Version: 3.4.5, Package name: p5-Mail-SpamAssassin-3.4.5 |
Maintained by: Giovanni Bechis |
Master sites:
|
Description SpamAssassin is a mail filter to identify spam. Using its rule base and optional network sources (DNS-based lists and collaborative spam-tracking databases), it carries out a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email. Once identified, the mail can then be optionally tagged as spam for later filtering using the user's own mail user-agent application. SpamAssassin requires very little configuration; you do not need to continually update it with details of your mail accounts, mailing list memberships, etc. It accomplishes filtering without this knowledge, as much as possible. Read ${PREFIX}/share/doc/SpamAssassin/README for further installation instructions. Or if you are in a hurry you can read: ${PREFIX}/share/doc/SpamAssassin/OpenBSD-SpamAssassin-mini-howto.html The SpamAssassin Wiki is available at and contains up-to-date information on configuring SpamAssassin, and using some of the more advanced features of it. |
Filesize: 360.232 KB |
Version History (View Complete History) |
|
2021-03-25 17:07:00 by Giovanni Bechis | Files touched by this commit (3) |
Log message: Update to 3.4.5 security fix for CVE-2020-1946 bug fixes and improvements on OLEMacro detection, Bayes and rbl checks ok sthen@ |
2021-03-25 01:42:07 by Giovanni Bechis | Files touched by this commit (4) |
Log message: Update to 3.4.5 security fix for CVE-2020-1946 bug fixes and improvements on OLEMacro detection, Bayes and rbl checks |
2020-01-30 01:20:31 by Giovanni Bechis | Files touched by this commit (2) |
Log message: Update to 3.4.4 fixes CVE-2020-1930 and CVE-2020-1931 |
2020-01-30 00:54:00 by Giovanni Bechis | Files touched by this commit (2) |
Log message: Update to 3.4.4 fixes CVE-2020-1930 and CVE-2020-1931 |
2019-12-17 00:18:31 by Giovanni Bechis | Files touched by this commit (4) |
Log message: Update to 3.4.3 fixes CVE-2018-11805 and CVE-2019-12420 hints by sthen@ |
2019-12-12 09:10:35 by Giovanni Bechis | Files touched by this commit (5) |
Log message: Update to 3.4.3 fixes for: CVE-2018-11805 and CVE-2019-12420 Upgrade notice available at https://svn.apache.org/repos/asf/spamassassin/branches/3.4/UPGRADE |
2019-07-12 14:47:59 by Stuart Henderson | Files touched by this commit (874) |
Log message: replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes |
2019-03-07 00:41:08 by Giovanni Bechis | Files touched by this commit (2) |
Log message: add GeoIP2 support and make it the default remove optional Geo::IP support from dependencies, databases are not updated anymore with input from sthen@ |
2018-09-25 03:05:09 by Giovanni Bechis | Files touched by this commit (2) |
Log message: Fix a possible use after free |
2018-09-19 08:42:45 by Giovanni Bechis | Files touched by this commit (4) |
Log message: Update to 3.4.2, lot of fixes and new features, four CVE security bug fixed for PDFInfo.pm and the SA core: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 ok pea@ |
2018-09-18 00:42:57 by Giovanni Bechis | Files touched by this commit (22) |
Log message: Major update to 3.4.2, lot of fixes and new features, four CVE security bug fixed for PDFInfo.pm and the SA core: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 ok pea@ |
2018-09-04 06:46:28 by Marc Espie | Files touched by this commit (918) |
Log message: convert to PKGSTEM |
2018-03-13 02:01:42 by Giovanni Bechis | Files touched by this commit (3) |
Log message: Security fixes from upstream |
2018-03-13 01:51:59 by Giovanni Bechis | Files touched by this commit (3) |
Log message: More security fixes from upstream |
2018-03-08 01:24:49 by Giovanni Bechis | Files touched by this commit (2) |
Log message: Security fixes from upstream ok sthen@ |
2018-03-08 00:30:00 by Giovanni Bechis | Files touched by this commit (3) |
