Hello community,
here is the log from the commit of package spamassassin for openSUSE:Factory
checked in at 2020-02-03 11:26:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/spamassassin (Old)
and /work/SRC/openSUSE:Factory/.spamassassin.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "spamassassin"
Mon Feb 3 11:26:41 2020 rev:81 rq:768649 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/spamassassin/spamassassin.changes
2019-12-18 14:48:12.593935639 +0100
+++ /work/SRC/openSUSE:Factory/.spamassassin.new.26092/spamassassin.changes
2020-02-03 11:26:42.898137465 +0100
@@ -1,0 +2,17 @@
+Wed Jan 29 19:26:21 UTC 2020 - Arjen de Korte <suse+bu...@de-korte.org>
+
+- update spamassassin to 3.4.4
+ * In this release, there are bug fixes for two CVEs:
+ CVE-2020-1931 for Nefarious rule configuration (.cf) files can
+ be configured to run system commands with warnings.
+ CVE-2020-1930 for Nefarious rule configuration (.cf) files can
+ be configured to run system commands with sa-compile.
+ * Improvements to OLEVBMacro
+ * Fix for CRLF handling with SpamAssMilter & DKIM
+ * Small fix for a regexp to provide Perl 5.8.x compatability again
+ * Increased fns_extrachars default value to 50
+ * Fixed nosubject and maxhits tflags when sa-compile is used
+ * Limited the Bayes parsed token count
+ * Improvements to whitespace trimming
+
+-------------------------------------------------------------------
Old:
----
Mail-SpamAssassin-3.4.3.tar.bz2
Mail-SpamAssassin-3.4.3.tar.bz2.asc
Mail-SpamAssassin-rules-3.4.3.r1871124.tgz
Mail-SpamAssassin-rules-3.4.3.r1871124.tgz.asc
New:
----
Mail-SpamAssassin-3.4.4.tar.bz2
Mail-SpamAssassin-3.4.4.tar.bz2.asc
Mail-SpamAssassin-rules-3.4.4.r1873061.tgz
Mail-SpamAssassin-rules-3.4.4.r1873061.tgz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ spamassassin.spec ++++++
--- /var/tmp/diff_new_pack.MNENPD/_old 2020-02-03 11:26:44.254137523 +0100
+++ /var/tmp/diff_new_pack.MNENPD/_new 2020-02-03 11:26:44.258137523 +0100
@@ -1,7 +1,7 @@
#
# spec file for package spamassassin
#
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,9 +23,9 @@
%define ix_version 2.05
%define spd_version 2.53
-%define sa_version 3.4.3
+%define sa_version 3.4.4
%define sa_float %(echo %{sa_version} | awk -F. '{ printf "%d.%03d%03d", $1,
$2, $3 }')
-%define rules_revision 1871124
+%define rules_revision 1873061
%define IXHASH iXhash2-%{ix_version}
%define SPAMPD spampd-%{spd_version}
++++++ Mail-SpamAssassin-3.4.3.tar.bz2 -> Mail-SpamAssassin-3.4.4.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/CREDITS
new/Mail-SpamAssassin-3.4.4/CREDITS
--- old/Mail-SpamAssassin-3.4.3/CREDITS 2019-12-11 21:58:05.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/CREDITS 2020-01-25 03:50:58.000000000 +0100
@@ -1,4 +1,4 @@
-Copyright (C) 2018 The Apache Software Foundation
+Copyright (C) 2019 The Apache Software Foundation
Project Management Committee (PMC):
@@ -8,12 +8,14 @@
public contact); we request that the dev list should be used for all
non-confidential correspondence.
+ - Giovanni Bechis
- Karsten Bräckelmann
- Alex Broens http://www.msf.org/en/donate
- Bill Cole
- John Hardin
- Dave Jones
- Adam Katz
+ - Henrik Krohns
- Sidney Markowitz
- Mark Martinec
- Kevin A. McGrail
@@ -22,11 +24,8 @@
Committers:
- This list contains committers in alphabetical order (and their Amazon
- wishlists).
