mail-filter/spamassassin: new revision to fix Net-DNS compatibility issues.

With the stabilization of =dev-perl/Net-DNS-1.40.0 (and the removal of the older stable version), a number of problems were introduced in SpamAssassin. There are three upstream bugs with patches against the latest release, v3.4.1, which fix all sorts of DNS errors in blacklist checks, DKIM, and SPF. The major contribution of this new revision is to apply patches from those upstream bugs fixing compatibility with =dev-perl/Net-DNS-1.40.0. At the same time, bug 396307 has been fixed by creating the sa-update-keys directory and assigning it the proper permissions. Thanks are due to Olliver Schinagl, Philippe Chaintreuil, Marcin Mirosław, and Atman Sense who reported and investigated these issues. Gentoo-Bug: 396307 Gentoo-Bug: 579222 Upstream-Bug: 7223 Upstream-Bug: 7231 Upstream-Bug: 7265 Package-Manager: portage-2.2.28
author: Michael Orlitzky <mjo@gentoo.org> 2016-06-03 11:59:42 -0400
committer: Michael Orlitzky <mjo@gentoo.org> 2016-06-03 12:02:04 -0400
commit: 323640f36b897eb908b406dfd570613dd323af9c (patch)
tree: c0798d34069925df6cdd9af4a7bd5ae483b51a18 /mail-filter/spamassassin/files
parent: app-crypt/xca: add libressl support (diff)
download: gentoo-323640f36b897eb908b406dfd570613dd323af9c.tar.gz
gentoo-323640f36b897eb908b406dfd570613dd323af9c.tar.bz2
gentoo-323640f36b897eb908b406dfd570613dd323af9c.zip
3 files changed, 131 insertions, 0 deletions
diff --git a/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7223.patch b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7223.patch
new file mode 100644
index 000000000000..0fea1f9cdbd4
--- /dev/null
+++ b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7223.patch
@@ -0,0 +1,14 @@
+# Fix for Gentoo bug 579222 (SpamAssassin bug 7223).
+
+--- a/lib/Mail/SpamAssassin/DnsResolver.pm	2015/07/20 18:23:18	1691991
++++ b/lib/Mail/SpamAssassin/DnsResolver.pm	2015/07/20 18:24:48	1691992
+@@ -592,6 +592,9 @@
+   };
+ 
+   if ($packet) {
++    # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223	
++    $packet->header->rd(1);
++
+   # my $udp_payload_size = $self->{res}->udppacketsize;
+     my $udp_payload_size = $self->{conf}->{dns_options}->{edns};
+     if ($udp_payload_size && $udp_payload_size > 512) {
diff --git a/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7231.patch b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7231.patch
new file mode 100644
index 000000000000..0d6e43abb6dd
--- /dev/null
+++ b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7231.patch
@@ -0,0 +1,29 @@
+# Fix for Gentoo bug 579222 (SpamAssassin bug 7231).
+
+--- a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm	(revision 1694052)
++++ b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm	(working copy)
+@@ -942,9 +942,8 @@
+     next unless (defined($str) && defined($dom));
+     dbg("uridnsbl: got($j) NS for $dom: $str");
+ 
+-    if ($str =~ /IN\s+NS\s+(\S+)/) {
+-      my $nsmatch = lc $1;
+-      $nsmatch =~ s/\.$//;
++    if ($rr->type eq 'NS') {
++      my $nsmatch = lc $rr->nsdname;  # available since at least Net::DNS 0.14
+       my $nsrhblstr = $nsmatch;
+       my $fullnsrhblstr = $nsmatch;
+ 
+@@ -1025,9 +1024,9 @@
+     }
+     dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str);
+ 
+-    local $1;
+-    if ($str =~ /IN\s+A\s+(\S+)/) {
+-      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1);
++    if ($rr->type eq 'A') {
++      my $ip_address = $rr->rdatastr;
++      $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address);
+     }
+   }
+ }
diff --git a/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7265.patch b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7265.patch
new file mode 100644
index 000000000000..f4fc4bcc718d
--- /dev/null
+++ b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7265.patch
@@ -0,0 +1,88 @@
+# Fix for Gentoo bug 579222 (SpamAssassin bug 7265).
+# Two different revisions from that bug have been concatenated
+# together into this patch.
