pull back more patches from spamassassin 3.4 branch, again mostly coping

with Net::DNS API changes not documented in their changelog
2016-03-04 00:05:35 +00:00 · 2016-03-04 00:05:35 +00:00 · 608b159fcd
commit 608b159fcd
parent cf72e1871e
7 changed files with 251 additions and 8 deletions
--- a/mail/p5-Mail-SpamAssassin/Makefile
+++ b/mail/p5-Mail-SpamAssassin/Makefile
@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.97 2016/03/03 23:27:50 sthen Exp $
+# $OpenBSD: Makefile,v 1.98 2016/03/04 00:05:35 sthen Exp $

 COMMENT=		mailfilter to identify and mark spam

 VER=			3.4.1
 DISTNAME=		Mail-SpamAssassin-${VER}
 PKGNAME=		p5-${DISTNAME}
-REVISION=		3
+REVISION=		4
 RULESNAME=		Mail-SpamAssassin-rules-${VER}.r1675274.tgz
 CATEGORIES=		mail perl5

--- a/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
+++ b/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver_pm
@ -1,9 +1,6 @@
-$OpenBSD: patch-lib_Mail_SpamAssassin_DnsResolver_pm,v 1.3 2016/03/03 23:27:51 sthen Exp $
-
-spamassassin/branches/3.4/lib/Mail/SpamAssassin/DnsResolver.pm	2015/07/20 18:24:48	1691992
-
--- lib/Mail/SpamAssassin/DnsResolver.pm.orig	Thu Mar  3 23:25:07 2016
-+++ lib/Mail/SpamAssassin/DnsResolver.pm	Thu Mar  3 23:26:30 2016
+$OpenBSD: patch-lib_Mail_SpamAssassin_DnsResolver_pm,v 1.4 2016/03/04 00:05:35 sthen Exp $
+--- lib/Mail/SpamAssassin/DnsResolver.pm.orig	Tue Apr 28 20:56:49 2015
+++ lib/Mail/SpamAssassin/DnsResolver.pm	Thu Mar  3 23:59:55 2016
@@ -592,6 +592,9 @@ sub new_dns_packet {
   };
 
@ -14,3 +11,72 @@ spamassassin/branches/3.4/lib/Mail/SpamAssassin/DnsResolver.pm	2015/07/20 18:24:
   # my $udp_payload_size = $self->{res}->udppacketsize;
     my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
     if ($udp_payload_size && $udp_payload_size > 512) {
+@@ -722,6 +725,37 @@ sub bgsend {
+ 
+ ###########################################################################
+ 
+=item $id = $res->bgread()
+
+Similar to C<Net::DNS::Resolver::bgread>.  Reads a DNS packet from
+a supplied socket, decodes it, and returns a Net::DNS::Packet object
+if successful.  Dies on error.
