1 |
commit: 323640f36b897eb908b406dfd570613dd323af9c |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jun 3 15:59:42 2016 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jun 3 16:02:04 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=323640f3 |
7 |
|
8 |
mail-filter/spamassassin: new revision to fix Net-DNS compatibility issues. |
9 |
|
10 |
With the stabilization of =dev-perl/Net-DNS-1.40.0 (and the removal of |
11 |
the older stable version), a number of problems were introduced in |
12 |
SpamAssassin. There are three upstream bugs with patches against the |
13 |
latest release, v3.4.1, which fix all sorts of DNS errors in blacklist |
14 |
checks, DKIM, and SPF. |
15 |
|
16 |
The major contribution of this new revision is to apply patches from |
17 |
those upstream bugs fixing compatibility with =dev-perl/Net-DNS-1.40.0. |
18 |
|
19 |
At the same time, bug 396307 has been fixed by creating the |
20 |
sa-update-keys directory and assigning it the proper permissions. |
21 |
|
22 |
Thanks are due to Olliver Schinagl, Philippe Chaintreuil, Marcin |
23 |
Mirosław, and Atman Sense who reported and investigated these issues. |
24 |
|
25 |
Gentoo-Bug: 396307 |
26 |
Gentoo-Bug: 579222 |
27 |
Upstream-Bug: 7223 |
28 |
Upstream-Bug: 7231 |
29 |
Upstream-Bug: 7265 |
30 |
|
31 |
Package-Manager: portage-2.2.28 |
32 |
|
33 |
.../files/spamassassin-3.4.1-bug_7223.patch | 14 ++ |
34 |
.../files/spamassassin-3.4.1-bug_7231.patch | 29 +++ |
35 |
.../files/spamassassin-3.4.1-bug_7265.patch | 88 ++++++++ |
36 |
.../spamassassin/spamassassin-3.4.1-r3.ebuild | 231 +++++++++++++++++++++ |
37 |
4 files changed, 362 insertions(+) |
38 |
|
39 |
diff --git a/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7223.patch b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7223.patch |
40 |
new file mode 100644 |
41 |
index 0000000..0fea1f9 |
42 |
--- /dev/null |
43 |
+++ b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7223.patch |
44 |
@@ -0,0 +1,14 @@ |
45 |
+# Fix for Gentoo bug 579222 (SpamAssassin bug 7223). |
46 |
+ |
47 |
+--- a/lib/Mail/SpamAssassin/DnsResolver.pm 2015/07/20 18:23:18 1691991 |
48 |
++++ b/lib/Mail/SpamAssassin/DnsResolver.pm 2015/07/20 18:24:48 1691992 |
49 |
+@@ -592,6 +592,9 @@ |
50 |
+ }; |
51 |
+ |
52 |
+ if ($packet) { |
53 |
++ # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223 |
54 |
++ $packet->header->rd(1); |
55 |
++ |
56 |
+ # my $udp_payload_size = $self->{res}->udppacketsize; |
57 |
+ my $udp_payload_size = $self->{conf}->{dns_options}->{edns}; |
58 |
+ if ($udp_payload_size && $udp_payload_size > 512) { |
59 |
|
60 |
diff --git a/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7231.patch b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7231.patch |
61 |
new file mode 100644 |
62 |
index 0000000..0d6e43a |
63 |
--- /dev/null |
64 |
+++ b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7231.patch |
65 |
@@ -0,0 +1,29 @@ |
66 |
+# Fix for Gentoo bug 579222 (SpamAssassin bug 7231). |
