[spamass-milter/f14] Update to 0.3.2
Paul Howarth
pghmcfc at fedoraproject.org
Wed Aug 24 19:13:04 UTC 2011
commit d20ae4c5cba38e726b9937f0981aaf18fd5336cc
Author: Paul Howarth <paul at city-fan.org>
Date: Tue Feb 15 15:45:19 2011 +0000
Update to 0.3.2
- New upstream release, with upstream fix for popen unsanitized input
vulnerability: CVE-2010-1132, #572117, #572119
http://savannah.nongnu.org/bugs/?29136
- Drop popen patch, now upstream
- Rework syntax, rcvd and bits patches to apply against new codebase
.gitignore | 2 +-
sources | 2 +-
spamass-milter-0.3.1-popen.patch | 223 --------------------
spamass-milter-0.3.1-rcvd.patch | 25 ---
...1-bits.patch => spamass-milter-0.3.2-bits.patch | 39 ++--
spamass-milter-0.3.2-rcvd.patch | 23 ++
...ntax.patch => spamass-milter-0.3.2-syntax.patch | 100 +++++----
spamass-milter.spec | 23 +-
8 files changed, 115 insertions(+), 322 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index dcd9573..05dd470 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-spamass-milter-0.3.1.tar.bz2
+/spamass-milter-0.3.2.tar.bz2
diff --git a/sources b/sources
index 5d6a354..d15c25a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-5f3a441de032c7c044cbb7b922311f1b spamass-milter-0.3.1.tar.bz2
+740b4bcb93eca2bbc3863d0042b26533 spamass-milter-0.3.2.tar.bz2
diff --git a/spamass-milter-0.3.1-bits.patch b/spamass-milter-0.3.2-bits.patch
similarity index 85%
rename from spamass-milter-0.3.1-bits.patch
rename to spamass-milter-0.3.2-bits.patch
index 9634795..8b1cc75 100644
--- a/spamass-milter-0.3.1-bits.patch
+++ b/spamass-milter-0.3.2-bits.patch
@@ -9,15 +9,16 @@ http://www.gossamer-threads.com/lists/spamassassin/users/146948
This patch also moves some of the macro collection to the
ENVFROM callback, where the required macros are available by default.
-diff -up spamass-milter-0.3.1/README.bits spamass-milter-0.3.1/README
---- spamass-milter-0.3.1/README.bits 2005-08-15 16:10:47.000000000 +0100
-+++ spamass-milter-0.3.1/README 2010-03-23 20:53:44.477918068 +0000
-@@ -55,14 +55,26 @@ configuring sendmail through m4 & the se
+diff -up spamass-milter-0.3.2/README.bits spamass-milter-0.3.2/README
+--- spamass-milter-0.3.2/README.bits 2008-04-23 17:11:42.000000000 +0100
++++ spamass-milter-0.3.2/README 2011-02-15 11:02:47.877271392 +0000
+@@ -55,15 +55,26 @@ configuring sendmail through m4 & the se
adding the lines
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
+-define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
+define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
should do the trick. Of course you need to modify the path of the
@@ -41,10 +42,10 @@ diff -up spamass-milter-0.3.1/README.bits spamass-milter-0.3.1/README
Now recreate sendmail.cf, restart sendmail and experiment around a bit
with the setup to make sure it is working.
-diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spamass-milter.cpp
---- spamass-milter-0.3.1/spamass-milter.cpp.bits 2010-03-23 20:52:11.178272813 +0000
-+++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-23 20:52:11.182271053 +0000
-@@ -741,6 +741,7 @@ sfsistat
+diff -up spamass-milter-0.3.2/spamass-milter.cpp.bits spamass-milter-0.3.2/spamass-milter.cpp
+--- spamass-milter-0.3.2/spamass-milter.cpp.bits 2011-02-15 10:53:49.349259089 +0000
++++ spamass-milter-0.3.2/spamass-milter.cpp 2011-02-15 10:53:49.353259721 +0000
+@@ -678,6 +678,7 @@ sfsistat
mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr)
{
struct context *sctx;
@@ -52,7 +53,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
int rv;
debug(D_FUNC, "mlfi_connect: enter");
-@@ -758,8 +759,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
+@@ -695,8 +696,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
}
sctx->assassin = NULL;
sctx->helo = NULL;
@@ -86,7 +87,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
rv = smfi_setpriv(ctx, sctx);
if (rv != MI_SUCCESS)
{
-@@ -808,7 +832,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+@@ -745,7 +769,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
{
SpamAssassin* assassin;
struct context *sctx = (struct context *)smfi_getpriv(ctx);
@@ -95,7 +96,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
if (sctx == NULL)
{
-@@ -834,17 +858,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+@@ -787,17 +811,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
// remember the MAIL FROM address
assassin->set_from(string(envfrom[0]));
@@ -143,7 +144,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
// tell Milter to continue
debug(D_FUNC, "mlfi_envfrom: exit");
-@@ -958,7 +1009,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -888,7 +939,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
*/
const char *macro_b, *macro_i, *macro_j, *macro_r,
@@ -153,7 +154,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
char date[32];
/* RFC 822 date. */
-@@ -973,20 +1025,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -903,20 +955,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
}
/* queue ID */
@@ -180,7 +181,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
/* Protocol used to receive the message */
macro_r = smfi_getsymval(ctx, const_cast<char *>("r"));
-@@ -995,7 +1040,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -925,7 +970,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
macro_r = "SMTP";
warnmacro("r", "ENVRCPT");
}
@@ -193,7 +194,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
/* Sendmail currently cannot pass us the {s} macro, but
I do not know why. Leave this in for the day sendmail is
fixed. Until that day, use the value remembered by
-@@ -1023,22 +1072,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -953,22 +1002,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
warnmacro("Z", "ENVRCPT");
}
@@ -231,7 +232,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
} else
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
-@@ -1284,16 +1336,27 @@ mlfi_close(SMFICTX* ctx)
+@@ -1214,16 +1266,27 @@ mlfi_close(SMFICTX* ctx)
{
struct context *sctx;
debug(D_FUNC, "mlfi_close");
@@ -261,9 +262,9 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spama
return SMFIS_ACCEPT;
}
-diff -up spamass-milter-0.3.1/spamass-milter.h.bits spamass-milter-0.3.1/spamass-milter.h
---- spamass-milter-0.3.1/spamass-milter.h.bits 2010-03-23 20:52:11.171272762 +0000
-+++ spamass-milter-0.3.1/spamass-milter.h 2010-03-23 20:52:11.183271628 +0000
+diff -up spamass-milter-0.3.2/spamass-milter.h.bits spamass-milter-0.3.2/spamass-milter.h
+--- spamass-milter-0.3.2/spamass-milter.h.bits 2011-02-15 10:53:49.342257983 +0000
++++ spamass-milter-0.3.2/spamass-milter.h 2011-02-15 10:53:49.354259879 +0000
@@ -154,9 +154,6 @@ public:
// List of recipients after alias/virtusertable expansion
list <string> expandedrcpt;
diff --git a/spamass-milter-0.3.2-rcvd.patch b/spamass-milter-0.3.2-rcvd.patch
new file mode 100644
index 0000000..7db55b1
--- /dev/null
+++ b/spamass-milter-0.3.2-rcvd.patch
@@ -0,0 +1,23 @@
+The code in spamass-milter.cpp that tries to create a
+Sendmail-compatible header was broken and generated a header
+that was incorrectly parsed by SpamAssassin.
+
+This is mostly fixed now apart from the space that needs
+adding prior to the "(" between macro_j and macro_v.
+
+https://savannah.nongnu.org/bugs/index.php?17178
+http://bugs.debian.org/510665
+http://bugzilla.redhat.com/496763
+
+diff -up spamass-milter-0.3.2/spamass-milter.cpp.rcvd spamass-milter-0.3.2/spamass-milter.cpp
+--- spamass-milter-0.3.2/spamass-milter.cpp.rcvd 2011-02-15 10:46:55.000000000 +0000
++++ spamass-milter-0.3.2/spamass-milter.cpp 2011-02-15 10:50:25.538111680 +0000
+@@ -966,7 +966,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+
+ assassin->output((string)
+ "Received: from "+macro_s+" ("+macro__+")\r\n\t"+
+- "by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
++ "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
+ macro_b+"\r\n\t"+
+ "(envelope-from "+assassin->from()+")\r\n");
+
diff --git a/spamass-milter-0.3.1-syntax.patch b/spamass-milter-0.3.2-syntax.patch
similarity index 67%
rename from spamass-milter-0.3.1-syntax.patch
rename to spamass-milter-0.3.2-syntax.patch
index ed2ab63..3d1bc68 100644
--- a/spamass-milter-0.3.1-syntax.patch
+++ b/spamass-milter-0.3.2-syntax.patch
@@ -9,12 +9,12 @@ The only other change of note is to check the result of the fwrite()
function and log a warning if all of the data wasn't written (this is in
the spambucket code).
-diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spamass-milter.cpp
---- spamass-milter-0.3.1/spamass-milter.cpp.syntax 2006-03-23 21:41:36.000000000 +0000
-+++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-23 16:44:54.570023100 +0000
+diff -up spamass-milter-0.3.2/spamass-milter.cpp.syntax spamass-milter-0.3.2/spamass-milter.cpp
+--- spamass-milter-0.3.2/spamass-milter.cpp.syntax 2011-02-14 21:53:02.000000000 +0000
++++ spamass-milter-0.3.2/spamass-milter.cpp 2011-02-15 10:09:59.748036059 +0000
@@ -129,9 +129,11 @@ int daemon(int nochdir, int noclose);
- static const char Id[] = "$Id: spamass-milter.cpp,v 1.90 2006/03/23 21:41:36 dnelson Exp $";
+ static const char Id[] = "$Id: spamass-milter.cpp,v 1.94 2011/02/14 21:50:53 dnelson Exp $";
+static char FilterName[] = "SpamAssassin";
+
@@ -25,7 +25,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
SMFI_VERSION, // version code -- leave untouched
SMFIF_ADDHDRS|SMFIF_CHGHDRS|SMFIF_CHGBODY, // flags
mlfi_connect, // info filter callback
-@@ -361,7 +363,7 @@ main(int argc, char* argv[])
+@@ -357,7 +359,7 @@ main(int argc, char* argv[])
// }}}
/* Update a header if SA changes it, or add it if it is new. */
@@ -34,7 +34,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
{
string::size_type eoh1 = assassin->d().find("\n\n");
string::size_type eoh2 = assassin->d().find("\n\r\n");
-@@ -387,12 +389,12 @@ void update_or_insert(SpamAssassin* assa
+@@ -383,12 +385,12 @@ void update_or_insert(SpamAssassin* assa
if (oldsize > 0)
{
debug(D_UORI, "u_or_i: changing");
@@ -49,7 +49,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
}
} else
{
-@@ -452,7 +454,7 @@ assassinate(SMFICTX* ctx, SpamAssassin*
+@@ -448,7 +450,7 @@ assassinate(SMFICTX* ctx, SpamAssassin*
if (do_reject)
{
debug(D_MISC, "Rejecting");
@@ -58,16 +58,24 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (flag_bucket)
-@@ -470,7 +472,7 @@ assassinate(SMFICTX* ctx, SpamAssassin*
- #else
- char buf[1024];
- #endif
-- char *fmt="%s \"%s\"";
-+ const char *fmt="%s \"%s\"";
+@@ -457,14 +459,11 @@ assassinate(SMFICTX* ctx, SpamAssassin*
+ send another copy. The milter API will not let you send the
+ message AND return a failure code to the sender, so this is
+ the only way to do it. */
+- char *popen_argv[3];
++ char sendmail_prog[] = SENDMAIL;
++ char * const popen_argv[3] = { sendmail_prog, spambucket, NULL };
FILE *p;
-
- #if defined(HAVE_ASPRINTF)
-@@ -500,7 +502,10 @@ assassinate(SMFICTX* ctx, SpamAssassin*
+ pid_t pid;
+
+- popen_argv[0] = SENDMAIL;
+- popen_argv[1] = spambucket;
+- popen_argv[2] = NULL;
+-
+ debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
+ p = popenv(popen_argv, "w", &pid);
+ if (!p)
+@@ -473,7 +472,10 @@ assassinate(SMFICTX* ctx, SpamAssassin*
} else
{
// Send message provided by SpamAssassin
@@ -76,10 +84,10 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
+ {
+ debug(D_COPY, "fwrite incomplete (%s) when copying to spambucket", strerror(errno));
+ }
- pclose(p); p = NULL;
+ fclose(p); p = NULL;
+ waitpid(pid, NULL, 0);
}
- #if defined(__FreeBSD__)
-@@ -531,7 +536,7 @@ assassinate(SMFICTX* ctx, SpamAssassin*
+@@ -494,7 +496,7 @@ assassinate(SMFICTX* ctx, SpamAssassin*
// time. Note, this may generate multiple X-Spam-Orig-To
// headers, but that's okay.
