ports/109186: security update: spamassassin 3.17 to 3.18

Thu Feb 15 02:20:05 UTC 2007

>Number:         109186
>Category:       ports
>Synopsis:       security update: spamassassin 3.17 to 3.18
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 15 02:20:05 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 5.5-RELEASE-p8 i386
>Organization:
SECNAP Network Security
>Environment:
System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #2: Fri Dec 29 22:23:34 EST 2006 scheidell at scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_750 i386

FBSD 4,5, etc.
Private note to maintainer: if no one wants to maintain this port, I 
would be willing to do it officially.  I think you will see many of the 
past updates were submitted by me anyway.

>Description:
3.1.8 is a major bug-fix release, including a potential DoS.  The major
highlights are:

- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
  long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
  --allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't 
usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
  and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues

A more detailed change log can be read here:

  http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes
>How-To-Repeat:
NA
>Fix:

patches to upgade Sa 3.1.7 to 3.1.8
Note: many patches in files/* removed due to being incorporated in
SA source. these files should be removed from files/*
	
patch-spamassassin.raw
patch-sa-learn.raw
patch-lib-Mail-SpamAssassin-SpamdForkScaling.pm

here are patches:

diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig p5-Mail-SpamAssassin
diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/Makefile 
p5-Mail-SpamAssassin/Makefile

--- /var/tmp/p5-Mail-SpamAssassin.orig/Makefile Mon Dec 25 11:52:04 2006
+++ p5-Mail-SpamAssassin/Makefile       Wed Feb 14 20:39:25 2007
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=      Mail-SpamAssassin
-PORTVERSION=   3.1.7
-PORTREVISION=  3
+PORTVERSION=   3.1.8
 CATEGORIES=    mail perl5
 MASTER_SITES=  ${MASTER_SITE_APACHE:S/$/:apache/} 
${MASTER_SITE_PERL_CPAN:S/$/:cpan/}
 MASTER_SITE_SUBDIR=    spamassassin/source/:apache Mail/:cpan
diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/distinfo 
p5-Mail-SpamAssassin/distinfo
--- /var/tmp/p5-Mail-SpamAssassin.orig/distinfo Mon Oct 30 21:10:14 2006
+++ p5-Mail-SpamAssassin/distinfo       Wed Feb 14 20:41:12 2007
@@ -1,3 +1,3 @@
-MD5 (Mail-SpamAssassin-3.1.7.tar.gz) = 4b342c63949d47f3ce56b3fc1c8881c1
-SHA256 (Mail-SpamAssassin-3.1.7.tar.gz) = 
be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39
-SIZE (Mail-SpamAssassin-3.1.7.tar.gz) = 1168183
+MD5 (Mail-SpamAssassin-3.1.8.tar.gz) = 20a3a6b651a89dcc70634715ca833996
+#SHA256 (Mail-SpamAssassin-3.1.8.tar.gz) = 
be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39
+#SIZE (Mail-SpamAssassin-3.1.8.tar.gz) = 1168183

>Release-Note:
>Audit-Trail:
>Unformatted:

