--- /dev/null
+Description: Unescaped left brace in regex leads to warnings with perl 5.26
+Origin: https://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm?r1=1708863&r2=1791010&diff_format=h
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869408
+
+Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm
+===================================================================
+--- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm
++++ spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm
+@@ -916,16 +916,16 @@ sub get_content_preview {
+ $str .= shift @{$ary};
+ }
+ undef $ary;
+- chomp ($str); $str .= " [...]\n";
+
+ # in case the last line was huge, trim it back to around 200 chars
+ local $1;
+- $str =~ s/^(.{,200}).*$/$1/gs;
++ $str =~ s/^(.{200}).+$/$1 [...]/gm;
++ chomp ($str); $str .= "\n";
+
+ # now, some tidy-ups that make things look a bit prettier
+- $str =~ s/-----Original Message-----.*$//gs;
++ $str =~ s/-----Original Message-----.*$//gm;
+ $str =~ s/This is a multi-part message in MIME format\.//gs;
+- $str =~ s/[-_\*\.]{10,}//gs;
++ $str =~ s/[-_*.]{10,}//gs;
+ $str =~ s/\s+/ /gs;
+
+ # add "Content preview:" ourselves, so that the text aligns
--- /dev/null
+upstream fix for bug #771408
+Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
+===================================================================
+--- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf/Parser.pm
++++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm
+@@ -536,6 +536,9 @@ sub handle_conditional {
+ elsif ($token eq 'perl_version') {
+ $eval .= $]." ";
+ }
++ elsif ($token eq 'perl_version') {
++ $eval .= $]." ";
++ }
+ elsif ($token =~ /^\w[\w\:]+$/) { # class name
+ my $u = untaint_var($token);
+ $eval .= '"' . $u . '" ';
--- /dev/null
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Thu, 22 Sep 2016 11:19:42 +0000
+Subject: [PATCH] spamassassin: get it compiled against openssl 1.1.0
+
+CRYPTO_lock was part of the old locking API which got removed. I picked
+a different symbol.
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ spamc/configure | 22 +++++++++++-----------
+ spamc/configure.in | 2 +-
+ 2 files changed, 12 insertions(+), 12 deletions(-)
+
+Index: spamassassin-3.4.1/spamc/configure
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/configure
++++ spamassassin-3.4.1/spamc/configure
+@@ -943,7 +943,7 @@ esac
+ else
+ echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi
+- cd "$ac_popdir"
++ cd $ac_popdir
+ done
+ fi
+
+@@ -1874,7 +1874,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -1932,7 +1933,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -2048,7 +2050,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -2102,7 +2105,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -2147,7 +2151,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -2191,7 +2196,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -2523,7 +2529,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -2693,7 +2700,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -2764,7 +2772,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -2917,7 +2926,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3069,7 +3079,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3260,7 +3271,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3323,7 +3335,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3388,7 +3401,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3491,7 +3505,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3557,7 +3572,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3628,7 +3644,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3666,9 +3683,9 @@ fi
+ SSLLIBS=""
+ SSLCFLAGS=""
+ if test yes = "$sa_ssl_enabled"; then
+- echo "$as_me:$LINENO: checking for CRYPTO_lock in -lcrypto" >&5
+-echo $ECHO_N "checking for CRYPTO_lock in -lcrypto... $ECHO_C" >&6
+-if test "${ac_cv_lib_crypto_CRYPTO_lock+set}" = set; then
++ echo "$as_me:$LINENO: checking for CRYPTO_malloc in -lcrypto" >&5
++echo $ECHO_N "checking for CRYPTO_malloc in -lcrypto... $ECHO_C" >&6
++if test "${ac_cv_lib_crypto_CRYPTO_malloc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -3686,11 +3703,11 @@ extern "C"
+ #endif
+ /* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+-char CRYPTO_lock ();
++char CRYPTO_malloc ();
+ int
+ main ()
+ {
+-CRYPTO_lock ();
++CRYPTO_malloc ();
+ ;
+ return 0;
+ }
