non port: mail/spamassassin/pkg-plist |
Number of commits found: 18 |
Wednesday, 7 Feb 2024
|
20:31 Cy Schubert (cy)
mail/spamassassin*: Keep sa-update-keys
sa-update-keys was removed in 2015 due to upstream bug #7208. The
requestor asks that they be retained after deinstall to facilite
updates.
Reported by: ler
528a08b |
Tuesday, 3 Jan 2023
|
16:56 Cy Schubert (cy)
mail/spamassassin: Update 3.4.6 --> 4.0.0
The release announcement can be found at
https://svn.apache.org/repos/asf/spamassassin/trunk/build/announcements/\
4.0.0.txt.
A list of detailed changes can be found at
https://svn.apache.org/repos/asf/spamassassin/trunk/Changes.
3fdfceb |
Wednesday, 24 Mar 2021
|
20:02 cy
mail/spamassassin: Update 3.4.4 --> 3.4.5, fixing CVE-2020-1946
According to https://s.apache.org/ng9u9, 3.4.5 fixes CVE-2020-1946.
The announce text:
Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue
of security note where malicious rule configuration (.cf) files can be
configured to run system commands.
In Apache SpamAssassin before 3.4.5, exploits can be injected in a number
of scenarios. In addition to upgrading to SA 3.4.5, users should only use
update channels or 3rd party .cf files from trusted places.
Apache SpamAssassin would like to thank Damian Lukowski at credativ for
ethically reporting this issue.
This issue has been assigned CVE id CVE-2020-1946 [2]
To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org. For more information about Apache
SpamAssassin, visit the https://spamassassin.apache.org/ web site.
Apache SpamAssassin Security Team
[1]: https://s.apache.org/ng9u9
[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
PR: 254526
Submitted by: cy
Reported by: cy
Approved by: maintainer (zeising)
MFH: 2021Q1
Security: https://s.apache.org/ng9u9
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
|
Friday, 13 Dec 2019
|
20:03 cy
Update 3.4.2 --> 3.4.3
2019-12-11: Apache SpamAssassin 3.4.3 has been released! Apache
SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we prepare
to move to version 4.0.0 with better, native UTF-8 handling. There are a
number of functional patches, improvements as well as security reasons to
upgrade to 3.4.3. In this release, there is also one new plugin and there
are bug fixes for two CVEs:
CVE-2019-12420 for Multipart Denial of Service Vulnerability
CVE-2018-11805 for nefarious CF files can be configured to run system
commands without any output or errors.
PR: 242618
Submitted by: cy
Reported by: cy
Approved by: zeising (maintainer)
MFH: 2019Q4
Security: CVE-2019-12420, CVE-2018-11805
|
Tuesday, 13 Nov 2018
|
21:11 zeising
mail/spamassassin: Revert r484326
Revert r484326, switch to gpg2, silence gpg2 memory warnings.
I have gotten multiple reports of this causing issues when upgrading or
installing. Revert this until I can look at this in more detail.
|
Tuesday, 6 Nov 2018
|
20:46 zeising
mail/spamassassin: switch gpg version, silence gpg
Switch to use gpg2 instead of the old and mostly deprecated gpg as the
default gpg version.
Add a gpg.conf file to silence the warning about using insecure memory with
gpg2 [1].
Bump portrevision
Submitted by: Larry Rosenman (ler) [1]
|
Wednesday, 26 Sep 2018
|
19:30 zeising
mail/spamassassin: Update to 3.4.2
Update mail/spamassassin to 3.4.2. This update includes security fixes.
For complete changelog and upgrade notes, see:
https://mail-archives.apache.org/mod_mbox/spamassassin-announce/201809.mbox/%3cc44ca0f1-cba9-b129-20b2-ba59816cfd13@apache.org%3e
Big thanks to Larry Rosenman (ler) for help with testing!
PR: 231412
Reported by: dewayne@heuristicsystems.com.au
Tested by: ler
MFH: 2018Q3
Security: 613193a0-c1b4-11e8-ae2d-54e1ad3d6335
|
Wednesday, 27 Jun 2018
|
13:55 mat
Do not force stop services when a package is deinstalled.
Starting or stopping services is the role of pkg(8).
Sponsored by: Absolight
|
Monday, 7 Nov 2016
|
00:59 adamw
Follow up to r425497. sa-update isn't the problem, it's sa-update in
the plist. Remove the UPDATE_ON_INSTALL option entirely, and just add
a blurb to the pkg-message instructing people to run sa-update and
sa-compile manually.
