Bug#686058: marked as done (unblock: spamassassin/3.3.2-4)

Debian Bug Tracking System Tue, 28 Aug 2012 11:21:22 -0700

Your message dated Tue, 28 Aug 2012 19:15:50 +0100
with message-id <[email protected]>
and subject line Re: Bug#686058: unblock: spamassassin/3.3.2-4
has caused the Debian Bug report #686058,
regarding unblock: spamassassin/3.3.2-4
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
686058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686058
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Please unblock package spamassassin

spamassassin 3.3.2-4 fixes two r-c packaging bugs and also incorporates
a fix from upstream that causes spamassassin to fail to properly process
certain (potentially intentionally) malformed messages. Details of these
bugs:

683431: spamassassin depends on /usr/share/doc/spamassassin/GPG.KEY, in
violation of policy §12.3.

684373: spamassassin doesn't re-create /var/lib/spamassassin upon
re-install after purge.

684709: the last line of malformed MIME messages is ignored

unblock spamassassin/3.3.2-4

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru spamassassin-3.3.2/debian/changelog 
spamassassin-3.3.2/debian/changelog
--- spamassassin-3.3.2/debian/changelog 2012-06-14 23:00:17.000000000 -0700
+++ spamassassin-3.3.2/debian/changelog 2012-08-13 22:29:36.000000000 -0700
@@ -1,3 +1,26 @@
+spamassassin (3.3.2-4) unstable; urgency=low
+
+  * Incorporate upstream's fix for a bug where malformed multipart MIME
+    messages would bypass URIBL rules. (Closes: #684709)
+  * Update standards version to 3.9.3 (no changes)
+
+ -- Noah Meyerhans <[email protected]>  Mon, 13 Aug 2012 21:37:11 -0700
+
+spamassassin (3.3.2-3.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/spamassassin.postinst: Create /var/lib/spamassassin.
+    Closes: #684373.
+
+ -- Bart Martens <[email protected]>  Sat, 11 Aug 2012 17:29:42 +0000
+
+spamassassin (3.3.2-3.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * move GPG.KEY out of /usr/share/doc per §12.3(Closes: #683431)
+
+ -- Shawn Landden <[email protected]>  Sat, 04 Aug 2012 16:20:46 +0000
+
 spamassassin (3.3.2-3) unstable; urgency=low
 
   * Run sa-update and sa-compile as a non-root user. 
diff -Nru spamassassin-3.3.2/debian/control spamassassin-3.3.2/debian/control
--- spamassassin-3.3.2/debian/control   2012-06-14 23:59:48.000000000 -0700
+++ spamassassin-3.3.2/debian/control   2012-08-13 22:27:52.000000000 -0700
@@ -6,7 +6,7 @@
 Build-Depends: debhelper (>= 7), perl, libssl-dev,
  libhtml-parser-perl (>= 3.24), libnet-dns-perl (>= 0.34), libnetaddr-ip-perl,
  hardening-wrapper
-Standards-Version: 3.9.2
+Standards-Version: 3.9.3
 Homepage: http://www.spamassassin.org/
 Vcs-Svn: svn://svn.debian.org/svn/collab-maint/deb-maint/spamassassin/trunk
 Vcs-Browser: 
http://svn.debian.org/viewsvn/collab-maint/deb-maint/spamassassin/trunk/
diff -Nru spamassassin-3.3.2/debian/patches/60_bug_684709 
spamassassin-3.3.2/debian/patches/60_bug_684709
--- spamassassin-3.3.2/debian/patches/60_bug_684709     1969-12-31 
16:00:00.000000000 -0800
+++ spamassassin-3.3.2/debian/patches/60_bug_684709     2012-08-13 
21:36:26.000000000 -0700
@@ -0,0 +1,45 @@
+Index: spamassassin-3.3.2/lib/Mail/SpamAssassin/Message.pm
+===================================================================
+--- spamassassin-3.3.2.orig/lib/Mail/SpamAssassin/Message.pm   2011-06-06 
16:59:17.000000000 -0700
++++ spamassassin-3.3.2/lib/Mail/SpamAssassin/Message.pm        2012-08-13 
21:36:04.000000000 -0700
+@@ -794,14 +794,30 @@
+   my $in_body = 0;
+   my $header;
+   my $part_array;
++  my $found_end_boundary;
+ 
+   my $line_count = @{$body};
+   foreach ( @{$body} ) {
+     # if we're on the last body line, or we find any boundary marker,
+     # deal with the mime part
+-    if ( --$line_count == 0 || (defined $boundary && 
/^--\Q$boundary\E(?:--)?\s*$/) ) {
++    $found_end_boundary = defined $boundary && /^--\Q$boundary\E(?:--)?\s*$/;
++    if ( --$line_count == 0 || $found_end_boundary ) {
+       my $line = $_; # remember the last line
+ 
++      # If at last line and no end boundary found, the line belongs to body
++      # TODO:
++      #  Is $self->{mime_boundary_state}->{$boundary}-- needed here?
++      #  Could "missing end boundary" be a useful rule? Mark it somewhere?
++      #  If SA processed truncated message from amavis etc, this could also
++      #  be hit legimately..
++      if (!$found_end_boundary) {
++        # TODO: This is duplicate code from few pages down below..
++        while (length ($_) > MAX_BODY_LINE_LENGTH) {
++          push (@{$part_array}, substr($_, 0, MAX_BODY_LINE_LENGTH)."\n");
++          substr($_, 0, MAX_BODY_LINE_LENGTH) = '';
++        }
++        push ( @{$part_array}, $_ );
++      }
+       # per rfc 1521, the CRLF before the boundary is part of the boundary:
+       # NOTE: The CRLF preceding the encapsulation line is conceptually
+       # attached to the boundary so that it is possible to have a part
+@@ -810,7 +826,7 @@
+       # CRLFs preceding the encapsulation line, the first of which is part
+       # of the preceding body part, and the second of which is part of the
+       # encapsulation boundary.
+-      if ($part_array) {
++      elsif ($part_array) {
+         chomp( $part_array->[-1] );  # trim the CRLF that's part of the 
boundary
+         splice @{$part_array}, -1 if ( $part_array->[-1] eq '' ); # blank 
line for the boundary only ...
+       }
diff -Nru spamassassin-3.3.2/debian/patches/series 
spamassassin-3.3.2/debian/patches/series
--- spamassassin-3.3.2/debian/patches/series    2012-06-13 23:03:58.000000000 
-0700
+++ spamassassin-3.3.2/debian/patches/series    2012-08-13 21:35:04.000000000 
-0700
@@ -3,5 +3,6 @@
 30_edit_README
 50_sa-learn_fix_empty_list_handling
 55_disable_nagios_epm
+60_bug_684709
 85_disable_SSLv2
 90_pod_cleanup
diff -Nru spamassassin-3.3.2/debian/rules spamassassin-3.3.2/debian/rules
--- spamassassin-3.3.2/debian/rules     2012-06-14 23:52:38.000000000 -0700
+++ spamassassin-3.3.2/debian/rules     2012-08-01 21:30:09.000000000 -0700
@@ -112,7 +112,8 @@
 
