From 5b47db40e8af905b7216fba8906ec55807ad2fa9 Mon Sep 17 00:00:00 2001 From: ghen Date: Wed, 13 Jun 2007 08:05:04 +0000 Subject: Pullup ticket 2111 - requested by heinz security update for spamassassin - pkgsrc/mail/spamassassin/Makefile patch - pkgsrc/mail/spamassassin/distinfo patch Update to SpamAssassin 3.1.9 to fix a denial of service vulnerability. The package has been updated to SpamAssassin 3.2.1 on pkgsrc-HEAD but this major new version will not be pulled up to the stable branch. Changes in Spamassassin 3.1.9: - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS vulnerability. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" OR "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch. This is not default on any distro package, and is not a common configuration. More details of the vulnerability can be read at . - bug 5353 - meta rule parsing should handle not equal ("!=") syntax. - set the score for URI_TRUNCATED to 0.001. - bug 5337: change the start order for Fedora such that spamd starts before the MTA. --- mail/spamassassin/Makefile | 6 +++--- mail/spamassassin/distinfo | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/mail/spamassassin/Makefile b/mail/spamassassin/Makefile index 09b99276ea1..e4d7ef2f4ad 100644 --- a/mail/spamassassin/Makefile +++ b/mail/spamassassin/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.79 2007/02/15 21:43:43 heinz Exp $ +# $NetBSD: Makefile,v 1.79.2.1 2007/06/13 08:05:04 ghen Exp $ -DISTNAME= Mail-SpamAssassin-3.1.8 -PKGNAME= spamassassin-3.1.8 +DISTNAME= Mail-SpamAssassin-3.1.9 +PKGNAME= spamassassin-3.1.9 SVR4_PKGNAME= sa CATEGORIES= mail perl5 MASTER_SITES= ${MASTER_SITE_APACHE:=spamassassin/source/} diff --git a/mail/spamassassin/distinfo b/mail/spamassassin/distinfo index ca2a45bad97..ba9e40e5bbd 100644 --- a/mail/spamassassin/distinfo +++ b/mail/spamassassin/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.43 2007/02/15 21:43:43 heinz Exp $ +$NetBSD: distinfo,v 1.43.2.1 2007/06/13 08:05:04 ghen Exp $ -SHA1 (Mail-SpamAssassin-3.1.8.tar.gz) = 08f81f72d8a783887cf815dfc55ea38e3582b966 -RMD160 (Mail-SpamAssassin-3.1.8.tar.gz) = 9e1af7219e3d6c1297181748b85853b812d2cdc4 -Size (Mail-SpamAssassin-3.1.8.tar.gz) = 1173847 bytes +SHA1 (Mail-SpamAssassin-3.1.9.tar.gz) = 181e0ca4e0568bb51e955b8b8e4595313fb7de8b +RMD160 (Mail-SpamAssassin-3.1.9.tar.gz) = a955d6dd67e3fb35808f375d1c60c733c665bdfe +Size (Mail-SpamAssassin-3.1.9.tar.gz) = 1174156 bytes SHA1 (patch-ab) = df95d87a2f2e7af238c27c3d5468d9aad7eb000d SHA1 (patch-ae) = 1461b24978c75c394c607ae1d49cb49dd086b563 SHA1 (patch-aq) = 495a3ac94a05129520e5d7018fdd56b6dad3c951 -- cgit v1.2.3