Log message: More security fixes from upstream |
2018-02-23 15:32:07 by Giovanni Bechis | Files touched by this commit (2) |
Log message: Security fix for spamassassin if the root user starts spamd with the --username flag, the supplemental group list of the spamd worker processes is never changed. The worker processes execute with root's original supplemental group list. ok sthen@ |
2018-02-23 10:07:35 by Giovanni Bechis | Files touched by this commit (3) |
Log message: restore old patches and bump |
2018-02-23 09:39:39 by Giovanni Bechis | Files touched by this commit (3) |
Log message: Security fix for spamassassin if the root user starts spamd with the --username flag, the supplemental group list of the spamd worker processes is never changed. The worker processes execute with root's original supplemental group list. |
2018-02-06 00:58:03 by Giovanni Bechis | Files touched by this commit (2) |
Log message: Add compatibility patches for perl 5.23+ |
2018-01-11 12:27:12 by Robert Peichaer | Files touched by this commit (624) |
Log message: Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d daemon scripts and bump subpackages that contain the *.rc scripts. discussed with and OK aja@ OK tb |
2017-05-06 08:56:08 by Giovanni Bechis | Files touched by this commit (2) |
Log message: Install ldap docs and take maintainership ok sthen@ |
2017-04-27 11:10:28 by Stuart Henderson | Files touched by this commit (1) |
Log message: Drop maintainer, I'm moving away from this (rspamd is better). |
2016-03-19 06:17:45 by Stuart Henderson | Files touched by this commit (2) |
Log message: MFC: backport SpamAssassin fixes to cope with p5-Net-DNS API breaks |
2016-03-03 17:05:35 by Stuart Henderson | Files touched by this commit (7) |
Log message: pull back more patches from spamassassin 3.4 branch, again mostly coping with Net::DNS API changes not documented in their changelog |
2016-03-03 16:27:51 by Stuart Henderson | Files touched by this commit (2) |
Log message: Set RD properly on DNS queries. Broken by Net::DNS 1.01+ |
2015-08-26 07:28:54 by Stuart Henderson | Files touched by this commit (2) |
Log message: explicitly search ${LOCALBASE}/bin and sbin when looking for gpg etc., fixing a problem seen by wesley at e-solutions.re where /usr/local is not in the path for cronjobs running sa-update |
2015-05-23 08:18:55 by Alexander Bluhm | Files touched by this commit (4) |
Log message: Make the regression tests of p5-Mail-SpamAssassin pass. - Replace SSLv3_client_method() with SSLv23_client_method() in spamc. - Do not choose a specific SSL version, let IO::Socket::SSL decide. - Print SSL error messages to make debugging easier. - Fix search path in test. input and OK sthen@ |
2015-04-30 08:41:54 by Stuart Henderson | Files touched by this commit (6) |
Log message: update to p5-Mail-SpamAssassin 3.4.1 http://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.1.txt |
2015-01-19 13:20:59 by Stuart Henderson | Files touched by this commit (1) |
Log message: switch SpamAssassin's forced p5-libwww dependency for one which can accept either p5-libwww or curl (possible now that libwww is updated and HTTP::Date is split off). |
2014-12-16 17:15:25 by Alexander Bluhm | Files touched by this commit (5) |
Log message: Do not depend on net/p5-IO-Socket-IP. The module IO::Socket::IP 0.29 is included in Perl 5.20.1 and installed in base. The port will be removed soon. OK giovanni@ nigel@ |
2011-07-01 00:39:17 by Giovanni Bechis | Files touched by this commit (2) |
Log message: Install sql files ok sthen@ (Maintainer) |
2011-06-23 11:32:46 by Stuart Henderson | Files touched by this commit (13) |
Log message: update SpamAssassin to 3.3.2, thanks Brad and pea@ for testing. ok pea@ |
2011-05-04 04:17:53 by Stuart Henderson | Files touched by this commit (2) |