+ This list contains committers in alphabetical order
- - Giovanni Bechis
- - Henrik Krohns
- Paul Stead
- Merijn van den Kroonenberg
- Bryan Vest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/Changes
new/Mail-SpamAssassin-3.4.4/Changes
--- old/Mail-SpamAssassin-3.4.3/Changes 2019-12-11 21:58:03.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/Changes 2020-01-25 03:50:47.000000000 +0100
@@ -1,4 +1,133 @@
------------------------------------------------------------------------
+r1873122 | kmcgrail | 2020-01-25 02:04:07 +0000 (Sat, 25 Jan 2020) | 1
+line
+
+ preparing announcement for 3.4.4
+------------------------------------------------------------------------
+r1872966 | kmcgrail | 2020-01-19 00:30:44 +0000 (Sun, 19 Jan 2020) | 1
+line
+
+ Preparing to release 3.4.4
+------------------------------------------------------------------------
+r1872942 | hege | 2020-01-18 08:44:49 +0000 (Sat, 18 Jan 2020) | 2 lines
+
+ Revert DKIM change from Revision 1864870 (Bug 7785)
+
+------------------------------------------------------------------------
+r1872936 | gbechis | 2020-01-17 23:30:50 +0000 (Fri, 17 Jan 2020) | 2
+lines
+
+ catch some more Microsoft Office encrypted documents
+
+------------------------------------------------------------------------
+r1872935 | gbechis | 2020-01-17 23:24:35 +0000 (Fri, 17 Jan 2020) | 2
+lines
+
+ make SpamAssassin compatible with Perl 5.8.x again
+
+------------------------------------------------------------------------
+r1872912 | gbechis | 2020-01-17 10:31:08 +0000 (Fri, 17 Jan 2020) | 2
+lines
+
+ Increase fns_extrachars default value to 50
+
+------------------------------------------------------------------------
+r1872864 | hege | 2020-01-16 07:40:02 +0000 (Thu, 16 Jan 2020) | 2 lines
+
+ Add missing is_admin to (raw)body_part_scan_size
+
+------------------------------------------------------------------------
+r1872863 | hege | 2020-01-16 07:31:23 +0000 (Thu, 16 Jan 2020) | 2 lines
+
+ Sync CREDITS from trunk
+
+------------------------------------------------------------------------
+r1872862 | hege | 2020-01-16 07:17:34 +0000 (Thu, 16 Jan 2020) | 2 lines
+
+ Check priority values
+
+------------------------------------------------------------------------
+r1872861 | hege | 2020-01-16 07:14:23 +0000 (Thu, 16 Jan 2020) | 2 lines
+
+ Use compiled patterns
+
+------------------------------------------------------------------------
+r1872800 | kmcgrail | 2020-01-15 02:29:58 +0000 (Wed, 15 Jan 2020) | 1
+line
+
+ FromNameSpoof.pm requires 5.10.1+ so clarifying the docs on 3.4 EOL
+branch
+------------------------------------------------------------------------
+r1872785 | hege | 2020-01-14 15:59:37 +0000 (Tue, 14 Jan 2020) | 2 lines
+
+ Improve SUBJ_ALL_CAPS
+
+------------------------------------------------------------------------
+r1872772 | hege | 2020-01-14 11:55:35 +0000 (Tue, 14 Jan 2020) | 2 lines
+
+ Fix nosubject and maxhits tflags when sa-compile is used
+
+------------------------------------------------------------------------
+r1872755 | hege | 2020-01-14 06:12:47 +0000 (Tue, 14 Jan 2020) | 2 lines
+
+ Fix debug test
+
+------------------------------------------------------------------------
+r1871709 | hege | 2019-12-17 21:42:32 +0000 (Tue, 17 Dec 2019) | 2 lines