+
+=cut
+
+sub bgread() {
+  my ($self) = @_;
+  my $sock = $self->{sock};
+  my $packetsize = $self->{res}->udppacketsize;
+  $packetsize = 512  if $packetsize < 512;  # just in case
+  my $data = '';
+  my $peeraddr = $sock->recv($data, $packetsize+256);  # with some size margin for troubleshooting
+  defined $peeraddr or die "bgread: recv() failed: $!";
+  my $peerhost = $sock->peerhost;
+  $data ne '' or die "bgread: received empty packet from $peerhost";
+  dbg("dns: bgread: received %d bytes from %s", length($data), $peerhost);
+  my($answerpkt, $decoded_length) = Net::DNS::Packet->new(\$data);
+  $answerpkt or die "bgread: decoding DNS packet failed: $@";
+  $answerpkt->answerfrom($peerhost);
+  if ($decoded_length ne length($data)) {
+    warn sprintf("bgread: received a %d bytes packet from %s, decoded %d bytes\n",
+                 length($data), $peerhost, $decoded_length);
+  }
+  return $answerpkt;
+}
+
+###########################################################################
+
+ =item $nfound = $res->poll_responses()
+ 
+ See if there are any C<bgsend> reply packets ready, and return
+@@ -769,13 +803,25 @@ sub poll_responses {
+     $timeout = 0;  # next time around collect whatever is available, then exit
+     last  if $nfound == 0;
+ 
+-    my $packet = $self->{res}->bgread($self->{sock});
+    my $packet;
+    eval {
+      $packet = $self->bgread();
+    } or do {
+      undef $packet;
+      my $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
+      # resignal if alarm went off
+      die $eval_stat  if $eval_stat =~ /__alarm__ignore__\(.*\)/s;
+      info("dns: bad dns reply: %s", $eval_stat);
+    };
+ 
+#   Bug 7265, use our own bgread()
+#   my $packet = $self->{res}->bgread($self->{sock});
+
+     if (!$packet) {
+-      my $dns_err = $self->{res}->errorstring;
+-      # resignal if alarm went off
+-      die "dns (3) $dns_err\n"  if $dns_err =~ /__alarm__ignore__\(.*\)/s;
+-      info("dns: bad dns reply: $dns_err");
+      # error already reported above
+#     my $dns_err = $self->{res}->errorstring;
+#     die "dns (3) $dns_err\n"  if $dns_err =~ /__alarm__ignore__\(.*\)/s;
+#     info("dns: bad dns reply: $dns_err");
+     } else {
+       my $header = $packet->header;
+       if (!$header) {
--- a/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
+++ b/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm
@ -0,0 +1,25 @@
+$OpenBSD: patch-lib_Mail_SpamAssassin_Message_Metadata_Received_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
+--- lib/Mail/SpamAssassin/Message/Metadata/Received.pm.orig	Tue Apr 28 20:56:48 2015
+++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm	Thu Mar  3 23:59:55 2016
+@@ -434,7 +434,8 @@ sub parse_received_line {
+     $auth = 'Postfix';
+   }
+   # Communigate Pro - Bug 6495 adds HTTP as possible transmission method
+-  elsif (/CommuniGate Pro (HTTP|SMTP)/ && / \(account /) {
+  # 	Bug 7277: XIMSS used by Pronto and other custom apps, IMAP supports XMIT extension
+  elsif (/CommuniGate Pro (HTTP|SMTP|XIMSS|IMAP)/ && / \(account /) {
+     $auth = 'Communigate';
+   }
+   # Microsoft Exchange (complete with syntax error)
+@@ -714,6 +715,11 @@ sub parse_received_line {
+     # Received: from sc8-sf-sshgate.sourceforge.net (HELO sc8-sf-netmisc.sourceforge.net) (66.35.250.220) by la.mx.develooper.com (qpsmtpd/0.27-dev) with ESMTP; Fri, 02 Jan 2004 14:44:41 -0800
+     # Received: from mx10.topofferz.net (HELO ) (69.6.60.10) by blazing.arsecandle.org with SMTP; 3 Mar 2004 20:34:38 -0000
+     if (/^(\S+) \((?:HELO|EHLO) (\S*)\) \((${IP_ADDRESS})\) by (\S+) \(qpsmtpd\/\S+\) with (?:ESMTP|SMTP)/) {
+      $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
+    }
+
+    # Received: from mail-backend.DDDD.com (LHLO mail-backend.DDDD.com) (10.2.2.20) by mail-backend.DDDD.com with LMTP; Thu, 18 Jun 2015 16:50:56 -0700 (PDT)
+    if (/^(\S+) \(LHLO (\S*)\) \((${IP_ADDRESS})\) by (\S+) with LMTP/) {
+       $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
+     }
+ 
--- a/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Message_pm
+++ b/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Message_pm
@ -0,0 +1,13 @@
+$OpenBSD: patch-lib_Mail_SpamAssassin_Message_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
+--- lib/Mail/SpamAssassin/Message.pm.orig	Tue Apr 28 20:56:49 2015
+++ lib/Mail/SpamAssassin/Message.pm	Thu Mar  3 23:59:55 2016
+@@ -1046,6 +1046,9 @@ sub _parse_normal {
+   elsif ($ct[3]) {
+     $msg->{'name'} = $ct[3];
+   }
+  if ($msg->{'name'}) {
+    $msg->{'name'} = Encode::decode("MIME-Header", $msg->{'name'});
+  }
+ 
+   $msg->{'boundary'} = $boundary;
+ 
--- a/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
+++ b/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm
@ -0,0 +1,87 @@
+$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_DKIM_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
+--- lib/Mail/SpamAssassin/Plugin/DKIM.pm.orig	Tue Apr 28 20:56:47 2015
+++ lib/Mail/SpamAssassin/Plugin/DKIM.pm	Thu Mar  3 23:59:55 2016
+@@ -178,14 +178,19 @@ sub set_config {
+ 
+ Works similarly to whitelist_from, except that in addition to matching
+ an author address (From) to the pattern in the first parameter, the message
+-must also carry a Domain Keys Identified Mail (DKIM) signature made by a
+-signing domain (SDID, i.e. the d= tag) that is acceptable to us.