while( !assassin->recipients.empty()) {
@@ -88,7 +96,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
throw string( "Failed to save recipient" );
}
-@@ -774,7 +779,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+@@ -737,7 +739,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
{
SpamAssassin* assassin;
struct context *sctx = (struct context *)smfi_getpriv(ctx);
@@ -97,7 +105,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (sctx == NULL)
{
-@@ -801,7 +806,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+@@ -764,7 +766,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
// remember the MAIL FROM address
assassin->set_from(string(envfrom[0]));
@@ -106,16 +114,25 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (!queueid)
{
queueid="unknown";
-@@ -842,7 +847,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -802,14 +804,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
/* open a pipe to sendmail so we can do address expansion */
char buf[1024];
-- char *fmt="%s -bv \"%s\" 2>&1";
-+ const char *fmt="%s -bv \"%s\" 2>&1";
-
- #if defined(HAVE_SNPRINTF)
- snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
-@@ -928,7 +933,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+- char *popen_argv[4];
++ char sendmail_prog[] = SENDMAIL;
++ char sendmail_mode[] = "-bv";
++ char * const popen_argv[4] = { sendmail_prog, sendmail_mode, envrcpt[0], NULL };
+ pid_t pid;
+
+- popen_argv[0] = SENDMAIL;
+- popen_argv[1] = "-bv";
+- popen_argv[2] = envrcpt[0];
+- popen_argv[3] = NULL;
+-
+ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
+
+ p = popenv(popen_argv, "r", &pid);
+@@ -871,7 +870,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
char date[32];
/* RFC 822 date. */
@@ -124,7 +141,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (!macro_b)
{
time_t tval;
-@@ -939,7 +944,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -882,7 +881,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
}
/* queue ID */
@@ -133,7 +150,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (!macro_i)
{
macro_i = "unknown";
-@@ -947,7 +952,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -890,7 +889,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
}
/* FQDN of this site */
@@ -142,7 +159,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (!macro_j)
{
macro_j = "localhost";
-@@ -955,7 +960,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -898,7 +897,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
}
/* Protocol used to receive the message */
@@ -151,7 +168,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (!macro_r)
{
macro_r = "SMTP";
-@@ -967,14 +972,14 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -910,14 +909,14 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
fixed. Until that day, use the value remembered by
mlfi_helo()
*/
@@ -168,7 +185,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (!macro_v)
{
macro_v = "8.13.0";
-@@ -982,7 +987,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -925,7 +924,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
}
/* Sendmail .cf version */
@@ -177,7 +194,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (!macro_Z)
{
macro_Z = "8.13.0";
-@@ -990,7 +995,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+@@ -933,7 +932,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
}
/* Validated sending site's address */
@@ -186,7 +203,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if (!macro__)
{
macro__ = "unknown";
-@@ -1378,10 +1383,10 @@ void SpamAssassin::Connect()
+@@ -1321,10 +1320,10 @@ void SpamAssassin::Connect()
// XXX arbitrary 100-argument max
int argc = 0;
char** argv = (char**) malloc(100*sizeof(char*));
@@ -199,7 +216,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
