summaryrefslogtreecommitdiff
path: root/mail/spamass-milter
diff options
context:
space:
mode:
authorgdt <gdt@pkgsrc.org>2010-09-10 23:33:42 +0000
committergdt <gdt@pkgsrc.org>2010-09-10 23:33:42 +0000
commitdb4f8291126ab10518413d1e77635b52b61f2816 (patch)
tree503464f43ecd34f78ef3985b3ba66f64cc868d8b /mail/spamass-milter
parentf79c4ddaba0590aa7d2a54b6a6b530d4696c3adf (diff)
downloadpkgsrc-db4f8291126ab10518413d1e77635b52b61f2816.tar.gz
Add patch to not scan authenticated users. Originally from FreeBSD
bug report, adapted for pkgsrc by Louis Guillaume. (spamass-milter really needs an active upstream.)
Diffstat (limited to 'mail/spamass-milter')
-rw-r--r--mail/spamass-milter/distinfo7
-rw-r--r--mail/spamass-milter/patches/patch-aa100
-rw-r--r--mail/spamass-milter/patches/patch-ab8
-rw-r--r--mail/spamass-milter/patches/patch-ac19
4 files changed, 109 insertions, 25 deletions
diff --git a/mail/spamass-milter/distinfo b/mail/spamass-milter/distinfo
index e6edeaa7622..095c009472a 100644
--- a/mail/spamass-milter/distinfo
+++ b/mail/spamass-milter/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2010/06/05 13:45:12 gdt Exp $
+$NetBSD: distinfo,v 1.10 2010/09/10 23:33:42 gdt Exp $
SHA1 (spamass-milter-0.3.1.tar.gz) = dd488eb9ab1f230440fba8a729bee80550f2fbff
RMD160 (spamass-milter-0.3.1.tar.gz) = 5db6af6b31de1bf83eafbd9713d81cdc957b5033
@@ -6,5 +6,6 @@ Size (spamass-milter-0.3.1.tar.gz) = 141144 bytes
SHA1 (spamass-milter-001.patch) = d37227f95808479dc4d6ba5c76ddd2413b4530d3
RMD160 (spamass-milter-001.patch) = eef17cb4506e6f5c0908b6872b7fb5dcd8bc2e16
Size (spamass-milter-001.patch) = 2435 bytes
-SHA1 (patch-aa) = c69afbafaba72ec59f77f024e2421b2df077a2ee
-SHA1 (patch-ab) = 5e7188cc212cc0b06671853fb13921e2e0f38c8c
+SHA1 (patch-aa) = 13ba0413c28d14cd1a18d42a0b09ca26b358d913
+SHA1 (patch-ab) = 03f7d4abc24e950fd44a4adbb708f3433d111643
+SHA1 (patch-ac) = 851cbceab64b1a391cfe0aad0ba5a86c88218eb0
diff --git a/mail/spamass-milter/patches/patch-aa b/mail/spamass-milter/patches/patch-aa
index 0e54216e9ed..fd5385cf5bd 100644
--- a/mail/spamass-milter/patches/patch-aa
+++ b/mail/spamass-milter/patches/patch-aa
@@ -1,21 +1,69 @@
-$NetBSD: patch-aa,v 1.3 2010/04/17 21:11:18 tez Exp $
-Added CVE-2010-1132 patch from:
- https://bugzilla.redhat.com/attachment.cgi?id=401011
+$NetBSD: patch-aa,v 1.4 2010/09/10 23:33:42 gdt Exp $
---- spamass-milter.cpp.orig 2010-04-17 16:04:59.724786300 -0500
-+++ spamass-milter.cpp 2010-04-17 16:05:04.755469800 -0500
-@@ -171,10 +171,6 @@
+This patch has hunks for three separate reasons:
+
+1) Ancient fix to avoid going beyond s2.
+
+2) Added CVE-2010-1132 patch from:
+
+ https://bugzilla.redhat.com/attachment.cgi?id=401011
+
+3) (Most of, some in .h) patch to add option to not scan mail from
+authenticated users, from:
+
+ http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2006-November/106024.html
+
+--- spamass-milter.cpp.orig 2010-09-10 15:50:58.000000000 +0000
++++ spamass-milter.cpp
+@@ -170,10 +170,7 @@ char *spambucket;
+ bool flag_full_email = false; /* pass full email address to spamc */
bool flag_expand = false; /* alias/virtusertable expansion */
bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */
-
+-
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
-#endif
--
++bool auth = false; /* don't scan authenticated users */
+
// {{{ main()
- int
-@@ -461,59 +457,24 @@
+@@ -181,7 +178,7 @@ int
+ main(int argc, char* argv[])
+ {
+ int c, err = 0;
+- const char *args = "fd:mMp:P:r:u:D:i:b:B:e:x";
++ const char *args = "fd:mMp:P:r:u:D:i:b:B:e:xa";
+ char *sock = NULL;
+ bool dofork = false;
+ char *pidfilename = NULL;
+@@ -196,6 +193,9 @@ main(int argc, char* argv[])
+ /* Process command line options */
+ while ((c = getopt(argc, argv, args)) != -1) {
+ switch (c) {
++ case 'a':
++ auth = true;
++ break;
+ case 'f':
+ dofork = true;
+ break;
+@@ -281,7 +281,7 @@ main(int argc, char* argv[])
+ cout << "SpamAssassin Sendmail Milter Plugin" << endl;
+ cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
+ cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
+- cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
++ cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl;
+ cout << " [-- spamc args ]" << endl;
+ cout << " -p socket: path to create socket" << endl;
+ cout << " -b bucket: redirect spam to this mail address. The orignal" << endl;
+@@ -302,6 +302,7 @@ main(int argc, char* argv[])
+ cout << " -u defaultuser: pass the recipient's username to spamc.\n"