+
+ Don't canonicalize stuff like #abcdef ?foobar /image.gif as http://
+
+------------------------------------------------------------------------
+r1871708 | hege | 2019-12-17 20:40:03 +0000 (Tue, 17 Dec 2019) | 2 lines
+
+ Bug 7776 - Limit Bayes parsed token count
+
+------------------------------------------------------------------------
+r1871698 | hege | 2019-12-17 14:28:28 +0000 (Tue, 17 Dec 2019) | 2 lines
+
+ Trim whitespace properly
+
+------------------------------------------------------------------------
+r1871697 | hege | 2019-12-17 14:10:37 +0000 (Tue, 17 Dec 2019) | 2 lines
+
+ Bug 7778 - T_KAM_HTML_FONT_INVALID false positive for "inherit"
+
+------------------------------------------------------------------------
+r1871204 | kmcgrail | 2019-12-11 22:44:50 +0000 (Wed, 11 Dec 2019) | 1
+line
+
+ more tweaks to build process for clarity and syncing 3.4 and trunk
+------------------------------------------------------------------------
+r1871200 | kmcgrail | 2019-12-11 22:06:34 +0000 (Wed, 11 Dec 2019) | 1
+line
+
+ Updating Build Docs to be clearer
+------------------------------------------------------------------------
+r1871194 | kmcgrail | 2019-12-11 21:17:29 +0000 (Wed, 11 Dec 2019) | 1
+line
+
+ 3.4.3 RELEASED
+------------------------------------------------------------------------
+r1871193 | kmcgrail | 2019-12-11 21:14:24 +0000 (Wed, 11 Dec 2019) | 1
+line
+
+ Fixing copyright on CREDITS
+------------------------------------------------------------------------
+r1871192 | kmcgrail | 2019-12-11 21:08:12 +0000 (Wed, 11 Dec 2019) | 1
+line
+
+ final 3.4.3 announcement with new hashes
+------------------------------------------------------------------------
+r1871189 | kmcgrail | 2019-12-11 20:53:22 +0000 (Wed, 11 Dec 2019) | 1
+line
+
+ Preparing to release 3.4.3 with a few small updates
+------------------------------------------------------------------------
+r1871188 | kmcgrail | 2019-12-11 20:45:11 +0000 (Wed, 11 Dec 2019) | 1
+line
+
+ update of the announcement text prepping for 3.4.3 release
+------------------------------------------------------------------------
r1871122 | hege | 2019-12-10 07:53:03 +0000 (Tue, 10 Dec 2019) | 2 lines
Some missing OLEMacro -> OLEVBMacro renames
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/META.json
new/Mail-SpamAssassin-3.4.4/META.json
--- old/Mail-SpamAssassin-3.4.3/META.json 2019-12-11 21:58:46.000000000
+0100
+++ new/Mail-SpamAssassin-3.4.4/META.json 2020-01-25 03:52:43.000000000
+0100
@@ -57,5 +57,5 @@
},
"x_MailingList" : "http://wiki.apache.org/spamassassin/MailingLists";
},
- "version" : "3.004003"
+ "version" : "3.004004"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/META.yml
new/Mail-SpamAssassin-3.4.4/META.yml
--- old/Mail-SpamAssassin-3.4.3/META.yml 2019-12-11 21:58:46.000000000
+0100
+++ new/Mail-SpamAssassin-3.4.4/META.yml 2020-01-25 03:52:43.000000000
+0100
@@ -36,4 +36,4 @@
license: http://www.apache.org/licenses/LICENSE-2.0.html
repository: http://svn.apache.org/repos/asf/spamassassin/
x_MailingList: http://wiki.apache.org/spamassassin/MailingLists
-version: 3.004003
+version: 3.004004
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/UPGRADE
new/Mail-SpamAssassin-3.4.4/UPGRADE
