::DKIM::DNS::resolver($res);
> -       }
> -     }
> -@@ -892,13 +900,13 @@ sub _check_dkim_signature {
> -         }
> -       }
> -       if (would_log("dbg","dkim")) {
> --        dbg("dkim: %s %s, i=%s, d=%s, s=%s, a=%s, c=%s, %s, %s",
> -+        dbg("dkim: %s %s, i=%s, d=%s, s=%s, a=%s, c=%s, %s, %s, %s",
> -           $info,
> -           $signature->isa('Mail::DKIM::DkSignature') ? 'DK' : 'DKIM',
> -           map(!defined $_ ? '(undef)' : $_,
> -             $signature->identity, $d, $signature->selector,
> -             $signature->algorithm, scalar($signature->canonicalization),
> --            $key_size ? "key_bits=$key_size" : (),
> -+            $key_size ? "key_bits=$key_size" : "unknown key size",
> -             ($sig_result_supported ? $signature : $verifier)->result ),
> -           defined $d && $pms->{dkim_author_domains}->{$d}
> -             ? 'matches author domain'
> -@@ -1257,8 +1265,12 @@ sub _wlcheck_list {
> -         # identity (AUID). Nevertheless, be prepared to accept the full e-mail
> -         # address there for compatibility, and just ignore its local-part.
> -
> --        $acceptable_sdid = $1  if $acceptable_sdid =~ /\@([^\@]*)\z/;
> --        $matches = 1  if $sdid eq lc $acceptable_sdid;
> -+        $acceptable_sdid = $1  if $acceptable_sdid =~ /\@([^\@]*)\z/s;
> -+        if ($acceptable_sdid =~ s/^\*?\.//s) {
> -+          $matches = 1  if $sdid =~ /\.\Q$acceptable_sdid\E\z/si;
> -+        } else {
> -+          $matches = 1  if $sdid eq lc $acceptable_sdid;
> -+        }
> -       }
> -       if ($matches) {
> -         if (would_log("dbg","dkim")) {
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm 8 Mar 2018 07:30:00 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,99 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_PDFInfo_pm,v 1.1 2018/03/08 07:30:00 giovanni Exp $
> -
> -Index: lib/Mail/SpamAssassin/Plugin/PDFInfo.pm
> ---- lib/Mail/SpamAssassin/Plugin/PDFInfo.pm.orig
> -+++ lib/Mail/SpamAssassin/Plugin/PDFInfo.pm
> -@@ -31,7 +31,7 @@ This plugin helps detected spam using attached PDF fil
> -
> - =item See "Usage:" below - more documentation see 20_pdfinfo.cf
> -
> -- Original info kept for history.
> -+ Original info kept for history. For later changes see SVN repo
> -  -------------------------------------------------------
> -  PDFInfo Plugin for SpamAssassin
> -  Version: 0.8
> -@@ -40,7 +40,6 @@ This plugin helps detected spam using attached PDF fil
> -  Modified: 2007-08-10
> -  By: Dallas Engelken
> -
> --
> -  Changes:
> -    0.8 - added .fdf detection (thanks John Lundin) [axb]
> -    0.7 - fixed empty body/pdf count buglet(thanks Jeremy) [axb]
> -@@ -76,7 +75,6 @@ This plugin helps detected spam using attached PDF fil
> -          - removed all support for png, gif, and jpg from the code.
> -          - prepended pdf_ to all function names to avoid conflicts with ImageInfo in SA 3.2.
