rpms/spamass-milter/F-13 spamass-milter-0.3.1-popen.patch, NONE, 1.1 spamass-milter-0.3.1-prototype.patch, NONE, 1.1 spamass-milter-0.3.1-authuser.patch, 1.1, 1.2 spamass-milter-0.3.1-bits.patch, 1.1, 1.2 spamass-milter.spec, 1.22, 1.23 spamass-milter.sysconfig, 1.1, 1.2 spamass-milter.sysv, 1.4, 1.5 spamass-milter-0.3.1-macros.patch, 1.1, NONE

Mon Mar 22 16:14:52 UTC 2010

Author: pghmcfc

Update of /cvs/pkgs/rpms/spamass-milter/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22929/F-13

Modified Files:
	spamass-milter-0.3.1-authuser.patch 
	spamass-milter-0.3.1-bits.patch spamass-milter.spec 
	spamass-milter.sysconfig spamass-milter.sysv 
Added Files:
	spamass-milter-0.3.1-popen.patch 
	spamass-milter-0.3.1-prototype.patch 
Removed Files:
	spamass-milter-0.3.1-macros.patch 
Log Message:
* Fri Mar 12 2010 Paul Howarth <paul at city-fan.org> 0.3.1-17
- Update initscript to support running the milter as root, which is needed
  for the -x (expand aliases) option; note that the milter does not run as
  root by default
- Add patch for popen unsanitized input vulnerability
  (#572117, #572119, https://savannah.nongnu.org/bugs/?29136)
- Rebase authuser patch
- Update patch adding auth info to dummy Received-header so that it doesn't
  generate spurious warnings about missing macros (#532266), and update and
  merge the macro documentation patch into this patch
- Document patch usage in spec file


spamass-milter-0.3.1-popen.patch:
 spamass-milter.cpp |  162 +++++++++++++++++++++++++++--------------------------
 spamass-milter.h   |    1 
 2 files changed, 86 insertions(+), 77 deletions(-)

--- NEW FILE spamass-milter-0.3.1-popen.patch ---
Index: spamass-milter.cpp
===================================================================
RCS file: /cvsroot/spamass-milt/spamass-milt/spamass-milter.cpp,v
retrieving revision 1.91
diff -u -r1.91 spamass-milter.cpp
--- spamass-milter.cpp	24 Jul 2006 19:59:17 -0000	1.91
+++ spamass-milter.cpp	10 Mar 2010 18:52:22 -0000
@@ -171,10 +171,6 @@
 bool flag_expand = false;	/* alias/virtusertable expansion */
 bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
 
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
-#endif
-
 // {{{ main()
 
 int
@@ -461,59 +457,24 @@
 			   send another copy.  The milter API will not let you send the
 			   message AND return a failure code to the sender, so this is
 			   the only way to do it. */
-#if defined(__FreeBSD__)
-			int rv;
-#endif
-			
-#if defined(HAVE_ASPRINTF)
-			char *buf;
-#else
-			char buf[1024];
-#endif
-			char *fmt="%s \"%s\"";
+			char *popen_argv[3];
 			FILE *p;
 
-#if defined(HAVE_ASPRINTF)
-			asprintf(&buf, fmt, SENDMAIL, spambucket);
-#else
-#if defined(HAVE_SNPRINTF)
-			snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket);
-#else
-			/* XXX possible buffer overflow here */
-			sprintf(buf, fmt, SENDMAIL, spambucket);
-#endif
-#endif
-
-			debug(D_COPY, "calling %s", buf);
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-			rv = pthread_mutex_lock(&popen_mutex);
-			if (rv)
-			{
-				debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
-				abort();
-			}		
-#endif
-			p = popen(buf, "w");
+			popen_argv[0] = SENDMAIL;
+			popen_argv[1] = spambucket;
+			popen_argv[2] = NULL;
+			
+			debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
+			p = popenv(popen_argv, "w");
 			if (!p)
 			{
-				debug(D_COPY, "popen failed(%s).  Will not send a copy to spambucket", strerror(errno));
+				debug(D_COPY, "popenv failed(%s).  Will not send a copy to spambucket", strerror(errno));
 			} else
 			{
 				// Send message provided by SpamAssassin
 				fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
-				pclose(p); p = NULL;
+				fclose(p); p = NULL;
 			}
-#if defined(__FreeBSD__)
-			rv = pthread_mutex_unlock(&popen_mutex);
-			if (rv)
-			{
-				debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
-				abort();
-			}		
-#endif
-#if defined(HAVE_ASPRINTF)
-			free(buf);
-#endif 
 		}
 		return SMFIS_REJECT;
 	}
@@ -842,30 +803,19 @@
 		/* open a pipe to sendmail so we can do address expansion */
 
