!2 update to 3.4.4 to fix CVE-2020-1930 CVE-2020-1931

From: @zhanghua1831 Reviewed-by: @maminjie,@small_leek Signed-off-by: @small_leek
2021-02-07 16:22:42 +08:00 · 2021-02-07 16:22:42 +08:00 · 83ea8e4108
commit 83ea8e4108
parent 437b962769 4a7cc5258f
6 changed files with 41 additions and 3 deletions
--- a/Mail-SpamAssassin-3.4.2.tar.bz2
+++ b/Mail-SpamAssassin-3.4.2.tar.bz2
--- a/Mail-SpamAssassin-3.4.4.tar.bz2
+++ b/Mail-SpamAssassin-3.4.4.tar.bz2
--- a/Mail-SpamAssassin-rules-3.4.2.r1840640.tgz
+++ b/Mail-SpamAssassin-rules-3.4.2.r1840640.tgz
--- a/Mail-SpamAssassin-rules-3.4.4.r1873061.tgz
+++ b/Mail-SpamAssassin-rules-3.4.4.r1873061.tgz
--- a/fix-GeoIP.patch
+++ b/fix-GeoIP.patch
@ -0,0 +1,34 @@
 From adae179bdfe89431a89360850dacd930402ab1eb Mon Sep 17 00:00:00 2001
 From: Giovanni Bechis <gbechis@apache.org>
 Date: Fri, 20 Nov 2020 07:33:00 +0000
 Subject: [PATCH] fix GeoIP open_type call, bz #7871
 git-svn-id: https://svn.apache.org/repos/asf/spamassassin/branches/3.4@1883660 13f79535-47bb-0310-9956-ffa450edef68
 ---
 lib/Mail/SpamAssassin/Plugin/URILocalBL.pm | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 diff --git a/lib/Mail/SpamAssassin/Plugin/URILocalBL.pm b/lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
 index 4fbbcb78d6..4def393d87 100644
 --- a/lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
 +++ b/lib/Mail/SpamAssassin/Plugin/URILocalBL.pm
@@ -480,14 +480,14 @@ sub check_uri_local_bl {
     my $flags = 0;
     my $flag_isp = 0;
     my $flag_silent = 0;
 -    eval '$flags = GEOIP_MEMORY_CACHE | GEOIP_CHECK_CACHE' if ($gip_wanted >= $gip_have);
 -    eval '$flag_silent = Geo::IP::GEOIP_SILENCE' if ($gip_wanted >= $gip_have);
 -    eval '$flag_isp = GEOIP_ISP_EDITION' if ($gip_wanted >= $gip_have);
 +    eval '$flags = GEOIP_MEMORY_CACHE | GEOIP_CHECK_CACHE' if ($gip_have >= $gip_wanted);
 +    eval '$flag_silent = GEOIP_SILENCE' if ($gip_have >= $gip_wanted);
 +    eval '$flag_isp = GEOIP_ISP_EDITION' if ($gip_have >= $gip_wanted);
    eval {
 -    if ($flag_silent && $gic_wanted >= $gic_have) {
 +    if ($flag_silent && $gic_have >= $gic_wanted) {
       $self->{geoip} = Geo::IP->new($flags | $flag_silent);
 -      $self->{geoisp} = Geo::IP->open_type($flag_isp | $flag_silent | $flags);
 +      $self->{geoisp} = Geo::IP->open_type($flag_isp, $flag_silent | $flags);
     } else {
       open(OLDERR, ">&STDERR");
       open(STDERR, ">", "/dev/null");
--- a/spamassassin.spec
+++ b/spamassassin.spec
@ -1,11 +1,11 @@
 Name:             spamassassin
-Version:          3.4.2
+Version:          3.4.4
-Release:          4
+Release:          1
 Summary:          A program used for e-mail spam filtering
 License:          ASL 2.0
 URL:              https://spamassassin.apache.org/
 Source0:          http://mirror.bit.edu.cn/apache//%{name}/source/Mail-SpamAssassin-%{version}.tar.bz2
-Source1:          http://mirror.bit.edu.cn/apache//%{name}/source/Mail-SpamAssassin-rules-%{version}.r1840640.tgz
+Source1:          http://mirror.bit.edu.cn/apache//%{name}/source/Mail-SpamAssassin-rules-%{version}.r1873061.tgz
 Source2:          openeuler_local.cf
 Source3:          spamassassin-default.rc
 Source4:          spamassassin-spamc.rc
@ -22,6 +22,7 @@ Source14:         sa-update.timer
 Patch0001:        spamassassin-3.3.2-gnupg2.patch
 Patch0002:        spamassassin-3.4.1-add-logfile-homedir-options.patch
 Patch0003:        fix-GeoIP.patch
 BuildRequires:    gcc openssl-devel perl-devel perl-generators perl-HTML-Parser >= 3.43
 BuildRequires:    perl-interpreter >= 2:5.8.0 perl(Archive::Tar) perl(DB_File)
@ -155,5 +156,8 @@ fi
 %{_mandir}/man[13]/*
 %changelog
 * Sun Feb 7 2021 zhanghua <zhanghua40@huawei.com> - 3.4.4-1
 - update to 3.4.4 to fix CVE-2020-1930 CVE-2020-1931
 * Mon Dec 09 2019 zhouyihang <zhouyihang1@huawei.com> - 3.4.2-4
 - Package init