> -
> --
> -  Usage:
> -
> -   pdf_count()
> -@@ -144,14 +142,14 @@ package Mail::SpamAssassin::Plugin::PDFInfo;
> -
> - use Mail::SpamAssassin::Plugin;
> - use Mail::SpamAssassin::Logger;
> -+use Mail::SpamAssassin::Util;
> - use strict;
> - use warnings;
> --use bytes;
> -+# use bytes;
> - use Digest::MD5 qw(md5_hex);
> - use MIME::QuotedPrint;
> -
> --use vars qw(@ISA);
> --@ISA = qw(Mail::SpamAssassin::Plugin);
> -+our @ISA = qw(Mail::SpamAssassin::Plugin);
> -
> - # constructor: register the eval rule
> - sub new {
> -@@ -413,9 +411,9 @@ sub _find_pdf_mime_parts {
> -
> -   foreach my $p (@parts) {
> -     my $type = $p->{'type'} =~ m@/([\w\-]+)$@;
> --    my $name = $p->{'name'};
> -+    my $name = $p->{'name'} || '';
> -
> --    my $cte = lc $p->get_header('content-transfer-encoding') || '';
> -+    my $cte = lc( $p->get_header('content-transfer-encoding') || '' );
> -
> -     dbg("pdfinfo: found part, type=".($type ? $type : '')." file=".($name ? $name : '')." cte=".($cte ? $cte : '')."");
> -
> -@@ -441,7 +439,6 @@ sub _find_pdf_mime_parts {
> -
> - }
> -
> --
> - # ----------------------------------------
> -
> - sub pdf_named {
> -@@ -476,8 +473,12 @@ sub pdf_name_regex {
> -
> -   my $hit = 0;
> -   foreach my $name (keys %{$pms->{'pdfinfo'}->{"names_pdf"}}) {
> --    my $eval = 'if (q{'.$name.'} =~  '.$re.') {  $hit = 1; } ';
> --    eval $eval;
> -+    eval {
> -+        my $regex = Mail::SpamAssassin::Util::make_qr($re);
> -+        if ( $name =~ m/$regex/ ) {
> -+            $hit = 1;
> -+        }
> -+    };
> -     dbg("pdfinfo: error in regex $re - $@") if $@;
> -     if ($hit) {
> -       dbg("pdfinfo: pdf_name_regex hit on $name");
> -@@ -722,9 +723,12 @@ sub pdf_match_details {
> -   return unless $check_value;
> -
> -   my $hit = 0;
> --  $check_value =~ s/[\{\}\\]//g;
> --  my $eval = 'if (q{'.$check_value.'} =~ '.$regex.') { $hit = 1; }';
> --  eval $eval;
> -+  eval {
> -+      my $re = Mail::SpamAssassin::Util::make_qr($regex);
> -+      if ( $check_value =~ m/$re/ ) {
> -+          $hit = 1;
> -+      }
> -+  };
> -   dbg("pdfinfo: error in regex $regex - $@") if $@;
> -   if ($hit) {
> -     dbg("pdfinfo: pdf_match_details $detail $regex matches $check_value");
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm 4 Mar 2016 00:05:35 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,24 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_SPF_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/Plugin/SPF.pm.orig Tue Apr 28 20:56:47 2015
> -+++ lib/Mail/SpamAssassin/Plugin/SPF.pm Thu Mar  3 23:59:55 2016
> -@@ -232,7 +232,7 @@ working downwards until results are successfully parse
> - =item has_check_for_spf_errors
> -
> - Adds capability check for "if can()" for check_for_spf_permerror, check_for_spf_temperror, check_for_spf_helo_permerror and check_for_spf_helo_permerror
> --  
> -+
> - =cut
> -
> - sub has_check_for_spf_errors { 1 }
> -@@ -506,9 +506,9 @@ sub _check_spf {
> -       $self->{spf_server} = Mail::SPF::Server->new(
> - hostname     => $scanner->get_tag('HOSTNAME'),
> - dns_resolver => $self->{main}->{resolver},
> -- max_dns_interactive_terms => 15);
> -+ max_dns_interactive_terms => 20);
> -       # Bug 7112: max_dns_interactive_terms defaults to 10, but even 14 is
> --      # not enough for ebay.com, setting it to 15
> -+      # not enough for ebay.com, setting it to 15 NOTE: raising to 20 per bug 7182
> -       1;
> -     } or do {
> -       $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm 4 Mar 2016 00:05:35 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,28 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
> ---- lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm.orig Tue Apr 28 20:56:47 2015
> -+++ lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm Thu Mar  3 23:59:55 2016
> -@@ -942,9 +942,8 @@ sub complete_ns_lookup {
> -     next unless (defined($str) && defined($dom));
> -     dbg("uridnsbl: got($j) NS for $dom: $str");
> -
> --    if ($str =~ /IN\s+NS\s+(\S+)/) {
> --      my $nsmatch = lc $1;
> --      $nsmatch =~ s/\.$//;
> -+    if ($rr->type eq 'NS') {
> -+      my $nsmatch = lc $rr->nsdname;  # available since at least Net::DNS 0.14
> -       my $nsrhblstr = $nsmatch;
> -       my $fullnsrhblstr = $nsmatch;