--- old/Mail-SpamAssassin-3.4.3/UPGRADE 2019-12-11 21:58:04.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/UPGRADE 2020-01-25 03:50:58.000000000 +0100
@@ -1,3 +1,11 @@
+
+Note for Users Upgrading to SpamAssassin 3.4.4
+----------------------------------------------
+
+- FromNameSpoof: fns_extrachars parameter default value has been increased to
50
+
+- nosubject and maxhits tflags now work correctly with sa-compile
+
Note for Users Upgrading to SpamAssassin 3.4.3
----------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Conf.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Conf.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Conf.pm 2019-12-11
21:58:04.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Conf.pm 2020-01-25
03:50:48.000000000 +0100
@@ -1254,6 +1254,7 @@
push (@cmds, {
setting => 'body_part_scan_size',
+ is_admin => 1,
default => 50000,
type => $CONF_TYPE_NUMERIC,
});
@@ -1267,6 +1268,7 @@
push (@cmds, {
setting => 'rawbody_part_scan_size',
+ is_admin => 1,
default => 500000,
type => $CONF_TYPE_NUMERIC,
});
@@ -3496,6 +3498,20 @@
setting => 'priority',
is_priv => 1,
type => $CONF_TYPE_HASH_KEY_VALUE,
+ code => sub {
+ my ($self, $key, $value, $line) = @_;
+ my ($rulename, $priority) = split(/\s+/, $value, 2);
+ unless (defined $priority) {
+ return $MISSING_REQUIRED_VALUE;
+ }
+ unless ($rulename =~ IS_RULENAME) {
+ return $INVALID_VALUE;
+ }
+ unless ($priority =~ /^-?\d+$/) {
+ return $INVALID_VALUE;
+ }
+ $self->{priority}->{$rulename} = $priority;
+ }
});
=back
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/HTML.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/HTML.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/HTML.pm 2019-12-11
21:58:04.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/HTML.pm 2020-01-25
03:50:48.000000000 +0100
@@ -509,7 +509,7 @@
$new{style} = $attr->{style};
my @parts = split(/;/, $new{style});
foreach (@parts) {
- if (/^\s*(background-)?color:\s*(.+)\s*$/i) {
+ if (/^\s*(background-)?color:\s*(.+?)\s*$/i) {
my $whcolor = $1 ? 'bgcolor' : 'fgcolor';
my $value = lc $2;
@@ -520,6 +520,10 @@
map { !$_ ? 0 : $_ > 255 ? 255 : $_ }
@rgb[0..2]);
}
+ elsif ($value eq 'inherit') {
+ # do nothing, just prevent parsing of the valid
+ # CSS3 property value as 'invalid color' (Bug 7778)
+ }
else {
$new{$whcolor} = name_to_rgb($value);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/Bayes.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/Bayes.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/Bayes.pm
2019-12-11 21:58:03.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/Bayes.pm
2020-01-25 03:50:47.000000000 +0100
@@ -1054,36 +1054,42 @@
my ($self, $msg, $msgdata) = @_;
my $t_src = $self->{conf}->{bayes_token_sources};
- my @tokens;
# visible tokens from the body
+ my @tokens_body;
if ($msgdata->{bayes_token_body}) {
- my(@t) = map($self->_tokenize_line ($_, '', 1),
- @{$msgdata->{bayes_token_body}} );
- dbg("bayes: tokenized body: %d tokens", scalar @t);
- push(@tokens, @t);
+ foreach (@{$msgdata->{bayes_token_body}}) {
+ push(@tokens_body, $self->_tokenize_line ($_, '', 1));
+ last if scalar @tokens_body >= 50000;
+ }
+ dbg("bayes: tokenized body: %d tokens", scalar @tokens_body);
}