 		char buf[1024];
-		char *fmt="%s -bv \"%s\" 2>&1";
-
-#if defined(HAVE_SNPRINTF)
-		snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
-#else
-		/* XXX possible buffer overflow here */
-		sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
-#endif
+		char *popen_argv[4];
+		
+		popen_argv[0] = SENDMAIL;
+		popen_argv[1] = "-bv";
+		popen_argv[2] = envrcpt[0];
+		popen_argv[3] = NULL;
 
-		debug(D_RCPT, "calling %s", buf);
+		debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
 
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-		rv = pthread_mutex_lock(&popen_mutex);
-		if (rv)
-		{
-			debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
-			abort();
-		}		
-#endif
-
-		p = popen(buf, "r");
+		p = popenv(popen_argv, "r");
 		if (!p)
 		{
-			debug(D_RCPT, "popen failed(%s).  Will not expand aliases", strerror(errno));
+			debug(D_RCPT, "popenv failed(%s).  Will not expand aliases", strerror(errno));
 			assassin->expandedrcpt.push_back(envrcpt[0]);
 		} else
 		{
@@ -890,16 +840,8 @@
 					assassin->expandedrcpt.push_back(p+7);
 				}
 			}
-			pclose(p); p = NULL;
+			fclose(p); p = NULL;
 		}
-#if defined(__FreeBSD__)
-		rv = pthread_mutex_unlock(&popen_mutex);
-		if (rv)
-		{
-			debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
-			abort();
-		}		
-#endif
 	} else
 	{
 		assassin->expandedrcpt.push_back(envrcpt[0]);
@@ -2157,5 +2099,71 @@
 	warnedmacro = true;
 }
 
+/*
+   untrusted-argument-safe popen function - only supports "r" and "w" modes
+   for simplicity, and always reads stdout and stderr in "r" mode.  Call
+   fclose to close the FILE.
+*/
+FILE *popenv(char *const argv[], const char *type)
+{
+	FILE *iop;
+	int pdes[2];
+	int save_errno;
+	if ((*type != 'r' && *type != 'w') || type[1])
+	{
+		errno = EINVAL;
+		return (NULL);
+	}
+	if (pipe(pdes) < 0)
+		return (NULL);
+	switch (fork()) {
+	
+	case -1:			/* Error. */
+		save_errno = errno;
+		(void)close(pdes[0]);
+		(void)close(pdes[1]);
+		errno = save_errno;
+		return (NULL);
+		/* NOTREACHED */
+	case 0:				/* Child. */
+		if (*type == 'r') {
+			/*
+			 * The dup2() to STDIN_FILENO is repeated to avoid
+			 * writing to pdes[1], which might corrupt the
+			 * parent's copy.  This isn't good enough in
+			 * general, since the exit() is no return, so
+			 * the compiler is free to corrupt all the local
+			 * variables.
+			 */
+			(void)close(pdes[0]);
+			(void)dup2(pdes[1], STDOUT_FILENO);
+			(void)dup2(pdes[1], STDERR_FILENO);
+			if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
+				(void)close(pdes[1]);
+			} 
+		} else {
+			if (pdes[0] != STDIN_FILENO) {
+				(void)dup2(pdes[0], STDIN_FILENO);
+				(void)close(pdes[0]);
+			}
+			(void)close(pdes[1]);
+		}
+		execv(argv[0], argv);
+		exit(127);
+		/* NOTREACHED */
+	}
+
+	/* Parent; assume fdopen can't fail. */
+	if (*type == 'r') {
+		iop = fdopen(pdes[0], type);
+		(void)close(pdes[1]);
+	} else {
+		iop = fdopen(pdes[1], type);
+		(void)close(pdes[0]);
+	}
+
+	return (iop);
+}
+
 // }}}
 // vim6:ai:noexpandtab
Index: spamass-milter.h
===================================================================
RCS file: /cvsroot/spamass-milt/spamass-milt/spamass-milter.h,v
retrieving revision 1.23
diff -u -r1.23 spamass-milter.h
--- spamass-milter.h	7 Apr 2005 02:04:24 -0000	1.23
+++ spamass-milter.h	10 Mar 2010 18:52:22 -0000
@@ -186,5 +186,6 @@
 void parse_debuglevel(char* string);
 char *strlwr(char *str);
 void warnmacro(char *macro, char *scope);
+FILE *popenv(char *const argv[], const char *type);
 
