This solves the update request in PR pkg/30452.
No pkgsrc related changes. This release fixes a recently reported DoS
vulnerability.
Highlights of the release
-------------------------
- Certain invalid "Content-Type" headers would cause SpamAssassin to
incorrectly process parts of the message.
- Certain long message headers could cause slowness when parsing the message.
- Added in SURBL JP list.
- URI anti-obfuscation updates.
- Additional bug fixes.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
Merged the two rules in netbsd_lists.cf into one because problem reports
mostly do not contain "x-send-pr" anymore.
Disabled installation of netbsd_lists.cf in PKGSYSCONFDIR (it is still
included in the "examples" directory).
Changes since 3.0.2
===================
- Fixed possible memory bloat from large AutoWhitelist db files
- Fixed where user defined rules scores became ignored
- Updated parsing code for several Received: header formats
- Increased some BAYES_* scores for the network+bayes score set
- Document set_tag for Plugin API and added get_tag
- Additional bug fixes.
changed after perl5-configure had been run and the Makefile created.
For some people, this resulted in a message
Makefile out-of-date with respect to Makefile.PL
at the build stage.
Omitting the first substitution (sa1) and the corresponding part of
patch-ab solved this. This patch had been unnecessary for some time
anyway.
This should resolve pkg/29255.
This release detects legitimate SMTP AUTH submission, to avoid
false positives on Dynablock-style rules. The URIDNSBL plugin has
been fixed to honor the uridnsbl_max_domains config option. Various
documentation and rule fixes. The ability to deal with 'rewrite_header
Subject' markup when no Subject header exists. 'make test' failure
on Solaris has been fixed.
pkgsrc changes:
* Use subst.mk in pre-configure, rather than post-patch, for easier
regeneration of patches.
OK'd by heinz@.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
3.0.
Important changes since 2.64 (for details see the file 'Changes')
- support for sender authentication using the Sender Policy Framework
(SPF)
- checking for web links of known spam advertisers (SURBL)
- modular plugin architecture
- improved SQL database support for storing user data in server
installations
- improved email classification
- SpamAssassin is now part of the Apache Foundation
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
This also includes the fix for PR pkg/26386 (problems with
PKG_CONFIG=no).
Summary of major changes since 2.63
-----------------------------------
- Security fix prevents a denial of service attack open to certain
malformed messages; this DoS affects all SpamAssassin 2.5x
and 2.6x versions to date.
- Backported several very reliable rules from the SpamAssassin 3.0.0
codebase.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Summary of major changes since 2.62
-----------------------------------
- Fixed bug related to perl 5.005 which stopped SpamAssassin from being
runnable
- Fixed bug where "spamassassin -l" parameter wouldn't be untainted before
being used
- Added caching of body rendering results so that the message wouldn't
be rendered the same way multiple times unnecessarily.
Summary of major changes since 2.61
-----------------------------------
- Fixed two bugs related to Received line generation and parsing.
- Modified two rules to reduce false positives.
- Fixed bug where spamd temporary init directory wasn't removed in some
situations.
- Modified HABEAS_SWE to function even if the Habeas headers were out of
their normal order.
- Fixed bug where reporting wouldn't remove message markup before being
learned by Bayes.
- Fixed bug where report_safe_copy_headers would reverse the order of the
Received headers.
- Fixed several bugs in the Bayes system caused by DB_File oddities.
Summary of major changes since 2.60
-----------------------------------
- Dramatically reduced memory usage of Bayes expiry.
- avoid false positives on Outlook 2003 messages, mails from Mac, Palm, and
localized versions of Eudora, several AOL MUAs, and newer versions of The
Bat!
