security update: spamassassin 3.17 to 3.18

Michael Scheidell scheidell at secnap.net
Thu Feb 15 02:42:48 UTC 2007 

>Submitter-Id:	current-users
>Originator:	Michael Scheidell
>Organization:	SECNAP Network Security
>Confidential:	no
>Synopsis:	security update: spamassassin 3.17 to 3.18
>Severity:	serious
>Priority:	medium
>Category:	ports
>Class:		update
>Release:	FreeBSD 5.5-RELEASE-p8 i386
>Environment:
System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #2: Fri Dec 29 22:23:34 EST 2006 scheidell at scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_750 i386

FBSD 4,5, etc.
Private note to maintainer: if no one wants to maintain this port, I 
would be willing to do it officially.  I think you will see many of the 
past updates were submitted by me anyway.

>Description:
3.1.8 is a major bug-fix release, including a potential DoS.  The major
highlights are:

- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
  long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
  --allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't 
usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
  and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues

A more detailed change log can be read here:

  http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes
>How-To-Repeat:
NA
>Fix:

patches to upgade Sa 3.1.7 to 3.1.8
Note: many patches in files/* removed due to being incorporated in
SA source. these files should be removed from files/*
	
patch-spamassassin.raw
patch-sa-learn.raw
patch-lib-Mail-SpamAssassin-SpamdForkScaling.pm

here are patches:

diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig p5-Mail-SpamAssassin
diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/Makefile 
p5-Mail-SpamAssassin/Makefile
--- /var/tmp/p5-Mail-SpamAssassin.orig/Makefile Mon Dec 25 11:52:04 2006
+++ p5-Mail-SpamAssassin/Makefile       Wed Feb 14 20:39:25 2007
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=      Mail-SpamAssassin
-PORTVERSION=   3.1.7
-PORTREVISION=  3
+PORTVERSION=   3.1.8
 CATEGORIES=    mail perl5
 MASTER_SITES=  ${MASTER_SITE_APACHE:S/$/:apache/} 
${MASTER_SITE_PERL_CPAN:S/$/:cpan/}
 MASTER_SITE_SUBDIR=    spamassassin/source/:apache Mail/:cpan
diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/distinfo 
p5-Mail-SpamAssassin/distinfo
--- /var/tmp/p5-Mail-SpamAssassin.orig/distinfo Mon Oct 30 21:10:14 2006
+++ p5-Mail-SpamAssassin/distinfo       Wed Feb 14 20:41:12 2007
@@ -1,3 +1,3 @@
-MD5 (Mail-SpamAssassin-3.1.7.tar.gz) = 4b342c63949d47f3ce56b3fc1c8881c1
-SHA256 (Mail-SpamAssassin-3.1.7.tar.gz) = 
be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39
-SIZE (Mail-SpamAssassin-3.1.7.tar.gz) = 1168183
+MD5 (Mail-SpamAssassin-3.1.8.tar.gz) = 20a3a6b651a89dcc70634715ca833996
+#SHA256 (Mail-SpamAssassin-3.1.8.tar.gz) = 
be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39
+#SIZE (Mail-SpamAssassin-3.1.8.tar.gz) = 1168183

More information about the freebsd-perl mailing list