Security bump - bug #310049. Don't spam check authenticated

users - bug #265621. Fix received headers - bug #264304 (Portage version: 2.1.10/cvs/Linux x86_64)
author: Eray Aslan <eras@gentoo.org> 2011-06-08 12:24:51 +0000
committer: Eray Aslan <eras@gentoo.org> 2011-06-08 12:24:51 +0000
commit: 7fa9a6ef0576a2d1e7b93bd7a93286fd4089b676 (patch)
tree: 4ae64c5e50212c7a77498b7bf7f8067d2a9468c1 /mail-filter/spamass-milter
parent: Update the makefile patch so the gtk is really optional. (diff)
download: gentoo-2-7fa9a6ef0576a2d1e7b93bd7a93286fd4089b676.tar.gz
gentoo-2-7fa9a6ef0576a2d1e7b93bd7a93286fd4089b676.tar.bz2
gentoo-2-7fa9a6ef0576a2d1e7b93bd7a93286fd4089b676.zip
5 files changed, 401 insertions, 2 deletions
diff --git a/mail-filter/spamass-milter/ChangeLog b/mail-filter/spamass-milter/ChangeLog
index 565b40f2a82b..6344477148dc 100644
--- a/mail-filter/spamass-milter/ChangeLog
+++ b/mail-filter/spamass-milter/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for mail-filter/spamass-milter
-# Copyright 2000-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-filter/spamass-milter/ChangeLog,v 1.22 2009/08/23 00:11:45 mrness Exp $
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/spamass-milter/ChangeLog,v 1.23 2011/06/08 12:24:51 eras Exp $
+
+*spamass-milter-0.3.1-r4 (08 Jun 2011)
+
+  08 Jun 2011; Eray Aslan <eras@gentoo.org> +spamass-milter-0.3.1-r4.ebuild,
+  +files/spamass-milter-auth_users.patch, +files/spamass-milter-header.patch,
+  +files/spamass-milter-popen.patch:
+  Security bump - bug #310049. Don't spam check authenticated users - bug
+  #265621. Fix received headers - bug #264304
 
 *spamass-milter-0.3.1-r3 (23 Aug 2009)
 
diff --git a/mail-filter/spamass-milter/files/spamass-milter-auth_users.patch b/mail-filter/spamass-milter/files/spamass-milter-auth_users.patch
new file mode 100644
index 000000000000..8bfc24e4306f
--- /dev/null
+++ b/mail-filter/spamass-milter/files/spamass-milter-auth_users.patch
@@ -0,0 +1,92 @@
+Based on the debian patch:
+http://patch-tracker.debian.org/patch/series/view/spamass-milter/0.3.1-10/10_dont_handle_authenticated_users.diff
+
+--- spamass-milter.cpp	2011-06-08 11:56:33.000000000 +0000
++++ spamass-milter.cpp	2011-06-08 12:04:41.000000000 +0000
+@@ -170,6 +170,7 @@
+ bool flag_full_email = false;		/* pass full email address to spamc */
+ bool flag_expand = false;	/* alias/virtusertable expansion */
+ bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
++bool ignore_authenticated_senders = false;
+ 
+ #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
+ static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
+@@ -181,7 +182,7 @@
+ main(int argc, char* argv[])
+ {
+    int c, err = 0;
+-   const char *args = "fd:mMp:P:r:u:D:i:b:B:e:x";
++   const char *args = "fd:mMp:P:r:u:D:i:Ib:B:e:x";
+    char *sock = NULL;
+    bool dofork = false;
+    char *pidfilename = NULL;
+@@ -213,6 +214,10 @@
+ 				debug(D_MISC, "Parsing ignore list");
+ 				parse_networklist(optarg, &ignorenets);
+ 				break;
++			case 'I':
++				debug(D_MISC, "Ignore authenticated senders");
++				ignore_authenticated_senders = true;
++				break;
+ 			case 'm':
+ 				dontmodifyspam = true;
+ 				smfilter.xxfi_flags &= ~SMFIF_CHGBODY;
+@@ -280,7 +285,7 @@
+       cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl;
+       cout << "SpamAssassin Sendmail Milter Plugin" << endl;
+       cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
+-      cout << "                      [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
++      cout << "                      [-e defaultdomain] [-f] [-i networks] [-I] [-m] [-M]" << endl;
+       cout << "                      [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
+       cout << "                      [-- spamc args ]" << endl;
+       cout << "   -p socket: path to create socket" << endl;
+@@ -294,6 +299,7 @@
+       cout << "   -f: fork into background" << endl;