# the URI list
+ my @tokens_uri;
if ($msgdata->{bayes_token_uris}) {
- my(@t) = map($self->_tokenize_line ($_, '', 2),
- @{$msgdata->{bayes_token_uris}} );
- dbg("bayes: tokenized uri: %d tokens", scalar @t);
- push(@tokens, @t);
+ foreach (@{$msgdata->{bayes_token_uris}}) {
+ push(@tokens_uri, $self->_tokenize_line ($_, '', 2));
+ last if scalar @tokens_uri >= 10000;
+ }
+ dbg("bayes: tokenized uri: %d tokens", scalar @tokens_uri);
}
# add invisible tokens
+ my @tokens_inviz;
if ($msgdata->{bayes_token_inviz}) {
my $tokprefix;
if (ADD_INVIZ_TOKENS_I_PREFIX) { $tokprefix = 'I*:' }
if (ADD_INVIZ_TOKENS_NO_PREFIX) { $tokprefix = '' }
if (defined $tokprefix) {
- my(@t) = map($self->_tokenize_line ($_, $tokprefix, 1),
- @{$msgdata->{bayes_token_inviz}} );
- dbg("bayes: tokenized invisible: %d tokens", scalar @t);
- push(@tokens, @t);
+ foreach (@{$msgdata->{bayes_token_inviz}}) {
+ push(@tokens_inviz, $self->_tokenize_line ($_, $tokprefix, 1));
+ last if scalar @tokens_inviz >= 50000;
+ }
}
+ dbg("bayes: tokenized invisible: %d tokens", scalar @tokens_inviz);
}
# add digests and Content-Type of all MIME parts
+ my @tokens_mimepart;
if ($msgdata->{bayes_mimepart_digests}) {
my %shorthand = ( # some frequent MIME part contents for human readability
'da39a3ee5e6b4b0d3255bfef95601890afd80709:text/plain'=> 'Empty-Plaintext',
@@ -1094,29 +1100,30 @@
'71853c6197a6a7f222db0f1978c7cb232b87c5ee:text/plain'=> 'TwoNL-Plaintext',
'71853c6197a6a7f222db0f1978c7cb232b87c5ee:text/html' => 'TwoNL-HTML',
);
- my(@t) = map('MIME:' . ($shorthand{$_} || $_),
+ @tokens_mimepart = map('MIME:' . ($shorthand{$_} || $_),
@{ $msgdata->{bayes_mimepart_digests} });
- dbg("bayes: tokenized mime parts: %d tokens", scalar @t);
- dbg("bayes: mime-part token %s", $_) for @t;
- push(@tokens, @t);
+ dbg("bayes: tokenized mime parts: %d tokens", scalar @tokens_mimepart);
+ dbg("bayes: mime-part token %s", $_) for @tokens_mimepart;
}
# Tokenize the headers
+ my @tokens_header;
if ($t_src->{header}) {
- my(@t);
my %hdrs = $self->_tokenize_headers ($msg);
while( my($prefix, $value) = each %hdrs ) {
- push(@t, $self->_tokenize_line ($value, "H$prefix:", 0));
+ push(@tokens_header, $self->_tokenize_line ($value, "H$prefix:", 0));
+ last if scalar @tokens_header >= 10000;
}
- dbg("bayes: tokenized header: %d tokens", scalar @t);
- push(@tokens, @t);
+ dbg("bayes: tokenized header: %d tokens", scalar @tokens_header);
}
# Go ahead and uniq the array, skip null tokens (can happen sometimes)
# generate an SHA1 hash and take the lower 40 bits as our token
my %tokens;
- foreach my $token (@tokens) {
- # dbg("bayes: token: %s", $token);
+ foreach my $token
+ (@tokens_body, @tokens_uri, @tokens_inviz, @tokens_mimepart,
@tokens_header)
+ {
+ # dbg("bayes: token: %s", $token);
$tokens{substr(sha1($token), -5)} = $token if $token ne '';
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/DKIM.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/DKIM.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/DKIM.pm
2019-12-11 21:58:03.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/DKIM.pm
2020-01-25 03:50:47.000000000 +0100
@@ -831,16 +831,8 @@
# unless we use \015\012 instead of \r\n
eval {
my $str = $pms->{msg}->get_pristine();
- if ($pms->{msg}->{line_ending} eq "\015\012") {