 #endif

spamass-milter-0.3.1-prototype.patch:
 spamass-milter.cpp |    2 ++
 1 file changed, 2 insertions(+)

--- NEW FILE spamass-milter-0.3.1-prototype.patch ---
Tentative upstream patch (spamass-milter-0.3.1-popen.patch)
for #572119 is missing a function prototype for the new
popenv() function.

--- spamass-milter-0.3.1/spamass-milter.cpp	2010-03-18 15:41:48.289366915 +0000
+++ spamass-milter-0.3.1/spamass-milter.cpp	2010-03-18 15:45:26.753239751 +0000
@@ -127,6 +127,8 @@
 #define INADDR_LOOPBACK 0x7F000001
 #endif
 
+FILE *popenv(char *const argv[], const char *type);
+
 // }}} 
 
 static const char Id[] = "$Id: spamass-milter.cpp,v 1.90 2006/03/23 21:41:36 dnelson Exp $";

spamass-milter-0.3.1-authuser.patch:
 spamass-milter.1.in |    3 +++
 spamass-milter.cpp  |   26 ++++++++++++++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

Index: spamass-milter-0.3.1-authuser.patch
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter-0.3.1-authuser.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- spamass-milter-0.3.1-authuser.patch	24 Apr 2009 16:01:25 -0000	1.1
+++ spamass-milter-0.3.1-authuser.patch	22 Mar 2010 16:14:51 -0000	1.2
@@ -1,14 +1,14 @@
---- spamass-milter-0.3.1/spamass-milter.cpp.ori	2009-04-20 21:11:55.000000000 -0500
-+++ spamass-milter-0.3.1/spamass-milter.cpp	2009-04-20 21:14:20.000000000 -0500
+--- spamass-milter-0.3.1/spamass-milter.cpp.authuser	2010-03-18 15:38:38.414240811 +0000
++++ spamass-milter-0.3.1/spamass-milter.cpp		2010-03-18 15:39:27.751241308 +0000
 @@ -172,6 +172,7 @@
  bool flag_full_email = false;		/* pass full email address to spamc */
  bool flag_expand = false;	/* alias/virtusertable expansion */
  bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
 +bool ignore_authenticated_senders = false;	/* authenticated users bypass spam checks */
  