Log message: fix a spamassassin --lint warning, from upstream, suggested by Armin Wolfermann |
2011-03-20 00:46:50 by Antoine Jacoutot | Files touched by this commit (2) |
Log message: Better pexp in rc script. |
2010-12-27 07:50:24 by Antoine Jacoutot | Files touched by this commit (97) |
Log message: Simplify after recent rc.subr change. The framework is now stable and we will start documenting it (at last). |
2010-12-24 03:40:06 by Antoine Jacoutot | Files touched by this commit (96) |
Log message: Cope with recent rc.subr changes. |
2010-11-30 01:34:27 by Antoine Jacoutot | Files touched by this commit (3) |
Log message: Kill 2 very annoying warnings when running spamd, merged from upstream. ok sthen@ (maintainer) |
2010-11-26 00:51:00 by Marc Espie | Files touched by this commit (15) |
Log message: make use of PKGSPEC to simplify depends, requires most recent security/gnupg to compile correctly |
2010-11-19 00:23:15 by Marc Espie | Files touched by this commit (332) |
Log message: new depends |
2010-11-04 06:07:09 by Stuart Henderson | Files touched by this commit (3) |
Log message: rc script for spamassassin; suggestions and ok aja@ |
2010-10-18 13:59:20 by Marc Espie | Files touched by this commit (135) |
Log message: USE_GROFF=Yes |
2010-09-27 13:59:39 by Stuart Henderson | Files touched by this commit (5) |
Log message: perl 5.12.2 fixes |
2010-08-25 00:34:51 by Antoine Jacoutot | Files touched by this commit (16) |
Log message: Force dependency on gnupg1 since gnupg2 has the same PKGNAME, it can create some depency mess. The long term solution is to update+merge gnupg2 into gnupg1 but for now at least we have a clean dependency chain. looks ok to jasper@ and pea@ |
2010-05-23 15:33:28 by Stuart Henderson | Files touched by this commit (2) |
Log message: @sample v330.pre and bump PKGNAME-main. |
2010-03-24 17:56:04 by Stuart Henderson | Files touched by this commit (10) |
Log message: update to 3.3.1; thanks pea@ for testing and comments |
2010-01-02 17:49:24 by Stuart Henderson | Files touched by this commit (2) |
Log message: MFC: Adjust FH_DATE_PAST_20XX rule so it doesn't trigger on all dates from 2010. From upstream repository. ok jasper@ william@ |
2010-01-01 15:41:15 by Stuart Henderson | Files touched by this commit (2) |
Log message: Adjust FH_DATE_PAST_20XX rule so it doesn't trigger on all dates from 2010. From upstream repository. |
2009-10-23 04:26:18 by Stuart Henderson | Files touched by this commit (2) |
Log message: - unbreak with perl 5.10.1 (don't rely on an internal MakeMaker api which changed). - take MAINTAINER. looks ok to jasper. |
2009-09-15 11:37:22 by Jasper Lievisse Adriaanse | Files touched by this commit (83) |
Log message: remove marc balmer as maintainer of all of his ports, to take away the illusion marc still maintains them. as requested by himself. |
2009-01-01 08:23:41 by Alexander Bluhm | Files touched by this commit (6) |
Log message: Replace p5-IO-INET6 with p5-IO-Socket-INET6 as the upstream cpan package has been renamed. Unfortunately there is no smooth upgrade path. Packages have to be deleted and added manually. discussed with bernd@ and sturm@ |
2008-10-01 13:30:39 by Stuart Henderson | Files touched by this commit (2) |
Log message: Adjust dependencies for IO::Zlib and Archive::Tar which now come as part of base Perl. Regen PLIST while there, some manpages missed. ok simon@ "commitski" mbalmer@ |
2008-09-04 00:42:12 by Brad Smith | Files touched by this commit (5) |
Log message: Update to SpamAssassin 3.2.5; minor bug fix update. ok mbalmer@ |
2008-01-07 10:52:48 by Marc Balmer | Files touched by this commit (2) |
Log message: Maintenance update of SpamAssassin to version 3.2.4. This is a major bug-fix release, with a few minor new features. |
2007-10-11 11:20:06 by Stuart Henderson | Files touched by this commit (1) |