- # message already CRLF, just feed it
- $verifier->PRINT($str);
- } else {
- # feeding large chunk to Mail::DKIM is _much_ faster than line-by-line
- my $str2 = $str; # make a copy, sigh
- $str2 =~ s/\012/\015\012/gs; # LF -> CRLF
- $verifier->PRINT($str2);
- undef $str2;
- }
+ $str =~ s/\r?\n/\015\012/sg; # ensure \015\012 ending
+ $verifier->PRINT($str);
1;
} or do { # intercept die() exceptions and render safe
my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm
2019-12-11 21:58:03.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/FromNameSpoof.pm
2020-01-25 03:50:47.000000000 +0100
@@ -55,7 +55,7 @@
FromNameSpoof allows for a configurable closeness when matching the From:addr
and From:name,
the closeness can be adjusted with:
- fns_extrachars 5
+ fns_extrachars 50
B<Note> that FromNameSpoof detects the "owner" of a domain by the following
search:
@@ -193,7 +193,7 @@
push(@cmds, {
setting => 'fns_extrachars',
- default => 5,
+ default => 50,
type => $Mail::SpamAssassin::Conf::CONF_TYPE_NUMERIC,
});
@@ -262,7 +262,9 @@
my ($self, $pms, $check_lvl) = @_;
$self->_check_fromnamespoof($pms);
- $check_lvl //= $pms->{conf}->{fns_check};
+ if ( not defined $check_lvl ) {
+ $check_lvl = $pms->{conf}->{fns_check};
+ }
my @array = (
($pms->{fromname_address_different}) ,
@@ -348,7 +350,7 @@
$fnd{'addr'} = $pms->get("From:name");
- if ($fnd{'addr'} =~
/\b([\w\.\!\#\$\%\&\'\*\+\/\=\?\^\_\`\{\|\}\~\-]+@[\w\-\.]+\.[\w\-\.]++)\b/i) {
+ if ($fnd{'addr'} =~
/\b((?>[\w\.\!\#\$\%\&\'\*\+\/\=\?\^\_\`\{\|\}\~\-]+@[\w\-\.]+\.[\w\-\.]+))\b/i)
{
my $nochar = ($fnd{'addr'} =~ y/A-Za-z0-9//c);
$nochar -= ($1 =~ y/A-Za-z0-9//c);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/HeaderEval.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/HeaderEval.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/HeaderEval.pm
2019-12-11 21:58:03.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/HeaderEval.pm
2020-01-25 03:50:47.000000000 +0100
@@ -922,7 +922,7 @@
$subject =~ s/^\s+//;
$subject =~ s/\s+$//;
- $subject =~ s/^(?:(?:Re|Fwd|Fw|Aw|Antwort|Sv|VS):\s*)+//i; # Bug 6805
+ $subject =~ s/^(?:(?:Re|Fwd|Fw|Aw|Antwort|WG|SV|VB|VS|VL):\s*)+//i; # Bug
6805
return 0 if $subject !~ /\s/; # don't match one word subjects
return 0 if (length $subject < 10); # don't match short subjects
$subject =~ s/[^a-zA-Z]//g; # only look at letters
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm
2019-12-11 21:58:03.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm
2020-01-25 03:50:47.000000000 +0100
@@ -95,6 +95,8 @@
my $marker3 = "\x5c\x6f\x62\x6a\x65\x6d\x62";
my $marker4 = "\x5c\x6f\x62\x6a\x64\x61\x74";
my $marker5 = "\x5c\x20\x6f\x62\x6a\x64\x61\x74";
+# Excel .xlsx encrypted package, thanks to Dan Bagwell for the sample
+my $encrypted_marker =
"\x45\x00\x6e\x00\x63\x00\x72\x00\x79\x00\x70\x00\x74\x00\x65\x00\x64\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x61\x00\x67\x00\x65";
# this code burps an ugly message if it fails, but that's redirected elsewhere
# AZ_OK is a constant exported by Archive::Zip
@@ -838,6 +840,9 @@
if (index($tdata, "E n c r y p t e d P a c k a g e") > -1) {
return 1;
}
+ if (index($tdata, $encrypted_marker) > -1) {
+ return 1;
+ }
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
