------------------------------------------------------------------- Thu Jun 14 09:58:00 CEST 2007 - varkoly@suse.de - UPDATE to version 3.2.1 - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS vulnerability. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" OR "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch. This is not default on any distro package, and is not a common configuration. More details of the vulnerability can be read at . - bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB and FH_HOST_EQ_D_D_D_D. - bug 5257: re-raise autolearn ham threshold to 1.0; the lower value used in 3.2.0 was creating problems. - bug 5422: in spamd, deleting hash entries from the SIGCHLD signal handler is unsafe, causes corruption of the data structure, and results in 'prefork: ordered child N to accept, but they reported state '1', killing rogue' errors. fix. - bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs. - bug 5457: spamc build and test should handle not having zlib available. - bug 5379: spamd could crash at startup if its preloading temporary directory already exists. fix. - bug 4616: spamc config can cause command line options to be ignored. fix. - bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll always fire due to defaults (unless there's an explicit SIGNALL policy). - bug 5492: VBounce rule was looking in header instead of body for whitelisted relays. fix. - bug 5487: prevent multiple "urirhssub"s using the same zone from overwriting each other. - bug 5432 - Change default in Win32 build to not build spamc. - bug 5446: add --updatedir option to sa-compile and remove inaccurate re2c required version info from pod. - bug 5436: add omitted "ifplugin" statements to the configuration, which would otherwise cause lint errors if the default plugins were disabled. - bug 5477: prevent Rule2XSBody info message from appearing on stderr during spamd startup. ------------------------------------------------------------------- Fri Apr 20 11:08:35 CEST 2007 - meissner@suse.de - removed bad /tmp usage. ------------------------------------------------------------------- Wed Mar 28 12:08:09 CEST 2007 - varkoly@suse.de - #249652 - spamassassin missing dependencies ------------------------------------------------------------------- Mon Feb 19 19:11:36 CET 2007 - dmueller@suse.de - update to 3.1.8: * fix for CVE-2007-0451: possible DoS due to incredibly long URIs found in the message content. * disable perl module usage in update channels unless --allowplugins is specified * files with names starting/ending in whitespace weren't usable * remove Text::Wrap related code due to upstream issues * update spamassassin and sa-learn to better deal with STDIN * improvements and bug fixes related to DomainKeys and DKIM support * several updates for Received header parsing * several documentation updates and random taint-variable related issues ------------------------------------------------------------------- Fri Feb 9 16:52:13 CET 2007 - varkoly@suse.de - fixing: Bug 225248 - Problem in SpamAssassin: if spamassassin configuration is stored in postgresql the search in the table userpref delivers results in wrong order. - fixing: Bug 218272 - SpamAssassin URIDNSBL plugin tries to lookup libraries (libimf.so, liblua.so, ...) via nameserver ------------------------------------------------------------------- Fri Dec 22 10:28:47 CET 2006 - varkoly@suse.de - Enhancing local.cf for the plugin Mail::SpamAssassin::Plugin::URIDNSBL to skip the novell and suse domains from spam checks and to give examples for problems like #218272 "SpamAssassin URIDNSBL plugin tries to lookup libraries (libimf.so, liblua.so, ...) via nameserver" ------------------------------------------------------------------- Mon Dec 4 23:00:59 CET 2006 - dmueller@suse.de - update to "hot-fix" 3.1.7: * fix sa-update failure when rule scores ae set ------------------------------------------------------------------- Wed Nov 15 08:50:57 CET 2006 - varkoly@suse.de - fixing bug: 215722 BUG in archive PgSQL.pm (SpamAssassin) ------------------------------------------------------------------- Mon Oct 9 15:29:59 CEST 2006 - varkoly@suse.de - update to version 3.1.6: This is a maintenance release of the 3.1.x branch. * fixes to bug in date handling affecting DATE_IN_FUTURE_* and DATE_IN_PAST_* rules when more than one Resent-Date header is present * include local site config in sa-update lint checks * fix race condition in spamd preforking code that sometimes left one child process running after SIGHUPing spamd * unescape hash characters in the config * fix false SPF_SOFTFAIL's when SPF queries timeout * update RCVD_ILLEGAL_IP evaltest to properly deal with 127/8 * enable adding headers with single digit zero value * add support for ecelerity Received headers * fix a bug, introduced