+@@ -3704,7 +3721,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3716,20 +3734,20 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+- ac_cv_lib_crypto_CRYPTO_lock=yes
++ ac_cv_lib_crypto_CRYPTO_malloc=yes
+ else
+ echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+
+-ac_cv_lib_crypto_CRYPTO_lock=no
++ac_cv_lib_crypto_CRYPTO_malloc=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_lock" >&5
+-echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_lock" >&6
+-if test $ac_cv_lib_crypto_CRYPTO_lock = yes; then
++echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_malloc" >&5
++echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_malloc" >&6
++if test $ac_cv_lib_crypto_CRYPTO_malloc = yes; then
+ SSLLIBS="-lcrypto $SSLLIBS"
+ fi
+
+@@ -3771,7 +3789,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3804,7 +3823,7 @@ fi
+ # before defining SPAMC_SSL check that all its requirements are
+ # actually available
+ if test yes = "$ac_cv_header_openssl_crypto_h" && \
+- test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \
++ test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \
+ test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then
+ SSLCFLAGS="-DSPAMC_SSL"
+ else
+@@ -3854,7 +3873,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -3927,7 +3947,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4000,7 +4021,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4073,7 +4095,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4182,7 +4205,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4246,7 +4270,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4311,7 +4336,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4368,7 +4394,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4435,7 +4462,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4500,7 +4528,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4564,7 +4593,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4628,7 +4658,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -4692,7 +4723,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+@@ -5527,6 +5559,11 @@ esac
+
+
+
++ if test x"$ac_file" != x-; then
++ { echo "$as_me:$LINENO: creating $ac_file" >&5
++echo "$as_me: creating $ac_file" >&6;}
++ rm -f "$ac_file"
++ fi
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+@@ -5565,12 +5602,6 @@ echo "$as_me: error: cannot find input f
+ fi;;
+ esac
+ done` || { (exit 1); exit 1; }
+-
+- if test x"$ac_file" != x-; then
+- { echo "$as_me:$LINENO: creating $ac_file" >&5
+-echo "$as_me: creating $ac_file" >&6;}
+- rm -f "$ac_file"
+- fi
+ _ACEOF
+ cat >>$CONFIG_STATUS <<_ACEOF
+ sed "$ac_vpsub
+Index: spamassassin-3.4.1/spamc/configure.in
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/configure.in
++++ spamassassin-3.4.1/spamc/configure.in
+@@ -64,13 +64,13 @@ AC_CHECK_LIB(socket, socket)
+ SSLLIBS=""
+ SSLCFLAGS=""
+ if test yes = "$sa_ssl_enabled"; then
+- AC_CHECK_LIB(crypto, CRYPTO_lock,[SSLLIBS="-lcrypto $SSLLIBS"])
++ AC_CHECK_LIB(crypto, CRYPTO_malloc,[SSLLIBS="-lcrypto $SSLLIBS"])
+ AC_CHECK_LIB(ssl, SSL_CTX_free,[SSLLIBS="-lssl $SSLLIBS"],,-lcrypto)
+
+ # before defining SPAMC_SSL check that all its requirements are
+ # actually available
+ if test yes = "$ac_cv_header_openssl_crypto_h" && \
+- test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \
++ test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \
+ test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then
+ SSLCFLAGS="-DSPAMC_SSL"
+ else
--- /dev/null
+Index: spamassassin-3.4.1/spamc/libspamc.c
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/libspamc.c
++++ spamassassin-3.4.1/spamc/libspamc.c
+@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp,
+ unsigned int throwaway;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+- SSL_METHOD *meth;
++ const SSL_METHOD *meth;
+ char zlib_on = 0;
+ unsigned char *zlib_buf = NULL;
+ int zlib_bufsiz = 0;
+@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp,
+ if (flags & SPAMC_USE_SSL) {
+ #ifdef SPAMC_SSL
+ SSLeay_add_ssl_algorithms();
+- if (flags & SPAMC_TLSV1) {
+- meth = TLSv1_client_method();
+- } else {
+- meth = SSLv3_client_method(); /* default */
+- }
++ meth = SSLv23_client_method();
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new(meth);
+ #else
+@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c
+ int failureval;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+- SSL_METHOD *meth;