Log message: add RUN_DEPENDS=::devel/re2c so you can compile your ruleset to native code with sa-compile(1). "committ it" mbalmer@ |
2007-09-15 18:17:07 by Michael Erdely | Files touched by this commit (124) |
Log message: Remove surrounding quotes in COMMENT*/PERMIT_* |
2007-07-25 23:57:50 by Marc Balmer | Files touched by this commit (2) |
Log message: Minor bugfix update to SpamAssassin 3.2.2. |
2007-07-06 07:13:31 by Nikolay Sturm | Files touched by this commit (3) |
Log message: MFC: SECURITY update to 3.2.1 fixes a local user symlink-attack DoS vulnerability; more details at http://spamassassin.apache.org/advisories/cve-2007-2873.txt |
2007-07-06 07:13:11 by Nikolay Sturm | Files touched by this commit (3) |
Log message: SECURITY update to 3.2.1 fixes a local user symlink-attack DoS vulnerability; more details at http://spamassassin.apache.org/advisories/cve-2007-2873.txt |
2007-07-02 04:32:43 by Steven Mestdagh | Files touched by this commit (2) |
Log message: SECURITY update to 3.2.1 fixes a local user symlink-attack DoS vulnerability; more details at http://spamassassin.apache.org/advisories/cve-2007-2873.txt ok mbalmer@ |
2007-05-30 11:39:14 by Alexandre Anriot | Files touched by this commit (1) |
Log message: get ride of RUN_DEPENDS=${BUILD_DEPENDS} construct. checked by naddy@, ok mbalmer@ |
2007-05-07 13:53:42 by Marc Balmer | Files touched by this commit (2) |
Log message: Fix a problem with the last update. |
2007-05-06 07:28:31 by Marc Balmer | Files touched by this commit (5) |
Log message: Update to SpamAssassin 3.2.0 ok simon |
2007-04-05 10:20:19 by Marc Espie | Files touched by this commit (912) |
Log message: base64 checksums. |
2007-03-16 11:56:14 by Nikolay Sturm | Files touched by this commit (6) |
Log message: MFC: 3.1.8 is a major bug-fix release, including a potential DoS. The major highlights are: - bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly long URIs found in the message content. - bug 5240: disable perl module usage in update channels unless --allowplugins is specified - bug 5288: files with names starting/ending in whitespace weren't usable - bug 5056: remove Text::Wrap related code due to upstream issues - bug 5145: update spamassassin and sa-learn to better deal with STDIN - bug 5140 and 5179: improvements and bug fixes related to DomainKeys and DKIM support - several updates for Received header parsing - several documentation updates and random taint-variable related issues A more detailed change log can be read here: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes |
2007-03-08 23:20:10 by Nikolay Sturm | Files touched by this commit (5) |
Log message: MFC: 3.1.8 is a major bug-fix release, including a potential DoS. The major highlights are: - bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly long URIs found in the message content. - bug 5240: disable perl module usage in update channels unless --allowplugins is specified - bug 5288: files with names starting/ending in whitespace weren't usable - bug 5056: remove Text::Wrap related code due to upstream issues - bug 5145: update spamassassin and sa-learn to better deal with STDIN - bug 5140 and 5179: improvements and bug fixes related to DomainKeys and DKIM support - several updates for Received header parsing - several documentation updates and random taint-variable related issues A more detailed change log can be read here: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes |
2007-02-15 12:57:48 by Marc Balmer | Files touched by this commit (4) |
