Update to 0.4.0.

Several patches are dropped because they were integrated upsteam.
(Approval during freeze by wiz@.)

Upstream changes since 0.3.1 from
  https://savannah.nongnu.org/forum/forum.php?forum_id=8094

Item posted by Todd Kover <kovert> on Thu 11 Sep 2014 01:05:20 AM GMT.

I am pleased to announce the release of spamass-milt version 0.4.0.

This is the first of what I hope are a number of maintenance releases
with the goal to eliminate the outstanding bug/patch/feature requests:

The following changes are included in this release

- -C option to change the default reject code
- -S option to specify a path to sendmail (for the -x option)
- -R option to specify the rejection message
- -a option to skip messages that were authenticated
- IPv6 address support
- zombie process fix for the - option introduced in 0.3.2

This also includes the fix for CVE-2010-1132 that was in the unannounced but generated 0.3.2 release.

5 files changed, 25 insertions, 390 deletions

diff --git a/mail/spamass-milter/Makefile b/mail/spamass-milter/Makefile
index 7bf4e08cc50..4fa4cbff862 100644
--- a/mail/spamass-milter/Makefile
+++ b/mail/spamass-milter/Makefile
@@ -1,23 +1,16 @@
-# $NetBSD: Makefile,v 1.32 2012/10/08 12:19:31 asau Exp $
+# $NetBSD: Makefile,v 1.33 2014/12/18 22:23:01 gdt Exp $
 #
 
-DISTNAME=	spamass-milter-0.3.1
-PKGREVISION=	4
+DISTNAME=	spamass-milter-0.4.0
 CATEGORIES=	mail
 MASTER_SITES=	http://savannah.nongnu.org/download/spamass-milt/
 
-# This patch is taken from upstream CVS, and is from the 0.3.1 release
-# tag to head of CVS on 5 Jun 2010, although CVS last changed on 24
-# Jul 2006.  The patch fixes an error in formatting of the synthetic
-# Received: line.  The patch is a patchfile (hosted on ftp.netbsd.org)
-# instead of a pkgsrc patch because it is something upstream would
-# have released if upstream were still maintaining this code.
-PATCHFILES=	spamass-milter-001.patch
-
 MAINTAINER=	gdt@NetBSD.org
 HOMEPAGE=	http://savannah.nongnu.org/projects/spamass-milt/
 COMMENT=	Milter interface to Spamassassin
 
+LICENSE=	original-bsd
+
 DEPENDS+=	spamassassin>=2.44:../../mail/spamassassin
 
 GNU_CONFIGURE=	YES
diff --git a/mail/spamass-milter/distinfo b/mail/spamass-milter/distinfo
index 59b246e97ba..4dfcfc4860c 100644
--- a/mail/spamass-milter/distinfo
+++ b/mail/spamass-milter/distinfo
@@ -1,11 +1,6 @@
-$NetBSD: distinfo,v 1.11 2011/03/18 15:26:30 gdt Exp $
+$NetBSD: distinfo,v 1.12 2014/12/18 22:23:01 gdt Exp $
 