Thanks to Matthew Fuller for prodding a better solution.
|
Sunday, 6 Nov 2016
|
15:38 adamw
For quite a while now, the only update server for SpamAssassin hasn't
had a valid DNS entry. People have asked about it on the mailing list
as far back as August, but literally nobody has replied to any of those
posts, and no commits or wiki updates have been made regarding this,
making it reasonably appear that nobody on the SpamAssassin team has
noticed or cares that SpamAssassin no longer updates.
For now, just add a patch that turns sa-update(1) into a no-op.
While here, add a couple simple Makefile tweaks and bump PORTREVISION.
|
Saturday, 3 Oct 2015
|
18:21 adamw
Add upstream r1684653 from bug #7208, which fixes warnings stemming from
calling each/keys on a hashref.
While here, convert @unexec stuff into preunexec and postunexec.
Submitted by: Larry Rosenman
Obtained from: https://svn.apache.org/viewvc?view=revision&revision=1684653
|
Monday, 14 Sep 2015
|
12:19 mat
Make it so that the default Perl is always called perl5.
- Move Perl's man1 files along with its man3 files.
- Move where Perl installs its modules man1 pages.
- Convert the ports installing man1 pages.
- Make different Perl versions installable at the same time.
Though you should note that only the default version can be used to
install Perl modules, and the non default Perl versions cannot use the
modules installed via ports if they contain .so as they are installed
in a version specific directory.
Reviewed by: bapt (the Mk bits)
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D3542
|
Thursday, 30 Apr 2015
|
02:58 adamw
Correct botched group name in plist. PORTREVISION bump for plist change.
Submitted by: Terry Kennedy
|
Wednesday, 29 Apr 2015
|
18:46 adamw
Update spamassassin to 3.4.1.
Changes:
* improved automation to help combat spammers that are abusing new top level
domains;
* tweaks to the SPF support to block more spoofed emails;
* increased character set normalization to make rules easier to develop and
stop spammers from using alternate character sets to bypass tests;
* continued refinement to the native IPv6 support; and
* improved Bayesian classification with better debugging and attachment
hashing.
Full ChangeLog at https://metacpan.org/changes/distribution/Mail-SpamAssassin
The japanese/spamassassin port is broken until it's updated for 3.4.1.
|
Sunday, 30 Nov 2014
|
21:26 adamw
Add a patch from SA bug #7107, to quiet warnings due to bad usage of $^V
that show up during sa-learn, sa-compile, etc.
Note that other warnings can still show up, ex.:
zoom: rule __FOR_SALE_PRC_100K will loop on SpamAssassin older than 3.3.2
running under Perl 5.12 or older, Bug 6558
While here, go with the @dir new world order. SA is not poudriere clean at this
time;
/var/spool/spamd is the homedir of user spamd, so I am pretty sure it shouldn't
be
listed with @dir. QA sees this as a leftover dir.
PR: 195524
Submitted by: Bernard Spil
|
Wednesday, 26 Nov 2014
|
13:08 mat
Change the way Perl modules are installed, update the default Perl to 5.18.
Before, we had:
site_perl : lib/perl5/site_perl/5.18
site_perl/perl_arch : lib/perl5/site_perl/5.18/mach
perl_man3 : lib/perl5/5.18/man/man3
Now we have:
site_perl : lib/perl5/site_perl
site_arch : lib/perl5/site_perl/mach/5.18
perl_man3 : lib/perl5/site_perl/man/man3
Modules without any .so will be installed at the same place regardless of the
Perl version, minimizing the upgrade when the major Perl version is changed.
It uses a version dependent directory for modules with compiled bits.
As PERL_ARCH is no longer needed in plists, it has been removed from
PLIST_SUB.
The USE_PERL5=fixpacklist keyword is removed, the .packlist file is now
always removed, as is perllocal.pod.
The old site_perl and site_perl/arch directories have been kept in the
default Perl @INC for all Perl ports, and will be phased out as these old
Perl versions expire.
PR: 194969
Differential Revision: https://reviews.freebsd.org/D1019
Exp-run by: antoine
Reviewed by: perl@
Approved by: portmgr
|
Thursday, 1 May 2014
|
17:01 adamw
Improvements.
Let pkg-create handle ownership/mode better. Use @dirrmtry instead of
@unexec rmdir. Use COPYTREE_SHARE to ensure proper permissions.
Also, stop the spamd service on deinstall if it's running. It creates
zombie issues otherwise... I'm pretty sure this is the right thing to
do.
|
Sunday, 16 Mar 2014
|
14:24 adamw
The release notes for 3.4.0 were never included in the tarball from
upstream. We include the missing commit, and also the release notes
themselves for good measure.
PR: ports/187632
Submitted by: Spil <spil.oss@gmail.com>
Also, as long as we're here, pet portlint a little bit (though it
still complains loudly about other things).
|
Number of commits found: 18 |