> -
> -@@ -1025,9 +1024,9 @@ sub complete_a_lookup {
> -     }
> -     dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
> -
> --    local $1;
> --    if ($str =~ /IN\s+A\s+(\S+)/) {
> --      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
> -+    if ($rr->type eq 'A') {
> -+      my $ip_address = $rr->rdatastr;
> -+      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
> -     }
> -   }
> - }
> Index: patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm
> --- patches/patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm 6 Feb 2018 07:58:03 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,34 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_URILocalBL_pm,v 1.1 2018/02/06 07:58:03 giovanni Exp $
> -
> -Compatibility patches for perl 5.23+
> -
> -Index: lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
> ---- lib/Mail/SpamAssassin/Plugin/URILocalBL.pm.orig
> -+++ lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
> -@@ -350,7 +350,7 @@ sub check_uri_local_bl {
> -     # look for W3 links only
> -     next unless (defined $info->{types}->{a});
> -
> --    while (my($host, $domain) = each $info->{hosts}) {
> -+    while (my($host, $domain) = each %{$info->{hosts}}) {
> -
> -       # skip if the domain name was matched
> -       if (exists $rule->{exclusions} && exists $rule->{exclusions}->{$domain}) {
> -@@ -374,7 +374,7 @@ sub check_uri_local_bl {
> -         }
> -
> -         if (exists $rule->{countries}) {
> --          dbg("check: uri_local_bl countries %s\n", join(' ', sort keys $rule->{countries}));
> -+          dbg("check: uri_local_bl countries %s\n", join(' ', sort keys %{$rule->{countries}}));
> -
> -           my $cc = $self->{geoip}->country_code_by_addr($ip);
> -
> -@@ -403,7 +403,7 @@ sub check_uri_local_bl {
> -         }
> -
> -         if (exists $rule->{isps}) {
> --          dbg("check: uri_local_bl isps %s\n", join(' ', map { '"' . $_ . '"'; } sort keys $rule->{isps}));
> -+          dbg("check: uri_local_bl isps %s\n", join(' ', map { '"' . $_ . '"'; } sort keys %{$rule->{isps}}));
> -
> -           my $isp = $self->{geoisp}->isp_by_name($ip);
> -
> Index: patches/patch-lib_Mail_SpamAssassin_Util_pm
> ===================================================================
> RCS file: patches/patch-lib_Mail_SpamAssassin_Util_pm
> diff -N patches/patch-lib_Mail_SpamAssassin_Util_pm
> --- patches/patch-lib_Mail_SpamAssassin_Util_pm 23 Feb 2018 17:07:35 -0000 1.4
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,96 +0,0 @@
> -$OpenBSD: patch-lib_Mail_SpamAssassin_Util_pm,v 1.4 2018/02/23 17:07:35 giovanni Exp $
> -Index: lib/Mail/SpamAssassin/Util.pm
> ---- lib/Mail/SpamAssassin/Util.pm.orig
> -+++ lib/Mail/SpamAssassin/Util.pm
> -@@ -62,7 +62,8 @@ BEGIN {
> -   @EXPORT_OK = qw(&local_tz &base64_decode &untaint_var &untaint_file_path
> -                   &exit_status_str &proc_status_ok &am_running_on_windows
> -                   &reverse_ip_address &decode_dns_question_entry
> --                  &secure_tmpfile &secure_tmpdir &uri_list_canonicalize);
> -+                  &secure_tmpfile &secure_tmpdir &uri_list_canonicalize
> -+                  &get_user_groups);
> - }
> -
> - use Mail::SpamAssassin;
> -@@ -108,7 +109,7 @@ BEGIN {
> -     if ( !$displayed_path++ ) {
> -       dbg("util: current PATH is: ".join($Config{'path_sep'},File::Spec->path()));
> -     }
> --    foreach my $path (File::Spec->path()) {
> -+    foreach my $path (File::Spec->path(), qw(${LOCALBASE}/bin ${LOCALBASE}/sbin)) {
> -       my $fname = File::Spec->catfile ($path, $filename);
> -       if ( -f $fname ) {
> -         if (-x $fname) {
> -@@ -988,6 +989,18 @@ sub parse_content_type {
> -   my($charset) = $ct =~ /\bcharset\s*=\s*["']?(.*?)["']?(?:;|$)/i;
> -   my($name) = $ct =~ /\b(?:file)?name\s*=\s*["']?(.*?)["']?(?:;|$)/i;
> -
> -+  # RFC 2231 section 3: Parameter Value Continuations
> -+  # support continuations for name values
> -+  #
> -+  if (!$name && $ct =~ /\b(?:file)?name\*0\s*=/i) {
> -+
> -+    my @name;
> -+    $name[$1] = $2
> -+      while ($ct =~ /\b(?:file)?name\*(\d+)\s*=\s*["']?(.*?)["']?(?:;|$)/ig);
> -+
> -+    $name = join "", grep defined, @name;
> -+  }
> -+
> -   # Get the actual MIME type out ...