if ( expandedrcpt.size() != 1 )
{
// More (or less?) than one recipient, so we pass the default
-@@ -1406,7 +1411,7 @@ void SpamAssassin::Connect()
+@@ -1349,7 +1348,7 @@ void SpamAssassin::Connect()
}
if (spamdhost)
{
@@ -208,7 +225,7 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
argv[argc++] = spamdhost;
}
if (spamc_argc)
-@@ -2148,7 +2153,7 @@ char *strlwr(char *str)
+@@ -2091,7 +2090,7 @@ char *strlwr(char *str)
}
/* Log a message about missing milter macros, but only the first time */
@@ -217,14 +234,15 @@ diff -up spamass-milter-0.3.1/spamass-milter.cpp.syntax spamass-milter-0.3.1/spa
{
if (warnedmacro)
return;
-diff -up spamass-milter-0.3.1/spamass-milter.h.syntax spamass-milter-0.3.1/spamass-milter.h
---- spamass-milter-0.3.1/spamass-milter.h.syntax 2006-03-23 22:07:55.000000000 +0000
-+++ spamass-milter-0.3.1/spamass-milter.h 2010-03-23 16:29:58.281863158 +0000
-@@ -185,6 +185,6 @@ void parse_networklist(char *string, str
+diff -up spamass-milter-0.3.2/spamass-milter.h.syntax spamass-milter-0.3.2/spamass-milter.h
+--- spamass-milter-0.3.2/spamass-milter.h.syntax 2011-02-14 21:53:02.000000000 +0000
++++ spamass-milter-0.3.2/spamass-milter.h 2011-02-15 10:06:33.788736593 +0000
+@@ -185,7 +185,7 @@ void parse_networklist(char *string, str
int ip_in_networklist(struct in_addr ip, struct networklist *list);
void parse_debuglevel(char* string);
char *strlwr(char *str);
-void warnmacro(char *macro, char *scope);
+void warnmacro(const char *macro, const char *scope);
+ FILE *popenv(char *const argv[], const char *type, pid_t *pid);
#endif
diff --git a/spamass-milter.spec b/spamass-milter.spec
index 5836f44..f5e7d52 100644
--- a/spamass-milter.spec
+++ b/spamass-milter.spec
@@ -1,7 +1,7 @@
Summary: Milter (mail filter) for spamassassin
Name: spamass-milter
-Version: 0.3.1
-Release: 24%{?dist}
+Version: 0.3.2
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://savannah.nongnu.org/projects/spamass-milt/
@@ -14,11 +14,10 @@ Source5: spamass-milter-tmpfs.conf
Source6: spamass-milter-postfix-tmpfs.conf
# Patches submitted upstream:
# http://savannah.nongnu.org/bugs/?29326
-Patch0: spamass-milter-0.3.1-syntax.patch
-Patch1: spamass-milter-0.3.1-popen.patch
+Patch0: spamass-milter-0.3.2-syntax.patch
Patch2: spamass-milter-0.3.1-authuser.patch
-Patch3: spamass-milter-0.3.1-rcvd.patch
-Patch4: spamass-milter-0.3.1-bits.patch
+Patch3: spamass-milter-0.3.2-rcvd.patch
+Patch4: spamass-milter-0.3.2-bits.patch
Patch5: spamass-milter-0.3.1-group.patch
# Patch not yet submitted upstream
Patch7: spamass-milter-0.3.1-ipv6.patch
@@ -61,12 +60,6 @@ socket to communicate with the Postfix MTA.
# Address compiler warnings
%patch0 -p1 -b .syntax
-# Preliminary upstream patch for input validation bug letting
-# remote users execute arbitrary code (#572117, #572119)
-# http://savannah.nongnu.org/bugs/?29136
-# (patch modified to apply after patch0, and fix zombie processes - #583523)
-%patch1 -p0 -b .popen
-
# Add -I option to ignore (don't check) mail from authenticated users
# (#437506, #496767) http://savannah.nongnu.org/bugs/?21046
%patch2 -p1 -b .authuser
@@ -171,6 +164,12 @@ fi
%dir %attr(-,sa-milt,postfix) %{_localstatedir}/run/spamass-milter/postfix/
%changelog
+* Tue Feb 15 2011 Paul Howarth <paul at city-fan.org> 0.3.2-1
+- Update to 0.3.2 (upstream fix for popen unsanitized input vulnerability:
+ CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136)
+- Drop popen patch, now upstream
+- Rework syntax, rcvd and bits patches to apply against new codebase
+
* Tue Nov 30 2010 Paul Howarth <paul at city-fan.org> 0.3.1-24
- Require systemd-units for ownership of /etc/tmpfiles.d directory
- Add Default-Stop LSB keyword in initscript
More information about the scm-commits
mailing list