- new set of French translations from Michel Bouissou
- updated to reflect new Dynablock DNSBL location
- avoids a possible hole that was giving AWL bonuses to
spammer forgeries on some networks
- miscellaneous bug fixes
Summary of changes since 2.5x
-----------------------------------
- spamd supports UNIX-domain sockets
- SSL support for spamc/spamd now usable
- improved Bayes text analysis
- improved expiration of Bayes-DB
- better detection of 'invisible text' and other obfuscation techniques
in HTML
- new RBL (eg SORBS, SpamCop, Osirusoft dropped)
- better handling of RBL timeouts
- support for Razor V1 dropped
- more flexible header and report rewriting
- Perl taint mode enabled by default
- bug fixes
- new rules
* Use ALL_TARGET appropriately instead of using a post-build target.
* Get rid of DEPTHFIRST* variables and do the "depth-first" listing by
using a reverse sort instead.
* Get rid of extra shell processes.
* Tabify.
now set to "pure_install" in perl5/module.mk, so we need to append the
additional target "inst_cfs" that is normally invoked by the "install"
target in ${WRKSRC}/Makefile.
spamassassin. These patches remove all references to osirusoft from
the rules files (perhaps leaving some of the comments a tad stale),
but leaving information about them in the stats files.
This bumps us to 2.55nb2.
learning a message without Message-Id as ham (see bugzilla #2030)
- depend on p5-IO-Socket-SSL>=0.92 because of bugs in earlier versions
- bump revision
This also closes PR pkg/21114 (thanks to Todd Vierling for dynamic PLIST)
Most serious bugs since release of SA 2.50 fixed (hence the 'long'
delay for the Pkgsrc package).
Dependence on procmail removed. You still need a mail delivery agent
but procmail is only a recommendation, not a prerequisite.
Runs on Solaris (somewhat tested on Solaris 8, feedback welcome).
Includes some SSL support for spamc/spamd. Not yet recommended due to
lurking bug(s) (SA bugzilla ID 1751).
Uses Perl module DB_File now instead of NDBM_File. This changes the
name and format of the auto-whitelist database ('auto-whitelist'
instead of 'auto-whitelist.db' on NetBSD).
! This release adds/changes/removes configuration options, PLEASE use !
! 'perldoc Mail::SpamAssassin::Conf' and make sure your mail !
! configuration still works as expected. !
==========================================================================
Changes since 2.52:
- corruption of Bayes db where nspam/nham was getting zeroed, fixed.
- Bayes now has much lower lock timeouts for opportunistic expiry
and auto-learning, to avoid overloading busy servers with an expiry
run. (This may result in occasional "lock failed" messages in the
syslog while you're doing manual sa-learn ops, but those are
not serious; it just means that an auto-learn could not take place
because the dbs were opened by you in another process.)
- NDBM_File does not provide an EXISTS method, worked around.
- BSMTP support (spamc -B) fixed.
- Bayes allowed the user to 'forget' messages they hadn't learned.
- sa-learn broken when installed in a non-standard location.
- spamc was failing to dump message if out of memory.
- add-all-addrs-to-blacklist was a no-op, fixed.
- syslog-socket support was broken, fixed.
- sslspamc compilation fixed.
- SIGCHLD handling in spamd was causing an ugly warning on Red Hat 8.
- user_prefs were left world-writable after auto-whitelist use.
- Razor was zeroing %ENV; protected against this.
- some test failures on 5.005 and with Razor fixed; some tests were
also still using the user's Bayes dbs.
- Windows portability fix in new Bayes journal code.
- dialup_codes now a privileged setting.
- clean PATH env variable immediately upon spamd start; fixed problem
with taint mode failures when getting hostname in Perl 5.005.
- NetBSD: fixed SSL support, spamd start script.
- single-Received-header mails were not getting DNSBL checks.
- some doco fixes.