67 |
+ |
68 |
+--- a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm (revision 1694052) |
69 |
++++ b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm (working copy) |
70 |
+@@ -942,9 +942,8 @@ |
71 |
+ next unless (defined($str) && defined($dom)); |
72 |
+ dbg("uridnsbl: got($j) NS for $dom: $str"); |
73 |
+ |
74 |
+- if ($str =~ /IN\s+NS\s+(\S+)/) { |
75 |
+- my $nsmatch = lc $1; |
76 |
+- $nsmatch =~ s/\.$//; |
77 |
++ if ($rr->type eq 'NS') { |
78 |
++ my $nsmatch = lc $rr->nsdname; # available since at least Net::DNS 0.14 |
79 |
+ my $nsrhblstr = $nsmatch; |
80 |
+ my $fullnsrhblstr = $nsmatch; |
81 |
+ |
82 |
+@@ -1025,9 +1024,9 @@ |
83 |
+ } |
84 |
+ dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str); |
85 |
+ |
86 |
+- local $1; |
87 |
+- if ($str =~ /IN\s+A\s+(\S+)/) { |
88 |
+- $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1); |
89 |
++ if ($rr->type eq 'A') { |
90 |
++ my $ip_address = $rr->rdatastr; |
91 |
++ $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address); |
92 |
+ } |
93 |
+ } |
94 |
+ } |
95 |
|
96 |
diff --git a/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7265.patch b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7265.patch |
97 |
new file mode 100644 |
98 |
index 0000000..f4fc4bc |
99 |
--- /dev/null |
100 |
+++ b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7265.patch |
101 |
@@ -0,0 +1,88 @@ |
102 |
+# Fix for Gentoo bug 579222 (SpamAssassin bug 7265). |
103 |
+# Two different revisions from that bug have been concatenated |
104 |
+# together into this patch. |
105 |
+ |
106 |
+--- a/lib/Mail/SpamAssassin/DnsResolver.pm 2015/11/19 15:23:56 1715196 |
107 |
++++ b/lib/Mail/SpamAssassin/DnsResolver.pm 2015/11/19 15:31:49 1715197 |
108 |
+@@ -725,6 +725,37 @@ |
109 |
+ |
110 |
+ ########################################################################### |
111 |
+ |
112 |
++=item $id = $res->bgread() |
113 |
++ |
114 |
++Similar to C<Net::DNS::Resolver::bgread>. Reads a DNS packet from |
115 |
++a supplied socket, decodes it, and returns a Net::DNS::Packet object |
116 |
++if successful. Dies on error. |
117 |
++ |
118 |
++=cut |
119 |
++ |
120 |
++sub bgread() { |
121 |
++ my ($self) = @_; |
122 |
++ my $sock = $self->{sock}; |
123 |
++ my $packetsize = $self->{res}->udppacketsize; |
124 |
++ $packetsize = 512 if $packetsize < 512; # just in case |
125 |
++ my $data = ''; |
126 |
++ my $peeraddr = $sock->recv($data, $packetsize+256); # with some size margin for troubleshooting |
127 |
++ defined $peeraddr or die "bgread: recv() failed: $!"; |
128 |
++ my $peerhost = $sock->peerhost; |
129 |
++ $data ne '' or die "bgread: received empty packet from $peerhost"; |
130 |
++ dbg("dns: bgread: received %d bytes from %s", length($data), $peerhost); |
131 |
++ my($answerpkt, $decoded_length) = Net::DNS::Packet->new(\$data); |
132 |
++ $answerpkt or die "bgread: decoding DNS packet failed: $@"; |
133 |