- #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
-@@ -183,7 +184,7 @@
+ // {{{ main()
+ 
+@@ -179,7 +180,7 @@
  main(int argc, char* argv[])
  {
     int c, err = 0;
@@ -17,7 +17,7 @@
     char *sock = NULL;
     char *group = NULL;
     bool dofork = false;
-@@ -216,6 +217,10 @@
+@@ -212,6 +213,10 @@
  				debug(D_MISC, "Parsing ignore list");
  				parse_networklist(optarg, &ignorenets);
  				break;
@@ -28,7 +28,7 @@
  			case 'm':
  				dontmodifyspam = true;
  				smfilter.xxfi_flags &= ~SMFIF_CHGBODY;
-@@ -286,7 +291,7 @@
+@@ -282,7 +287,7 @@
        cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl;
        cout << "SpamAssassin Sendmail Milter Plugin" << endl;
        cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
@@ -37,7 +37,7 @@
        cout << "                      [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
        cout << "                      [-- spamc args ]" << endl;
        cout << "   -p socket: path to create socket" << endl;
-@@ -301,6 +306,7 @@
+@@ -297,6 +302,7 @@
        cout << "   -f: fork into background" << endl;
        cout << "   -i: skip (ignore) checks from these IPs or netblocks" << endl;
        cout << "          example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
@@ -45,7 +45,7 @@
        cout << "   -m: don't modify body, Content-type: or Subject:" << endl;
        cout << "   -M: don't modify the message at all" << endl;
        cout << "   -P pidfile: Put processid in pidfile" << endl;
-@@ -812,6 +818,22 @@
+@@ -773,6 +779,22 @@
    }
    /* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */
  
@@ -68,9 +68,8 @@
    debug(D_FUNC, "mlfi_envfrom: enter");
    try {
      // launch new SpamAssassin
-
---- spamass-milter-0.3.1/spamass-milter.1.in.ori	2009-04-20 21:11:55.000000000 -0500
-+++ spamass-milter-0.3.1/spamass-milter.1.in	2009-04-20 21:17:36.000000000 -0500
+--- spamass-milter-0.3.1/spamass-milter.1.in.authuser	2010-03-18 15:38:38.407240309 +0000
++++ spamass-milter-0.3.1/spamass-milter.1.in		2010-03-18 15:38:38.417240342 +0000
 @@ -15,6 +15,7 @@
  .Op Fl f
  .Op Fl g Ar group

spamass-milter-0.3.1-bits.patch:
 README             |   20 ++++++-
 spamass-milter.cpp |  134 ++++++++++++++++++++++++++++++++++++++---------------
 spamass-milter.h   |    8 +--
 3 files changed, 119 insertions(+), 43 deletions(-)