in 3.1.5, in mbx code * M::SA::Client doesn't always catch failed connection to spamd, fixed ------------------------------------------------------------------- Sun Aug 6 15:35:28 CEST 2006 - dmueller@suse.de - update to version 3.1.4: * bug 4941: if the first sa-update run failed and wasn't re-run to successful completion, the local state directory would exist, and therefore SA sees no rules. now, wait as long as possible to create the directory, and try to remove it on failure. * bug 4997: increase module version requirements for Archive::Tar to 1.23 and IO::Zlib to 1.04 * bug 4966: fix major BSMTP bug, which rendered SA unusable with exim4 when BSMTP is used. * bug 4899: Windows had issues with single quotes around filenames so certain things like pyzor, etc, wouldn't function. * bug 4958: sa-update should work on Windows * bug 4908: gtube.t test failed in non-english locales * bug 4488: deal with potential memory leak due to Bayes and BayesStore circular references * bug 4862: update macro values in update channels ------------------------------------------------------------------- Thu Jun 22 18:18:30 CEST 2006 - ro@suse.de - remove selfprovides ------------------------------------------------------------------- Fri Jun 9 14:10:29 CEST 2006 - varkoly@suse.de - * Fixing Requiers tag in spec file The missed packages are: perl-libwww-perl and perl-IO-Zlib ------------------------------------------------------------------- Tue Jun 6 16:43:42 CEST 2006 - varkoly@suse.de - update to version 3.1.3: * #181157: VUL-0: spamassassin: remote root * 4879: add in pointer to the wiki to find out more about debug channels ------------------------------------------------------------------- Mon May 29 16:10:33 CEST 2006 - dmueller@suse.de - update to version 3.1.2: * bug 4802: implement DKIM plugin, including whitelist_from_dkim support * bug 3838: work around Perl bug causing captured RE variables to become tainted -- thanks to Mark Martinec for pointing out the bug with Perl itself * bug 4850: re-enable the Razor2 plugin by default due to a service policy change * bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module * bug 4827: M::SA::first_existing_path() would return the last array entry passed in if none of the paths were found. Now return undef instead and handle the error when it happens. * bug 4813: generally open RE causes sendmail received header get read in as qmail in error * bug 4839: Logger.pm converts control chars including tab into underscores which confuses a bunch of users when checking debug output. Convert tab into space instead, etc. * bug 4884: if a null message is passed in, there are several variables which end up undefined causing warnings. fake an empty message if no input is given. * bug 4793: when replacing tags in a message (_TAG_), leave the tags that don't exist alone instead of just removing them * bug 4861, 4760: handle dccifd and dccproc failover properly, backport relays_internal and relays_external code, backport bug 4760 fix so that it's not possible to be in internal_networks without being in trusted_networks as well * bug 4901: deal more properly with failures in bgsend(). also, use the proper variable to show when errors occur. * bug 4867: fetchmail changed header formats at some point making Received parsing fail in certain conditions * bug 4699: use M::SA::Timeout for spamd copy_config call and allow for empty $@ values * bug 3754: if there's a problem opening a file via sa-learn or spamassassin, return an error exit value. ------------------------------------------------------------------- Fri Mar 17 23:49:00 CET 2006 - dmueller@suse.de - Adjust BuildRequires ------------------------------------------------------------------- Tue Mar 14 13:20:16 CET 2006 - dmueller@suse.de - update to version 3.1.1: * bug 4760: strictly validate trusted network configurations * bug 4363: honor CRLF settings * bug 4748: Update rules to catch Google redirector * bug 4791: fix handling of invalid encoded utf8 messages * bug 4809: add TLD for Greece * bug 4606: Adjust MIME parsing limits (possible DoS) * bug 4795: Improved validation of the score option * fix fd leak in Bayes token DB handling * bug 4780: fix IP_ADDRESS & LOCALHOST IPv6 support * bug 4735: lack of network interfaces crashes in DnsResolver.pm. * bug 4700: prevent arbitrary code injection * bug 4704,4686,4627,4690: Fixed Received: headers parsing ------------------------------------------------------------------- Wed Jan 25 21:41:45 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Thu Jan 12 13:32:56 CET 2006 - varkoly@suse.de - fixing bug #138545 ------------------------------------------------------------------- Thu Jan 12 09:50:03 CET 2006 - varkoly@suse.de - fixing bug #141557 ------------------------------------------------------------------- Wed