++ $answerpkt->answerfrom($peerhost); |
134 |
++ if ($decoded_length ne length($data)) { |
135 |
++ warn sprintf("bgread: received a %d bytes packet from %s, decoded %d bytes\n", |
136 |
++ length($data), $peerhost, $decoded_length); |
137 |
++ } |
138 |
++ return $answerpkt; |
139 |
++} |
140 |
++ |
141 |
++########################################################################### |
142 |
++ |
143 |
+ =item $nfound = $res->poll_responses() |
144 |
+ |
145 |
+ See if there are any C<bgsend> reply packets ready, and return |
146 |
+@@ -772,13 +803,25 @@ |
147 |
+ $timeout = 0; # next time around collect whatever is available, then exit |
148 |
+ last if $nfound == 0; |
149 |
+ |
150 |
+- my $packet = $self->{res}->bgread($self->{sock}); |
151 |
++ my $packet; |
152 |
++ eval { |
153 |
++ $packet = $self->bgread(); |
154 |
++ } or do { |
155 |
++ undef $packet; |
156 |
++ my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat; |
157 |
++ # resignal if alarm went off |
158 |
++ die $eval_stat if $eval_stat =~ /__alarm__ignore__\(.*\)/s; |
159 |
++ info("dns: bad dns reply: %s", $eval_stat); |
160 |
++ }; |
161 |
++ |
162 |
++# Bug 7265, use our own bgread() |
163 |
++# my $packet = $self->{res}->bgread($self->{sock}); |
164 |
+ |
165 |
+ if (!$packet) { |
166 |
+- my $dns_err = $self->{res}->errorstring; |
167 |
+- # resignal if alarm went off |
168 |
+- die "dns (3) $dns_err\n" if $dns_err =~ /__alarm__ignore__\(.*\)/s; |
169 |
+- info("dns: bad dns reply: $dns_err"); |
170 |
++ # error already reported above |
171 |
++# my $dns_err = $self->{res}->errorstring; |
172 |
++# die "dns (3) $dns_err\n" if $dns_err =~ /__alarm__ignore__\(.*\)/s; |
173 |
++# info("dns: bad dns reply: $dns_err"); |
174 |
+ } else { |
175 |
+ my $header = $packet->header; |
176 |
+ if (!$header) { |
177 |
+ |
178 |
+--- a/lib/Mail/SpamAssassin/Plugin/DKIM.pm 2015/11/19 19:20:06 1715247 |
179 |
++++ b/lib/Mail/SpamAssassin/Plugin/DKIM.pm 2015/11/19 19:22:25 1715248 |
180 |
+@@ -793,7 +793,8 @@ |
181 |
+ # Only do so if EDNS0 provides a reasonably-sized UDP payload size, |
182 |
+ # as our interface does not provide a DNS fallback to TCP, unlike |
183 |
+ # the Net::DNS::Resolver::send which does provide it. |
184 |
+- my $res = $self->{main}->{resolver}->get_resolver; |
185 |
++ my $res = $self->{main}->{resolver}; |
186 |
++ dbg("dkim: providing our own resolver: %s", ref $res); |
187 |
+ Mail::DKIM::DNS::resolver($res); |
188 |
+ } |
189 |
+ } |
190 |
|
191 |
diff --git a/mail-filter/spamassassin/spamassassin-3.4.1-r3.ebuild b/mail-filter/spamassassin/spamassassin-3.4.1-r3.ebuild |
192 |
new file mode 100644 |
193 |
index 0000000..fda05ae |
194 |
--- /dev/null |
195 |
+++ b/mail-filter/spamassassin/spamassassin-3.4.1-r3.ebuild |
196 |
@@ -0,0 +1,231 @@ |
197 |
+# Copyright 1999-2016 Gentoo Foundation |
198 |
+# Distributed under the terms of the GNU General Public License v2 |
199 |
+# $Id$ |
200 |
+ |
201 |
+EAPI=5 |
202 |
+ |
203 |