Log message: 3.1.8 is a major bug-fix release, including a potential DoS. The major highlights are: - bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly long URIs found in the message content. - bug 5240: disable perl module usage in update channels unless --allowplugins is specified - bug 5288: files with names starting/ending in whitespace weren't usable - bug 5056: remove Text::Wrap related code due to upstream issues - bug 5145: update spamassassin and sa-learn to better deal with STDIN - bug 5140 and 5179: improvements and bug fixes related to DomainKeys and DKIM support - several updates for Received header parsing - several documentation updates and random taint-variable related issues A more detailed change log can be read here: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes ok nikolay |
2006-10-28 01:35:41 by Marc Balmer | Files touched by this commit (1) |
Log message: Maintainer change. Bump PKGNAME. |
2006-10-27 04:12:44 by Antoine Jacoutot | Files touched by this commit (7) |
Log message: - update to version 3.1.7 (by Andreas Vvgele, with some cleanings) - use /var/db/spamassassin as homedir for _spamdaemon user - does _not_ remove /var/db/spamassassin when using `pkg_delete -c` "go ahead" steven@ |
2006-10-21 13:26:14 by Alexandre Anriot | Files touched by this commit (3) |
Log message: - remove 'noauto' and install _spamdaemon user by default. - bump PKGNAME. |
2006-08-10 12:24:45 by Steven Mestdagh | Files touched by this commit (3) |
Log message: Some tweaks to accomodate sa-update: - Add gnupg dependency. - Better location for the updates: /var/db/spamassassin - Install sa-update's default GnuPG keys as config files, so that they will be removed upon pkg_delete. - Remove /var/db/spamassassin using @extraunexec. Specify minimum versions for some dependencies while here. from maintainer Andreas Vogele <andreas at altroot.de> looks fine naddy@ |
2006-08-09 01:21:07 by Robert Nagy | Files touched by this commit (2) |
Log message: update to version 3.1.4 which fixes a memleak and other smaller bugs; ok naddy@ |
2006-06-08 14:23:36 by Nikolay Sturm | Files touched by this commit (3) |
Log message: security update to p5-Mail-SpamAssassin 3.1.3 fixes CVE 2006-2447 |
2006-06-08 12:41:20 by Nikolay Sturm | Files touched by this commit (2) |
Log message: security update to p5-Mail-SpamAssassin 3.0.6 fixes CVE 2006-2447 |
2006-06-06 11:33:42 by Steven Mestdagh | Files touched by this commit (5) |
Log message: update to SpamAssassin 3.1.3 ok maintainer Andreas Voegele |
2006-03-20 13:18:30 by Steven Mestdagh | Files touched by this commit (7) |
Log message: maintenance update to 3.1.1 from: new maintainer Andreas Voegele (voegelas at gmx dot net) |
2006-02-07 21:54:51 by David Krause | Files touched by this commit (53) |
Log message: move any perl or sed substitutions from post-patch to pre-configure (fixes make update-patches) ok sturm@; "looks reasonable" steven@ |
2006-01-28 14:27:17 by Steven Mestdagh | Files touched by this commit (2) |
Log message: - add missing init.pre and v310.pre configuration files. - depend on p5-Mail-SPF-Query, since the SPF plugin is loaded by default. based on diff from Andreas Voegele <voegelas at gmx.net> |
2005-10-09 03:05:43 by Marc Balmer | Files touched by this commit (5) |
Log message: Update to SpamAssassin 3.1.0. Release notes available: http://marc.theaimsgroup.com/?l=spamassassin-announce&m=112674318914008&w=2 >From Ben Lovett <ben at tilderoot dot com> |
2005-07-14 13:43:51 by Nikolay Sturm | Files touched by this commit (1) |
Log message: MFC: SECURITY update to SpamAssassin 3.0.4 fixes CAN-2005-1266 from maintainer Ben Lovett <ben at tilderoot.com> |
2005-07-10 03:34:52 by Nikolay Sturm | Files touched by this commit (2) |
Log message: SECURITY update to SpamAssassin 3.0.4 fixes CAN-2005-1266 from maintainer Ben Lovett <ben at tilderoot.com> |
2005-01-05 09:58:59 by Christian Weisgerber | Files touched by this commit (132) |
Log message: SIZE |
2005-01-01 18:07:49 by Aleksander Piotrowski | Files touched by this commit (6) |
Log message: Add WANTLIB markers |
