Hello community, here is the log from the commit of package spamassassin for openSUSE:Factory checked in at 2020-02-03 11:26:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/spamassassin (Old) and /work/SRC/openSUSE:Factory/.spamassassin.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "spamassassin" Mon Feb 3 11:26:41 2020 rev:81 rq:768649 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/spamassassin/spamassassin.changes 2019-12-18 14:48:12.593935639 +0100 +++ /work/SRC/openSUSE:Factory/.spamassassin.new.26092/spamassassin.changes 2020-02-03 11:26:42.898137465 +0100 @@ -1,0 +2,17 @@ +Wed Jan 29 19:26:21 UTC 2020 - Arjen de Korte <suse+bu...@de-korte.org> + +- update spamassassin to 3.4.4 + * In this release, there are bug fixes for two CVEs: + CVE-2020-1931 for Nefarious rule configuration (.cf) files can + be configured to run system commands with warnings. + CVE-2020-1930 for Nefarious rule configuration (.cf) files can + be configured to run system commands with sa-compile. + * Improvements to OLEVBMacro + * Fix for CRLF handling with SpamAssMilter & DKIM + * Small fix for a regexp to provide Perl 5.8.x compatability again + * Increased fns_extrachars default value to 50 + * Fixed nosubject and maxhits tflags when sa-compile is used + * Limited the Bayes parsed token count + * Improvements to whitespace trimming + +------------------------------------------------------------------- Old: ---- Mail-SpamAssassin-3.4.3.tar.bz2 Mail-SpamAssassin-3.4.3.tar.bz2.asc Mail-SpamAssassin-rules-3.4.3.r1871124.tgz Mail-SpamAssassin-rules-3.4.3.r1871124.tgz.asc New: ---- Mail-SpamAssassin-3.4.4.tar.bz2 Mail-SpamAssassin-3.4.4.tar.bz2.asc Mail-SpamAssassin-rules-3.4.4.r1873061.tgz Mail-SpamAssassin-rules-3.4.4.r1873061.tgz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ spamassassin.spec ++++++ --- /var/tmp/diff_new_pack.MNENPD/_old 2020-02-03 11:26:44.254137523 +0100 +++ /var/tmp/diff_new_pack.MNENPD/_new 2020-02-03 11:26:44.258137523 +0100 @@ -1,7 +1,7 @@ # # spec file for package spamassassin # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,9 +23,9 @@ %define ix_version 2.05 %define spd_version 2.53 -%define sa_version 3.4.3 +%define sa_version 3.4.4 %define sa_float %(echo %{sa_version} | awk -F. '{ printf "%d.%03d%03d", $1, $2, $3 }') -%define rules_revision 1871124 +%define rules_revision 1873061 %define IXHASH iXhash2-%{ix_version} %define SPAMPD spampd-%{spd_version} ++++++ Mail-SpamAssassin-3.4.3.tar.bz2 -> Mail-SpamAssassin-3.4.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/CREDITS new/Mail-SpamAssassin-3.4.4/CREDITS --- old/Mail-SpamAssassin-3.4.3/CREDITS 2019-12-11 21:58:05.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/CREDITS 2020-01-25 03:50:58.000000000 +0100 @@ -1,4 +1,4 @@ -Copyright (C) 2018 The Apache Software Foundation +Copyright (C) 2019 The Apache Software Foundation Project Management Committee (PMC): @@ -8,12 +8,14 @@ public contact); we request that the dev list should be used for all non-confidential correspondence. + - Giovanni Bechis - Karsten Bräckelmann - Alex Broens http://www.msf.org/en/donate - Bill Cole - John Hardin - Dave Jones - Adam Katz + - Henrik Krohns - Sidney Markowitz - Mark Martinec - Kevin A. McGrail @@ -22,11 +24,8 @@ Committers: - This list contains committers in alphabetical order (and their Amazon - wishlists). + This list contains committers in alphabetical order - - Giovanni Bechis - - Henrik Krohns - Paul Stead - Merijn van den Kroonenberg - Bryan Vest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/Changes new/Mail-SpamAssassin-3.4.4/Changes --- old/Mail-SpamAssassin-3.4.3/Changes 2019-12-11 21:58:03.