---
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
2019-12-11 21:58:03.000000000 +0100
+++
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
2020-01-25 03:50:47.000000000 +0100
@@ -89,29 +89,39 @@
loop_body => sub
{
my ($self, $pms, $conf, $rulename, $pat, %opts) = @_;
- $pat = untaint_var($pat);
- my $sub;
+ my $sub = '
+ my ($self, $line) = @_;
+ my $qrptr = $self->{main}->{conf}->{test_qrs};
+ ';
if (($conf->{tflags}->{$rulename}||'') =~ /\bmultiple\b/)
{
+ # support multiple matches
+ my ($max) = $conf->{tflags}->{$rulename} =~ /\bmaxhits=(\d+)\b/;
+ $max = untaint_var($max);
+ if ($max) {
+ $sub .= '
+ if (exists $self->{tests_already_hit}->{q{'.$rulename.'}}) {
+ return 0 if $self->{tests_already_hit}->{q{'.$rulename.'}} >=
'.$max.';
+ }
+ ';
+ }
# avoid [perl #86784] bug (fixed in 5.13.x), access the arg through ref
- $sub = '
- my $lref = \$_[1];
+ $sub .= '
+ my $lref = \$line;
pos $$lref = 0;
'.$self->hash_line_for_rule($pms, $rulename).'
- while ($$lref =~ '.$pat.'g) {
- my $self = $_[0];
+ while ($$lref =~ /$qrptr->{q{'.$rulename.'}}/go) {
$self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype =>
"one_line_body");
- '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body",
- "return 1") . '
+ '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", "") .
'
+ '. ($max? 'last if $self->{tests_already_hit}->{q{'.$rulename.'}} >=
'.$max.';' : '') . '
}
';
} else {
- $sub = '
+ $sub .= '
'.$self->hash_line_for_rule($pms, $rulename).'
- if ($_[1] =~ '.$pat.') {
- my $self = $_[0];
+ if ($line =~ /$qrptr->{q{'.$rulename.'}}/o) {
$self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype =>
"one_line_body");
'. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body",
"return 1") . '
}
@@ -122,7 +132,7 @@
return if ($opts{doing_user_rules} &&
!$self->is_user_rule_sub($rulename.'_one_line_body_test'));
- $self->add_temporary_method ($rulename.'_one_line_body_test',
'{'.$sub.'}');
+ $self->add_temporary_method ($rulename.'_one_line_body_test', $sub);
},
pre_loop_body => sub
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
2019-12-11 21:58:03.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Plugin/Rule2XSBody.pm
2020-01-25 03:50:47.000000000 +0100
@@ -219,8 +219,11 @@
{
no strict "refs";
+ my $lineidx;
foreach my $line (@{$params->{lines}})
{
+ $lineidx++;
+
# unfortunately, calling lc() here seems to be the fastest
# way to support this and still work with UTF-8 ok
my $results = &{$modname.'::scan'}(lc $line);
@@ -238,6 +241,11 @@
# ignore 0-scored rules, of course
next unless $scoresptr->{$rulename};
+ # skip first line if nosubject tflag
+ if ($lineidx == 1 && ($conf->{tflags}->{$rulename}||'') =~
/\bnosubject\b/) {
+ next;
+ }
+
# non-lossy rules; the re2c version matches exactly what
# the perl regexp matches, so we don't need to perform
# a validation match to follow up; it's a hit!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Util.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Util.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin/Util.pm 2019-12-11
21:58:04.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin/Util.pm 2020-01-25
03:50:48.000000000 +0100
@@ -1327,6 +1327,10 @@