+       cout << "   -i: skip (ignore) checks from these IPs or netblocks" << endl;
+       cout << "          example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
++      cout << "   -I: skip (ignore) checks if sender is authenticated" << endl;
+       cout << "   -m: don't modify body, Content-type: or Subject:" << endl;
+       cout << "   -M: don't modify the message at all" << endl;
+       cout << "   -P pidfile: Put processid in pidfile" << endl;
+@@ -783,6 +789,22 @@
+   }
+   /* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */
+ 
++  if (ignore_authenticated_senders)
++  {
++    char *auth_authen;
++
++    auth_authen = smfi_getsymval(ctx, "{auth_authen}");
++    debug(D_MISC, "auth_authen=%s", auth_authen ?: "<unauthenticated>");
++
++    if (auth_authen)
++    {
++      debug(D_MISC, "sender authenticated (%s) - accepting message",
++          auth_authen);
++      debug(D_FUNC, "mlfi_envfrom: exit ignore");
++      return SMFIS_ACCEPT;
++    }
++  }
++
+   debug(D_FUNC, "mlfi_envfrom: enter");
+   try {
+     // launch new SpamAssassin
+--- spamass-milter.1.in	2011-06-08 12:05:35.000000000 +0000
++++ spamass-milter.1.in	2011-06-08 12:06:57.000000000 +0000
+@@ -14,6 +14,7 @@
+ .Op Fl e Ar defaultdomain
+ .Op Fl f
+ .Op Fl i Ar networks
++.Op Fl I
+ .Op Fl m
+ .Op Fl M
+ .Op Fl P Ar pidfile
+@@ -119,6 +120,8 @@
+ flags will append to the list.
+ For example, if you list all your internal networks, no outgoing emails
+ will be filtered.
++.It Fl I
++Ignores messages if the sender has authenticated via SMTP AUTH.
+ .It Fl m
+ Disables modification of the 
+ .Ql Subject: 
diff --git a/mail-filter/spamass-milter/files/spamass-milter-header.patch b/mail-filter/spamass-milter/files/spamass-milter-header.patch
new file mode 100644
index 000000000000..450b08cd89a8
--- /dev/null
+++ b/mail-filter/spamass-milter/files/spamass-milter-header.patch
@@ -0,0 +1,15 @@
+Do not mangle headers - bug #264304
+--- spamass-milter.cppi~	2011-06-08 11:33:25.000000000 +0000
++++ spamass-milter.cpp		2011-06-08 11:34:31.000000000 +0000
+@@ -1002,9 +1002,9 @@
+ 
+ 		assassin->output((string)
+ 			"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
+-			"by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
++			"by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
+ 			macro_b+"\r\n\t"+
+-			"(envelope-from "+assassin->from()+"\r\n");
++			"(envelope-from "+assassin->from()+")\r\n");
+ 
+ 	} else
+ 		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
diff --git a/mail-filter/spamass-milter/files/spamass-milter-popen.patch b/mail-filter/spamass-milter/files/spamass-milter-popen.patch
new file mode 100644
index 000000000000..3a7279cc2bda
--- /dev/null
+++ b/mail-filter/spamass-milter/files/spamass-milter-popen.patch
@@ -0,0 +1,233 @@
+See bug #310049
+
+Index: spamass-milter.cpp
+===================================================================
+RCS file: /cvsroot/spamass-milt/spamass-milt/spamass-milter.cpp,v
+retrieving revision 1.91
+diff -u -r1.91 spamass-milter.cpp
+--- spamass-milter.cpp	24 Jul 2006 19:59:17 -0000	1.91
++++ spamass-milter.cpp	10 Mar 2010 18:52:22 -0000
+@@ -171,10 +171,6 @@
+ bool flag_expand = false;	/* alias/virtusertable expansion */
+ bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
+ 
+-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
+-static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
+-#endif
+-
+ // {{{ main()
+ 
+ int
+@@ -461,59 +457,24 @@
+ 			   send another copy.  The milter API will not let you send the
+ 			   message AND return a failure code to the sender, so this is
+ 			   the only way to do it. */
+-#if defined(__FreeBSD__)
+-			int rv;
+-#endif
+-			
+-#if defined(HAVE_ASPRINTF)
+-			char *buf;
+-#else
+-			char buf[1024];
+-#endif
+-			char *fmt="%s \"%s\"";
++			char *popen_argv[3];
+ 			FILE *p;
+ 
+-#if defined(HAVE_ASPRINTF)
+-			asprintf(&buf, fmt, SENDMAIL, spambucket);