-SHA1 (spamass-milter-0.3.1.tar.gz) = dd488eb9ab1f230440fba8a729bee80550f2fbff
-RMD160 (spamass-milter-0.3.1.tar.gz) = 5db6af6b31de1bf83eafbd9713d81cdc957b5033
-Size (spamass-milter-0.3.1.tar.gz) = 141144 bytes
-SHA1 (spamass-milter-001.patch) = d37227f95808479dc4d6ba5c76ddd2413b4530d3
-RMD160 (spamass-milter-001.patch) = eef17cb4506e6f5c0908b6872b7fb5dcd8bc2e16
-Size (spamass-milter-001.patch) = 2435 bytes
-SHA1 (patch-aa) = f5fd2951082c916e3cae1746f8921793ff09b567
-SHA1 (patch-ab) = 03f7d4abc24e950fd44a4adbb708f3433d111643
-SHA1 (patch-ac) = 851cbceab64b1a391cfe0aad0ba5a86c88218eb0
+SHA1 (spamass-milter-0.4.0.tar.gz) = 2b4f7ab1b17ca881c68063a4814780b00bb736bc
+RMD160 (spamass-milter-0.4.0.tar.gz) = e7a6d090b0328a314fda8e9872cd93f0e8a9206a
+Size (spamass-milter-0.4.0.tar.gz) = 158646 bytes
+SHA1 (patch-ac) = 7875b8f8ed8f16c9e31d0d4012d327742e395b3c
diff --git a/mail/spamass-milter/patches/patch-aa b/mail/spamass-milter/patches/patch-aa
deleted file mode 100644
index 1e3f340e959..00000000000
--- a/mail/spamass-milter/patches/patch-aa
+++ /dev/null
@@ -1,350 +0,0 @@
-$NetBSD: patch-aa,v 1.5 2011/03/18 15:26:30 gdt Exp $
-
-This patch has hunks for multiple reasons:
-
-1) Ancient fix to avoid going beyond s2.
-
-2) Added CVE-2010-1132 patch from:
-
-  https://bugzilla.redhat.com/attachment.cgi?id=401011
-
-3) (Most of, some in .h) patch to add option to not scan mail from
-authenticated users, from:
-
-  http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2006-November/106024.html
-
-4) Avoid memory allocation in after fork and before exec.  From PR pkg/44704.
-
---- spamass-milter.cpp.orig	2011-03-18 15:15:56.000000000 +0000
-+++ spamass-milter.cpp
-@@ -170,10 +170,7 @@ char *spambucket;
- bool flag_full_email = false;		/* pass full email address to spamc */
- bool flag_expand = false;	/* alias/virtusertable expansion */
- bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
--
--#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
--static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
--#endif
-+bool auth = false;		/* don't scan authenticated users */
- 
- // {{{ main()
- 
-@@ -181,7 +178,7 @@ int
- main(int argc, char* argv[])
- {
-    int c, err = 0;
--   const char *args = "fd:mMp:P:r:u:D:i:b:B:e:x";
-+   const char *args = "fd:mMp:P:r:u:D:i:b:B:e:xa";
-    char *sock = NULL;
-    bool dofork = false;
-    char *pidfilename = NULL;
-@@ -196,6 +193,9 @@ main(int argc, char* argv[])
- 	/* Process command line options */
- 	while ((c = getopt(argc, argv, args)) != -1) {
- 		switch (c) {
-+			case 'a':
-+				auth = true;
-+				break;
- 			case 'f':
- 				dofork = true;
- 				break;
-@@ -281,7 +281,7 @@ main(int argc, char* argv[])
-       cout << "SpamAssassin Sendmail Milter Plugin" << endl;
-       cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
-       cout << "                      [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
--      cout << "                      [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
-+      cout << "                      [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl;
-       cout << "                      [-- spamc args ]" << endl;
-       cout << "   -p socket: path to create socket" << endl;
-       cout << "   -b bucket: redirect spam to this mail address.  The orignal" << endl;
-@@ -302,6 +302,7 @@ main(int argc, char* argv[])
-       cout << "   -u defaultuser: pass the recipient's username to spamc.\n"
-               "          Uses 'defaultuser' if there are multiple recipients." << endl;
-       cout << "   -x: pass email address through alias and virtusertable expansion." << endl;
-+      cout << "   -a: don't scan messages over an authenticated connection." << endl;
-       cout << "   -- spamc args: pass the remaining flags to spamc." << endl;
-               
-       exit(EX_USAGE);
-@@ -461,59 +462,24 @@ assassinate(SMFICTX* ctx, SpamAssassin* 
- 			   send another copy.  The milter API will not let you send the
- 			   message AND return a failure code to the sender, so this is
- 			   the only way to do it. */
--#if defined(__FreeBSD__)
--			int rv;
--#endif
--			
--#if defined(HAVE_ASPRINTF)
--			char *buf;
--#else
--			char buf[1024];
--#endif
--			char *fmt="%s \"%s\"";
-+			char *popen_argv[3];
- 			FILE *p;
- 
--#if defined(HAVE_ASPRINTF)
--			asprintf(&buf, fmt, SENDMAIL, spambucket);