2004-12-28 14:03:51 by Nikolay Sturm | Files touched by this commit (4) |
Log message: update to SpamAssassin 3.0.2 from Ben Lovett <ben at tilderoot.com> |
2004-10-31 01:44:44 by Nikolay Sturm | Files touched by this commit (9) |
Log message: update to SpamAssassin 3.01 from maintainer Ben Lovett <ben at tilderoot.com> |
2004-09-15 03:09:46 by Marc Espie | Files touched by this commit (110) |
Log message: new style plists. |
2004-08-07 18:21:40 by Robert Nagy | Files touched by this commit (5) |
Log message: SECURITY: upgrade to 2.64 - prevents a denial of service attack open to certain malformed messages; ok brad@ |
2004-08-06 12:24:14 by Robert Nagy | Files touched by this commit (1) |
Log message: SECURITY: upgrade to 2.64 - prevents a denial of service attack open to certain malformed messages; ok brad@ |
2004-08-05 19:39:09 by Ian Darwin | Files touched by this commit (3) |
Log message: Security update to 2.64. From release notice: - Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to date. - Backported several very reliable rules from the SpamAssassin 3.0.0 codebase. >From MAINTAINER. OK nagy. |
2004-01-21 01:01:59 by Brad Smith | Files touched by this commit (2) |
Log message: upgrade p5-Mail-SpamAssassin to 2.63 -- From: MAINTAINER |
2004-01-19 04:20:07 by Brad Smith | Files touched by this commit (2) |
Log message: upgrade p5-Mail-SpamAssassin to 2.62 -- From: MAINTAINER |
2003-12-26 21:17:02 by Brad Smith | Files touched by this commit (7) |
Log message: upgrade p5-Mail-SpamAssassin to 2.61 -- From: new MAINTAINER Ben Lovett <ben at tilderoot dot com> |
2003-12-07 16:15:19 by Christian Weisgerber | Files touched by this commit (1) |
Log message: fix install after DESTDIR change in perl 5.8.2 |
2003-12-02 11:27:39 by Nikolay Sturm | Files touched by this commit (1) |
Log message: create _spamdaemon group, too inspired by diff from Olivier Cherrier <oc at karedas dot cediti dot be> |
2003-08-07 01:51:20 by Jolan Luff | Files touched by this commit (2) |
Log message: remove procmail dependency, MAINTAINER does not use this software anymore, so release it to ports@ |
2003-08-01 05:25:50 by David Lebel | Files touched by this commit (1) |
Log message: same line twice, is it really needed?; from MAINTAINER |
2003-06-22 04:09:58 by Nikolay Sturm | Files touched by this commit (5) |
Log message: new user/group naming schema bump PKGNAME for bitlbee Han Boetes <han@mijncomputer.nl> ok |
2003-06-18 19:03:22 by Anil Madhavapeddy | Files touched by this commit (1) |
Log message: sync with spamassassin-cvs for the bounds bugfix (#2041 in their bugzilla): allocate an extra byte for the array instead of reducing the bounds value |
2003-06-17 10:33:04 by Anil Madhavapeddy | Files touched by this commit (2) |
Log message: fix a couple of off-by-one in spamc->spamd communication submitted upstream, bugzilla #2074 in their bug db bump PKGNAME |
2003-05-23 17:36:31 by Brad Smith | Files touched by this commit (4) |
Log message: upgrade p5-Mail-SpamAssassin to 2.55 -- MAINTAINER ok |
2003-05-14 08:19:20 by David Lebel | Files touched by this commit (2) |
Log message: update p5-Mail-SpamAssassin to 2.53; from MAINTAINER |
2003-04-06 09:42:07 by David Lebel | Files touched by this commit (2) |
Log message: upgrade p5-Mail-SpamAssassin to 2.53; from MAINTAINER |
2003-03-27 07:51:30 by David Lebel | Files touched by this commit (2) |
Log message: update p5-Mail-SpamAssassin to 2.52; from MAINTAINER |
2003-03-06 14:23:47 by Nikolay Sturm | Files touched by this commit (1) |
Log message: disable razor tests (done in "make regress") by default otherwise "make configure" would ask, if it found razor-agent installed OK pvalchev@ |
2003-02-22 07:55:51 by David Lebel | Files touched by this commit (3) |
Log message: update p5-Mail-SpamAssassin to 2.50; from MAINTAINER |