> -   # Note: the header content may not be whitespace unfolded, so make sure the
> -   # REs do /s when appropriate.
> -@@ -1493,13 +1506,43 @@ sub receive_date {
> - }
> -
> - ###########################################################################
> -+sub get_user_groups {
> -+  my $suid = shift;
> -+  dbg("get_user_groups: uid is $suid\n");
> -+  my ( $user, $passwd, $uid, $gid, $quota, $comment, $gcos, $dir, $shell, $expire ) = getpwuid($suid);
> -+  my $rgids="$gid ";
> -+  while ( my($name,$pw,$gid,$members) = getgrent() ) {
> -+    if ( $members =~ m/\b$user\b/ ) {
> -+      $rgids .= "$gid ";
> -+      dbg("get_user_groups: added $gid ($name) to group list which is now: $rgids\n");
> -+    }
> -+  }
> -+  endgrent;
> -+  chop $rgids;
> -+  return ($rgids);
> -+}
> -
> -+
> -+
> - sub setuid_to_euid {
> -   return if (RUNNING_ON_WINDOWS);
> -
> -   # remember the target uid, the first number is the important one
> -   my $touid = $>;
> --
> -+  my $gids = get_user_groups($touid);
> -+  my ( $pgid, $supgs ) = split (' ',$gids,2);
> -+  defined $supgs or $supgs=$pgid;
> -+  if ($( != $pgid) {
> -+    # Gotta be root for any of this to work
> -+    $> = 0 ;
> -+    dbg("util: changing real primary gid from $( to $pgid and supplemental groups to $supgs to match effective uid $touid");
> -+    POSIX::setgid($pgid);
> -+    dbg("util: POSIX::setgid($pgid) set errno to $!");  
> -+    $! = 0;
> -+    $( = $pgid;
> -+    $) = "$pgid $supgs";
> -+    dbg("util: assignment  \$) = $pgid $supgs set errno to $!");  
> -+  }
> -   if ($< != $touid) {
> -     dbg("util: changing real uid from $< to match effective uid $touid");
> -     # bug 3586: kludges needed to work around platform dependent behavior assigning to $<
> -@@ -1574,7 +1617,7 @@ sub helper_app_pipe_open_unix {
> -   eval {
> -     # go setuid...