--#else
--#if defined(HAVE_SNPRINTF)
--			snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket);
--#else
--			/* XXX possible buffer overflow here */
--			sprintf(buf, fmt, SENDMAIL, spambucket);
--#endif
--#endif
--
--			debug(D_COPY, "calling %s", buf);
--#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
--			rv = pthread_mutex_lock(&popen_mutex);
--			if (rv)
--			{
--				debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
--				abort();
--			}		
--#endif
--			p = popen(buf, "w");
-+			popen_argv[0] = SENDMAIL;
-+			popen_argv[1] = spambucket;
-+			popen_argv[2] = NULL;
-+			
-+			debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
-+			p = popenv(popen_argv, "w");
- 			if (!p)
- 			{
--				debug(D_COPY, "popen failed(%s).  Will not send a copy to spambucket", strerror(errno));
-+				debug(D_COPY, "popenv failed(%s).  Will not send a copy to spambucket", strerror(errno));
- 			} else
- 			{
- 				// Send message provided by SpamAssassin
- 				fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
--				pclose(p); p = NULL;
-+				fclose(p); p = NULL;
- 			}
--#if defined(__FreeBSD__)
--			rv = pthread_mutex_unlock(&popen_mutex);
--			if (rv)
--			{
--				debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
--				abort();
--			}		
--#endif
--#if defined(HAVE_ASPRINTF)
--			free(buf);
--#endif 
- 		}
- 		return SMFIS_REJECT;
- 	}
-@@ -783,6 +749,15 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
-   }
-   /* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */
- 
-+  if (auth) {
-+    const char *auth_type = smfi_getsymval(ctx, "{auth_type}");
-+
-+    if (auth_type) {
-+      debug(D_MISC, "auth_type=%s", auth_type);
-+      return SMFIS_ACCEPT;
-+    }
-+  }
-+
-   debug(D_FUNC, "mlfi_envfrom: enter");
-   try {
-     // launch new SpamAssassin
-@@ -842,30 +817,19 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
- 		/* open a pipe to sendmail so we can do address expansion */
- 
- 		char buf[1024];
--		char *fmt="%s -bv \"%s\" 2>&1";
--
--#if defined(HAVE_SNPRINTF)
--		snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
--#else
--		/* XXX possible buffer overflow here */
--		sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
--#endif
-+		char *popen_argv[4];
-+		
-+		popen_argv[0] = SENDMAIL;
-+		popen_argv[1] = "-bv";
-+		popen_argv[2] = envrcpt[0];
-+		popen_argv[3] = NULL;
- 
--		debug(D_RCPT, "calling %s", buf);
-+		debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
- 
--#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
--		rv = pthread_mutex_lock(&popen_mutex);
--		if (rv)
--		{
--			debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
--			abort();
--		}		
--#endif
--
--		p = popen(buf, "r");
-+		p = popenv(popen_argv, "r");
- 		if (!p)
- 		{
--			debug(D_RCPT, "popen failed(%s).  Will not expand aliases", strerror(errno));
-+			debug(D_RCPT, "popenv failed(%s).  Will not expand aliases", strerror(errno));
- 			assassin->expandedrcpt.push_back(envrcpt[0]);
- 		} else
- 		{
-@@ -890,16 +854,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
- 					assassin->expandedrcpt.push_back(p+7);
- 				}
- 			}
--			pclose(p); p = NULL;
-+			fclose(p); p = NULL;
- 		}
--#if defined(__FreeBSD__)
--		rv = pthread_mutex_unlock(&popen_mutex);
--		if (rv)
--		{
--			debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
--			abort();
--		}		
--#endif
- 	} else
- 	{
- 		assassin->expandedrcpt.push_back(envrcpt[0]);
-@@ -1343,6 +1299,22 @@ SpamAssassin::~SpamAssassin()
- 
- void SpamAssassin::Connect()
- {
-+  int argc;
-+  char *argv[100];
-+  char spamc_user[64];
-+
-+  if (expandedrcpt.size() != 1) {
-+    debug(D_RCPT, "%d recipients; spamc gets default username %s", (int)expandedrcpt.size(), defaultuser);
-+    strlcpy(spamc_user, defaultuser, sizeof(spamc_user));
-+  } else {
-+    if (flag_full_email)
-+      strlcpy(spamc_user, full_user().c_str(), sizeof(spamc_user)); 
-+    else
-+      strlcpy(spamc_user, local_user().c_str(), sizeof(spamc_user)); 
-+    strlwr(spamc_user);
-+    debug(D_RCPT, "spamc gets %s", spamc_user);
-+  }
-+
-   // set up pipes for in- and output
-   if (pipe(pipe_io[0]))
-     throw string(string("pipe error: ")+string(strerror(errno)));
-@@ -1376,33 +1348,12 @@ void SpamAssassin::Connect()
-       // absolute path (determined in autoconf) 
-       // should be a little more secure