+-#else
+-#if defined(HAVE_SNPRINTF)
+-			snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket);
+-#else
+-			/* XXX possible buffer overflow here */
+-			sprintf(buf, fmt, SENDMAIL, spambucket);
+-#endif
+-#endif
+-
+-			debug(D_COPY, "calling %s", buf);
+-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
+-			rv = pthread_mutex_lock(&popen_mutex);
+-			if (rv)
+-			{
+-				debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
+-				abort();
+-			}		
+-#endif
+-			p = popen(buf, "w");
++			popen_argv[0] = SENDMAIL;
++			popen_argv[1] = spambucket;
++			popen_argv[2] = NULL;
++			
++			debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
++			p = popenv(popen_argv, "w");
+ 			if (!p)
+ 			{
+-				debug(D_COPY, "popen failed(%s).  Will not send a copy to spambucket", strerror(errno));
++				debug(D_COPY, "popenv failed(%s).  Will not send a copy to spambucket", strerror(errno));
+ 			} else
+ 			{
+ 				// Send message provided by SpamAssassin
+ 				fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
+-				pclose(p); p = NULL;
++				fclose(p); p = NULL;
+ 			}
+-#if defined(__FreeBSD__)
+-			rv = pthread_mutex_unlock(&popen_mutex);
+-			if (rv)
+-			{
+-				debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
+-				abort();
+-			}		
+-#endif
+-#if defined(HAVE_ASPRINTF)
+-			free(buf);
+-#endif 
+ 		}
+ 		return SMFIS_REJECT;
+ 	}
+@@ -842,30 +803,19 @@
+ 		/* open a pipe to sendmail so we can do address expansion */
+ 
+ 		char buf[1024];
+-		char *fmt="%s -bv \"%s\" 2>&1";
+-
+-#if defined(HAVE_SNPRINTF)
+-		snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
+-#else
+-		/* XXX possible buffer overflow here */
+-		sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
+-#endif
++		char *popen_argv[4];
++		
++		popen_argv[0] = SENDMAIL;
++		popen_argv[1] = "-bv";
++		popen_argv[2] = envrcpt[0];
++		popen_argv[3] = NULL;
+ 
+-		debug(D_RCPT, "calling %s", buf);
++		debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
+ 
+-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
+-		rv = pthread_mutex_lock(&popen_mutex);
+-		if (rv)
+-		{
+-			debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
+-			abort();
+-		}		
+-#endif
+-
+-		p = popen(buf, "r");
++		p = popenv(popen_argv, "r");
+ 		if (!p)
+ 		{
+-			debug(D_RCPT, "popen failed(%s).  Will not expand aliases", strerror(errno));
++			debug(D_RCPT, "popenv failed(%s).  Will not expand aliases", strerror(errno));
+ 			assassin->expandedrcpt.push_back(envrcpt[0]);
+ 		} else
+ 		{
+@@ -890,16 +840,8 @@
+ 					assassin->expandedrcpt.push_back(p+7);
+ 				}
+ 			}
+-			pclose(p); p = NULL;
++			fclose(p); p = NULL;
+ 		}
+-#if defined(__FreeBSD__)
+-		rv = pthread_mutex_unlock(&popen_mutex);
+-		if (rv)
+-		{
+-			debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
+-			abort();
+-		}		
+-#endif
+ 	} else
+ 	{
+ 		assassin->expandedrcpt.push_back(envrcpt[0]);
+@@ -2157,5 +2099,71 @@
+ 	warnedmacro = true;
+ }
+ 
++/*
++   untrusted-argument-safe popen function - only supports "r" and "w" modes
++   for simplicity, and always reads stdout and stderr in "r" mode.  Call
++   fclose to close the FILE.
++*/
++FILE *popenv(char *const argv[], const char *type)
++{
++	FILE *iop;
++	int pdes[2];
++	int save_errno;
++	if ((*type != 'r' && *type != 'w') || type[1])
++	{
++		errno = EINVAL;
++		return (NULL);
++	}
++	if (pipe(pdes) < 0)
++		return (NULL);
++	switch (fork()) {
++	
++	case -1:			/* Error. */
++		save_errno = errno;
++		(void)close(pdes[0]);
++		(void)close(pdes[1]);
++		errno = save_errno;
++		return (NULL);
++		/* NOTREACHED */
++	case 0:				/* Child. */
++		if (*type == 'r') {
++			/*
++			 * The dup2() to STDIN_FILENO is repeated to avoid
++			 * writing to pdes[1], which might corrupt the
++			 * parent's copy.  This isn't good enough in
++			 * general, since the exit() is no return, so
++			 * the compiler is free to corrupt all the local
++			 * variables.