> -     setuid_to_euid();
> --    dbg("util: setuid: ruid=$< euid=$>");
> -+    info("util: setuid: ruid=$< euid=$> rgid=$( egid=$) ");
> -
> -     # now set up the fds.  due to some wierdness, we may have to ensure that
> -     # we *really* close the correct fd number, since some other code may have
> Index: patches/patch-spamc_libspamc_c
> ===================================================================
> RCS file: patches/patch-spamc_libspamc_c
> diff -N patches/patch-spamc_libspamc_c
> --- patches/patch-spamc_libspamc_c 23 May 2015 14:18:55 -0000 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,21 +0,0 @@
> -$OpenBSD: patch-spamc_libspamc_c,v 1.3 2015/05/23 14:18:55 bluhm Exp $
> ---- spamc/libspamc.c.orig Tue Apr 28 21:56:59 2015
> -+++ spamc/libspamc.c Wed May 20 19:53:07 2015
> -@@ -1216,7 +1216,7 @@ int message_filter(struct transport *tp, const char *u
> - if (flags & SPAMC_TLSV1) {
> -    meth = TLSv1_client_method();
> - } else {
> --    meth = SSLv3_client_method(); /* default */
> -+    meth = SSLv23_client_method(); /* default */
> - }
> - SSL_load_error_strings();
> - ctx = SSL_CTX_new(meth);
> -@@ -1604,7 +1604,7 @@ int message_tell(struct transport *tp, const char *use
> -     if (flags & SPAMC_USE_SSL) {
> - #ifdef SPAMC_SSL
> - SSLeay_add_ssl_algorithms();
> -- meth = SSLv3_client_method();
> -+ meth = SSLv23_client_method();
> - SSL_load_error_strings();
> - ctx = SSL_CTX_new(meth);
> - #else
> Index: patches/patch-spamd_spamd_raw
> ===================================================================
> RCS file: patches/patch-spamd_spamd_raw
> diff -N patches/patch-spamd_spamd_raw
> --- patches/patch-spamd_spamd_raw 23 Feb 2018 17:07:35 -0000 1.9
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,98 +0,0 @@
> -$OpenBSD: patch-spamd_spamd_raw,v 1.9 2018/02/23 17:07:35 giovanni Exp $
> -Index: spamd/spamd.raw
> ---- spamd/spamd.raw.orig
> -+++ spamd/spamd.raw
> -@@ -246,7 +246,8 @@ use Mail::SpamAssassin::SubProcBackChannel;
> - use Mail::SpamAssassin::SpamdForkScaling qw(:pfstates);
> - use Mail::SpamAssassin::Logger qw(:DEFAULT log_message);
> - use Mail::SpamAssassin::Util qw(untaint_var untaint_file_path
> --                                exit_status_str am_running_on_windows);
> -+                                exit_status_str am_running_on_windows
> -+                                get_user_groups);
> - use Mail::SpamAssassin::Timeout;
> -
> - use Getopt::Long;
> -@@ -1071,7 +1072,6 @@ sub server_sock_setup_inet {
> -     $sockopt{V6Only} = 1  if $io_socket_module_name eq 'IO::Socket::IP'
> -                              && IO::Socket::IP->VERSION >= 0.09;
> -     %sockopt = (%sockopt, (
> --      SSL_version     => $sslversion,
> -       SSL_verify_mode => 0x00,
> -       SSL_key_file    => $opt{'server-key'},
> -       SSL_cert_file   => $opt{'server-cert'},
> -@@ -1092,7 +1092,8 @@ sub server_sock_setup_inet {
> -     if (!$server_inet) {
> -       $diag = sprintf("could not create %s socket on [%s]:%s: %s",
> -                       $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
> --                      $adr, $port, $!);
> -+                      $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
> -+                      "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
> -       push(@diag_fail, $diag);
> -     } else {
> -       $diag = sprintf("created %s socket on [%s]:%s",
> -@@ -1369,10 +1370,20 @@ sub spawn {
> -       # bug 5518: assignments to $) and $( don't always work on all platforms
> -       # bug 3900: assignments to $> and $< problems with BSD perl bug
> -       # use the POSIX functions to hide the platform specific workarounds
> -+      dbg("spamd: Privilege de-escalation from user $< and groups $(\n");
> -+      $! = 0;
> -       POSIX::setgid($ugid);  # set effective and real gid
> -+      dbg("spamd: setgid ERRNO is $!\n");