++ const SSL_METHOD *meth;
+
+ assert(tp != NULL);
+ assert(m != NULL);
+@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c
+ if (flags & SPAMC_USE_SSL) {
+ #ifdef SPAMC_SSL
+ SSLeay_add_ssl_algorithms();
+- meth = SSLv3_client_method();
++ meth = SSLv23_client_method();
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new(meth);
+ #else
+Index: spamassassin-3.4.1/spamc/spamc.c
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/spamc.c
++++ spamassassin-3.4.1/spamc/spamc.c
+@@ -368,16 +368,11 @@ read_args(int argc, char **argv,
+ case 'S':
+ {
+ flags |= SPAMC_USE_SSL;
+- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) {
+- flags |= SPAMC_SSLV3;
+- }
+- else if (strcmp(spamc_optarg,"tlsv1") == 0) {
+- flags |= SPAMC_TLSV1;
+- }
+- else {
+- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg);
+- ret = EX_USAGE;
+- }
++ if(spamc_optarg) {
++ libspamc_log(flags, LOG_ERR,
++ "Explicit specification of an SSL/TLS version no longer supported.");
++ ret = EX_USAGE;
++ }
+ break;
+ }
+ #endif
+Index: spamassassin-3.4.1/spamd/spamd.raw
+===================================================================
+--- spamassassin-3.4.1.orig/spamd/spamd.raw
++++ spamassassin-3.4.1/spamd/spamd.raw
+@@ -409,7 +409,6 @@ GetOptions(
+ 'sql-config!' => \$opt{'sql-config'},
+ 'ssl' => \$opt{'ssl'},
+ 'ssl-port=s' => \$opt{'ssl-port'},
+- 'ssl-version=s' => \$opt{'ssl-version'},
+ 'syslog-socket=s' => \$opt{'syslog-socket'},
+ 'syslog|s=s' => \$opt{'syslog'},
+ 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'},
+@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) {
+
+ # Do whitelist later in tmp dir. Side effect: this will be done as -u user.
+
+-my $sslversion = $opt{'ssl-version'} || 'sslv3';
+-if ($sslversion !~ /^(?:sslv3|tlsv1)$/) {
+- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
+-}
+-
+ $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem";
+ $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem";
+
+@@ -898,9 +892,8 @@ sub compose_listen_info_string {
+ $socket_info->{ip_addr}, $socket_info->{port}));
+
+ } elsif ($socket->isa('IO::Socket::SSL')) {
+- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s",
+- $socket_info->{ip_addr}, $socket_info->{port},
+- $opt{'ssl-version'}||'sslv3'));
++ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr},
++ $socket_info->{port}));
+ }
+ }
+
+@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet {
+ $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP'
+ && IO::Socket::IP->VERSION >= 0.09;
+ %sockopt = (%sockopt, (
+- SSL_version => $sslversion,
+ SSL_verify_mode => 0x00,
+ SSL_key_file => $opt{'server-key'},
+ SSL_cert_file => $opt{'server-cert'},
+@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet {
+ if (!$server_inet) {
+ $diag = sprintf("could not create %s socket on [%s]:%s: %s",
+ $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
+- $adr, $port, $!);
++ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
++ "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
+ push(@diag_fail, $diag);
+ } else {
+ $diag = sprintf("created %s socket on [%s]:%s",
+@@ -3232,7 +3225,6 @@ Options:
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
+ --ssl Enable SSL on TCP connections
+ --ssl-port port Override --port setting for SSL connections
+- --ssl-version sslversion Specify SSL protocol version to use
+ --server-key keyfile Specify an SSL keyfile
+ --server-cert certfile Specify an SSL certificate
+ --socketpath=path Listen on a given UNIX domain socket
+@@ -3720,14 +3712,6 @@ Optionally specifies the port number for
+ SSL connections (default: whatever --port uses). See B<--ssl> for
+ more details.
+
+-=item B<--ssl-version>=I<sslversion>
+-
+-Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>.
+-The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
+-higher hello handshake, then negotiating use of SSLv3 or TLSv1
+-protocol if the client can accept it. Specifying B<--ssl-version>
+-implies B<--ssl>.
+-
+ =item B<--server-key> I<keyfile>
+
+ Specify the SSL key file to use for SSL connections.
+Index: spamassassin-3.4.1/spamc/spamc.pod
+===================================================================
+--- spamassassin-3.4.1.orig/spamc/spamc.pod
++++ spamassassin-3.4.1/spamc/spamc.pod
+@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a
+ Sleep for I<sleep> seconds between failed spamd filtering attempts.
+ The default is 1 second.