+inherit perl-module toolchain-funcs eutils systemd readme.gentoo |
204 |
+ |
205 |
+MY_P=Mail-SpamAssassin-${PV//_/-} |
206 |
+S=${WORKDIR}/${MY_P} |
207 |
+DESCRIPTION="An extensible mail filter which can identify and tag spam" |
208 |
+HOMEPAGE="http://spamassassin.apache.org/" |
209 |
+SRC_URI="mirror://apache/spamassassin/source/${MY_P}.tar.bz2" |
210 |
+ |
211 |
+LICENSE="Apache-2.0 GPL-2" |
212 |
+SLOT="0" |
213 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" |
214 |
+IUSE="+bayes berkdb libressl qmail ssl doc ldap mysql postgres sqlite ipv6" |
215 |
+ |
216 |
+# You can do without a database unless you need the Bayes features. |
217 |
+REQUIRED_USE="bayes? ( || ( berkdb mysql postgres sqlite ) )" |
218 |
+ |
219 |
+DEPEND=">=dev-lang/perl-5.8.8-r8 |
220 |
+ virtual/perl-MIME-Base64 |
221 |
+ >=virtual/perl-Pod-Parser-1.510.0-r2 |
222 |
+ virtual/perl-Storable |
223 |
+ virtual/perl-Time-HiRes |
224 |
+ >=dev-perl/HTML-Parser-3.43 |
225 |
+ >=dev-perl/Mail-DKIM-0.37 |
226 |
+ >=dev-perl/Net-DNS-0.53 |
227 |
+ dev-perl/Digest-SHA1 |
228 |
+ dev-perl/libwww-perl |
229 |
+ >=virtual/perl-Archive-Tar-1.23 |
230 |
+ app-crypt/gnupg |
231 |
+ >=virtual/perl-IO-Zlib-1.04 |
232 |
+ >=dev-util/re2c-0.12.0 |
233 |
+ dev-perl/Mail-SPF |
234 |
+ >=dev-perl/NetAddr-IP-4.0.1 |
235 |
+ dev-perl/Geo-IP |
236 |
+ dev-perl/Encode-Detect |
237 |
+ dev-perl/Net-Patricia |
238 |
+ ssl? ( |
239 |
+ dev-perl/IO-Socket-SSL |
240 |
+ !libressl? ( dev-libs/openssl:0 ) |
241 |
+ libressl? ( dev-libs/libressl ) |
242 |
+ ) |
243 |
+ berkdb? ( |
244 |
+ virtual/perl-DB_File |
245 |
+ ) |
246 |
+ ldap? ( dev-perl/perl-ldap ) |
247 |
+ mysql? ( |
248 |
+ dev-perl/DBI |
249 |
+ dev-perl/DBD-mysql |
250 |
+ ) |
251 |
+ postgres? ( |
252 |
+ dev-perl/DBI |
253 |
+ dev-perl/DBD-Pg |
254 |
+ ) |
255 |
+ sqlite? ( |
256 |
+ dev-perl/DBI |
257 |
+ dev-perl/DBD-SQLite |
258 |
+ ) |
259 |
+ ipv6? ( |
260 |
+ || ( dev-perl/IO-Socket-INET6 |
261 |
+ virtual/perl-IO-Socket-IP ) |
262 |
+ )" |
263 |
+RDEPEND="${DEPEND}" |
264 |
+ |
265 |
+SRC_TEST="do" |
266 |
+ |
267 |
+src_prepare() { |
268 |
+ epatch "${FILESDIR}/spamassassin-3.4.1-bug_7223.patch" |
269 |
+ epatch "${FILESDIR}/spamassassin-3.4.1-bug_7231.patch" |
270 |
+ epatch "${FILESDIR}/spamassassin-3.4.1-bug_7265.patch" |
271 |
+ perl-module_src_prepare |
272 |
+} |
273 |
+ |
274 |
+src_configure() { |
275 |
+ # - Set SYSCONFDIR explicitly so we can't get bitten by bug 48205 again |
276 |
+ # (just to be sure, nobody knows how it could happen in the first place). |
277 |
+ myconf="SYSCONFDIR=${EPREFIX}/etc" |
278 |
+ myconf+=" DATADIR=${EPREFIX}/usr/share/spamassassin" |
279 |
+ |
280 |
+ # If ssl is enabled, spamc can be built with ssl support. |
281 |
+ if use ssl; then |
282 |
+ myconf+=" ENABLE_SSL=yes" |
283 |
+ else |
284 |
+ myconf+=" ENABLE_SSL=no" |
285 |
+ fi |
286 |
+ |
287 |
+ # Set the path to the Perl executable explictly. This will be used to |
288 |
+ # create the initial sharpbang line in the scripts and might cause |
