From owner-svn-ports-head@freebsd.org Wed Mar 24 20:02:53 2021 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DF8395BE043; Wed, 24 Mar 2021 20:02:53 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F5K0Y5kNJz4v2W; Wed, 24 Mar 2021 20:02:53 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B794E1A255; Wed, 24 Mar 2021 20:02:53 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 12OK2rDG051537; Wed, 24 Mar 2021 20:02:53 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 12OK2rvU051534; Wed, 24 Mar 2021 20:02:53 GMT (envelope-from cy@FreeBSD.org) Message-Id: <202103242002.12OK2rvU051534@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Wed, 24 Mar 2021 20:02:53 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r569156 - head/mail/spamassassin X-SVN-Group: ports-head X-SVN-Commit-Author: cy X-SVN-Commit-Paths: head/mail/spamassassin X-SVN-Commit-Revision: 569156 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2021 20:02:53 -0000 Author: cy Date: Wed Mar 24 20:02:52 2021 New Revision: 569156 URL: https://svnweb.freebsd.org/changeset/ports/569156 Log: mail/spamassassin: Update 3.4.4 --> 3.4.5, fixing CVE-2020-1946 According to https://s.apache.org/ng9u9, 3.4.5 fixes CVE-2020-1946. The announce text: Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue of security note where malicious rule configuration (.cf) files can be configured to run system commands. In Apache SpamAssassin before 3.4.5, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. Apache SpamAssassin would like to thank Damian Lukowski at credativ for ethically reporting this issue. This issue has been assigned CVE id CVE-2020-1946 [2] To contact the Apache SpamAssassin security team, please e-mail security at spamassassin.apache.org. For more information about Apache SpamAssassin, visit the https://spamassassin.apache.org/ web site. Apache SpamAssassin Security Team [1]: https://s.apache.org/ng9u9 [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946 PR: 254526 Submitted by: cy Reported by: cy Approved by: maintainer (zeising) MFH: 2021Q1 Security: https://s.apache.org/ng9u9 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946 Modified: head/mail/spamassassin/Makefile (contents, props changed) head/mail/spamassassin/distinfo (contents, props changed) head/mail/spamassassin/pkg-plist (contents, props changed) Modified: head/mail/spamassassin/Makefile ============================================================================== --- head/mail/spamassassin/Makefile Wed Mar 24 19:26:50 2021 (r569155) +++ head/mail/spamassassin/Makefile Wed Mar 24 20:02:52 2021 (r569156) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= spamassassin -PORTVERSION= 3.4.4 +PORTVERSION= 3.4.5 CATEGORIES?= mail perl5 MASTER_SITES= APACHE/spamassassin/source CPAN/Mail DISTNAME= Mail-SpamAssassin-${PORTVERSION} Modified: head/mail/spamassassin/distinfo ============================================================================== --- head/mail/spamassassin/distinfo Wed Mar 24 19:26:50 2021 (r569155) +++ head/mail/spamassassin/distinfo Wed Mar 24 20:02:52 2021 (r569156) @@ -1,3 +1,3 @@ -TIMESTAMP = 1580419680 -SHA256 (Mail-SpamAssassin-3.4.4.tar.gz) = 8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60 -SIZE (Mail-SpamAssassin-3.4.4.tar.gz) = 3274482 +TIMESTAMP = 1616608645 +SHA256 (Mail-SpamAssassin-3.4.5.tar.gz) = a640842c5f3f468e3a21cbb9c555647306ec77807e57c5744ef0065e4a8675f6 +SIZE (Mail-SpamAssassin-3.4.5.tar.gz) = 6572220 Modified: head/mail/spamassassin/pkg-plist ============================================================================== --- head/mail/spamassassin/pkg-plist Wed Mar 24 19:26:50 2021 (r569155) +++ head/mail/spamassassin/pkg-plist Wed Mar 24 20:02:52 2021 (r569156) @@ -131,6 +131,7 @@ lib/libspamc.so.0 %%SITE_PERL%%/Mail/SpamAssassin/Util/TinyRedis.pm %%SITE_PERL%%/spamassassin-run.pod %%PERL5_MAN1%%/sa-awl.1.gz +%%PERL5_MAN1%%/sa-check_%%USER%%.1.gz %%PERL5_MAN1%%/sa-compile.1.gz %%PERL5_MAN1%%/sa-learn.1.gz %%PERL5_MAN1%%/sa-update.1.gz