+
+-=item B<-S>, B<--ssl>, B<--ssl>=I<sslversion>
++=item B<-S>, B<--ssl>, B<--ssl>
+
+ If spamc was built with support for SSL, encrypt data to and from the
+ spamd process with SSL; spamd must support SSL as well.
+-I<sslversion> specifies the SSL protocol version to use, either
+-C<sslv3>, or C<tlsv1>. The default, is C<sslv3>.
+
+ =item B<-t> I<timeout>, B<--timeout>=I<timeout>
+
+Index: spamassassin-3.4.1/t/spamd_ssl_tls.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t
++++ /dev/null
+@@ -1,28 +0,0 @@
+-#!/usr/bin/perl
+-
+-use lib '.'; use lib 't';
+-use SATest; sa_t_init("spamd_ssl_tls");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+-
+-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+-
+-# ---------------------------------------------------------------------------
+-
+-%patterns = (
+-
+-q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
+-q{ Subject: There yours for FREE!}, 'subj',
+-q{ X-Spam-Status: Yes, score=}, 'status',
+-q{ X-Spam-Flag: YES}, 'flag',
+-q{ X-Spam-Level: **********}, 'stars',
+-q{ TEST_ENDSNUMS}, 'endsinnums',
+-q{ TEST_NOREALNAME}, 'noreal',
+-q{ This must be the very last line}, 'lastline',
+-
+-
+-);
+-
+-ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
+- "--ssl=tlsv1 < data/spam/001",
+- \&patterns_run_cb));
+-ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl_v3.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t
++++ /dev/null
+@@ -1,28 +0,0 @@
+-#!/usr/bin/perl
+-
+-use lib '.'; use lib 't';
+-use SATest; sa_t_init("spamd_sslv3");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+-
+-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+-
+-# ---------------------------------------------------------------------------
+-
+-%patterns = (
+-
+-q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
+-q{ Subject: There yours for FREE!}, 'subj',
+-q{ X-Spam-Status: Yes, score=}, 'status',
+-q{ X-Spam-Flag: YES}, 'flag',
+-q{ X-Spam-Level: **********}, 'stars',
+-q{ TEST_ENDSNUMS}, 'endsinnums',
+-q{ TEST_NOREALNAME}, 'noreal',
+-q{ This must be the very last line}, 'lastline',
+-
+-
+-);
+-
+-ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
+- "--ssl=sslv3 < data/spam/001",
+- \&patterns_run_cb));
+-ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t
++++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
+@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la
+
+ );
+
+-ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
++ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
+ ok (spamcrun ("< data/spam/001", \&patterns_run_cb));
+-ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb));
++ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb));
+ ok (stop_spamd ());
+
+ ok_all_patterns();
+Index: spamassassin-3.4.1/t/spamd_ssl.t
+===================================================================
+--- spamassassin-3.4.1.orig/t/spamd_ssl.t
++++ spamassassin-3.4.1/t/spamd_ssl.t
+@@ -2,10 +2,7 @@
+
+ use lib '.'; use lib 't';
+ use SATest; sa_t_init("spamd_ssl");
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9),
+- onfail => sub {
+- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" .
+- "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" };
++use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+
+ exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+
+Index: spamassassin-3.4.1/MANIFEST
+===================================================================
+--- spamassassin-3.4.1.orig/MANIFEST
++++ spamassassin-3.4.1/MANIFEST
+@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t
+ t/spamd_sql_prefs.t
+ t/spamd_ssl.t
+ t/spamd_ssl_accept_fail.t
+-t/spamd_ssl_tls.t
+-t/spamd_ssl_v3.t
+ t/spamd_stop.t
+ t/spamd_symbols.t
+ t/spamd_syslog.t
--- /dev/null
+Description: Support signer subdomain matching in whitelist_from_dkim
+Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1693414
+Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7226
+Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm
+===================================================================
+--- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DKIM.pm
++++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm
+@@ -178,13 +178,18 @@ sub set_config {
+
+ Works similarly to whitelist_from, except that in addition to matching
+ an author address (From) to the pattern in the first parameter, the message
+-must also carry a Domain Keys Identified Mail (DKIM) signature made by a
+-signing domain (SDID, i.e. the d= tag) that is acceptable to us.
++must also carry a valid Domain Keys Identified Mail (DKIM) signature made by
++a signing domain (SDID, i.e. the d= tag) that is acceptable to us.