-       // XXX arbitrary 100-argument max
--      int argc = 0;
--      char** argv = (char**) malloc(100*sizeof(char*));
-+      argc = 0;
-       argv[argc++] = SPAMC;
-       if (flag_sniffuser) 
-       {
-         argv[argc++] = "-u";
--        if ( expandedrcpt.size() != 1 )
--        {
--          // More (or less?) than one recipient, so we pass the default
--          // username to SPAMC.  This way special rules can be defined for
--          // multi recipient messages.
--          debug(D_RCPT, "%d recipients; spamc gets default username %s", (int)expandedrcpt.size(), defaultuser);
--          argv[argc++] = defaultuser; 
--        } else
--        { 
--          // There is only 1 recipient so we pass the username
--          // (converted to lowercase) to SPAMC.  Don't worry about 
--          // freeing this memory as we're exec()ing anyhow.
--          if (flag_full_email)
--            argv[argc] = strlwr(strdup(full_user().c_str())); 
--          else
--            argv[argc] = strlwr(strdup(local_user().c_str())); 
--
--          debug(D_RCPT, "spamc gets %s", argv[argc]);
--         
--          argc++;
--        }
-+        argv[argc++] = spamc_user;
-       }
-       if (spamdhost) 
-       {
-@@ -2033,7 +1984,7 @@ cmp_nocase_partial(const string& s, cons
-   string::const_iterator p=s.begin();
-   string::const_iterator p2=s2.begin();
- 
--  while ( p != s.end() && p2 <= s2.end() ) {
-+  while ( p != s.end() ) {
-     if (toupper(*p) != toupper(*p2))
-     {
-       debug(D_STR, "c_nc_p: <%s><%s> : miss", s.c_str(), s2.c_str());
-@@ -2157,5 +2108,71 @@ void warnmacro(char *macro, char *scope)
- 	warnedmacro = true;
- }
- 
-+/*
-+   untrusted-argument-safe popen function - only supports "r" and "w" modes
-+   for simplicity, and always reads stdout and stderr in "r" mode.  Call
-+   fclose to close the FILE.
-+*/
-+FILE *popenv(char *const argv[], const char *type)
-+{
-+	FILE *iop;
-+	int pdes[2];
-+	int save_errno;
-+	if ((*type != 'r' && *type != 'w') || type[1])
-+	{
-+		errno = EINVAL;
-+		return (NULL);
-+	}
-+	if (pipe(pdes) < 0)
-+		return (NULL);
-+	switch (fork()) {
-+	
-+	case -1:			/* Error. */
-+		save_errno = errno;
-+		(void)close(pdes[0]);
-+		(void)close(pdes[1]);
-+		errno = save_errno;
-+		return (NULL);
-+		/* NOTREACHED */
-+	case 0:				/* Child. */
-+		if (*type == 'r') {
-+			/*
-+			 * The dup2() to STDIN_FILENO is repeated to avoid
-+			 * writing to pdes[1], which might corrupt the
-+			 * parent's copy.  This isn't good enough in
-+			 * general, since the exit() is no return, so
-+			 * the compiler is free to corrupt all the local
-+			 * variables.
-+			 */
-+			(void)close(pdes[0]);
-+			(void)dup2(pdes[1], STDOUT_FILENO);
-+			(void)dup2(pdes[1], STDERR_FILENO);
-+			if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
-+				(void)close(pdes[1]);
-+			} 
-+		} else {
-+			if (pdes[0] != STDIN_FILENO) {
-+				(void)dup2(pdes[0], STDIN_FILENO);
-+				(void)close(pdes[0]);
-+			}
-+			(void)close(pdes[1]);
-+		}
-+		execv(argv[0], argv);
-+		exit(127);
-+		/* NOTREACHED */
-+	}
-+
-+	/* Parent; assume fdopen can't fail. */
-+	if (*type == 'r') {
-+		iop = fdopen(pdes[0], type);
-+		(void)close(pdes[1]);
-+	} else {
-+		iop = fdopen(pdes[1], type);
-+		(void)close(pdes[0]);
-+	}
-+
-+	return (iop);
-+}
-+
- // }}}
- // vim6:ai:noexpandtab
diff --git a/mail/spamass-milter/patches/patch-ab b/mail/spamass-milter/patches/patch-ab
deleted file mode 100644
index 655e4717ac5..00000000000
--- a/mail/spamass-milter/patches/patch-ab
+++ /dev/null
@@ -1,12 +0,0 @@
-$NetBSD: patch-ab,v 1.2 2010/09/10 23:33:42 gdt Exp $
-CVE-2010-1132 patch from https://bugzilla.redhat.com/attachment.cgi?id=401011
-
---- spamass-milter.h.orig	2006-03-23 22:07:55.000000000 +0000
-+++ spamass-milter.h
-@@ -186,5 +186,6 @@ int ip_in_networklist(struct in_addr ip,
- void parse_debuglevel(char* string);
- char *strlwr(char *str);
- void warnmacro(char *macro, char *scope);
-+FILE *popenv(char *const argv[], const char *type);
- 
- #endif
diff --git a/mail/spamass-milter/patches/patch-ac b/mail/spamass-milter/patches/patch-ac
index e6ef2bca797..7a14a9eeb4d 100644
--- a/mail/spamass-milter/patches/patch-ac
+++ b/mail/spamass-milter/patches/patch-ac
@@ -1,19 +1,28 @@
-$NetBSD: patch-ac,v 1.1 2010/09/10 23:33:42 gdt Exp $
+$NetBSD: patch-ac,v 1.2 2014/12/18 22:23:01 gdt Exp $
 