Index: spamass-milter-0.3.1-bits.patch
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter-0.3.1-bits.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- spamass-milter-0.3.1-bits.patch	24 Apr 2009 16:01:25 -0000	1.1
+++ spamass-milter-0.3.1-bits.patch	22 Mar 2010 16:14:51 -0000	1.2
@@ -1,54 +1,202 @@
---- spamass-milter-0.3.1/spamass-milter.cpp.orig	2009-04-20 21:29:57.000000000 -0500
-+++ spamass-milter-0.3.1/spamass-milter.cpp	2009-04-20 22:07:51.000000000 -0500
-@@ -975,7 +975,9 @@
+diff -up spamass-milter-0.3.1/README.bits spamass-milter-0.3.1/README
+--- spamass-milter-0.3.1/README.bits	2010-03-22 14:50:10.404092602 +0000
++++ spamass-milter-0.3.1/README	2010-03-22 14:51:26.198958883 +0000
+@@ -54,15 +54,27 @@ Now you need to make sendmail use the pl
+ configuring sendmail through m4 & the sendmail.mc files. In this case
+ adding the lines
+ 
+-INPUT_MAIL_FILTER(`spamassassin', `S=unix:%{_localstatedir}/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
+-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
+-
++INPUT_MAIL_FILTER(`spamassassin', `S=unix:%{_localstatedir}/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
++define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
++ 
+ should do the trick. Of course you need to modify the path of the
+ socket if you put another one into the startup script. The timeouts
+ have been increased somewhat because SpamAssassin may chew on it for a
+ little while on a slow machine.
+ 
++If you are using multiple milter mail filters on your mail server, you may
++have overridden the default values of some of the confMILTER_MACROS_*
++macros whilst configuring the other filters. You need to ensure that at
++least the following values are present:
++
++confMILTER_MACROS_CONNECT must include the {j} and {_} macros
++(all included by default)
++
++confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen} and {auth_ssf}
++macros (all included by default)
++
++confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros
++
+ Now recreate sendmail.cf, restart sendmail and experiment around a bit
+ with the setup to make sure it is working.
+ 
+diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spamass-milter.cpp
+--- spamass-milter-0.3.1/spamass-milter.cpp.bits	2010-03-22 14:50:10.433025554 +0000
++++ spamass-milter-0.3.1/spamass-milter.cpp	2010-03-22 14:53:16.528833350 +0000
+@@ -736,6 +736,7 @@ sfsistat 
+ mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr)
+ {
+ 	struct context *sctx;
++	const char *macro_j, *macro__;
+ 	int rv;
+ 
+ 	debug(D_FUNC, "mlfi_connect: enter");
+@@ -753,8 +754,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
+ 	}
+ 	sctx->assassin = NULL;
+ 	sctx->helo = NULL;
+-	
+-	/* store a pointer to it with setpriv */
++	sctx->our_fqdn = NULL;
++	sctx->sender_address = NULL;
++	sctx->queueid = NULL;
++	sctx->auth_authen = NULL;
++	sctx->auth_ssf = NULL;
++
++	/* store our FQDN */
++	macro_j = smfi_getsymval(ctx, "j");
++	if (!macro_j)
++	{
++		macro_j = "localhost";
++		warnmacro("j", "CONNECT");
++	}
++	sctx->our_fqdn = strdup(macro_j);
++
++	/* store the validated sending site's address */
++	macro__ = smfi_getsymval(ctx, "_");
++	if (!macro__)
++	{
++		macro__ = "unknown";
++		warnmacro("_", "CONNECT");
++	}
++	sctx->sender_address = strdup(macro__);
++
++	/* store a pointer to our private data with setpriv */
+ 	rv = smfi_setpriv(ctx, sctx);
+ 	if (rv != MI_SUCCESS)
+ 	{
+@@ -803,7 +827,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ {
+   SpamAssassin* assassin;
+   struct context *sctx = (struct context *)smfi_getpriv(ctx);
+-  char *queueid;
++  const char *queueid, *macro_auth_ssf, *macro_auth_authen;
+ 
+   if (sctx == NULL)
+   {
+@@ -829,17 +853,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ 
+   // remember the MAIL FROM address
+   assassin->set_from(string(envfrom[0]));
+-  
++
++  // remember the queueid for this message
+   queueid=smfi_getsymval(ctx,"i");
+   if (!queueid)
+   {
+     queueid="unknown";
+     warnmacro("i", "ENVFROM");
+   }
+-  assassin->queueid = queueid;
+-
++  sctx->queueid = strdup(queueid);
+   debug(D_MISC, "queueid=%s", queueid);
+ 
++  // remember the SMTP AUTH login name
++  macro_auth_authen = smfi_getsymval(ctx, "{auth_authen}");
++  if (!macro_auth_authen)
++  {
++    macro_auth_authen = "";
++    // Don't issue a warning for the auth_authen macro as
++    // it is likely to be unset much of the time - it's
++    // only set if the client has authenticated.
++    //
++    // Similarly, we only issue warnings for the other
++    // auth-related macros if {auth_authen) is available.
++    //
++    // warnmacro("auth_authen", "ENVFROM");
++  }
++  sctx->auth_authen = strdup(macro_auth_authen);
++
++  // remember the SASL cipher bits
++  macro_auth_ssf = smfi_getsymval(ctx, "{auth_ssf}");
++  if (!macro_auth_ssf)
++  {
++    macro_auth_ssf = "";
++    if (strlen(macro_auth_authen)) {
++      warnmacro("auth_ssf", "ENVFROM");
++    }
++  }
++  sctx->auth_ssf = strdup(macro_auth_ssf);
++
+   // tell Milter to continue
+   debug(D_FUNC, "mlfi_envfrom: exit");
+ 
+@@ -953,7 +1004,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
  		   