+
+--- a/lib/Mail/SpamAssassin/DnsResolver.pm	2015/11/19 15:23:56	1715196
++++ b/lib/Mail/SpamAssassin/DnsResolver.pm	2015/11/19 15:31:49	1715197
+@@ -725,6 +725,37 @@
+ 
+ ###########################################################################
+ 
++=item $id = $res->bgread()
++
++Similar to C<Net::DNS::Resolver::bgread>.  Reads a DNS packet from
++a supplied socket, decodes it, and returns a Net::DNS::Packet object
++if successful.  Dies on error.
++
++=cut
++
++sub bgread() {
++  my ($self) = @_;
++  my $sock = $self->{sock};
++  my $packetsize = $self->{res}->udppacketsize;
++  $packetsize = 512  if $packetsize < 512;  # just in case
++  my $data = '';
++  my $peeraddr = $sock->recv($data, $packetsize+256);  # with some size margin for troubleshooting
++  defined $peeraddr or die "bgread: recv() failed: $!";
++  my $peerhost = $sock->peerhost;
++  $data ne '' or die "bgread: received empty packet from $peerhost";
++  dbg("dns: bgread: received %d bytes from %s", length($data), $peerhost);
++  my($answerpkt, $decoded_length) = Net::DNS::Packet->new(\$data);
++  $answerpkt or die "bgread: decoding DNS packet failed: $@";
++  $answerpkt->answerfrom($peerhost);
++  if ($decoded_length ne length($data)) {
++    warn sprintf("bgread: received a %d bytes packet from %s, decoded %d bytes\n",
++                 length($data), $peerhost, $decoded_length);
++  }
++  return $answerpkt;
++}
++
++###########################################################################
++
+ =item $nfound = $res->poll_responses()
+ 
+ See if there are any C<bgsend> reply packets ready, and return
+@@ -772,13 +803,25 @@
+     $timeout = 0;  # next time around collect whatever is available, then exit
+     last  if $nfound == 0;
+ 
+-    my $packet = $self->{res}->bgread($self->{sock});
++    my $packet;
++    eval {
++      $packet = $self->bgread();
++    } or do {
++      undef $packet;
++      my $eval_stat = $@ ne '' ? $@ : "errno=$!";  chomp $eval_stat;
++      # resignal if alarm went off
++      die $eval_stat  if $eval_stat =~ /__alarm__ignore__\(.*\)/s;
++      info("dns: bad dns reply: %s", $eval_stat);
++    };
++
++#   Bug 7265, use our own bgread()
++#   my $packet = $self->{res}->bgread($self->{sock});
+ 
+     if (!$packet) {
+-      my $dns_err = $self->{res}->errorstring;
+-      # resignal if alarm went off
+-      die "dns (3) $dns_err\n"  if $dns_err =~ /__alarm__ignore__\(.*\)/s;
+-      info("dns: bad dns reply: $dns_err");
++      # error already reported above
++#     my $dns_err = $self->{res}->errorstring;
++#     die "dns (3) $dns_err\n"  if $dns_err =~ /__alarm__ignore__\(.*\)/s;
++#     info("dns: bad dns reply: $dns_err");
+     } else {
+       my $header = $packet->header;
+       if (!$header) {
+
+--- a/lib/Mail/SpamAssassin/Plugin/DKIM.pm	2015/11/19 19:20:06	1715247
++++ b/lib/Mail/SpamAssassin/Plugin/DKIM.pm	2015/11/19 19:22:25	1715248
+@@ -793,7 +793,8 @@
+         # Only do so if EDNS0 provides a reasonably-sized UDP payload size,
+         # as our interface does not provide a DNS fallback to TCP, unlike
+         # the Net::DNS::Resolver::send which does provide it.
+-        my $res = $self->{main}->{resolver}->get_resolver;
++        my $res = $self->{main}->{resolver};
++        dbg("dkim: providing our own resolver: %s", ref $res);
+         Mail::DKIM::DNS::resolver($res);
+       }
+     }
author	Michael Orlitzky <mjo@gentoo.org>	2016-06-03 11:59:42 -0400
committer	Michael Orlitzky <mjo@gentoo.org>	2016-06-03 12:02:04 -0400
commit	323640f36b897eb908b406dfd570613dd323af9c (patch)
tree	c0798d34069925df6cdd9af4a7bd5ae483b51a18 /mail-filter/spamassassin/files
parent	app-crypt/xca: add libressl support (diff)
download	gentoo-323640f36b897eb908b406dfd570613dd323af9c.tar.gz gentoo-323640f36b897eb908b406dfd570613dd323af9c.tar.bz2 gentoo-323640f36b897eb908b406dfd570613dd323af9c.zip