 (Part of) patch to add option to not scan mail from authenticated
 users, from:
 
   http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2006-November/106024.html
 
---- spamass-milter.1.in.orig	2004-03-18 18:37:08.000000000 +0000
+--- spamass-milter.1.in.orig	2014-08-15 02:30:07.000000000 +0000
 +++ spamass-milter.1.in
-@@ -199,6 +199,9 @@ The resulting username is then passed to
- Requires the
- .Fl u
- flag.  
+@@ -22,6 +22,7 @@
+ .Op Fl r rejectmsg
+ .Op Fl u Ar defaultuser
+ .Op Fl x
++.Op Fl a
+ .Op Fl S /path/to/sendmail
+ .Op Fl - Ar spamc flags ...
+ .Sh DESCRIPTION
+@@ -218,6 +219,10 @@ Requires the
+ flag.  The spamass-milter configuration process does its
+ best to find sendmail, but it is possible to override this compiled-in
+ setting via the
 +.It Fl a
 +Causes spamass-milter to pass through unchecked any messages from connections
-+established using SMTP authentication.  This is useful for sites with remote users.
++established using SMTP authentication.  This is useful for sites with
++remote usrs.
  .It Fl - Ar spamc flags ...
  Pass all remaining options to spamc. 
  This allows you to connect to a remote spamd with