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/Changes 2020-01-25 03:50:47.000000000 +0100 @@ -1,4 +1,133 @@ ------------------------------------------------------------------------ +r1873122 | kmcgrail | 2020-01-25 02:04:07 +0000 (Sat, 25 Jan 2020) | 1 +line + + preparing announcement for 3.4.4 +------------------------------------------------------------------------ +r1872966 | kmcgrail | 2020-01-19 00:30:44 +0000 (Sun, 19 Jan 2020) | 1 +line + + Preparing to release 3.4.4 +------------------------------------------------------------------------ +r1872942 | hege | 2020-01-18 08:44:49 +0000 (Sat, 18 Jan 2020) | 2 lines + + Revert DKIM change from Revision 1864870 (Bug 7785) + +------------------------------------------------------------------------ +r1872936 | gbechis | 2020-01-17 23:30:50 +0000 (Fri, 17 Jan 2020) | 2 +lines + + catch some more Microsoft Office encrypted documents + +------------------------------------------------------------------------ +r1872935 | gbechis | 2020-01-17 23:24:35 +0000 (Fri, 17 Jan 2020) | 2 +lines + + make SpamAssassin compatible with Perl 5.8.x again + +------------------------------------------------------------------------ +r1872912 | gbechis | 2020-01-17 10:31:08 +0000 (Fri, 17 Jan 2020) | 2 +lines + + Increase fns_extrachars default value to 50 + +------------------------------------------------------------------------ +r1872864 | hege | 2020-01-16 07:40:02 +0000 (Thu, 16 Jan 2020) | 2 lines + + Add missing is_admin to (raw)body_part_scan_size + +------------------------------------------------------------------------ +r1872863 | hege | 2020-01-16 07:31:23 +0000 (Thu, 16 Jan 2020) | 2 lines + + Sync CREDITS from trunk + +------------------------------------------------------------------------ +r1872862 | hege | 2020-01-16 07:17:34 +0000 (Thu, 16 Jan 2020) | 2 lines + + Check priority values + +------------------------------------------------------------------------ +r1872861 | hege | 2020-01-16 07:14:23 +0000 (Thu, 16 Jan 2020) | 2 lines + + Use compiled patterns + +------------------------------------------------------------------------ +r1872800 | kmcgrail | 2020-01-15 02:29:58 +0000 (Wed, 15 Jan 2020) | 1 +line + + FromNameSpoof.pm requires 5.10.1+ so clarifying the docs on 3.4 EOL +branch +------------------------------------------------------------------------ +r1872785 | hege | 2020-01-14 15:59:37 +0000 (Tue, 14 Jan 2020) | 2 lines + + Improve SUBJ_ALL_CAPS + +------------------------------------------------------------------------ +r1872772 | hege | 2020-01-14 11:55:35 +0000 (Tue, 14 Jan 2020) | 2 lines + + Fix nosubject and maxhits tflags when sa-compile is used + +------------------------------------------------------------------------ +r1872755 | hege | 2020-01-14 06:12:47 +0000 (Tue, 14 Jan 2020) | 2 lines + + Fix debug test + +------------------------------------------------------------------------ +r1871709 | hege | 2019-12-17 21:42:32 +0000 (Tue, 17 Dec 2019) | 2 lines + + Don't canonicalize stuff like #abcdef ?foobar /image.gif as http:// + +------------------------------------------------------------------------ +r1871708 | hege | 2019-12-17 20:40:03 +0000 (Tue, 17 Dec 2019) | 2 lines + + Bug 7776 - Limit Bayes parsed token count + +------------------------------------------------------------------------ +r1871698 | hege | 2019-12-17 14:28:28 +0000 (Tue, 17 Dec 2019) | 2 lines + + Trim whitespace properly + +------------------------------------------------------------------------ +r1871697 | hege | 2019-12-17 14:10:37 +0000 (Tue, 17 Dec 2019) | 2 lines + + Bug 7778 - T_KAM_HTML_FONT_INVALID false positive for "inherit" + +------------------------------------------------------------------------ +r1871204 | kmcgrail | 2019-12-11 