Date: Wed, 14 Feb 2007 21:16:47 -0500 (EST) From: Michael Scheidell <scheidell@secnap.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: perl@FreeBSD.org Subject: ports/109186: security update: spamassassin 3.17 to 3.18 Message-ID: <20070215021647.7CCF71CCEA@scanner.secnap.net> Resent-Message-ID: <200702150220.l1F2K5rb081651@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 109186 >Category: ports >Synopsis: security update: spamassassin 3.17 to 3.18 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Feb 15 02:20:05 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Michael Scheidell >Release: FreeBSD 5.5-RELEASE-p8 i386 >Organization: SECNAP Network Security >Environment: System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #2: Fri Dec 29 22:23:34 EST 2006 scheidell@scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_750 i386 FBSD 4,5, etc. Private note to maintainer: if no one wants to maintain this port, I would be willing to do it officially. I think you will see many of the past updates were submitted by me anyway. >Description: 3.1.8 is a major bug-fix release, including a potential DoS. The major highlights are: - bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly long URIs found in the message content. - bug 5240: disable perl module usage in update channels unless --allowplugins is specified - bug 5288: files with names starting/ending in whitespace weren't usable - bug 5056: remove Text::Wrap related code due to upstream issues - bug 5145: update spamassassin and sa-learn to better deal with STDIN - bug 5140 and 5179: improvements and bug fixes related to DomainKeys and DKIM support - several updates for Received header parsing - several documentation updates and random taint-variable related issues A more detailed change log can be read here: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes >How-To-Repeat: NA >Fix: patches to upgade Sa 3.1.7 to 3.1.8 Note: many patches in files/* removed due to being incorporated in SA source. these files should be removed from files/* patch-spamassassin.raw patch-sa-learn.raw patch-lib-Mail-SpamAssassin-SpamdForkScaling.pm here are patches: diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig p5-Mail-SpamAssassin diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/Makefile p5-Mail-SpamAssassin/Makefile --- /var/tmp/p5-Mail-SpamAssassin.orig/Makefile Mon Dec 25 11:52:04 2006 +++ p5-Mail-SpamAssassin/Makefile Wed Feb 14 20:39:25 2007 @@ -6,8 +6,7 @@ # PORTNAME= Mail-SpamAssassin -PORTVERSION= 3.1.7 -PORTREVISION= 3 +PORTVERSION= 3.1.8 CATEGORIES= mail perl5 MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:apache/} ${MASTER_SITE_PERL_CPAN:S/$/:cpan/} MASTER_SITE_SUBDIR= spamassassin/source/:apache Mail/:cpan diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/distinfo p5-Mail-SpamAssassin/distinfo --- /var/tmp/p5-Mail-SpamAssassin.orig/distinfo Mon Oct 30 21:10:14 2006 +++ p5-Mail-SpamAssassin/distinfo Wed Feb 14 20:41:12 2007 @@ -1,3 +1,3 @@ -MD5 (Mail-SpamAssassin-3.1.7.tar.gz) = 4b342c63949d47f3ce56b3fc1c8881c1 -SHA256 (Mail-SpamAssassin-3.1.7.tar.gz) = be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39 -SIZE (Mail-SpamAssassin-3.1.7.tar.gz) = 1168183 +MD5 (Mail-SpamAssassin-3.1.8.tar.gz) = 20a3a6b651a89dcc70634715ca833996 +#SHA256 (Mail-SpamAssassin-3.1.8.tar.gz) = be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39 +#SIZE (Mail-SpamAssassin-3.1.8.tar.gz) = 1168183 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070215021647.7CCF71CCEA>