  		*/
  		const char *macro_b, *macro_i, *macro_j, *macro_r,
 -		           *macro_s, *macro_v, *macro_Z, *macro__;
 +		           *macro_s, *macro_v, *macro_Z, *macro__,
-+			   *macro_auth_ssf, *macro_auth_authen, *macro_auth_author,
-+			   *macro_auth_type;
++			   *macro_auth_ssf, *macro_auth_authen;
  		char date[32];
  
  		/* RFC 822 date. */
-@@ -1013,6 +1015,36 @@
+@@ -968,20 +1020,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 		}
+ 
+ 		/* queue ID */
+-		macro_i = smfi_getsymval(ctx, "i");
+-		if (!macro_i)
+-		{
+-			macro_i = "unknown";
+-			warnmacro("i", "ENVRCPT");
+-		}
++		macro_i = sctx->queueid;
+ 
+-		/* FQDN of this site */
+-		macro_j = smfi_getsymval(ctx, "j");
+-		if (!macro_j)
+-		{
+-			macro_j = "localhost";
+-			warnmacro("j", "ENVRCPT");
+-		}
++		/* FQDN */
++		macro_j = sctx->our_fqdn;
++
++		/* Sender address */
++		macro__ = sctx->sender_address;
+ 
+ 		/* Protocol used to receive the message */
+ 		macro_r = smfi_getsymval(ctx, "r");
+@@ -990,7 +1035,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 			macro_r = "SMTP";
  			warnmacro("r", "ENVRCPT");
  		}
- 			
-+		/* Authenticated bits Information */
-+		macro_auth_ssf = smfi_getsymval(ctx, "{auth_ssf}");
-+		if (!macro_auth_ssf)
-+		{
-+			macro_auth_ssf = "";
-+			warnmacro("auth_ssf", "ENVRCPT");
-+		}
-+			
-+		macro_auth_authen = smfi_getsymval(ctx, "{auth_authen}");
-+		if (!macro_auth_authen)
-+		{
-+			macro_auth_authen = "";
-+			warnmacro("auth_authen", "ENVRCPT");
-+		}
-+			
-+		macro_auth_author = smfi_getsymval(ctx, "{auth_author}");
-+		if (!macro_auth_author)
-+		{
-+			macro_auth_author = "";
-+			warnmacro("auth_author", "ENVRCPT");
-+		}
-+			
-+		macro_auth_type = smfi_getsymval(ctx, "{auth_type}");
-+		if (!macro_auth_type)
-+		{
-+			macro_auth_type = "";
-+			warnmacro("auth_type", "ENVRCPT");
-+		}
-+			
-+			
+-			
++
++		/* SMTP AUTH details */
++		macro_auth_authen = sctx->auth_authen;
++		macro_auth_ssf = sctx->auth_ssf;
++
  		/* Sendmail currently cannot pass us the {s} macro, but
  		   I do not know why.  Leave this in for the day sendmail is
  		   fixed.  Until that day, use the value remembered by
-@@ -1051,11 +1083,21 @@
+@@ -1018,22 +1067,24 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 			warnmacro("Z", "ENVRCPT");
+ 		}
+ 
+-		/* Validated sending site's address */
+-		macro__ = smfi_getsymval(ctx, "_");
+-		if (!macro__)
+-		{
+-			macro__ = "unknown";
+-			warnmacro("_", "ENVRCPT");
+-		}
+-
  		assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
  		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
  