Changes since 2.51:
- bug 1664: expiry imposed way too much load when a single
site-wide Bayes db was used, fixed
- bug 1672: a typo in a backported patch for 2.51 caused Bayes to
sometimes not unlock the db, fixed
- INSTALL now strongly recommends using DB_File
- some NetBSD support fixes
- bug 1601: option --syslog-socket wasn't implemented
- bug 1260: corrected description of --nocreate-prefs option
Changes since 2.50:
- Bayes locking and concurrency issues fixed
- Bayes expiration was not working; fixed
- spamd was not enabling Bayes after auto-learning without restart;
fixed
- safer way to attach spams, for broken mail clients, using 'report_safe
2'
- a few doco cleanups
Main changes since 2.4x:
- Bayesian filtering, using a Bayesian-style form of probability-analysis
classification. This uses an algorithm based on the one detailed in
Paul Graham's 'A Plan For Spam' paper, along with aspects taken from
Graham Robinson's work, and the chi-combining technique developed by the
SpamBayes project.
- Auto-learning. This trains the Bayesian filter automatically, based on
the results from traditional SpamAssassin diagnosis. It uses a set of
heuristics and separate thresholds to ensure (as much as is possible)
that it trains on guaranteed non-spam and spam. Old, unused tokens are
automatically expired.
- much-improved rule set. A whole new set of rules based on Message-Id
analysis is now in place, which accurately detects forged headers from
a wide range of spamware. Many inaccurate rules have been dropped.
HTML tests much improved, with a set to detect image-only spam.
- new default format for detected-spam messages; the message is
encapsulated as a MIME part, with a preview and the spam report
in the main part of the message.
- Score sets. Based on whether you are using just SpamAssassin rules,
adding network tests, and using a trained Bayesian database,
SpamAssassin will use a set of scores appropriately to gain the
maximum degree of accuracy.
- Italian, Polish, Spanish, French and German rule sets and translations.
- Much improved reliability with spamd. The problems with signals
have been cleared up thanks to a pipe-based child tracking system,
and all spamd-hanging bugs reported have proved unreproducable.
- Unicode problems with Red Hat 8 and perl 5.8 fixed. Works on Perl
5.005, 5.6.x, and 5.8.x.
- Taint-safe. SpamAssassin runs with perl's taint-checking enabled for
better security.
- Razor 1 support is now officially deprecated.
- "spamc -c" was not working, fixed. This fix required increasing the
revision of the spamd protocol; only difference is that now more than
one protocol header can appear in the reply from spamd.
- all fixes from 2.44 included.
from stable branch of SA CVS repository.
On other operating systems 'spamc' was reported to cause a core dump if
'spamd' was not running. At least NetBSD/i386 1.5.3 seems not to be as
severely affected, I only got 'spamc in free(): warning: junk
pointer, too high to make sense.'.
from stable branch of SA CVS repository.
On other operating systems 'spamc' was reported to cause a core dump if
'spamd' was not running. At least NetBSD/i386 1.5.3 seems not to be as
severely affected, I only got 'spamc in free(): warning: junk
pointer, too high to make sense.'.
Parts of patch-ag and patch-ah as well as complete patch-aa could be
removed again, they are now included in SA 2.44 (see below).
#### official release announcement ###############
This is a bug-fix release, which fixes the following bugs:
- Backport fix for Bug 1306: Possible buffer overflow in libspamc when
running in BSMTP mode (patch 1.15 -> 1.18)
- Backport workaround from Bug 526: Failed sanity check because of
clobbered STDOUT (patch 1.147 -> 1.148)
- Backport fix for Debian Bug 160206: Insufficient buffer in libspamc
(patch 1.8 -> 1.9)
- Backport fix for warnings in sed_path (patch 1.141 -> 1.142)
- Backport fix for Bug 1127: Existing lowercase x-spam-status header
kills SpamAssassin (patch 1.40 -> 1.41)
- localized %ENV to fix problem where Razor2 erases the PATH so DCC
and
pyzor don't work, etc.
Note that this is *not* 2.50, which offers Bayesian filtering etc. These
bugs are already fixed in the 2.50 CVS tree, but that is not yet ready for
release. This is a stable maintainance release only.