22:44:50 +0000 (Wed, 11 Dec 2019) | 1 +line + + more tweaks to build process for clarity and syncing 3.4 and trunk +------------------------------------------------------------------------ +r1871200 | kmcgrail | 2019-12-11 22:06:34 +0000 (Wed, 11 Dec 2019) | 1 +line + + Updating Build Docs to be clearer +------------------------------------------------------------------------ +r1871194 | kmcgrail | 2019-12-11 21:17:29 +0000 (Wed, 11 Dec 2019) | 1 +line + + 3.4.3 RELEASED +------------------------------------------------------------------------ +r1871193 | kmcgrail | 2019-12-11 21:14:24 +0000 (Wed, 11 Dec 2019) | 1 +line + + Fixing copyright on CREDITS +------------------------------------------------------------------------ +r1871192 | kmcgrail | 2019-12-11 21:08:12 +0000 (Wed, 11 Dec 2019) | 1 +line + + final 3.4.3 announcement with new hashes +------------------------------------------------------------------------ +r1871189 | kmcgrail | 2019-12-11 20:53:22 +0000 (Wed, 11 Dec 2019) | 1 +line + + Preparing to release 3.4.3 with a few small updates +------------------------------------------------------------------------ +r1871188 | kmcgrail | 2019-12-11 20:45:11 +0000 (Wed, 11 Dec 2019) | 1 +line + + update of the announcement text prepping for 3.4.3 release +------------------------------------------------------------------------ r1871122 | hege | 2019-12-10 07:53:03 +0000 (Tue, 10 Dec 2019) | 2 lines Some missing OLEMacro -> OLEVBMacro renames diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/META.json new/Mail-SpamAssassin-3.4.4/META.json --- old/Mail-SpamAssassin-3.4.3/META.json 2019-12-11 21:58:46.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/META.json 2020-01-25 03:52:43.000000000 +0100 @@ -57,5 +57,5 @@ }, "x_MailingList" : "http://wiki.apache.org/spamassassin/MailingLists" }, - "version" : "3.004003" + "version" : "3.004004" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/META.yml new/Mail-SpamAssassin-3.4.4/META.yml --- old/Mail-SpamAssassin-3.4.3/META.yml 2019-12-11 21:58:46.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/META.yml 2020-01-25 03:52:43.000000000 +0100 @@ -36,4 +36,4 @@ license: http://www.apache.org/licenses/LICENSE-2.0.html repository: http://svn.apache.org/repos/asf/spamassassin/ x_MailingList: http://wiki.apache.org/spamassassin/MailingLists -version: 3.004003 +version: 3.004004 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/UPGRADE new/Mail-SpamAssassin-3.4.4/UPGRADE --- old/Mail-SpamAssassin-3.4.3/UPGRADE 2019-12-11 21:58:04.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/UPGRADE 2020-01-25 03:50:58.000000000 +0100 @@ -1,3 +1,11 @@ + +Note for Users Upgrading to SpamAssassin 3.4.4 +---------------------------------------------- + +- FromNameSpoof: fns_extrachars parameter default value has been increased to 50 + +- nosubject and maxhits tflags now work correctly with sa-compile + Note for Users Upgrading to SpamAssassin 3.4.3 ---------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Conf.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Conf.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Conf.pm 2019-12-11 21:58:04.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Conf.pm 2020-01-25 03:50:48.000000000 +0100 @@ -1254,6 +1254,7 @@ push (@cmds, { setting => 'body_part_scan_size', + is_admin => 1, default => 50000, type => $CONF_TYPE_NUMERIC, }); @@ -1267,6 +1268,7 @@ push (@cmds, { setting => 'rawbody_part_scan_size', + is_admin => 1, default => 500000, type => $CONF_TYPE_NUMERIC, }); @@ -3496,6 +3498,20 @@ setting => 'priority', is_priv => 1, type => $CONF_TYPE_HASH_KEY_VALUE, + code => sub { + my ($self, $key, $value, $line) = @_; + my ($rulename, $priority) = split(/\s+/, $value, 2); + unless (defined $priority) { + return $MISSING_REQUIRED_VALUE; + } + unless ($rulename =~ IS_RULENAME) { + return $INVALID_VALUE; + } + unless ($priority =~ /^-?