+
+ Only one whitelist entry is allowed per line, as in C<whitelist_from_rcvd>.
+ Multiple C<whitelist_from_dkim> lines are allowed. File-glob style characters
+ are allowed for the From address (the first parameter), just like with
+-C<whitelist_from_rcvd>. The second parameter does not accept wildcards.
++C<whitelist_from_rcvd>.
++
++The second parameter (the signing-domain) does not accept full file-glob style
++wildcards, although a simple '*.' (or just a '.') prefix to a domain name
++is recognized and implies any subdomain of the specified domain (but not
++the domain itself).
+
+ If no signing-domain parameter is specified, the only acceptable signature
+ will be an Author Domain Signature (sometimes called first-party signature)
+@@ -205,7 +210,8 @@ Examples of whitelisting based on third-
+ whitelist_from_dkim jane@example.net example.org
+ whitelist_from_dkim rick@info.example.net example.net
+ whitelist_from_dkim *@info.example.net example.net
+- whitelist_from_dkim *@* remailer.example.com
++ whitelist_from_dkim *@* mail7.remailer.example.com
++ whitelist_from_dkim *@* *.remailer.example.com
+
+ =item def_whitelist_from_dkim author@example.com [signing-domain]
+
+@@ -376,7 +382,8 @@ some valid signature on a message has no
+ associated with a particular domain), regardless of its key size - anyone can
+ prepend its own signature on a copy of some third party mail and re-send it,
+ which makes it no more trustworthy than without such signature. This is also
+-a reason for a rule DKIM_VALID to have a near-zero score.
++a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit
++is only informational.
+
+ =cut
+
+@@ -1257,8 +1264,12 @@ sub _wlcheck_list {
+ # identity (AUID). Nevertheless, be prepared to accept the full e-mail
+ # address there for compatibility, and just ignore its local-part.
+
+- $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/;
+- $matches = 1 if $sdid eq lc $acceptable_sdid;
++ $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/s;
++ if ($acceptable_sdid =~ s/^\*?\.//s) {
++ $matches = 1 if $sdid =~ /\.\Q$acceptable_sdid\E\z/si;
++ } else {
++ $matches = 1 if $sdid eq lc $acceptable_sdid;
++ }
+ }
+ if ($matches) {
+ if (would_log("dbg","dkim")) {
+++ /dev/null
-diff -ruNp Mail-SpamAssassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm Mail-SpamAssassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm
---- Mail-SpamAssassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm 2015-04-28 21:56:49.000000000 +0200
-+++ Mail-SpamAssassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm 2017-07-21 23:30:28.831982090 +0200
-@@ -918,7 +918,7 @@ sub get_content_preview {
-
- # in case the last line was huge, trim it back to around 200 chars
- local $1;
-- $str =~ s/^(.{,200}).*$/$1/gs;
-+ $str =~ s/^(.{1,200}).*$/$1/gs;
-
- # now, some tidy-ups that make things look a bit prettier
- $str =~ s/-----Original Message-----.*$//gs;
Summary(pl.UTF-8): Filtr antyspamowy, przeznaczony dla programów dostarczających pocztę (MDA)
Name: spamassassin
Version: 3.4.1
-Release: 7
+Release: 8
License: Apache v2.0
Group: Applications/Mail
Source0: http://ftp.ps.pl/pub/apache//spamassassin/source/%{pdir}-%{pnam}-%{version}.tar.bz2
Source9: cronjob-sa-update.service
Source10: cronjob-sa-update.timer
Patch0: spamassassin-3.4.1-netdns.patch
-Patch1: %{name}-perl-regexp.patch
-Patch2: %{name}-perl-fix.patch
+Patch1: %{name}-perl-fix.patch
+Patch2: bug_771408_perl_version
+Patch3: bug_828552-openssl-1.1.0
+Patch4: bug-869408-unescaped-brace-in-regex.patch
+Patch5: disable_sslv3
+Patch6: dkim_subdomains
+Patch7: fix-uninitialized-concat
URL: http://spamassassin.apache.org/
BuildRequires: openssl-devel >= 0.9.7d
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.16
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
# disable broken test
%{__mv} t/sa_compile.t{,.disabled}
projects / packages / spamassassin.git / commitdiff