289 |
+ # a versioned app name end in there, see |
290 |
+ # <https://bugs.gentoo.org/show_bug.cgi?id=62276> |
291 |
+ myconf+=" PERL_BIN=${EPREFIX}/usr/bin/perl" |
292 |
+ |
293 |
+ # Setting the following env var ensures that no questions are asked. |
294 |
+ perl-module_src_configure |
295 |
+ # Configure spamc |
296 |
+ emake CC="$(tc-getCC)" LDFLAGS="${LDFLAGS}" spamc/Makefile |
297 |
+} |
298 |
+ |
299 |
+src_compile() { |
300 |
+ export PERL_MM_USE_DEFAULT=1 |
301 |
+ |
302 |
+ # Now compile all the stuff selected. |
303 |
+ perl-module_src_compile |
304 |
+ |
305 |
+ if use qmail; then |
306 |
+ emake spamc/qmail-spamc |
307 |
+ fi |
308 |
+} |
309 |
+ |
310 |
+src_install () { |
311 |
+ perl-module_src_install |
312 |
+ |
313 |
+ # Create the stub dir used by sa-update and friends |
314 |
+ keepdir /var/lib/spamassassin |
315 |
+ |
316 |
+ # Move spamd to sbin where it belongs. |
317 |
+ dodir /usr/sbin |
318 |
+ mv "${ED}"/usr/bin/spamd "${ED}"/usr/sbin/spamd || die "move spamd failed" |
319 |
+ |
320 |
+ if use qmail; then |
321 |
+ dobin spamc/qmail-spamc |
322 |
+ fi |
323 |
+ |
324 |
+ ln -s mail/spamassassin "${ED}"/etc/spamassassin || die |
325 |
+ |
326 |
+ # Disable plugin by default |
327 |
+ sed -i -e 's/^loadplugin/\#loadplugin/g' \ |
328 |
+ "${ED}"/etc/mail/spamassassin/init.pre \ |
329 |
+ || die "failed to disable plugins by default" |
330 |
+ |
331 |
+ # Add the init and config scripts. |
332 |
+ newinitd "${FILESDIR}"/3.3.1-spamd.init spamd |
333 |
+ newconfd "${FILESDIR}"/3.0.0-spamd.conf spamd |
334 |
+ |
335 |
+ systemd_newunit "${FILESDIR}"/${PN}.service-r1 ${PN}.service |
336 |
+ systemd_install_serviced "${FILESDIR}"/${PN}.service.conf |
337 |
+ |
338 |
+ if use postgres; then |
339 |
+ sed -i -e 's:@USEPOSTGRES@::' "${ED}/etc/init.d/spamd" || die |
340 |
+ |
341 |
+ dodoc sql/*_pg.sql |
342 |
+ else |
343 |
+ sed -i -e '/@USEPOSTGRES@/d' "${ED}/etc/init.d/spamd" || die |
344 |
+ fi |
345 |
+ |
346 |
+ if use mysql; then |
347 |
+ sed -i -e 's:@USEMYSQL@::' "${ED}/etc/init.d/spamd" || die |
348 |
+ |
349 |
+ dodoc sql/*_mysql.sql |
350 |
+ else |
351 |
+ sed -i -e '/@USEMYSQL@/d' "${ED}/etc/init.d/spamd" || die |
352 |
+ fi |
353 |
+ |
354 |
+ dodoc NOTICE TRADEMARK CREDITS INSTALL.VMS UPGRADE USAGE \ |
355 |
+ sql/README.bayes sql/README.awl procmailrc.example sample-nonspam.txt \ |
356 |
+ sample-spam.txt spamd/PROTOCOL spamd/README.vpopmail \ |
357 |
+ spamd-apache2/README.apache |
358 |
+ |
359 |
+ # Rename some docu files so they don't clash with others |
360 |
+ newdoc spamd/README README.spamd |
361 |
+ newdoc sql/README README.sql |
362 |
+ newdoc ldap/README README.ldap |
363 |
+ |
364 |
+ if use qmail; then |
365 |
+ dodoc spamc/README.qmail |
366 |
+ fi |
367 |
+ |
368 |
+ insinto /etc/mail/spamassassin/ |
369 |
+ insopts -m0400 |
370 |
+ newins "${FILESDIR}"/secrets.cf secrets.cf.example |
371 |
+ |
372 |
+ # Create the directory where sa-update stores its GPG key (if you |