@@ -75,3 +223,58 @@
  
  	} else
  		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
+@@ -1279,16 +1330,27 @@ mlfi_close(SMFICTX* ctx)
+ {
+   struct context *sctx;
+   debug(D_FUNC, "mlfi_close");
+-  
++
+   sctx = (struct context*)smfi_getpriv(ctx);
+   if (sctx == NULL)
+     return SMFIS_ACCEPT;
+ 
+   if (sctx->helo)
+   	free(sctx->helo);
++  if (sctx->our_fqdn)
++  	free(sctx->our_fqdn);
++  if (sctx->sender_address)
++  	free(sctx->sender_address);
++  if (sctx->queueid)
++  	free(sctx->queueid);
++  if (sctx->auth_authen)
++  	free(sctx->auth_authen);
++  if (sctx->auth_ssf)
++  	free(sctx->auth_ssf);
++
+   free(sctx);
+   smfi_setpriv(ctx, NULL);
+-  
++
+   return SMFIS_ACCEPT;
+ }
+ 
+diff -up spamass-milter-0.3.1/spamass-milter.h.bits spamass-milter-0.3.1/spamass-milter.h
+--- spamass-milter-0.3.1/spamass-milter.h.bits	2006-03-23 22:07:55.000000000 +0000
++++ spamass-milter-0.3.1/spamass-milter.h	2010-03-22 14:51:52.766971871 +0000
+@@ -154,9 +154,6 @@ public:  
+   // List of recipients after alias/virtusertable expansion
+   list <string> expandedrcpt;
+ 
+-  // the sendmail queue id for this message; used for logging
+-  string queueid;
+-
+   // Process handling variables
+   pid_t pid;
+   int pipe_io[2][2];
+@@ -167,6 +164,11 @@ struct context
+ {
+ 	struct in_addr connect_ip;	// remote IP address
+ 	char *helo;
++	char *our_fqdn;
++	char *sender_address;
++	char *queueid;
++	char *auth_authen;
++	char *auth_ssf;
+ 	SpamAssassin *assassin; // pointer to the SA object if we're processing a message
+ };
+ 


Index: spamass-milter.spec
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -p -r1.22 -r1.23
--- spamass-milter.spec	11 Aug 2009 13:52:57 -0000	1.22
+++ spamass-milter.spec	22 Mar 2010 16:14:52 -0000	1.23
@@ -1,7 +1,7 @@
 Summary:	Milter (mail filter) for spamassassin
 Name:		spamass-milter
 Version:	0.3.1
-Release:	16%{?dist}
+Release:	17%{?dist}
 License:	GPLv2+
 Group:		System Environment/Daemons
 URL:		http://savannah.nongnu.org/projects/spamass-milt/
@@ -11,11 +11,12 @@ Source2:	spamass-milter.sysv
 Source3:	spamass-milter.sysconfig
 Source4:	spamass-milter.README.Postfix
 Patch0:		spamass-milter-0.3.1-pathnames.patch
-Patch1:		spamass-milter-0.3.1-macros.patch
 Patch2:		spamass-milter-0.3.1-group.patch
 Patch3:		spamass-milter-0.3.1-rcvd.patch
 Patch4:		spamass-milter-0.3.1-bits.patch
-Patch5:		spamass-milter-0.3.1-authuser.patch
+Patch5:		spamass-milter-0.3.1-popen.patch
+Patch6:		spamass-milter-0.3.1-prototype.patch
+Patch7:		spamass-milter-0.3.1-authuser.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	spamassassin, sendmail-devel
 Requires:	spamassassin, /usr/sbin/sendmail
@@ -46,12 +47,31 @@ socket to communicate with the Postfix M
 