> -+      $( = $ugid;
> -+      $) = "$ugid ".(get_user_groups($uuid));  # set effective and real gid/grouplist another way because we lack initgroups in Perl
> -+      dbg("spamd: group assignment ERRNO is $!\n");
> -       POSIX::setuid($uuid);  # set effective and real UID
> -+      dbg("spamd: setuid ERRNO is $!\n");
> -       $< = $uuid; $> = $uuid;   # bug 5574
> -+      dbg("spamd: uid assignment ERRNO is $!\n");
> -+      dbg("spamd: real user is $< \neff user is $> \nreal groups are $( \neff groups are $) \n");
> -
> -+
> -       # keep the sanity check to catch problems like bug 3900 just in case
> -       if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) {
> -         die "spamd: setuid to uid $uuid failed (> = $>, < = $<)\n";
> -@@ -1521,7 +1532,7 @@ sub accept_from_any_server_socket {
> -     } # end multiple sockets case
> -
> -     if ($selected_socket_info) {
> --      my $socket = $selected_socket_info->{socket};
> -+      $socket = $selected_socket_info->{socket};
> -       $socket or die "no socket???, impossible";
> -       dbg("spamd: accept() on fd %d", $selected_socket_info->{fd});
> -       $client = $socket->accept;
> -@@ -1726,7 +1737,7 @@ sub handle_setuid_to_user {
> -     my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
> -         getpwnam('nobody');
> -  
> --    $) = "$gid $gid";                   # eGID
> -+    $) = (get_user_groups($uid));       # eGID
> -     $> = $uid;                          # eUID
> -     if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
> -       die("spamd: setuid to nobody failed");
> -@@ -2488,7 +2499,7 @@ sub handle_user_setuid_basic {
> -   }
> -
> -   if ($setuid_to_user) {
> --    $) = "$gid $gid";                 # change eGID
> -+    $) = (get_user_groups($uid));     # change eGID
> -     $> = $uid;                        # change eUID
> -     if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
> -       # make it fatal to avoid security breaches
> -@@ -2710,7 +2721,7 @@ sub handle_user_setuid_with_sql {
> -   }
> -
> -   if ($setuid_to_user) {
> --    $) = "$gid $gid";                 # change eGID
> -+    $) = (get_user_groups($uid));     # change eGID
> -     $> = $uid;                        # change eUID
> -     if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
> -       # make it fatal to avoid security breaches
> -@@ -2755,7 +2766,7 @@ sub handle_user_setuid_with_ldap {
> -   }
> -
> -   if ($setuid_to_user) {
> --    $) = "$gid $gid";    # change eGID
> -+    $) = (get_user_groups($uid));    # change eGID
> -     $> = $uid;           # change eUID
> -     if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
> -       # make it fatal to avoid security breaches
> Index: patches/patch-t_SATest_pm
> ===================================================================
> RCS file: patches/patch-t_SATest_pm
> diff -N patches/patch-t_SATest_pm
> --- patches/patch-t_SATest_pm 7 Nov 2017 07:39:07 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,14 +0,0 @@
> -$OpenBSD: patch-t_SATest_pm,v 1.1 2017/11/07 07:39:07 giovanni Exp $
> -
> -Index: t/SATest.pm
> ---- t/SATest.pm.orig
> -+++ t/SATest.pm
> -@@ -1027,7 +1027,7 @@ sub can_use_net_dns_safely {
> -   # (which is used by Net::DNS)
> -
> -   return 1 if ($< != 0);
> --  return 1 if ($^O =~ /^(linux|mswin|dos|os2)/oi);
> -+  return 1 if ($^O =~ /^(linux|mswin|dos|os2|openbsd)/oi);
> -
> -   my $has_unsafe_hostname =
> -     eval { require Sys::Hostname::Long && Sys::Hostname::Long->VERSION < 1.4 };
> Index: patches/patch-t_sa_compile_t
> ===================================================================
> RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/patches/patch-t_sa_compile_t,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-t_sa_compile_t
> --- patches/patch-t_sa_compile_t 23 May 2015 14:18:55 -0000 1.3