373 |
+ # choose to import one). If this directory does not exist, the |
374 |
+ # import will fail. This is bug 396307. We expect that the import |
375 |
+ # will be performed as root, and making the directory accessible |
376 |
+ # only to root prevents a warning on the command-line. |
377 |
+ diropts -m0700 |
378 |
+ dodir /etc/mail/spamassassin/sa-update-keys |
379 |
+ |
380 |
+ cat <<-EOF > "${T}/local.cf.example" |
381 |
+ # Sensitive data, such as database connection info, should be stored in |
382 |
+ # /etc/mail/spamassassin/secrets.cf with appropriate permissions |
383 |
+EOF |
384 |
+ |
385 |
+ insopts -m0644 |
386 |
+ doins "${T}/local.cf.example" |
387 |
+} |
388 |
+ |
389 |
+pkg_postinst() { |
390 |
+ elog "If you plan on using the -u flag to spamd, please read the notes" |
391 |
+ elog "in /etc/conf.d/spamd regarding the location of the pid file." |
392 |
+ elog |
393 |
+ elog "If you build ${PN} with optional dependancy support," |
394 |
+ elog "you can enable them in /etc/mail/spamassassin/init.pre" |
395 |
+ elog |
396 |
+ elog "You need to configure your database to be able to use Bayes filter" |
397 |
+ elog "with database backend, otherwise it will still use (and need) the" |
398 |
+ elog "Berkeley DB support." |
399 |
+ elog "Look at the sql/README.bayes file in the documentation directory" |
400 |
+ elog "for how to configure it." |
401 |
+ elog |
402 |
+ elog "If you plan to use Vipul's Razor, note that versions up to and" |
403 |
+ elog "including version 2.82 include a bug that will slow down the entire" |
404 |
+ elog "perl interpreter. Version 2.83 or later fixes this." |
405 |
+ elog "If you do not plan to use this plugin, be sure to comment out" |
406 |
+ elog "its loadplugin line in /etc/mail/spamassassin/v310.pre." |
407 |
+ elog |
408 |
+ elog "The DKIM plugin is now enabled by default for new installs," |
409 |
+ elog "if the perl module Mail::DKIM is installed." |
410 |
+ elog "However, installation of SpamAssassin will not overwrite existing" |
411 |
+ elog ".pre configuration files, so to use DKIM when upgrading from a" |
412 |
+ elog "previous release that did not use DKIM, a directive:" |
413 |
+ elog |
414 |
+ elog "loadplugin Mail::SpamAssassin::Plugin::DKIM" |
415 |
+ elog "will need to be uncommented in file 'v312.pre', or added" |
416 |
+ elog "to some other .pre file, such as local.pre." |
417 |
+ elog |
418 |
+ ewarn "Rules are no longer included with SpamAssassin out of the box". |
419 |
+ ewarn "You will need to immediately run sa-update, or download" |
420 |
+ ewarn "the additional rules .tgz package and run sa-update --install" |
421 |
+ ewarn "with it, to get a ruleset." |
422 |
+ elog |
423 |
+ elog "If you run sa-update and receive a GPG validation error." |
424 |
+ elog "Then you need to import an updated sa-update key." |
425 |
+ elog "sa-update --import /usr/share/spamassassin/sa-update-pubkey.txt" |
426 |
+ elog |
427 |
+} |