++			 */
++			(void)close(pdes[0]);
++			(void)dup2(pdes[1], STDOUT_FILENO);
++			(void)dup2(pdes[1], STDERR_FILENO);
++			if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
++				(void)close(pdes[1]);
++			} 
++		} else {
++			if (pdes[0] != STDIN_FILENO) {
++				(void)dup2(pdes[0], STDIN_FILENO);
++				(void)close(pdes[0]);
++			}
++			(void)close(pdes[1]);
++		}
++		execv(argv[0], argv);
++		exit(127);
++		/* NOTREACHED */
++	}
++
++	/* Parent; assume fdopen can't fail. */
++	if (*type == 'r') {
++		iop = fdopen(pdes[0], type);
++		(void)close(pdes[1]);
++	} else {
++		iop = fdopen(pdes[1], type);
++		(void)close(pdes[0]);
++	}
++
++	return (iop);
++}
++
+ // }}}
+ // vim6:ai:noexpandtab
+Index: spamass-milter.h
+===================================================================
+RCS file: /cvsroot/spamass-milt/spamass-milt/spamass-milter.h,v
+retrieving revision 1.23
+diff -u -r1.23 spamass-milter.h
+--- spamass-milter.h	7 Apr 2005 02:04:24 -0000	1.23
++++ spamass-milter.h	10 Mar 2010 18:52:22 -0000
+@@ -186,5 +186,6 @@
+ void parse_debuglevel(char* string);
+ char *strlwr(char *str);
+ void warnmacro(char *macro, char *scope);
++FILE *popenv(char *const argv[], const char *type);
+ 
+ #endif
diff --git a/mail-filter/spamass-milter/spamass-milter-0.3.1-r4.ebuild b/mail-filter/spamass-milter/spamass-milter-0.3.1-r4.ebuild
new file mode 100644
index 000000000000..e5446c9b123f
--- /dev/null
+++ b/mail-filter/spamass-milter/spamass-milter-0.3.1-r4.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/spamass-milter/spamass-milter-0.3.1-r4.ebuild,v 1.1 2011/06/08 12:24:51 eras Exp $
+
+EAPI=4
+
+inherit eutils
+
+IUSE=""
+
+DESCRIPTION="A milter for SpamAssassin"
+HOMEPAGE="http://savannah.nongnu.org/projects/spamass-milt/"
+SRC_URI="http://savannah.nongnu.org/download/spamass-milt/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+
+DEPEND="|| ( mail-filter/libmilter mail-mta/sendmail )
+	>=mail-filter/spamassassin-3.1.0"
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup milter
+	enewuser milter -1 -1 /var/lib/milter milter
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-header.patch
+	epatch "${FILESDIR}"/${PN}-auth_users.patch
+	epatch "${FILESDIR}"/${PN}-popen.patch
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newinitd "${FILESDIR}"/spamass-milter.rc3 spamass-milter
+	newconfd "${FILESDIR}"/spamass-milter.conf3 spamass-milter
+	dodir /var/run/milter
+	keepdir /var/run/milter
+	fowners milter:milter /var/run/milter
+	dodir /var/lib/milter
+	keepdir /var/lib/milter
+	fowners milter:milter /var/lib/milter
+
+	dodoc AUTHORS NEWS README ChangeLog "${FILESDIR}/README.gentoo"
+}
+
+pkg_postinst() {
+	elog "Documentation is installed in /usr/share/doc/${P}"
+}
author	Eray Aslan <eras@gentoo.org>	2011-06-08 12:24:51 +0000
committer	Eray Aslan <eras@gentoo.org>	2011-06-08 12:24:51 +0000
commit	7fa9a6ef0576a2d1e7b93bd7a93286fd4089b676 (patch)
tree	4ae64c5e50212c7a77498b7bf7f8067d2a9468c1 /mail-filter/spamass-milter
parent	Update the makefile patch so the gtk is really optional. (diff)
download	gentoo-2-7fa9a6ef0576a2d1e7b93bd7a93286fd4089b676.tar.gz gentoo-2-7fa9a6ef0576a2d1e7b93bd7a93286fd4089b676.tar.bz2 gentoo-2-7fa9a6ef0576a2d1e7b93bd7a93286fd4089b676.zip