+must also carry a valid Domain Keys Identified Mail (DKIM) signature made by
+a signing domain (SDID, i.e. the d= tag) that is acceptable to us.
+ 
+ Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
+ Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
+ are allowed for the From address (the first parameter), just like with
+-C<whitelist_from_rcvd>. The second parameter does not accept wildcards.
+C<whitelist_from_rcvd>.
+ 
+The second parameter (the signing-domain) does not accept full file-glob style
+wildcards, although a simple '*.' (or just a '.') prefix to a domain name
+is recognized and implies any subdomain of the specified domain (but not
+the domain itself).
+
+ If no signing-domain parameter is specified, the only acceptable signature
+ will be an Author Domain Signature (sometimes called first-party signature)
+ which is a signature where the signing domain (SDID) of a signature matches
+@@ -205,7 +210,8 @@ Examples of whitelisting based on third-party signatur
+   whitelist_from_dkim jane@example.net      example.org
+   whitelist_from_dkim rick@info.example.net example.net
+   whitelist_from_dkim *@info.example.net    example.net
+-  whitelist_from_dkim *@*                   remailer.example.com
+  whitelist_from_dkim *@*                   mail7.remailer.example.com
+  whitelist_from_dkim *@*                   *.remailer.example.com
+ 
+ =item def_whitelist_from_dkim author@example.com [signing-domain]
+ 
+@@ -376,7 +382,8 @@ some valid signature on a message has no reputational 
+ associated with a particular domain), regardless of its key size - anyone can
+ prepend its own signature on a copy of some third party mail and re-send it,
+ which makes it no more trustworthy than without such signature. This is also
+-a reason for a rule DKIM_VALID to have a near-zero score.
+a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit
+is only informational.
+ 
+ =cut
+ 
+@@ -786,7 +793,8 @@ sub _check_dkim_signature {
+         # Only do so if EDNS0 provides a reasonably-sized UDP payload size,
+         # as our interface does not provide a DNS fallback to TCP, unlike
+         # the Net::DNS::Resolver::send which does provide it.
+-        my $res = $self->{main}->{resolver}->get_resolver;
+        my $res = $self->{main}->{resolver};
+        dbg("dkim: providing our own resolver: %s", ref $res);
+         Mail::DKIM::DNS::resolver($res);
+       }
+     }
+@@ -892,13 +900,13 @@ sub _check_dkim_signature {
+         }
+       }
+       if (would_log("dbg","dkim")) {
+-        dbg("dkim: %s %s, i=%s, d=%s, s=%s, a=%s, c=%s, %s, %s",
+        dbg("dkim: %s %s, i=%s, d=%s, s=%s, a=%s, c=%s, %s, %s, %s",
+           $info,
+           $signature->isa('Mail::DKIM::DkSignature') ? 'DK' : 'DKIM',
+           map(!defined $_ ? '(undef)' : $_,
+             $signature->identity, $d, $signature->selector,
+             $signature->algorithm, scalar($signature->canonicalization),
+-            $key_size ? "key_bits=$key_size" : (),
+            $key_size ? "key_bits=$key_size" : "unknown key size",
+             ($sig_result_supported ? $signature : $verifier)->result ),
+           defined $d && $pms->{dkim_author_domains}->{$d}
+             ? 'matches author domain'
+@@ -1257,8 +1265,12 @@ sub _wlcheck_list {
+         # identity (AUID). Nevertheless, be prepared to accept the full e-mail
+         # address there for compatibility, and just ignore its local-part.