# CRs just confuse things down below, so trash them now
$uri =~ s/\r//g;
+ # Skip some common non-http stuff like #abcdef, ?foobar,
+ # /image.gif (but not //foo.com which actually does http)
+ next if length($uri) <= 1 || $uri =~ m{^(?:[#?&]|/(?!/))};
+
# Make a copy so we don't trash the original in the array
my $nuri = $uri;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin.pm
new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin.pm
--- old/Mail-SpamAssassin-3.4.3/lib/Mail/SpamAssassin.pm 2019-12-11
21:58:04.000000000 +0100
+++ new/Mail-SpamAssassin-3.4.4/lib/Mail/SpamAssassin.pm 2020-01-25
03:50:47.000000000 +0100
@@ -87,7 +87,7 @@
use Cwd;
use Config;
-our $VERSION = "3.004003"; # update after release (same format as perl $])
+our $VERSION = "3.004004"; # update after release (same format as perl $])
#our $IS_DEVEL_BUILD = 1; # 1 for devel build
our $IS_DEVEL_BUILD = 0; # 0 for release versions including rc & pre
releases
@@ -101,18 +101,18 @@
# SUB_VERSION is now just <yyyy>-<mm>-<dd>
our $SUB_VERSION = 'svnunknown';
-if ('$LastChangedDate: 2019-12-06 18:58:14 -0500 (Fri, 06 Dec 2019) $' =~ ':')
{
- # Subversion keyword "$LastChangedDate: 2019-12-06 18:58:14 -0500 (Fri, 06
Dec 2019) $" has been successfully expanded.
+if ('$LastChangedDate: 2020-01-24 21:49:19 -0500 (Fri, 24 Jan 2020) $' =~ ':')
{
+ # Subversion keyword "$LastChangedDate: 2020-01-24 21:49:19 -0500 (Fri, 24
Jan 2020) $" has been successfully expanded.
# Doesn't happen with automated launchpad builds:
# https://bugs.launchpad.net/launchpad/+bug/780916
- $SUB_VERSION = (split(/\s+/,'$LastChangedDate: 2019-12-06 18:58:14 -0500
(Fri, 06 Dec 2019) $ updated by SVN'))[1];
+ $SUB_VERSION = (split(/\s+/,'$LastChangedDate: 2020-01-24 21:49:19 -0500
(Fri, 24 Jan 2020) $ updated by SVN'))[1];
}
if (defined $IS_DEVEL_BUILD && $IS_DEVEL_BUILD) {
- if ('$LastChangedRevision: 1870940 $' =~ ':') {
- # Subversion keyword "$LastChangedRevision: 1870940 $" has been
successfully expanded.
- push(@EXTRA_VERSION, ('r' . qw{$LastChangedRevision: 1870940 $ updated by
SVN}[1]));
+ if ('$LastChangedRevision: 1873123 $' =~ ':') {
+ # Subversion keyword "$LastChangedRevision: 1873123 $" has been
successfully expanded.
+ push(@EXTRA_VERSION, ('r' . qw{$LastChangedRevision: 1873123 $ updated by
SVN}[1]));
} else {
push(@EXTRA_VERSION, ('r' . 'svnunknown'));
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Mail-SpamAssassin-3.4.3/t/debug.t
new/Mail-SpamAssassin-3.4.4/t/debug.t
--- old/Mail-SpamAssassin-3.4.3/t/debug.t 2019-12-11 21:58:04.000000000
+0100
+++ new/Mail-SpamAssassin-3.4.4/t/debug.t 2020-01-25 03:50:58.000000000
+0100
@@ -29,7 +29,7 @@
my %facility = map( ($_, 1),
qw( accessdb archive-iterator async auto-whitelist bayes check config daemon
dcc dkim askdns dns eval generic https_http_mismatch facility FreeMail
- hashcash ident ignore info ldap learn locker log logger markup
+ hashcash ident ignore info ldap learn locker log logger markup HashBL
message metadata mimeheader netset plugin prefork progress pyzor razor2
received-header replacetags reporter rules rules-all spamd spf textcat
timing TxRep uri uridnsbl util pdfinfo asn ));
++++++ Mail-SpamAssassin-rules-3.4.3.r1871124.tgz ->
Mail-SpamAssassin-rules-3.4.4.r1873061.tgz ++++++
++++ 2061 lines of diff (skipped)