+ " Uses 'defaultuser' if there are multiple recipients." << endl;
+ cout << " -x: pass email address through alias and virtusertable expansion." << endl;
++ cout << " -a: don't scan messages over an authenticated connection." << endl;
+ cout << " -- spamc args: pass the remaining flags to spamc." << endl;
+
+ exit(EX_USAGE);
+@@ -461,59 +462,24 @@ assassinate(SMFICTX* ctx, SpamAssassin*
send another copy. The milter API will not let you send the
message AND return a failure code to the sender, so this is
the only way to do it. */
@@ -84,7 +132,23 @@ Added CVE-2010-1132 patch from:
}
return SMFIS_REJECT;
}
-@@ -842,30 +803,19 @@
+@@ -783,6 +749,15 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ }
+ /* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */
+
++ if (auth) {
++ const char *auth_type = smfi_getsymval(ctx, "{auth_type}");
++
++ if (auth_type) {
++ debug(D_MISC, "auth_type=%s", auth_type);
++ return SMFIS_ACCEPT;
++ }
++ }
++
+ debug(D_FUNC, "mlfi_envfrom: enter");
+ try {
+ // launch new SpamAssassin
+@@ -842,30 +817,19 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
/* open a pipe to sendmail so we can do address expansion */
char buf[1024];
@@ -96,6 +160,8 @@ Added CVE-2010-1132 patch from:
- /* XXX possible buffer overflow here */
- sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
-#endif
+-
+- debug(D_RCPT, "calling %s", buf);
+ char *popen_argv[4];
+
+ popen_argv[0] = SENDMAIL;
@@ -103,9 +169,6 @@ Added CVE-2010-1132 patch from:
+ popen_argv[2] = envrcpt[0];
+ popen_argv[3] = NULL;
-- debug(D_RCPT, "calling %s", buf);
-+ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
-
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- rv = pthread_mutex_lock(&popen_mutex);
- if (rv)
@@ -114,7 +177,8 @@ Added CVE-2010-1132 patch from:
- abort();
- }
-#endif
--
++ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
+
- p = popen(buf, "r");
+ p = popenv(popen_argv, "r");
if (!p)
@@ -124,7 +188,7 @@ Added CVE-2010-1132 patch from:
assassin->expandedrcpt.push_back(envrcpt[0]);
} else
{
-@@ -890,16 +840,8 @@
+@@ -890,16 +854,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
assassin->expandedrcpt.push_back(p+7);
}
}
@@ -142,7 +206,7 @@ Added CVE-2010-1132 patch from:
} else
{
assassin->expandedrcpt.push_back(envrcpt[0]);
-@@ -2033,7 +1975,7 @@
+@@ -2033,7 +1989,7 @@ cmp_nocase_partial(const string& s, cons
string::const_iterator p=s.begin();
string::const_iterator p2=s2.begin();
@@ -151,7 +215,7 @@ Added CVE-2010-1132 patch from:
if (toupper(*p) != toupper(*p2))
{
debug(D_STR, "c_nc_p: <%s><%s> : miss", s.c_str(), s2.c_str());
-@@ -2157,5 +2099,71 @@
+@@ -2157,5 +2113,71 @@ void warnmacro(char *macro, char *scope)
warnedmacro = true;
}
diff --git a/mail/spamass-milter/patches/patch-ab b/mail/spamass-milter/patches/patch-ab
index 9976beaffeb..655e4717ac5 100644
--- a/mail/spamass-milter/patches/patch-ab
+++ b/mail/spamass-milter/patches/patch-ab
@@ -1,9 +1,9 @@
-$NetBSD: patch-ab,v 1.1 2010/04/17 21:11:18 tez Exp $
+$NetBSD: patch-ab,v 1.2 2010/09/10 23:33:42 gdt Exp $
CVE-2010-1132 patch from https://bugzilla.redhat.com/attachment.cgi?id=401011
---- spamass-milter.h 7 Apr 2005 02:04:24 -0000 1.23
-+++ spamass-milter.h 10 Mar 2010 18:52:22 -0000
-@@ -186,5 +186,6 @@
+--- spamass-milter.h.orig 2006-03-23 22:07:55.000000000 +0000
++++ spamass-milter.h
+@@ -186,5 +186,6 @@ int ip_in_networklist(struct in_addr ip,
void parse_debuglevel(char* string);
char *strlwr(char *str);
void warnmacro(char *macro, char *scope);
diff --git a/mail/spamass-milter/patches/patch-ac b/mail/spamass-milter/patches/patch-ac
new file mode 100644
index 00000000000..e6ef2bca797
--- /dev/null
+++ b/mail/spamass-milter/patches/patch-ac
@@ -0,0 +1,19 @@
+$NetBSD: patch-ac,v 1.1 2010/09/10 23:33:42 gdt Exp $
+
+(Part of) patch to add option to not scan mail from authenticated
+users, from:
+
+ http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2006-November/106024.html
+
+--- spamass-milter.1.in.orig 2004-03-18 18:37:08.000000000 +0000
++++ spamass-milter.1.in
+@@ -199,6 +199,9 @@ The resulting username is then passed to
+ Requires the
+ .Fl u
+ flag.
++.It Fl a
++Causes spamass-milter to pass through unchecked any messages from connections
++established using SMTP authentication. This is useful for sites with remote users.
+ .It Fl - Ar spamc flags ...
+ Pass all remaining options to spamc.
+ This allows you to connect to a remote spamd with