From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Feb 15 02:20:05 2007 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CF1FF16A402 for ; Thu, 15 Feb 2007 02:20:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id B12F013C467 for ; Thu, 15 Feb 2007 02:20:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l1F2K52K081655 for ; Thu, 15 Feb 2007 02:20:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l1F2K5rb081651; Thu, 15 Feb 2007 02:20:05 GMT (envelope-from gnats) Resent-Date: Thu, 15 Feb 2007 02:20:05 GMT Resent-Message-Id: <200702150220.l1F2K5rb081651@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Michael Scheidell Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2F01216A401 for ; Thu, 15 Feb 2007 02:16:48 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from scanner.secnap.net (corp.secnap.com [204.89.241.135]) by mx1.freebsd.org (Postfix) with ESMTP id 0566413C467 for ; Thu, 15 Feb 2007 02:16:47 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: by scanner.secnap.net (Postfix, from userid 1001) id 7CCF71CCEA; Wed, 14 Feb 2007 21:16:47 -0500 (EST) Message-Id: <20070215021647.7CCF71CCEA@scanner.secnap.net> Date: Wed, 14 Feb 2007 21:16:47 -0500 (EST) From: Michael Scheidell To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: perl@FreeBSD.org Subject: ports/109186: security update: spamassassin 3.17 to 3.18 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 02:20:05 -0000 >Number: 109186 >Category: ports >Synopsis: security update: spamassassin 3.17 to 3.18 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Feb 15 02:20:05 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Michael Scheidell >Release: FreeBSD 5.5-RELEASE-p8 i386 >Organization: SECNAP Network Security >Environment: System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #2: Fri Dec 29 22:23:34 EST 2006 scheidell@scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_750 i386 FBSD 4,5, etc. Private note to maintainer: if no one wants to maintain this port, I would be willing to do it officially. I think you will see many of the past updates were submitted by me anyway. >Description: 3.1.8 is a major bug-fix release, including a potential DoS. The major highlights are: - bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly long URIs found in the message content. - bug 5240: disable perl module usage in update channels unless --allowplugins is specified - bug 5288: files with names starting/ending in whitespace weren't usable - bug 5056: remove Text::Wrap related code due to upstream issues - bug 5145: update spamassassin and sa-learn to better deal with STDIN - bug 5140 and 5179: improvements and bug fixes related to DomainKeys and DKIM support - several updates for Received header parsing - several documentation updates and random taint-variable related issues A more detailed change log can be read here: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes >How-To-Repeat: NA >Fix: patches to upgade Sa 3.1.7 to 3.1.8 Note: many patches in files/* removed due to being incorporated in SA source. these files should be removed from files/* patch-spamassassin.raw patch-sa-learn.raw patch-lib-Mail-SpamAssassin-SpamdForkScaling.pm here are patches: diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig p5-Mail-SpamAssassin diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/Makefile p5-Mail-SpamAssassin/Makefile --- /var/tmp/p5-Mail-SpamAssassin.orig/Makefile Mon Dec 25 11:52:04 2006 +++ p5-Mail-SpamAssassin/Makefile Wed Feb 14 20:39:25 2007 @@ -6,8 +6,7 @@ # PORTNAME= Mail-SpamAssassin -PORTVERSION= 3.1.7 -PORTREVISION= 3 +PORTVERSION= 3.1.8 CATEGORIES= mail perl5 MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:apache/} ${MASTER_SITE_PERL_CPAN:S/$/:cpan/} MASTER_SITE_SUBDIR= spamassassin/source/:apache Mail/:cpan diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/distinfo p5-Mail-SpamAssassin/distinfo --- /var/tmp/p5-Mail-SpamAssassin.orig/distinfo Mon Oct 30 21:10:14 2006 +++ p5-Mail-SpamAssassin/distinfo Wed Feb 14 20:41:12 2007 @@ -1,3 +1,3 @@ -MD5 (Mail-SpamAssassin-3.1.7.tar.gz) = 4b342c63949d47f3ce56b3fc1c8881c1 -SHA256 (Mail-SpamAssassin-3.1.7.tar.gz) = be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39 -SIZE (Mail-SpamAssassin-3.1.7.tar.gz) = 1168183 +MD5 (Mail-SpamAssassin-3.1.8.tar.gz) = 20a3a6b651a89dcc70634715ca833996 +#SHA256 (Mail-SpamAssassin-3.1.8.tar.gz) = be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39 +#SIZE (Mail-SpamAssassin-3.1.8.tar.gz) = 1168183 >Release-Note: >Audit-Trail: >Unformatted: