Date: Wednesday, September 7, 2016 @ 19:03:38
Author: bluewind
Revision: 275828
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
spamassassin/repos/testing-i686/
spamassassin/repos/testing-i686/PKGBUILD
(from rev 275827, spamassassin/trunk/PKGBUILD)
spamassassin/repos/testing-i686/disable-sslv3.patch
(from rev 275827, spamassassin/trunk/disable-sslv3.patch)
spamassassin/repos/testing-i686/net-dns-1.01-compat-uribl.patch
(from rev 275827, spamassassin/trunk/net-dns-1.01-compat-uribl.patch)
spamassassin/repos/testing-i686/net-dns-1.01-compat.patch
(from rev 275827, spamassassin/trunk/net-dns-1.01-compat.patch)
spamassassin/repos/testing-i686/spamassassin.install
(from rev 275827, spamassassin/trunk/spamassassin.install)
spamassassin/repos/testing-i686/spamassassin.service
(from rev 275827, spamassassin/trunk/spamassassin.service)
spamassassin/repos/testing-x86_64/
spamassassin/repos/testing-x86_64/PKGBUILD
(from rev 275827, spamassassin/trunk/PKGBUILD)
spamassassin/repos/testing-x86_64/disable-sslv3.patch
(from rev 275827, spamassassin/trunk/disable-sslv3.patch)
spamassassin/repos/testing-x86_64/net-dns-1.01-compat-uribl.patch
(from rev 275827, spamassassin/trunk/net-dns-1.01-compat-uribl.patch)
spamassassin/repos/testing-x86_64/net-dns-1.01-compat.patch
(from rev 275827, spamassassin/trunk/net-dns-1.01-compat.patch)
spamassassin/repos/testing-x86_64/spamassassin.install
(from rev 275827, spamassassin/trunk/spamassassin.install)
spamassassin/repos/testing-x86_64/spamassassin.service
(from rev 275827, spamassassin/trunk/spamassassin.service)
------------------------------------------------+
testing-i686/PKGBUILD | 71 +++++
testing-i686/disable-sslv3.patch | 276 +++++++++++++++++++++++
testing-i686/net-dns-1.01-compat-uribl.patch | 27 ++
testing-i686/net-dns-1.01-compat.patch | 14 +
testing-i686/spamassassin.install | 32 ++
testing-i686/spamassassin.service | 12 +
testing-x86_64/PKGBUILD | 71 +++++
testing-x86_64/disable-sslv3.patch | 276 +++++++++++++++++++++++
testing-x86_64/net-dns-1.01-compat-uribl.patch | 27 ++
testing-x86_64/net-dns-1.01-compat.patch | 14 +
testing-x86_64/spamassassin.install | 32 ++
testing-x86_64/spamassassin.service | 12 +
12 files changed, 864 insertions(+)
Copied: spamassassin/repos/testing-i686/PKGBUILD (from rev 275827,
spamassassin/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2016-09-07 19:03:38 UTC (rev 275828)
@@ -0,0 +1,71 @@
+# $Id$
+# Maintainer: Florian Pritz <bluew...@xinu.at>
+# Contributor: Dale Blount <d...@archlinux.org>
+# Contributor: Manolis Tzanidakis
+pkgname=spamassassin
+pkgver=3.4.1
+pkgrel=4
+pkgdesc="A mail filter to identify spam."
+arch=('i686' 'x86_64')
+license=('APACHE')
+url="http://spamassassin.apache.org";
+depends=('openssl' 'zlib' 're2c' 'perl-net-dns' 'perl-io-socket-ssl'
+ 'perl-libwww' 'perl-mail-spf' 'perl-http-message' 'perl-net-http'
+ 'perl-io-socket-inet6' 'perl-mail-dkim' 'perl-crypt-ssleay')
+makedepends=('razor' 'perl-dbi')
+optdepends=('razor: to identify collaborately-flagged spam')
+backup=('etc/mail/spamassassin/local.cf'
+ 'etc/mail/spamassassin/init.pre'
+ 'etc/mail/spamassassin/v310.pre'
+ 'etc/mail/spamassassin/v312.pre'
+ 'etc/mail/spamassassin/v320.pre'
+ 'etc/mail/spamassassin/v330.pre')
+install="${pkgname}.install"
+source=("http://www.us.apache.org/dist/${pkgname}/source/Mail-SpamAssassin-${pkgver}.tar.gz"{,.asc}
+ 'spamassassin.service' net-dns-1.01-compat.patch
net-dns-1.01-compat-uribl.patch disable-sslv3.patch)
+validpgpkeys=(D8099BC79E17D7E49BC21E31FDE52F40F7D39814)
+md5sums=('76eca1f38c11635d319e62c26d5b034b'
+ 'SKIP'
+ '8adce028f25387ac3bc4dba697d209ed'
+ '63458976671c35f423bd4e8033cfff3a'
+ '14f2e3dc93c560d6b5a7fd7d54e44e11'
+ 'e6aeeae9828f305db72abb8707312ee7')
+
+prepare() {
+ cd "${srcdir}/Mail-SpamAssassin-${pkgver}"
+
+ sed -i t/sa_compile.t \
+ -e 's#^my $temp_binpath = $Config{sitebinexp};#my $temp_binpath =
"/bin/site_perl/";#'
+
+ patch -i "$srcdir/net-dns-1.01-compat.patch" -p3
+ patch -i "$srcdir/net-dns-1.01-compat-uribl.patch" -p3
+
+ # From Debian
+ patch -i "$srcdir/disable-sslv3.patch" -p1
+}
+
+build() {
+ cd "${srcdir}/Mail-SpamAssassin-${pkgver}"
+
+ # install module in vendor directories.
+ PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor \
+ CONTACT_ADDRESS=root@localhost ENABLE_SSL=yes PERL_TAINT=no
+ make
+}
+
+check() {
+ cd "${srcdir}/Mail-SpamAssassin-${pkgver}"
+
+ # parallel tests cause lots of failures; disable for now
+ #export HARNESS_OPTIONS="j$(echo $MAKEFLAGS | sed
's/.*-j\([0-9][0-9]*\).*/\1/')"
+
+ make test
+}
+
+package() {
+ cd "${srcdir}/Mail-SpamAssassin-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+
+ install -D -m644 "${srcdir}/spamassassin.service"
"${pkgdir}/usr/lib/systemd/system/spamassassin.service"
+ install -d -o 182 -g 182 -m 755 "$pkgdir/var/lib/spamassassin"
+}
Copied: spamassassin/repos/testing-i686/disable-sslv3.patch (from rev 275827,
spamassassin/trunk/disable-sslv3.patch)
===================================================================
--- testing-i686/disable-sslv3.patch (rev 0)
+++ testing-i686/disable-sslv3.patch 2016-09-07 19:03:38 UTC (rev 275828)
@@ -0,0 +1,276 @@
+Index: spamassassin-3.4.1/spamc/libspamc.c
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/libspamc.c
++++ spamassassin-3.4.1/spamc/libspamc.c
+@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp,
+ unsigned int throwaway;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+- SSL_METHOD *meth;
++ const SSL_METHOD *meth;
+ char zlib_on = 0;
+ unsigned char *zlib_buf = NULL;
+ int zlib_bufsiz = 0;
+@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp,
+ if (flags & SPAMC_USE_SSL) {
+ #ifdef SPAMC_SSL
+ SSLeay_add_ssl_algorithms();
+- if (flags & SPAMC_TLSV1) {
+- meth = TLSv1_client_method();
+- } else {
+- meth = SSLv3_client_method(); /* default */
+- }
++ meth = SSLv23_client_method();
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new(meth);
+ #else
+@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c
+ int failureval;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+- SSL_METHOD *meth;
++ const SSL_METHOD *meth;
+
+ assert(tp != NULL);
+ assert(m != NULL);
+@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c
+ if (flags & SPAMC_USE_SSL) {
+ #ifdef SPAMC_SSL
+ SSLeay_add_ssl_algorithms();
+- meth = SSLv3_client_method();
++ meth = SSLv23_client_method();
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new(meth);
+ #else
+Index: spamassassin-3.4.1/spamc/spamc.c
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/spamc.c
++++ spamassassin-3.4.1/spamc/spamc.c
+@@ -368,16 +368,11 @@ read_args(int argc, char **argv,
+ case 'S':
+ {
+ flags |= SPAMC_USE_SSL;
+- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) {
+- flags |= SPAMC_SSLV3;
+- }
+- else if (strcmp(spamc_optarg,"tlsv1") == 0) {
+- flags |= SPAMC_TLSV1;
+- }
+- else {
+- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl
version (%s)", spamc_optarg);
+- ret = EX_USAGE;
+- }
++ if(spamc_optarg) {
++ libspamc_log(flags, LOG_ERR,
++ "Explicit specification of an SSL/TLS version no
longer supported.");
++ ret = EX_USAGE;
++ }
+ break;
+ }
+ #endif
+Index: spamassassin-3.4.1/spamd/spamd.raw
+===================================================================
+--- spamassassin-3.4.1.orig/spamd/spamd.raw
++++ spamassassin-3.4.1/spamd/spamd.raw
+@@ -409,7 +409,6 @@ GetOptions(
+ 'sql-config!' => \$opt{'sql-config'},
+ 'ssl' => \$opt{'ssl'},
+ 'ssl-port=s' => \$opt{'ssl-port'},
+- 'ssl-version=s' => \$opt{'ssl-version'},
+ 'syslog-socket=s' => \$opt{'syslog-socket'},
+ 'syslog|s=s' => \$opt{'syslog'},
+ 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'},
+@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) {
+
+ # Do whitelist later in tmp dir. Side effect: this will be done as -u user.
+
+-my $sslversion = $opt{'ssl-version'} || 'sslv3';
+-if ($sslversion !~ /^(?:sslv3|tlsv1)$/) {
+- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
+-}
+-
+ $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem";
+ $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem";
+
+@@ -898,9 +892,8 @@ sub compose_listen_info_string {
+ $socket_info->{ip_addr}, $socket_info->{port}));
+
+ } elsif ($socket->isa('IO::Socket::SSL')) {
+- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s",
+- $socket_info->{ip_addr}, $socket_info->{port},
+- $opt{'ssl-version'}||'sslv3'));
++ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr},
++ $socket_info->{port}));
+ }
+ }
+
+@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet {
+ $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP'
+ && IO::Socket::IP->VERSION >= 0.09;
+ %sockopt = (%sockopt, (
+- SSL_version => $sslversion,
+ SSL_verify_mode => 0x00,
+ SSL_key_file => $opt{'server-key'},
+ SSL_cert_file => $opt{'server-cert'},
+@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet {
+ if (!$server_inet) {
+ $diag = sprintf("could not create %s socket on [%s]:%s: %s",
+ $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
+- $adr, $port, $!);
++ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
++ "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
+ push(@diag_fail, $diag);
+ } else {
+ $diag = sprintf("created %s socket on [%s]:%s",
+@@ -3232,7 +3225,6 @@ Options:
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
+ --ssl Enable SSL on TCP connections
+ --ssl-port port Override --port setting for SSL connections
+- --ssl-version sslversion Specify SSL protocol version to use
+ --server-key keyfile Specify an SSL keyfile
+ --server-cert certfile Specify an SSL certificate
+ --socketpath=path Listen on a given UNIX domain socket
+@@ -3720,14 +3712,6 @@ Optionally specifies the port number for
+ SSL connections (default: whatever --port uses). See B<--ssl> for
+ more details.
+
+-=item B<--ssl-version>=I<sslversion>
+-
+-Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>.
+-The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
+-higher hello handshake, then negotiating use of SSLv3 or TLSv1
+-protocol if the client can accept it. Specifying B<--ssl-version>
+-implies B<--ssl>.
+-
+ =item B<--server-key> I<keyfile>
+
+ Specify the SSL key file to use for SSL connections.
+Index: spamassassin-3.4.1/spamc/spamc.pod
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/spamc.pod
++++ spamassassin-3.4.1/spamc/spamc.pod
+@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a
+ Sleep for I<sleep> seconds between failed spamd filtering attempts.
+ The default is 1 second.
+
+-=item B<-S>, B<--ssl>, B<--ssl>=I<sslversion>
++=item B<-S>, B<--ssl>, B<--ssl>
+
+ If spamc was built with support for SSL, encrypt data to and from the
+ spamd process with SSL; spamd must support SSL as well.
+-I<sslversion> specifies the SSL protocol version to use, either
+-C<sslv3>, or C<tlsv1>. The default, is C<sslv3>.
+
+ =item B<-t> I<timeout>, B<--timeout>=I<timeout>
+
+Index: spamassassin-3.4.1/t/spamd_ssl_tls.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t
++++ /dev/null
+@@ -1,28 +0,0 @@
+-#!/usr/bin/perl
+-
+-use lib '.'; use lib 't';
+-use SATest; sa_t_init("spamd_ssl_tls");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+-
+-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+-
+-# ---------------------------------------------------------------------------
+-
+-%patterns = (
+-
+-q{ Return-Path: sb55s...@yahoo.com}, 'firstline',
+-q{ Subject: There yours for FREE!}, 'subj',
+-q{ X-Spam-Status: Yes, score=}, 'status',
+-q{ X-Spam-Flag: YES}, 'flag',
+-q{ X-Spam-Level: **********}, 'stars',
+-q{ TEST_ENDSNUMS}, 'endsinnums',
+-q{ TEST_NOREALNAME}, 'noreal',
+-q{ This must be the very last line}, 'lastline',
+-
+-
+-);
+-
+-ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key
--server-cert data/etc/testhost.cert",
+- "--ssl=tlsv1 < data/spam/001",
+- \&patterns_run_cb));
+-ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl_v3.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t
++++ /dev/null
+@@ -1,28 +0,0 @@
+-#!/usr/bin/perl
+-
+-use lib '.'; use lib 't';
+-use SATest; sa_t_init("spamd_sslv3");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+-
+-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+-
+-# ---------------------------------------------------------------------------
+-
+-%patterns = (
+-
+-q{ Return-Path: sb55s...@yahoo.com}, 'firstline',
+-q{ Subject: There yours for FREE!}, 'subj',
+-q{ X-Spam-Status: Yes, score=}, 'status',
+-q{ X-Spam-Flag: YES}, 'flag',
+-q{ X-Spam-Level: **********}, 'stars',
+-q{ TEST_ENDSNUMS}, 'endsinnums',
+-q{ TEST_NOREALNAME}, 'noreal',
+-q{ This must be the very last line}, 'lastline',
+-
+-
+-);
+-
+-ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key
--server-cert data/etc/testhost.cert",
+- "--ssl=sslv3 < data/spam/001",
+- \&patterns_run_cb));
+-ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t
++++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
+@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la
+
+ );
+
+-ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key
data/etc/testhost.key --server-cert data/etc/testhost.cert"));
++ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert
data/etc/testhost.cert"));
+ ok (spamcrun ("< data/spam/001", \&patterns_run_cb));
+-ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb));
++ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb));
+ ok (stop_spamd ());
+
+ ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl.t
++++ spamassassin-3.4.1/t/spamd_ssl.t
+@@ -2,10 +2,7 @@
+
+ use lib '.'; use lib 't';
+ use SATest; sa_t_init("spamd_ssl");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9),
+- onfail => sub {
+- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms
require that you" .
+- "\nspecify a protocol in spamc --ssl option, and possibly in spamd
--ssl-version.\n\n" };
++use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+
+ exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+
+Index: spamassassin-3.4.1/MANIFEST
+===================================================================
+--- spamassassin-3.4.1.orig/MANIFEST
++++ spamassassin-3.4.1/MANIFEST
+@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t
+ t/spamd_sql_prefs.t
+ t/spamd_ssl.t
+ t/spamd_ssl_accept_fail.t
+-t/spamd_ssl_tls.t
+-t/spamd_ssl_v3.t
+ t/spamd_stop.t
+ t/spamd_symbols.t
+ t/spamd_syslog.t
Copied: spamassassin/repos/testing-i686/net-dns-1.01-compat-uribl.patch (from
rev 275827, spamassassin/trunk/net-dns-1.01-compat-uribl.patch)
===================================================================
--- testing-i686/net-dns-1.01-compat-uribl.patch
(rev 0)
+++ testing-i686/net-dns-1.01-compat-uribl.patch 2016-09-07 19:03:38 UTC
(rev 275828)
@@ -0,0 +1,27 @@
+--- spamassassin/branches/3.4/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
2015/04/28 20:36:05 1676616
++++ spamassassin/branches/3.4/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
2015/08/04 23:16:38 1694126
+@@ -942,9 +942,8 @@
+ next unless (defined($str) && defined($dom));
+ dbg("uridnsbl: got($j) NS for $dom: $str");
+
+- if ($str =~ /IN\s+NS\s+(\S+)/) {
+- my $nsmatch = lc $1;
+- $nsmatch =~ s/\.$//;
++ if ($rr->type eq 'NS') {
++ my $nsmatch = lc $rr->nsdname; # available since at least Net::DNS 0.14
+ my $nsrhblstr = $nsmatch;
+ my $fullnsrhblstr = $nsmatch;
+
+@@ -1025,9 +1024,9 @@
+ }
+ dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
+
+- local $1;
+- if ($str =~ /IN\s+A\s+(\S+)/) {
+- $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
++ if ($rr->type eq 'A') {
++ my $ip_address = $rr->rdatastr;
++ $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
+ }
+ }
+ }
Copied: spamassassin/repos/testing-i686/net-dns-1.01-compat.patch (from rev
275827, spamassassin/trunk/net-dns-1.01-compat.patch)
===================================================================
--- testing-i686/net-dns-1.01-compat.patch (rev 0)
+++ testing-i686/net-dns-1.01-compat.patch 2016-09-07 19:03:38 UTC (rev
275828)
@@ -0,0 +1,14 @@
+https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7223
+
+--- spamassassin/branches/3.4/lib/Mail/SpamAssassin/DnsResolver.pm
2015/07/20 18:23:18 1691991
++++ spamassassin/branches/3.4/lib/Mail/SpamAssassin/DnsResolver.pm
2015/07/20 18:24:48 1691992
+@@ -592,6 +592,9 @@
+ };
+
+ if ($packet) {
++ # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223
++ $packet->header->rd(1);
++
+ # my $udp_payload_size = $self->{res}->udppacketsize;
+ my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
+ if ($udp_payload_size && $udp_payload_size > 512) {
Copied: spamassassin/repos/testing-i686/spamassassin.install (from rev 275827,
spamassassin/trunk/spamassassin.install)
===================================================================
--- testing-i686/spamassassin.install (rev 0)
+++ testing-i686/spamassassin.install 2016-09-07 19:03:38 UTC (rev 275828)
@@ -0,0 +1,32 @@
+setup_user() {
+ getent group spamd &>/dev/null || groupadd -g 182 spamd >/dev/null
+ getent passwd spamd &>/dev/null || useradd -u 182 -d
/var/lib/spamassassin -g spamd -s /bin/false spamd >/dev/null
+
+ if [[ -d /var/lib/spamassassin ]]; then
+ chown spamd:spamd /var/lib/spamassassin
+ fi
+
+ true
+}
+
+post_install() {
+ echo "You must run 'sa-update' to install spam rules before use."
+ setup_user
+}
+
+post_upgrade() {
+ setup_user
+ if [ "$(vercmp $2 3.4)" -lt 0 ]; then
+ echo '/var/lib/spamassassin is now owned by the spamd user.
spamassassin.service'
+ echo 'will also run under that user. You may need to adjust
your setup.'
+ fi
+
+ # Compile rules, if rules have previously been compiled, and it's
possible
+ if type re2c &>/dev/null && type sa-compile &>/dev/null && [[ -d
/var/lib/spamassassin/compiled ]]; then
+ echo "Detected compiled rules, running sa-compile..."
+ sa-compile > /dev/null 2>&1
+ fi
+
+ true
+}
+
Copied: spamassassin/repos/testing-i686/spamassassin.service (from rev 275827,
spamassassin/trunk/spamassassin.service)
===================================================================
--- testing-i686/spamassassin.service (rev 0)
+++ testing-i686/spamassassin.service 2016-09-07 19:03:38 UTC (rev 275828)
@@ -0,0 +1,12 @@
+[Unit]
+Description=Spamassassin daemon
+After=syslog.target network.target
+
+[Service]
+ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd
+StandardOutput=null
+StandardError=null
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
Copied: spamassassin/repos/testing-x86_64/PKGBUILD (from rev 275827,
spamassassin/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2016-09-07 19:03:38 UTC (rev 275828)
@@ -0,0 +1,71 @@
+# $Id$
+# Maintainer: Florian Pritz <bluew...@xinu.at>
+# Contributor: Dale Blount <d...@archlinux.org>
+# Contributor: Manolis Tzanidakis
+pkgname=spamassassin
+pkgver=3.4.1
+pkgrel=4
+pkgdesc="A mail filter to identify spam."
+arch=('i686' 'x86_64')
+license=('APACHE')
+url="http://spamassassin.apache.org";
+depends=('openssl' 'zlib' 're2c' 'perl-net-dns' 'perl-io-socket-ssl'
+ 'perl-libwww' 'perl-mail-spf' 'perl-http-message' 'perl-net-http'
+ 'perl-io-socket-inet6' 'perl-mail-dkim' 'perl-crypt-ssleay')
+makedepends=('razor' 'perl-dbi')
+optdepends=('razor: to identify collaborately-flagged spam')
+backup=('etc/mail/spamassassin/local.cf'
+ 'etc/mail/spamassassin/init.pre'
+ 'etc/mail/spamassassin/v310.pre'
+ 'etc/mail/spamassassin/v312.pre'
+ 'etc/mail/spamassassin/v320.pre'
+ 'etc/mail/spamassassin/v330.pre')
+install="${pkgname}.install"
+source=("http://www.us.apache.org/dist/${pkgname}/source/Mail-SpamAssassin-${pkgver}.tar.gz"{,.asc}
+ 'spamassassin.service' net-dns-1.01-compat.patch
net-dns-1.01-compat-uribl.patch disable-sslv3.patch)
+validpgpkeys=(D8099BC79E17D7E49BC21E31FDE52F40F7D39814)
+md5sums=('76eca1f38c11635d319e62c26d5b034b'
+ 'SKIP'
+ '8adce028f25387ac3bc4dba697d209ed'
+ '63458976671c35f423bd4e8033cfff3a'
+ '14f2e3dc93c560d6b5a7fd7d54e44e11'
+ 'e6aeeae9828f305db72abb8707312ee7')
+
+prepare() {
+ cd "${srcdir}/Mail-SpamAssassin-${pkgver}"
+
+ sed -i t/sa_compile.t \
+ -e 's#^my $temp_binpath = $Config{sitebinexp};#my $temp_binpath =
"/bin/site_perl/";#'
+
+ patch -i "$srcdir/net-dns-1.01-compat.patch" -p3
+ patch -i "$srcdir/net-dns-1.01-compat-uribl.patch" -p3
+
+ # From Debian
+ patch -i "$srcdir/disable-sslv3.patch" -p1
+}
+
+build() {
+ cd "${srcdir}/Mail-SpamAssassin-${pkgver}"
+
+ # install module in vendor directories.
+ PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor \
+ CONTACT_ADDRESS=root@localhost ENABLE_SSL=yes PERL_TAINT=no
+ make
+}
+
+check() {
+ cd "${srcdir}/Mail-SpamAssassin-${pkgver}"
+
+ # parallel tests cause lots of failures; disable for now
+ #export HARNESS_OPTIONS="j$(echo $MAKEFLAGS | sed
's/.*-j\([0-9][0-9]*\).*/\1/')"
+
+ make test
+}
+
+package() {
+ cd "${srcdir}/Mail-SpamAssassin-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+
+ install -D -m644 "${srcdir}/spamassassin.service"
"${pkgdir}/usr/lib/systemd/system/spamassassin.service"
+ install -d -o 182 -g 182 -m 755 "$pkgdir/var/lib/spamassassin"
+}
Copied: spamassassin/repos/testing-x86_64/disable-sslv3.patch (from rev 275827,
spamassassin/trunk/disable-sslv3.patch)
===================================================================
--- testing-x86_64/disable-sslv3.patch (rev 0)
+++ testing-x86_64/disable-sslv3.patch 2016-09-07 19:03:38 UTC (rev 275828)
@@ -0,0 +1,276 @@
+Index: spamassassin-3.4.1/spamc/libspamc.c
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/libspamc.c
++++ spamassassin-3.4.1/spamc/libspamc.c
+@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp,
+ unsigned int throwaway;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+- SSL_METHOD *meth;
++ const SSL_METHOD *meth;
+ char zlib_on = 0;
+ unsigned char *zlib_buf = NULL;
+ int zlib_bufsiz = 0;
+@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp,
+ if (flags & SPAMC_USE_SSL) {
+ #ifdef SPAMC_SSL
+ SSLeay_add_ssl_algorithms();
+- if (flags & SPAMC_TLSV1) {
+- meth = TLSv1_client_method();
+- } else {
+- meth = SSLv3_client_method(); /* default */
+- }
++ meth = SSLv23_client_method();
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new(meth);
+ #else
+@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c
+ int failureval;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+- SSL_METHOD *meth;
++ const SSL_METHOD *meth;
+
+ assert(tp != NULL);
+ assert(m != NULL);
+@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c
+ if (flags & SPAMC_USE_SSL) {
+ #ifdef SPAMC_SSL
+ SSLeay_add_ssl_algorithms();
+- meth = SSLv3_client_method();
++ meth = SSLv23_client_method();
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new(meth);
+ #else
+Index: spamassassin-3.4.1/spamc/spamc.c
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/spamc.c
++++ spamassassin-3.4.1/spamc/spamc.c
+@@ -368,16 +368,11 @@ read_args(int argc, char **argv,
+ case 'S':
+ {
+ flags |= SPAMC_USE_SSL;
+- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) {
+- flags |= SPAMC_SSLV3;
+- }
+- else if (strcmp(spamc_optarg,"tlsv1") == 0) {
+- flags |= SPAMC_TLSV1;
+- }
+- else {
+- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl
version (%s)", spamc_optarg);
+- ret = EX_USAGE;
+- }
++ if(spamc_optarg) {
++ libspamc_log(flags, LOG_ERR,
++ "Explicit specification of an SSL/TLS version no
longer supported.");
++ ret = EX_USAGE;
++ }
+ break;
+ }
+ #endif
+Index: spamassassin-3.4.1/spamd/spamd.raw
+===================================================================
+--- spamassassin-3.4.1.orig/spamd/spamd.raw
++++ spamassassin-3.4.1/spamd/spamd.raw
+@@ -409,7 +409,6 @@ GetOptions(
+ 'sql-config!' => \$opt{'sql-config'},
+ 'ssl' => \$opt{'ssl'},
+ 'ssl-port=s' => \$opt{'ssl-port'},
+- 'ssl-version=s' => \$opt{'ssl-version'},
+ 'syslog-socket=s' => \$opt{'syslog-socket'},
+ 'syslog|s=s' => \$opt{'syslog'},
+ 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'},
+@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) {
+
+ # Do whitelist later in tmp dir. Side effect: this will be done as -u user.
+
+-my $sslversion = $opt{'ssl-version'} || 'sslv3';
+-if ($sslversion !~ /^(?:sslv3|tlsv1)$/) {
+- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
+-}
+-
+ $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem";
+ $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem";
+
+@@ -898,9 +892,8 @@ sub compose_listen_info_string {
+ $socket_info->{ip_addr}, $socket_info->{port}));
+
+ } elsif ($socket->isa('IO::Socket::SSL')) {
+- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s",
+- $socket_info->{ip_addr}, $socket_info->{port},
+- $opt{'ssl-version'}||'sslv3'));
++ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr},
++ $socket_info->{port}));
+ }
+ }
+
+@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet {
+ $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP'
+ && IO::Socket::IP->VERSION >= 0.09;
+ %sockopt = (%sockopt, (
+- SSL_version => $sslversion,
+ SSL_verify_mode => 0x00,
+ SSL_key_file => $opt{'server-key'},
+ SSL_cert_file => $opt{'server-cert'},
+@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet {
+ if (!$server_inet) {
+ $diag = sprintf("could not create %s socket on [%s]:%s: %s",
+ $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
+- $adr, $port, $!);
++ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
++ "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
+ push(@diag_fail, $diag);
+ } else {
+ $diag = sprintf("created %s socket on [%s]:%s",
+@@ -3232,7 +3225,6 @@ Options:
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
+ --ssl Enable SSL on TCP connections
+ --ssl-port port Override --port setting for SSL connections
+- --ssl-version sslversion Specify SSL protocol version to use
+ --server-key keyfile Specify an SSL keyfile
+ --server-cert certfile Specify an SSL certificate
+ --socketpath=path Listen on a given UNIX domain socket
+@@ -3720,14 +3712,6 @@ Optionally specifies the port number for
+ SSL connections (default: whatever --port uses). See B<--ssl> for
+ more details.
+
+-=item B<--ssl-version>=I<sslversion>
+-
+-Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>.
+-The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
+-higher hello handshake, then negotiating use of SSLv3 or TLSv1
+-protocol if the client can accept it. Specifying B<--ssl-version>
+-implies B<--ssl>.
+-
+ =item B<--server-key> I<keyfile>
+
+ Specify the SSL key file to use for SSL connections.
+Index: spamassassin-3.4.1/spamc/spamc.pod
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/spamc.pod
++++ spamassassin-3.4.1/spamc/spamc.pod
+@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a
+ Sleep for I<sleep> seconds between failed spamd filtering attempts.
+ The default is 1 second.
+
+-=item B<-S>, B<--ssl>, B<--ssl>=I<sslversion>
++=item B<-S>, B<--ssl>, B<--ssl>
+
+ If spamc was built with support for SSL, encrypt data to and from the
+ spamd process with SSL; spamd must support SSL as well.
+-I<sslversion> specifies the SSL protocol version to use, either
+-C<sslv3>, or C<tlsv1>. The default, is C<sslv3>.
+
+ =item B<-t> I<timeout>, B<--timeout>=I<timeout>
+
+Index: spamassassin-3.4.1/t/spamd_ssl_tls.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t
++++ /dev/null
+@@ -1,28 +0,0 @@
+-#!/usr/bin/perl
+-
+-use lib '.'; use lib 't';
+-use SATest; sa_t_init("spamd_ssl_tls");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+-
+-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+-
+-# ---------------------------------------------------------------------------
+-
+-%patterns = (
+-
+-q{ Return-Path: sb55s...@yahoo.com}, 'firstline',
+-q{ Subject: There yours for FREE!}, 'subj',
+-q{ X-Spam-Status: Yes, score=}, 'status',
+-q{ X-Spam-Flag: YES}, 'flag',
+-q{ X-Spam-Level: **********}, 'stars',
+-q{ TEST_ENDSNUMS}, 'endsinnums',
+-q{ TEST_NOREALNAME}, 'noreal',
+-q{ This must be the very last line}, 'lastline',
+-
+-
+-);
+-
+-ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key
--server-cert data/etc/testhost.cert",
+- "--ssl=tlsv1 < data/spam/001",
+- \&patterns_run_cb));
+-ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl_v3.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t
++++ /dev/null
+@@ -1,28 +0,0 @@
+-#!/usr/bin/perl
+-
+-use lib '.'; use lib 't';
+-use SATest; sa_t_init("spamd_sslv3");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+-
+-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+-
+-# ---------------------------------------------------------------------------
+-
+-%patterns = (
+-
+-q{ Return-Path: sb55s...@yahoo.com}, 'firstline',
+-q{ Subject: There yours for FREE!}, 'subj',
+-q{ X-Spam-Status: Yes, score=}, 'status',
+-q{ X-Spam-Flag: YES}, 'flag',
+-q{ X-Spam-Level: **********}, 'stars',
+-q{ TEST_ENDSNUMS}, 'endsinnums',
+-q{ TEST_NOREALNAME}, 'noreal',
+-q{ This must be the very last line}, 'lastline',
+-
+-
+-);
+-
+-ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key
--server-cert data/etc/testhost.cert",
+- "--ssl=sslv3 < data/spam/001",
+- \&patterns_run_cb));
+-ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t
++++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
+@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la
+
+ );
+
+-ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key
data/etc/testhost.key --server-cert data/etc/testhost.cert"));
++ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert
data/etc/testhost.cert"));
+ ok (spamcrun ("< data/spam/001", \&patterns_run_cb));
+-ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb));
++ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb));
+ ok (stop_spamd ());
+
+ ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl.t
++++ spamassassin-3.4.1/t/spamd_ssl.t
+@@ -2,10 +2,7 @@
+
+ use lib '.'; use lib 't';
+ use SATest; sa_t_init("spamd_ssl");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9),
+- onfail => sub {
+- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms
require that you" .
+- "\nspecify a protocol in spamc --ssl option, and possibly in spamd
--ssl-version.\n\n" };
++use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+
+ exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+
+Index: spamassassin-3.4.1/MANIFEST
+===================================================================
+--- spamassassin-3.4.1.orig/MANIFEST
++++ spamassassin-3.4.1/MANIFEST
+@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t
+ t/spamd_sql_prefs.t
+ t/spamd_ssl.t
+ t/spamd_ssl_accept_fail.t
+-t/spamd_ssl_tls.t
+-t/spamd_ssl_v3.t
+ t/spamd_stop.t
+ t/spamd_symbols.t
+ t/spamd_syslog.t
Copied: spamassassin/repos/testing-x86_64/net-dns-1.01-compat-uribl.patch (from
rev 275827, spamassassin/trunk/net-dns-1.01-compat-uribl.patch)
===================================================================
--- testing-x86_64/net-dns-1.01-compat-uribl.patch
(rev 0)
+++ testing-x86_64/net-dns-1.01-compat-uribl.patch 2016-09-07 19:03:38 UTC
(rev 275828)
@@ -0,0 +1,27 @@
+--- spamassassin/branches/3.4/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
2015/04/28 20:36:05 1676616
++++ spamassassin/branches/3.4/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm
2015/08/04 23:16:38 1694126
+@@ -942,9 +942,8 @@
+ next unless (defined($str) && defined($dom));
+ dbg("uridnsbl: got($j) NS for $dom: $str");
+
+- if ($str =~ /IN\s+NS\s+(\S+)/) {
+- my $nsmatch = lc $1;
+- $nsmatch =~ s/\.$//;
++ if ($rr->type eq 'NS') {
++ my $nsmatch = lc $rr->nsdname; # available since at least Net::DNS 0.14
+ my $nsrhblstr = $nsmatch;
+ my $fullnsrhblstr = $nsmatch;
+
+@@ -1025,9 +1024,9 @@
+ }
+ dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
+
+- local $1;
+- if ($str =~ /IN\s+A\s+(\S+)/) {
+- $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
++ if ($rr->type eq 'A') {
++ my $ip_address = $rr->rdatastr;
++ $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
+ }
+ }
+ }
Copied: spamassassin/repos/testing-x86_64/net-dns-1.01-compat.patch (from rev
275827, spamassassin/trunk/net-dns-1.01-compat.patch)
===================================================================
--- testing-x86_64/net-dns-1.01-compat.patch (rev 0)
+++ testing-x86_64/net-dns-1.01-compat.patch 2016-09-07 19:03:38 UTC (rev
275828)
@@ -0,0 +1,14 @@
+https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7223
+
+--- spamassassin/branches/3.4/lib/Mail/SpamAssassin/DnsResolver.pm
2015/07/20 18:23:18 1691991
++++ spamassassin/branches/3.4/lib/Mail/SpamAssassin/DnsResolver.pm
2015/07/20 18:24:48 1691992
+@@ -592,6 +592,9 @@
+ };
+
+ if ($packet) {
++ # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223
++ $packet->header->rd(1);
++
+ # my $udp_payload_size = $self->{res}->udppacketsize;
+ my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
+ if ($udp_payload_size && $udp_payload_size > 512) {
Copied: spamassassin/repos/testing-x86_64/spamassassin.install (from rev
275827, spamassassin/trunk/spamassassin.install)
===================================================================
--- testing-x86_64/spamassassin.install (rev 0)
+++ testing-x86_64/spamassassin.install 2016-09-07 19:03:38 UTC (rev 275828)
@@ -0,0 +1,32 @@
+setup_user() {
+ getent group spamd &>/dev/null || groupadd -g 182 spamd >/dev/null
+ getent passwd spamd &>/dev/null || useradd -u 182 -d
/var/lib/spamassassin -g spamd -s /bin/false spamd >/dev/null
+
+ if [[ -d /var/lib/spamassassin ]]; then
+ chown spamd:spamd /var/lib/spamassassin
+ fi
+
+ true
+}
+
+post_install() {
+ echo "You must run 'sa-update' to install spam rules before use."
+ setup_user
+}
+
+post_upgrade() {
+ setup_user
+ if [ "$(vercmp $2 3.4)" -lt 0 ]; then
+ echo '/var/lib/spamassassin is now owned by the spamd user.
spamassassin.service'
+ echo 'will also run under that user. You may need to adjust
your setup.'
+ fi
+
+ # Compile rules, if rules have previously been compiled, and it's
possible
+ if type re2c &>/dev/null && type sa-compile &>/dev/null && [[ -d
/var/lib/spamassassin/compiled ]]; then
+ echo "Detected compiled rules, running sa-compile..."
+ sa-compile > /dev/null 2>&1
+ fi
+
+ true
+}
+
Copied: spamassassin/repos/testing-x86_64/spamassassin.service (from rev
275827, spamassassin/trunk/spamassassin.service)
===================================================================
--- testing-x86_64/spamassassin.service (rev 0)
+++ testing-x86_64/spamassassin.service 2016-09-07 19:03:38 UTC (rev 275828)
@@ -0,0 +1,12 @@
+[Unit]
+Description=Spamassassin daemon
+After=syslog.target network.target
+
+[Service]
+ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd
+StandardOutput=null
+StandardError=null
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