> +++ patches/patch-t_sa_compile_t 18 Sep 2018 07:08:03 -0000
> @@ -1,21 +1,14 @@
>  $OpenBSD: patch-t_sa_compile_t,v 1.3 2015/05/23 14:18:55 bluhm Exp $
> ---- t/sa_compile.t.orig Tue Apr 28 21:56:58 2015
> -+++ t/sa_compile.t Tue May 12 22:36:36 2015
> -@@ -8,8 +8,7 @@ use Config;
> +Index: t/sa_compile.t
> +--- t/sa_compile.t.orig
> ++++ t/sa_compile.t
> +@@ -12,8 +12,7 @@ use Config;
>   use File::Basename;
>   use File::Path qw/mkpath/;
>  
>  -my $temp_binpath = $Config{sitebinexp};
> --$temp_binpath =~ s/^\Q$Config{prefix}\E//;
> +-$temp_binpath =~ s|^\Q$Config{siteprefixexp}\E/||;
>  +my $temp_binpath = "bin";
>  
> - # called from BEGIN
> - sub re2c_version_new_enough {
> -@@ -65,6 +64,7 @@ sub new_instdir {
> -   $instdir = $instbase.".".(shift);
> -   print "\nsetting new instdir: $instdir\n";
> -   $INST_FROM_SCRATCH and system("rm -rf $instdir; mkdir $instdir");
> -+  system("mkdir -p $instdir/foo/etc/mail/spamassassin");
> - }
> -
> - sub run_makefile_pl {
> + use Test::More;
> + plan skip_all => "Long running tests disabled" unless conf_bool('run_long_tests');
> Index: patches/patch-t_spf_t
> ===================================================================
> RCS file: patches/patch-t_spf_t
> diff -N patches/patch-t_spf_t
> --- patches/patch-t_spf_t 7 Nov 2017 07:39:07 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,22 +0,0 @@
> -$OpenBSD: patch-t_spf_t,v 1.1 2017/11/07 07:39:07 giovanni Exp $
> -
> -Index: t/spf.t
> ---- t/spf.t.orig
> -+++ t/spf.t
> -@@ -12,6 +12,7 @@ use constant HAS_MAILSPF => eval { require Mail::SPF;
> - # on non-Linux unices as root, due to a bug in Sys::Hostname::Long
> - # (it is used by Mail::SPF::Query, which is now obsoleted by Mail::SPF)
> - use constant IS_LINUX   => $^O eq 'linux';
> -+use constant IS_OPENBSD => $^O eq 'openbsd';
> - use constant IS_WINDOWS => ($^O =~ /^(mswin|dos|os2)/oi);
> - use constant AM_ROOT    => $< == 0;
> -
> -@@ -20,7 +21,7 @@ use constant HAS_UNSAFE_HOSTNAME =>  # Bug 3806 - modu
> -
> - use constant DO_RUN =>
> -   TEST_ENABLED && (HAS_SPFQUERY || HAS_MAILSPF) &&
> --  (!HAS_UNSAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS);
> -+  (!HAS_UNSAFE_HOSTNAME || !AM_ROOT || IS_LINUX || IS_WINDOWS || IS_OPENBSD);
> -
> - BEGIN {
> -
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/pkg/PLIST,v
> retrieving revision 1.35
> diff -u -p -r1.35 PLIST
> --- pkg/PLIST 6 May 2017 14:56:08 -0000 1.35
> +++ pkg/PLIST 18 Sep 2018 07:08:03 -0000
> @@ -79,8 +79,10 @@ ${P5SITE}/Mail/SpamAssassin/Plugin/DCC.p
>  ${P5SITE}/Mail/SpamAssassin/Plugin/DKIM.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/DNSEval.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/FreeMail.pm
> +${P5SITE}/Mail/SpamAssassin/Plugin/FromNameSpoof.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/HTMLEval.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm
> +${P5SITE}/Mail/SpamAssassin/Plugin/HashBL.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Hashcash.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/HeaderEval.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/ImageInfo.pm
> @@ -89,11 +91,13 @@ ${P5SITE}/Mail/SpamAssassin/Plugin/MIMEH
>  ${P5SITE}/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/PDFInfo.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/PhishTag.pm
> +${P5SITE}/Mail/SpamAssassin/Plugin/Phishing.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Pyzor.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Razor2.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/RelayCountry.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/RelayEval.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/ReplaceTags.pm
> +${P5SITE}/Mail/SpamAssassin/Plugin/ResourceLimits.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Reuse.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