\d+$/) { + return $INVALID_VALUE; + } + $self->{priority}->{$rulename} = $priority; + } }); =back diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/HTML.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/HTML.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/HTML.pm 2019-12-11 21:58:04.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/HTML.pm 2020-01-25 03:50:48.000000000 +0100 @@ -509,7 +509,7 @@ $new{style} = $attr->{style}; my @parts = split(/;/, $new{style}); foreach (@parts) { - if (/^\s*(background-)?color:\s*(.+)\s*$/i) { + if (/^\s*(background-)?color:\s*(.+?)\s*$/i) { my $whcolor = $1 ? 'bgcolor' : 'fgcolor'; my $value = lc $2; @@ -520,6 +520,10 @@ map { !$_ ? 0 : $_ > 255 ? 255 : $_ } @rgb[0..2]); } + elsif ($value eq 'inherit') { + # do nothing, just prevent parsing of the valid + # CSS3 property value as 'invalid color' (Bug 7778) + } else { $new{$whcolor} = name_to_rgb($value); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/Bayes.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/Bayes.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/Bayes.pm 2019-12-11 21:58:03.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/Bayes.pm 2020-01-25 03:50:47.000000000 +0100 @@ -1054,36 +1054,42 @@ my ($self, $msg, $msgdata) = @_; my $t_src = $self->{conf}->{bayes_token_sources}; - my @tokens; # visible tokens from the body + my @tokens_body; if ($msgdata->{bayes_token_body}) { - my(@t) = map($self->_tokenize_line ($_, '', 1), - @{$msgdata->{bayes_token_body}} ); - dbg("bayes: tokenized body: %d tokens", scalar @t); - push(@tokens, @t); + foreach (@{$msgdata->{bayes_token_body}}) { + push(@tokens_body, $self->_tokenize_line ($_, '', 1)); + last if scalar @tokens_body >= 50000; + } + dbg("bayes: tokenized body: %d tokens", scalar @tokens_body); } # the URI list + my @tokens_uri; if ($msgdata->{bayes_token_uris}) { - my(@t) = map($self->_tokenize_line ($_, '', 2), - @{$msgdata->{bayes_token_uris}} ); - dbg("bayes: tokenized uri: %d tokens", scalar @t); - push(@tokens, @t); + foreach (@{$msgdata->{bayes_token_uris}}) { + push(@tokens_uri, $self->_tokenize_line ($_, '', 2)); + last if scalar @tokens_uri >= 10000; + } + dbg("bayes: tokenized uri: %d tokens", scalar @tokens_uri); } # add invisible tokens + my @tokens_inviz; if ($msgdata->{bayes_token_inviz}) { my $tokprefix; if (ADD_INVIZ_TOKENS_I_PREFIX) { $tokprefix = 'I*:' } if (ADD_INVIZ_TOKENS_NO_PREFIX) { $tokprefix = '' } if (defined $tokprefix) { - my(@t) = map($self->_tokenize_line ($_, $tokprefix, 1), - @{$msgdata->{bayes_token_inviz}} ); - dbg("bayes: tokenized invisible: %d tokens", scalar @t); - push(@tokens, @t); + foreach (@{$msgdata->{bayes_token_inviz}}) { + push(@tokens_inviz, $self->_tokenize_line ($_, $tokprefix, 1)); + last if scalar @tokens_inviz >= 50000; + } } + dbg("bayes: tokenized invisible: %d tokens", scalar @tokens_inviz); } # add digests and Content-Type of all MIME parts + my @tokens_mimepart; if ($msgdata->{bayes_mimepart_digests}) { my %shorthand = ( # some frequent MIME part contents for human readability 'da39a3ee5e6b4b0d3255bfef95601890afd80709:text/plain'=> 'Empty-Plaintext', @@ -1094,29 +1100,30 @@ '71853c6197a6a7f222db0f1978c7cb232b87c5ee:text/plain'=> 'TwoNL-Plaintext', '71853c6197a6a7f222db0f1978c7cb232b87c5ee:text/html' => 'TwoNL-HTML', ); - my(@t) = map('MIME:' . ($shorthand{$_} || $_), + @tokens_mimepart = map('MIME:' . ($shorthand{$_} || $_), @{ $msgdata->{bayes_mimepart_digests} }); - dbg("bayes: tokenized mime parts: %d tokens", scalar @t); - dbg("bayes: mime-part token %s", $_) for @t; - push(@tokens, @t); + dbg("bayes: tokenized mime parts: %d tokens", scalar @tokens_mimepart); + dbg("bayes: mime-part token %s", $_) for @tokens_mimepart; } # Tokenize the headers + my @tokens_header; if ($t_src->{header}) { - my(@t); my %hdrs = $self->_tokenize_headers ($msg); while( my($prefix, $value) = each %hdrs ) { - push(@t, $self->_tokenize_line ($value, "H$prefix:", 0)); + push(@tokens_header, $self->_tokenize_line ($value, "H$prefix:", 0)); + last if scalar @tokens_header >= 10000; } - dbg("bayes: tokenized header: %d tokens", scalar @t); - push(@tokens, @t); + dbg("bayes: tokenized header: %d tokens", scalar @tokens_header); } # Go ahead and uniq the array, skip null tokens (can happen sometimes) # generate an SHA1 hash and take the lower 40 bits as our token my %tokens; - foreach my $token (@tokens) { - # dbg("bayes: token: %s", $token); + foreach my $token + (@tokens_body, @tokens_uri, @tokens_inviz, @tokens_mimepart, @tokens_header) + { + # dbg("bayes: token: %s", $token); $tokens{substr(sha1($token), -5)} = $token if $token ne ''; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/DKIM.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/DKIM.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/DKIM.pm 2019-12-11 21:58:03.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/DKIM.pm 2020-01-25 03:50:47.000000000 +0100 @@ -831,16 +831,8 @@ # unless we use \015\012 instead of \r\n eval { my $str = $pms->{msg}->get_pristine(); - if ($pms->{msg}->{line_ending} eq "\015\012") { - # message already CRLF, just feed it - $verifier->PRINT($str); - } else { - # feeding large chunk to Mail::DKIM is _much_ faster than line-by-line - my $str2 = $str; # make a copy, sigh - $str2 =~ s/\012/\015\012/gs; # LF -> CRLF - $verifier->PRINT($str2); - undef $str2; - } + $str =~ s/\r?\n/\015\012/sg; # ensure \015\012 ending + $verifier->PRINT($str); 1; } or do { # intercept die() exceptions and render safe my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm 2019-12-11 21:58:03.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm 2020-01-25 03:50:47.000000000 +0100 @@ -55,7 +55,7 @@ FromNameSpoof allows for a configurable closeness when matching the From:addr and From:name, the closeness can be adjusted with: - fns_extrachars 5 + fns_extrachars 50 B<Note> that FromNameSpoof detects the "owner" of a domain by the following search: @@ -193,7 +193,7 @@ push(@cmds, { setting => 'fns_extrachars', - default => 5, + default => 50, type => $Mail::SpamAssassin::Conf::CONF_TYPE_NUMERIC, }); @@ -262,7 +262,9 @@ my ($self, $pms, $check_lvl) = @_; $self->_check_fromnamespoof($pms); - $check_lvl //= $pms->{conf}->{fns_check}; + if ( not defined $check_lvl ) { + $check_lvl = $pms->{conf}->{fns_check}; + } my @array = ( ($pms->{fromname_address_different}) , @@ -348,7 +350,7 @@ $fnd{'addr'} = $pms->get("From:name"); - if ($fnd{'addr'} =~ /\b([\w\.\!\#\$\%\&\'\*\+\/\=\?\^\_\`\{\|\}\~\-]+@[\w\-\.]+\.[\w\-\.]++)\b/i) { + if ($fnd{'addr'} =~ /\b((?>[\w\.\!\#\$\%\&\'\*\+\/\=\?\^\_\`\{\|\}\~\-]+@[\w\-\.]+\.[\w\-\.]+))\b/i) { my $nochar = ($fnd{'addr'} =~ y/A-Za-z0-9//c); $nochar -= ($1 =~ y/A-Za-z0-9//c); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/HeaderEval.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/HeaderEval.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/HeaderEval.pm 2019-12-11 21:58:03.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/HeaderEval.pm 2020-01-25 03:50:47.000000000 +0100 @@ -922,7 +922,7 @@ $subject =~ s/^\s+//; $subject =~ s/\s+$//; - $subject =~ s/^(?:(?:Re|Fwd|Fw|Aw|Antwort|Sv|VS):\s*)+//i; # Bug 6805 + $subject =~ s/^(?:(?:Re|Fwd|Fw|Aw|Antwort|WG|SV|VB|VS|VL):\s*)+//i; # Bug 6805 return 0 if $subject !