+ 
+-        $acceptable_sdid = $1  if $acceptable_sdid =~ /\@([^\@]*)\z/;
+-        $matches = 1  if $sdid eq lc $acceptable_sdid;
+        $acceptable_sdid = $1  if $acceptable_sdid =~ /\@([^\@]*)\z/s;
+        if ($acceptable_sdid =~ s/^\*?\.//s) {
+          $matches = 1  if $sdid =~ /\.\Q$acceptable_sdid\E\z/si;
+        } else {
+          $matches = 1  if $sdid eq lc $acceptable_sdid;
+        }
+       }
+       if ($matches) {
+         if (would_log("dbg","dkim")) {
--- a/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
+++ b/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Plugin_SPF_pm
@ -0,0 +1,24 @@
+$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_SPF_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
+--- lib/Mail/SpamAssassin/Plugin/SPF.pm.orig	Tue Apr 28 20:56:47 2015
+++ lib/Mail/SpamAssassin/Plugin/SPF.pm	Thu Mar  3 23:59:55 2016
+@@ -232,7 +232,7 @@ working downwards until results are successfully parse
+ =item has_check_for_spf_errors
+ 
+ Adds capability check for "if can()" for check_for_spf_permerror, check_for_spf_temperror, check_for_spf_helo_permerror and check_for_spf_helo_permerror
+-  
+
+ =cut 
+ 
+ sub has_check_for_spf_errors { 1 }
+@@ -506,9 +506,9 @@ sub _check_spf {
+       $self->{spf_server} = Mail::SPF::Server->new(
+ 				hostname     => $scanner->get_tag('HOSTNAME'),
+ 				dns_resolver => $self->{main}->{resolver},
+-				max_dns_interactive_terms => 15);
+				max_dns_interactive_terms => 20);
+       # Bug 7112: max_dns_interactive_terms defaults to 10, but even 14 is
+-      # not enough for ebay.com, setting it to 15
+      # not enough for ebay.com, setting it to 15 NOTE: raising to 20 per bug 7182
+       1;
+     } or do {
+       $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
--- a/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
+++ b/mail/p5-Mail-SpamAssassin/patches/patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm
@ -0,0 +1,28 @@
+$OpenBSD: patch-lib_Mail_SpamAssassin_Plugin_URIDNSBL_pm,v 1.1 2016/03/04 00:05:35 sthen Exp $
+--- lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm.orig	Tue Apr 28 20:56:47 2015
+++ lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm	Thu Mar  3 23:59:55 2016
+@@ -942,9 +942,8 @@ sub complete_ns_lookup {
+     next unless (defined($str) && defined($dom));
+     dbg("uridnsbl: got($j) NS for $dom: $str");
+ 
+-    if ($str =~ /IN\s+NS\s+(\S+)/) {
+-      my $nsmatch = lc $1;
+-      $nsmatch =~ s/\.$//;
+    if ($rr->type eq 'NS') {
+      my $nsmatch = lc $rr->nsdname;  # available since at least Net::DNS 0.14
+       my $nsrhblstr = $nsmatch;
+       my $fullnsrhblstr = $nsmatch;
+ 
+@@ -1025,9 +1024,9 @@ sub complete_a_lookup {
+     }
+     dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
+ 
+-    local $1;
+-    if ($str =~ /IN\s+A\s+(\S+)/) {
+-      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
+    if ($rr->type eq 'A') {
+      my $ip_address = $rr->rdatastr;
+      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
+     }
+   }
+ }