>  ${P5SITE}/Mail/SpamAssassin/Plugin/SPF.pm
> @@ -118,9 +122,9 @@ ${P5SITE}/Mail/SpamAssassin/SubProcBackC
>  ${P5SITE}/Mail/SpamAssassin/Timeout.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/
>  ${P5SITE}/Mail/SpamAssassin/Util.pm
> +@comment ${P5SITE}/Mail/SpamAssassin/Util.pm.beforesubst
>  ${P5SITE}/Mail/SpamAssassin/Util/DependencyInfo.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/Progress.pm
> -${P5SITE}/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/ScopedTimer.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/TieOneStringHash.pm
>  ${P5SITE}/Mail/SpamAssassin/Util/TinyRedis.pm
> @@ -174,16 +178,20 @@ ${P5SITE}/spamassassin-run.pod
>  @man man/man3p/Mail::SpamAssassin::Plugin::DCC.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::DKIM.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::DNSEval.3p
> +@man man/man3p/Mail::SpamAssassin::Plugin::FromNameSpoof.3p
> +@man man/man3p/Mail::SpamAssassin::Plugin::HashBL.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Hashcash.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::MIMEEval.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::MIMEHeader.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::PDFInfo.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::PhishTag.3p
> +@man man/man3p/Mail::SpamAssassin::Plugin::Phishing.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Pyzor.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Razor2.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::RelayCountry.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::ReplaceTags.3p
> +@man man/man3p/Mail::SpamAssassin::Plugin::ResourceLimits.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Reuse.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::Rule2XSBody.3p
>  @man man/man3p/Mail::SpamAssassin::Plugin::SPF.3p
> @@ -205,7 +213,6 @@ ${P5SITE}/spamassassin-run.pod
>  @man man/man3p/Mail::SpamAssassin::Util.3p
>  @man man/man3p/Mail::SpamAssassin::Util::DependencyInfo.3p
>  @man man/man3p/Mail::SpamAssassin::Util::Progress.3p
> -@man man/man3p/Mail::SpamAssassin::Util::RegistrarBoundaries.3p
>  @man man/man3p/spamassassin-run.3p
>  share/doc/SpamAssassin/
>  share/doc/SpamAssassin/CREDITS
> @@ -242,6 +249,7 @@ share/examples/SpamAssassin/init.pre
>  @sample ${CONFDIR}/init.pre
>  share/examples/SpamAssassin/local.cf
>  @sample ${CONFDIR}/local.cf
> +@comment share/examples/SpamAssassin/svn_only.pre
>  share/examples/SpamAssassin/v310.pre
>  @sample ${CONFDIR}/v310.pre
>  share/examples/SpamAssassin/v312.pre
> @@ -254,6 +262,8 @@ share/examples/SpamAssassin/v340.pre
>  @sample ${CONFDIR}/v340.pre
>  share/examples/SpamAssassin/v341.pre
>  @sample ${CONFDIR}/v341.pre
> +share/examples/SpamAssassin/v342.pre
> +@sample ${CONFDIR}/v342.pre
>  share/spamassassin/
>  share/spamassassin/10_default_prefs.cf
>  share/spamassassin/10_hasbase.cf
> @@ -303,7 +313,9 @@ share/spamassassin/50_scores.cf
>  share/spamassassin/60_adsp_override_dkim.cf
>  share/spamassassin/60_awl.cf
>  share/spamassassin/60_shortcircuit.cf
> +share/spamassassin/60_txrep.cf
>  share/spamassassin/60_whitelist.cf
> +share/spamassassin/60_whitelist_auth.cf
>  share/spamassassin/60_whitelist_dkim.cf
>  share/spamassassin/60_whitelist_spf.cf
>  share/spamassassin/60_whitelist_subject.cf
> Index: pkg/spamassassin.rc
> ===================================================================
> RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/pkg/spamassassin.rc,v
> retrieving revision 1.6
> diff -u -p -r1.6 spamassassin.rc
> --- pkg/spamassassin.rc 11 Jan 2018 19:27:03 -0000 1.6
> +++ pkg/spamassassin.rc 18 Sep 2018 07:08:03 -0000
> @@ -7,6 +7,6 @@ daemon_flags="-u _spamdaemon -P"
>  
>  . /etc/rc.d/rc.subr
>  
> -pexp="perl: ${daemon}${daemon_flags:+ ${daemon_flags}}"
> +pexp="/usr/bin/perl -T -w ${daemon}${daemon_flags:+ ${daemon_flags}}"
>  
>  rc_cmd $1