Oct 26 11:36:51 CEST 2005 - choeger@suse.de - bugfix for init-script: tell spamd to use a pidfile ------------------------------------------------------------------- Fri Sep 16 14:59:19 CEST 2005 - choeger@suse.de - update to version 3.1.0 ------------------------------------------------------------------- Mon Aug 8 16:51:40 CEST 2005 - ug@suse.de - fixed a license problem. See Bug #102221 ------------------------------------------------------------------- Thu Jun 23 09:38:49 CEST 2005 - meissner@suse.de - use RPM_OPT_FLAGS (for spamc). ------------------------------------------------------------------- Wed Jun 8 11:12:28 CEST 2005 - choeger@suse.de - Update to version 3.0.4 ------------------------------------------------------------------- Mon May 2 10:59:08 CEST 2005 - choeger@suse.de - Update to version 3.0.3 ------------------------------------------------------------------- Fri Apr 22 16:02:03 CEST 2005 - choeger@suse.de - Bugfix ID#79285 - spamd: "short" description missing ------------------------------------------------------------------- Wed Jan 12 18:26:55 CET 2005 - choeger@suse.de - cleaned up build process, now properly using ExtUtils::MakeMaker following the PACKAGING readme ------------------------------------------------------------------- Mon Dec 20 11:29:11 CET 2004 - choeger@suse.de - Update to version 3.0.2 ------------------------------------------------------------------- Thu Nov 25 12:36:15 CET 2004 - choeger@suse.de - removed superfluous line: test -d /root/.spamassassin || mkdir /root/.spamassassin from init script ------------------------------------------------------------------- Tue Oct 26 14:19:55 CEST 2004 - choeger@suse.de - Update to version 3.0.1 - specfile can now also be used on older SuSE Linux versions ------------------------------------------------------------------- Thu Sep 23 12:01:58 CEST 2004 - choeger@suse.de - Update to version 3.0.0 ------------------------------------------------------------------- Fri Aug 6 13:59:06 CEST 2004 - meissner@suse.de - Upgraded to security / bugfix release 2.64. #43546 ------------------------------------------------------------------- Sat Mar 27 11:34:02 CET 2004 - ro@suse.de - added directory /etc/mail to filelist ------------------------------------------------------------------- Tue Jan 27 14:29:27 CET 2004 - choeger@suse.de - Update to version 2.63 ------------------------------------------------------------------- Sat Jan 3 18:51:04 CET 2004 - mmj@suse.de - References to %version have to go below the Version: tag ------------------------------------------------------------------- Wed Dec 31 12:24:44 CET 2003 - mmj@suse.de - Update to version 2.61 ------------------------------------------------------------------- Sun Dec 7 18:35:53 CET 2003 - mmj@suse.de - The perl-spamassassin version should be the same as the spam- assassin version. ------------------------------------------------------------------- Sat Oct 18 16:30:11 CEST 2003 - mmj@suse.de - Not necessary to explicitly tell SA not to query Osirusoft blocklist anymore ------------------------------------------------------------------- Fri Oct 17 20:45:25 CEST 2003 - mmj@suse.de - Don't build as root - Update to version 2.60 ------------------------------------------------------------------- Tue Oct 14 14:11:33 CEST 2003 - choeger@suse.de - Bugfix Bugzilla ID#32025, spamd is not started because of a bug in the init-script - Bugfix Bugzilla ID#31867, spamassassin -lint reports errors because of outdated local.cf configuration options ------------------------------------------------------------------- Thu Sep 4 17:07:41 CEST 2003 - choeger@suse.de - Michael fixed MakeMaker PITA again ------------------------------------------------------------------- Tue Sep 2 15:30:37 CEST 2003 - choeger@suse.de - Don't query Osirusoft blocklist anymore, see http://news.spamassassin.org/modules.php?op=modload&name=News&file=article&sid=44&mode=thread&order=0&thold=0 for more details. Bugzilla ID#29566 ------------------------------------------------------------------- Wed Aug 20 20:22:56 CEST 2003 - mjancar@suse.cz - require the perl version we build with ------------------------------------------------------------------- Thu Aug 14 18:45:28 CEST 2003 - choeger@suse.de - Bugfix Bugzilla ID#28942: missing activation metadata in sysconfig template ------------------------------------------------------------------- Wed Jul 30 13:30:39 CEST 2003 - choeger@suse.de - new macros for stop/restart of services on rpm update/removal ------------------------------------------------------------------- Thu Jul 17 13:28:57 CEST 2003 - choeger@suse.de - use install_vendor and new %perl_process_packlist macro ------------------------------------------------------------------- Tue Jul 1 12:52:28 CEST 2003 - choeger@suse.de - don't use PREFIX in 'perl Makefile.PL' - don't set LOCAL_RULES_DIR using %buildroot as prefix ------------------------------------------------------------------- Tue Jun 17 10:39:09 CEST 2003 - choeger@suse.de - updated filelist ------------------------------------------------------------------- Wed May 28 14:12:24 CEST 2003 - choeger@suse.de - Update to 2.55 ------------------------------------------------------------------- Tue May 13 16:08:59 CEST 2003 - mmj@suse.de - Update to 2.54 - Move %defattr to cover all files - Remove unwanted files ------------------------------------------------------------------- Sun Apr 6 13:01:19 CEST 2003 - mmj@suse.de - Update to version 2.53 which fixes some major bugs in earlier 2.5x releases ------------------------------------------------------------------- Fri Mar 28 14:07:47 CET 2003 - mmj@suse.de - spamassassin and perl-spamassassin should not both own /etc/mail/spamassassin/local.cf ------------------------------------------------------------------- Tue Mar 25 09:55:26 CET 2003 - adrian@suse.de - update to version 2.52 ------------------------------------------------------------------- Mon Mar 24 14:22:24 CET 2003 - adrian@suse.de - use pid files in runlevel script (patch from Dirk Mueller #25767) ------------------------------------------------------------------- Sun Mar 23 22:28:26 CET 2003 - coolo@suse.de - adding perl-HTML-Parser to neededforbuild ------------------------------------------------------------------- Fri Mar 21 10:11:45 CET 2003 - adrian@suse.de - update to version 2.51 ------------------------------------------------------------------- Sun Mar 2 19:59:19 CET 2003 - mmj@suse.de - Disabling HABEAS_HIL test turned out to be just a bandaid. It still stalls for longer periods, so add "-L" switch so it only performs local tests. Subsequently remove the score HABEAS_HIL 0 in local.cf. ------------------------------------------------------------------- Tue Feb 25 09:28:46 CET 2003 - mmj@suse.de - Disable the HABEAS_HIL test (sender is on www.habeas.com Habeas Infringer List) since it made each test last ~30 seconds. - Default-Start: should be "3 5" not "" ------------------------------------------------------------------- Fri Feb 21 14:43:18 CET 2003 - adrian@suse.de - update to version 2.50 * fixing crash on x86_64 [#22015] ------------------------------------------------------------------- Thu Feb 20 12:04:55 CET 2003 - mmj@suse.de - Add sysconfig metadata [#22690] ------------------------------------------------------------------- Mon Feb 3 21:32:31 CET 2003 - adrian@suse.de - update to version 2.44 * obsoletes security fix ------------------------------------------------------------------- Wed Jan 29 20:16:24 CET 2003 - adrian@suse.de - update to version 2.43 ------------------------------------------------------------------- Tue Jan 28 17:26:10 MET 2003 - draht@suse.de - remove off-by-one bo -> spamassassin-ob1-security.diff ------------------------------------------------------------------- Wed Oct 16 01:32:39 CEST 2002 - ro@suse.de - fixed requires typo ------------------------------------------------------------------- Tue Oct 8 12:11:58 CEST 2002 - adrian@suse.de - add missing requires - update to version 2.42 ------------------------------------------------------------------- Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de - removed bogus self-provides ------------------------------------------------------------------- Tue Aug 20 02:55:54 CEST 2002 - mmj@suse.de - Correct PreReq ------------------------------------------------------------------- Mon Jul 29 22:22:44 CEST 2002 - mls@suse.de - fixed neededforbuild for perl-5.8.0 ------------------------------------------------------------------- Fri Jul 12 11:31:25 CEST 2002 - choeger@suse.de - update to most recent version - added perl-Time-HiRes to requires - removed DOSWIN_EXECUTABLE patch http://sourceforge.net/mailarchive/message.php?msg_id=1606621 ------------------------------------------------------------------- Fri May 10 23:50:32 MEST 2002 - garloff@suse.de - Add rule to filter mails with files having names with DOS/Win suffixes (DOSWIN_EXECUTABLE), default score 4.6 - Provide init script for spamd - Install READMEs as %doc - Move spamc/d/proxy/assassin man pages to spamassassin package - Configuration of spamd in sysconfig/spamd ------------------------------------------------------------------- Wed May 8 23:43:26 MEST 2002 - garloff@suse.de - Update to version 2.20. ------------------------------------------------------------------- Tue Apr 16 19:09:31 MEST 2002 - draht@suse.de - fix file list (/usr/share/spamassassin) add more convenient defaults to /etc/mail/spamassassin/local.cf ------------------------------------------------------------------- Tue Apr 9 17:10:25 MEST 2002 - draht@suse.de - initial package, version 2.11.