~ /\s/; # don't match one word subjects return 0 if (length $subject < 10); # don't match short subjects $subject =~ s/[^a-zA-Z]//g; # only look at letters diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm 2019-12-11 21:58:03.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm 2020-01-25 03:50:47.000000000 +0100 @@ -95,6 +95,8 @@ my $marker3 = "\x5c\x6f\x62\x6a\x65\x6d\x62"; my $marker4 = "\x5c\x6f\x62\x6a\x64\x61\x74"; my $marker5 = "\x5c\x20\x6f\x62\x6a\x64\x61\x74"; +# Excel .xlsx encrypted package, thanks to Dan Bagwell for the sample +my $encrypted_marker = "\x45\x00\x6e\x00\x63\x00\x72\x00\x79\x00\x70\x00\x74\x00\x65\x00\x64\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x61\x00\x67\x00\x65"; # this code burps an ugly message if it fails, but that's redirected elsewhere # AZ_OK is a constant exported by Archive::Zip @@ -838,6 +840,9 @@ if (index($tdata, "E n c r y p t e d P a c k a g e") > -1) { return 1; } + if (index($tdata, $encrypted_marker) > -1) { + return 1; + } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm 2019-12-11 21:58:03.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm 2020-01-25 03:50:47.000000000 +0100 @@ -89,29 +89,39 @@ loop_body => sub { my ($self, $pms, $conf, $rulename, $pat, %opts) = @_; - $pat = untaint_var($pat); - my $sub; + my $sub = ' + my ($self, $line) = @_; + my $qrptr = $self->{main}->{conf}->{test_qrs}; + '; if (($conf->{tflags}->{$rulename}||'') =~ /\bmultiple\b/) { + # support multiple matches + my ($max) = $conf->{tflags}->{$rulename} =~ /\bmaxhits=(\d+)\b/; + $max = untaint_var($max); + if ($max) { + $sub .= ' + if (exists $self->{tests_already_hit}->{q{'.$rulename.'}}) { + return 0 if $self->{tests_already_hit}->{q{'.$rulename.'}} >= '.$max.'; + } + '; + } # avoid [perl #86784] bug (fixed in 5.13.x), access the arg through ref - $sub = ' - my $lref = \$_[1]; + $sub .= ' + my $lref = \$line; pos $$lref = 0; '.$self->hash_line_for_rule($pms, $rulename).' - while ($$lref =~ '.$pat.'g) { - my $self = $_[0]; + while ($$lref =~ /$qrptr->{q{'.$rulename.'}}/go) { $self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body"); - '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", - "return 1") . ' + '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", "") . ' + '. ($max? 'last if $self->{tests_already_hit}->{q{'.$rulename.'}} >= '.$max.';' : '') . ' } '; } else { - $sub = ' + $sub .= ' '.$self->hash_line_for_rule($pms, $rulename).' - if ($_[1] =~ '.$pat.') { - my $self = $_[0]; + if ($line =~ /$qrptr->{q{'.$rulename.'}}/o) { $self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body"); '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", "return 1") . ' } @@ -122,7 +132,7 @@ return if ($opts{doing_user_rules} && !$self->is_user_rule_sub($rulename.'_one_line_body_test')); - $self->add_temporary_method ($rulename.'_one_line_body_test', '{'.$sub.'}'); + $self->add_temporary_method ($rulename.'_one_line_body_test', $sub); }, pre_loop_body => sub { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm 2019-12-11 21:58:03.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm 2020-01-25 03:50:47.000000000 +0100 @@ -219,8 +219,11 @@ { no strict "refs"; + my $lineidx; foreach my $line (@{$params->{lines}}) { + $lineidx++; + # unfortunately, calling lc() here seems to be the fastest # way to support this and still work with UTF-8 ok my $results = &{$modname.'::scan'}(lc $line); @@ -238,6 +241,11 @@ # ignore 0-scored rules, of course next unless $scoresptr->{$rulename}; + # skip first line if nosubject tflag + if ($lineidx == 1 && ($conf->{tflags}->{$rulename}||'') =~ /\bnosubject\b/) { + next; + } + # non-lossy rules; the re2c version matches exactly what # the perl regexp matches, so we don't need to perform # a validation match to follow up; it's a hit! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Util.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Util.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Util.pm 2019-12-11 21:58:04.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Util.pm 2020-01-25 03:50:48.000000000 +0100 @@ -1327,6 +1327,10 @@ # CRs just confuse things down below, so trash them now $uri =~ s/\r//g; + # Skip some common non-http stuff like #abcdef, ?foobar, + # /image.gif (but not //foo.com which actually does http) + next if length($uri) <= 1 || $uri =~ m{^(?:[#?&]|/(?!/))}; + # Make a copy so we don't trash the original in the array my $nuri = $uri; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin.pm new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin.pm --- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin.pm 2019-12-11 21:58:04.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin.pm 2020-01-25 03:50:47.000000000 +0100 @@ -87,7 +87,7 @@ use Cwd; use Config; -our $VERSION = "3.004003"; # update after release (same format as perl $]) +our $VERSION = "3.004004"; # update after release (same format as perl $]) #our $IS_DEVEL_BUILD = 1; # 1 for devel build our $IS_DEVEL_BUILD = 0; # 0 for release versions including rc & pre releases @@ -101,18 +101,18 @@ # SUB_VERSION is now just <yyyy>-<mm>-<dd> our $SUB_VERSION = 'svnunknown'; -if ('$LastChangedDate: 2019-12-06 18:58:14 -0500 (Fri, 06 Dec 2019) $' =~ ':') { - # Subversion keyword "$LastChangedDate: 2019-12-06 18:58:14 -0500 (Fri, 06 Dec 2019) $" has been successfully expanded. +if ('$LastChangedDate: 2020-01-24 21:49:19 -0500 (Fri, 24 Jan 2020) $' =~ ':') { + # Subversion keyword "$LastChangedDate: 2020-01-24 21:49:19 -0500 (Fri, 24 Jan 2020) $" has been successfully expanded. # Doesn't happen with automated launchpad builds: # https://bugs.launchpad.net/launchpad/+bug/780916 - $SUB_VERSION = (split(/\s+/,'$LastChangedDate: 2019-12-06 18:58:14 -0500 (Fri, 06 Dec 2019) $ updated by SVN'))[1]; + $SUB_VERSION = (split(/\s+/,'$LastChangedDate: 2020-01-24 21:49:19 -0500 (Fri, 24 Jan 2020) $ updated by SVN'))[1]; } if (defined $IS_DEVEL_BUILD && $IS_DEVEL_BUILD) { - if ('$LastChangedRevision: 1870940 $' =~ ':') { - # Subversion keyword "$LastChangedRevision: 1870940 $" has been successfully expanded. - push(@EXTRA_VERSION, ('r' . qw{$LastChangedRevision: 1870940 $ updated by SVN}[1])); + if ('$LastChangedRevision: 1873123 $' =~ ':') { + # Subversion keyword "$LastChangedRevision: 1873123 $" has been successfully expanded. + push(@EXTRA_VERSION, ('r' . qw{$LastChangedRevision: 1873123 $ updated by SVN}[1])); } else { push(@EXTRA_VERSION, ('r' . 'svnunknown')); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/t/debug.t new/Mail-SpamAssassin-3.4.4/t/debug.t --- old/Mail-SpamAssassin-3.4.3/t/debug.t 2019-12-11 21:58:04.000000000 +0100 +++ new/Mail-SpamAssassin-3.4.4/t/debug.t 2020-01-25 03:50:58.000000000 +0100 @@ -29,7 +29,7 @@ my %facility = map( ($_, 1), qw( accessdb archive-iterator async auto-whitelist bayes check config daemon dcc dkim askdns dns eval generic https_http_mismatch facility FreeMail - hashcash ident ignore info ldap learn locker log logger markup + hashcash ident ignore info ldap learn locker log logger markup HashBL message metadata mimeheader netset plugin prefork progress pyzor razor2 received-header replacetags reporter rules rules-all spamd spf textcat timing TxRep uri uridnsbl util pdfinfo asn )); ++++++ Mail-SpamAssassin-rules-3.4.3.r1871124.tgz -> Mail-SpamAssassin-rules-3.4.4.r1873061.tgz ++++++ ++++ 2061 lines of diff (skipped)