 #      dh_installdocs isn't flexible enough to install all the docs to the 
right place
 #      Do it here!
-       cp debian/copyright debian/GPG.KEY              
debian/spamassassin/usr/share/doc/spamassassin/
+       cp debian/GPG.KEY                               
debian/spamassassin/usr/share/spamassassin/
+       cp debian/copyright                             
debian/spamassassin/usr/share/doc/spamassassin/
        cp debian/spamassassin.README.Debian            
debian/spamassassin/usr/share/doc/spamassassin/README.Debian
        cp CREDITS README TRADEMARK UPGRADE USAGE NOTICE        
debian/spamassassin/usr/share/doc/spamassassin/
        cp ldap/README                                  
debian/spamassassin/usr/share/doc/spamassassin/README.ldap
diff -Nru spamassassin-3.3.2/debian/spamassassin.postinst 
spamassassin-3.3.2/debian/spamassassin.postinst
--- spamassassin-3.3.2/debian/spamassassin.postinst     2012-06-13 
22:58:26.000000000 -0700
+++ spamassassin-3.3.2/debian/spamassassin.postinst     2012-08-11 
10:32:43.000000000 -0700
@@ -16,6 +16,8 @@
         if ! getent passwd debian-spamd > /dev/null ; then
             adduser --system --group --shell /bin/sh --disabled-password \
                 --home /var/lib/spamassassin debian-spamd
+        else
+            mkdir -p /var/lib/spamassassin
         fi
         # Fix permissions of spamassassin; A no-op on new installs, lets 
         # debian-spamd claim ownership of spamassassin updates on upgrades.
@@ -26,7 +28,7 @@
         install -d -o debian-spamd -g debian-spamd -m 700 
/var/lib/spamassassin/sa-update-keys
 
     su debian-spamd -c "sa-update --gpghomedir 
/var/lib/spamassassin/sa-update-keys \
-        --import /usr/share/doc/spamassassin/GPG.KEY"
+        --import /usr/share/spamassassin/GPG.KEY"
 
     sa_compile
 fi

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

On Mon, 2012-08-27 at 22:15 -0700, Noah Meyerhans wrote:
> Please unblock package spamassassin
> 
> spamassassin 3.3.2-4 fixes two r-c packaging bugs and also incorporates
> a fix from upstream that causes spamassassin to fail to properly process
> certain (potentially intentionally) malformed messages. Details of these
> bugs:
> 
> 683431: spamassassin depends on /usr/share/doc/spamassassin/GPG.KEY, in
> violation of policy §12.3.
> 
> 684373: spamassassin doesn't re-create /var/lib/spamassassin upon
> re-install after purge.
> 
> 684709: the last line of malformed MIME messages is ignored

Unblocked; thanks.

Regards,

Adam

--- End Message ---

Bug#686058: marked as done (unblock: spamassassin/3.3.2-4)

Reply via email to