 %prep
 %setup -q
+
+# Local patch for initscript and socket paths
 %patch0 -p1 -b .pathnames
-%patch1 -p1 -b .macros
+
+# Add -g option for group-writable socket for Postfix support (#452248)
 %patch2 -p1 -b .group
+
+# Fix Received-header generation (#496763)
 %patch3 -p1 -b .rcvd
+
+# Add authentication info to dummy Received-header (#496769)
 %patch4 -p1 -b .bits
-%patch5 -p1 -b .authuser
+
+# Preliminary upstream patch for input validation bug letting
+# remote users execute arbitrary code (#572117, #572119)
+# https://savannah.nongnu.org/bugs/?29136
+%patch5 -p0 -b .popen
+
+# Add function prototype missing from patch5
+%patch6 -p1 -b .proto
+
+# Add -I option to ignore (don't check) mail from authenticated users
+# (#437506, #496767) https://savannah.nongnu.org/bugs/?21046
+%patch7 -p1 -b .authuser
+
 %{__cp} -p %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} .
 %{__sed} -i -e 's|%%{_localstatedir}|%{_localstatedir}|g;
 		s|%%{_initrddir}|%{_initrddir}|g;
@@ -123,6 +143,18 @@ fi
 %dir %attr(-,sa-milt,postfix) %{_localstatedir}/run/spamass-milter/postfix/
 
 %changelog
+* Fri Mar 12 2010 Paul Howarth <paul at city-fan.org> 0.3.1-17
+- Update initscript to support running the milter as root, which is needed
+  for the -x (expand aliases) option; note that the milter does not run as
+  root by default
+- Add patch for popen unsanitized input vulnerability
+  (#572117, #572119, https://savannah.nongnu.org/bugs/?29136)
+- Rebase authuser patch
+- Update patch adding auth info to dummy Received-header so that it doesn't
+  generate spurious warnings about missing macros (#532266), and update and
+  merge the macro documentation patch into this patch
+- Document patch usage in spec file
+
 * Tue Aug 11 2009 Paul Howarth <paul at city-fan.org> 0.3.1-16
 - Switch to bzipped source tarball
 


Index: spamass-milter.sysconfig
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter.sysconfig,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- spamass-milter.sysconfig	12 Oct 2007 11:29:06 -0000	1.1
+++ spamass-milter.sysconfig	22 Mar 2010 16:14:52 -0000	1.2
@@ -1,6 +1,13 @@
 ### Override for your different local config
 #SOCKET=%{_localstatedir}/run/spamass-milter/spamass-milter.sock
 
+### For security reasons it is best to run the milter as a non-root user
+###
+### However, if you need to use the -x option to expand aliases to get
+### the username(s) to pass to spamc, the milter needs to run as root
+### since "sendmail -bv <rcpt_address>" only works as root
+#RUN_AS_USER=sa-milt
+
 ### Standard parameters for spamass-milter are:
 ### -P %{_localstatedir}/run/spamass-milter.pid (PID file)
 ###


Index: spamass-milter.sysv
===================================================================
RCS file: /cvs/pkgs/rpms/spamass-milter/F-13/spamass-milter.sysv,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- spamass-milter.sysv	18 Mar 2009 16:11:19 -0000	1.4
+++ spamass-milter.sysv	22 Mar 2010 16:14:52 -0000	1.5
@@ -24,6 +24,7 @@
 
 # Default variables
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
+RUN_AS_USER=sa-milt
 SOCKET="%{_localstatedir}/run/spamass-milter/spamass-milter.sock"
 SOCKET_OPTIONS=""
 EXTRA_FLAGS=""
@@ -49,12 +50,15 @@ prog="spamass-milter"
 desc="SpamAssassin milter"
 pidfile=%{_localstatedir}/run/spamass-milter.pid
 
+# Fix ownership of socket directory if necessary
+chown ${RUN_AS_USER} %{_localstatedir}/run/spamass-milter
+
 start() {
 	echo -n $"Starting ${desc} (${prog}): "
 	touch ${pidfile}
-	chown sa-milt:sa-milt ${pidfile}
+	chown ${RUN_AS_USER} ${pidfile}
 	[ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile}
-	daemon --user sa-milt %{_sbindir}/${prog}-wrapper ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} ${EXTRA_FLAGS}
+	daemon --user ${RUN_AS_USER} %{_sbindir}/${prog}-wrapper ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} ${EXTRA_FLAGS}
 	RETVAL=$?
 	echo
 	if [ ${RETVAL} -eq 0 ]; then


--- spamass-milter-0.3.1-macros.patch DELETED ---