2003-02-03 13:28:25 by David Lebel | Files touched by this commit (4) |
Log message: update p5-Mail-SpamAssassin to 2.44; from MAINTAINER |
2003-01-26 09:54:39 by David Lebel | Files touched by this commit (2) |
Log message: MFC: Added patch from Timo Sirainen <tss@iki.fi> to fix exploit. ---cut--- Well, I was going to wait until 2.50 release, but it seems to be taking and this likely affects only few installations. Besides, it's been in their public bugzilla for over a month. So: Attacker may be able to execute arbitrary code by sending a specially crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode (-B option). Versions from 2.40 to 2.43 are affected. Exim users especially should check if they're affected, the -B option is used in several Exim+SpamAssassin HOWTOs. The problem is with escaping '.' characters at the beginning of lines. Off-by-one bounds checking error allows writing '.' character past a buffer, overwriting the stack frame address. Depending on system this may be exploitable. Pre-built Debian unstable/x86 package wasn't vulnerable, my self compiled was. ---cut--- |
2003-01-26 09:43:45 by David Lebel | Files touched by this commit (2) |
Log message: Added patch from Timo Sirainen <tss@iki.fi> to fix exploit. ---cut--- Well, I was going to wait until 2.50 release, but it seems to be taking and this likely affects only few installations. Besides, it's been in their public bugzilla for over a month. So: Attacker may be able to execute arbitrary code by sending a specially crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode (-B option). Versions from 2.40 to 2.43 are affected. Exim users especially should check if they're affected, the -B option is used in several Exim+SpamAssassin HOWTOs. The problem is with escaping '.' characters at the beginning of lines. Off-by-one bounds checking error allows writing '.' character past a buffer, overwriting the stack frame address. Depending on system this may be exploitable. Pre-built Debian unstable/x86 package wasn't vulnerable, my self compiled was. ---cut--- |
2002-12-03 00:10:06 by Wilbern Cobb | Files touched by this commit (3) |
Log message: Install the man pages for spamd/spamc, move spamd to section 8. ok maintainer |
2002-10-29 21:38:13 by Peter Valchev | Files touched by this commit (5) |
Log message: Remove p5-Test-Simple and p5-Time-HiRes depends; now in stock perl |
2002-10-17 11:46:31 by David Lebel | Files touched by this commit (3) |
Log message: update mail/p5-Mail-SpamAssassin to 2.43; from MAINTAINER |
2002-10-10 07:00:23 by David Lebel | Files touched by this commit (1) |
Log message: seems like the fake path sneak into the installed rule files; from MAINTAINER with heads up by Andrey Smagin (andrey@smagin.com) |
2002-10-07 08:32:33 by David Lebel | Files touched by this commit (3) |
Log message: update p5-Mail-SpamAssassin to version 2.42; from MAINTAINER |
2002-10-06 17:34:26 by David Lebel | Files touched by this commit (4) |
Log message: p5-Mail-SpamAssassin tries to install files outside the fake area. |
2002-09-05 13:29:30 by David Lebel | Files touched by this commit (2) |
Log message: update mail/p5-Mail-SpamAssassin to 2.41; from MAINTAINER |
2002-09-04 02:32:33 by Peter Stromberg | Files touched by this commit (1) |
Log message: remove .packlist |
2002-09-03 06:17:57 by David Lebel | Files touched by this commit (1) |
Log message: add dependency to www/p5-HTML-Parser; from maintainer |
2002-09-02 15:16:16 by David Lebel | Files touched by this commit (4) |
Log message: update mail/p5-Mail-SpamAssassin to 2.40: -- The #1 big change: - SpamAssassin now *REQUIRES* procmail for local delivery support; -P option is now the default. Unless you use procmail, Mail::Audit, KMail, or an MTA-level integration, do not upgrade >From maintainer, Han Boetes <han@boetes.org> |