...
 
Commits (13)
......@@ -10,11 +10,26 @@ spamassassin (3.4.2-1) unstable; urgency=medium
PDFInfo plugin. (Closes: 908970)
- CVE-2018-11781: local user code injection in the meta rule syntax.
(Closes: 908971)
- BayesStore: bayes_expire table grows, remove_running_expire_tok not
called (Closes: 883775)
- Fix use of uninitialized variable warning in PDFInfo.pm
(Closes: 865924)
- Fix "failed to parse plugin" error in
Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
* Don't recursively chown /var/lib/spamassassin during postinst.
(Closes: 889501)
* Reload spamd after compiling rules in sa-compile.postinst.
-- Noah Meyerhans <noahm@debian.org> Mon, 17 Sep 2018 23:44:06 -0700
* Preserve locally set ENABLED=1 setting from /etc/default/spamassassin
when installing on systemd-based systems. (Closes: 884163, 858457)
* Update SysV init script to cope with upstream's change to $0.
* Remove compiled rules upon removal of the sa-compile package.
* Ensure that /var/lib/spamassassin/compiled doesn't change modes with
the cron job's execution. (Closes: 890650)
* Update standards version to 4.2.1
* Create /var/lib/spamassassin via dpkg, rather than the postinst.
(Closes: 891833)
-- Noah Meyerhans <noahm@debian.org> Sun, 30 Sep 2018 23:44:58 -0700
spamassassin (3.4.1-8) unstable; urgency=medium
......
......@@ -5,7 +5,7 @@ Maintainer: Noah Meyerhans <noahm@debian.org>
Build-Depends: debhelper, perl, libssl-dev, libhtml-parser-perl,
libnet-dns-perl, libnetaddr-ip-perl, debhelper (>= 9.20160709),
libberkeleydb-perl, netbase
Standards-Version: 4.1.0.0
Standards-Version: 4.2.1.0
Homepage: https://www.spamassassin.org/
Vcs-Git: https://salsa.debian.org/debian/spamassassin.git
Vcs-Browser: https://salsa.debian.org/debian/spamassassin
......
......@@ -131,6 +131,7 @@ binary-indep: build-indep install-indep
dh_systemd_start -i --no-start
dh_installcron -i
dh_installchangelogs Changes -i
dh_lintian
dh_link -i
dh_compress -i -XGPG.KEY
dh_fixperms -i
......
......@@ -8,6 +8,11 @@ sa_compile() {
if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile ]; then
echo "Running sa-compile (may take a long time)"
su - $OWNER -c "sa-compile --quiet"
# Fixup perms -- group and other should be able to
# read and execute, but never write. Works around
# sa-compile's failure to obey umask.
runuser -u debian-spamd -- \
chmod -R go-w,go+rX /var/lib/spamassassin/compiled
if command -v invoke-rc.d >/dev/null 2>&1; then
invoke-rc.d --quiet spamassassin status > /dev/null && \
invoke-rc.d spamassassin reload > /dev/null 2>&1 || true
......
......@@ -42,7 +42,8 @@ do_compile() {
# Fixup perms -- group and other should be able to
# read and execute, but never write. Works around
# sa-compile's failure to obey umask.
chmod -R go-w,go+rX /var/lib/spamassassin/compiled
runuser -u debian-spamd -- \
chmod -R go-w,go+rX /var/lib/spamassassin/compiled
fi
}
......
......@@ -8,3 +8,4 @@ usr/share/doc/spamassassin/rules
usr/share/spamassassin
usr/share/man/man8
usr/sbin
/var/lib/spamassassin
......@@ -35,6 +35,9 @@ test -f /etc/default/spamassassin && . /etc/default/spamassassin
DOPTIONS="-d --pidfile=$PIDFILE"
# Note: check_enabled should go away as soon as possible after the
# next stable release to complete the transition away from using
# ENABLED=1 in /etc/default/spamassassin
check_enabled() {
if [ "$ENABLED" = "0" ]; then
echo "$DESC: disabled, see /etc/default/spamassassin"
......@@ -50,30 +53,30 @@ case "$1" in
start)
check_enabled
echo -n "Starting $DESC: "
start-stop-daemon --start --pidfile $PIDFILE --name $DAEMON \
start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
$NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --pidfile $PIDFILE --name $DAEMON --oknodo
start-stop-daemon --stop --pidfile $PIDFILE --name $NAME --oknodo
echo "$NAME."
;;
reload|force-reload)
check_enabled
echo -n "Reloading $DESC: "
start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $DAEMON
start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $NAME
echo "$NAME."
;;
restart)
check_enabled
echo -n "Restarting $DESC: "
start-stop-daemon --stop --pidfile $PIDFILE --name $DAEMON \
start-stop-daemon --stop --pidfile $PIDFILE --name $NAME \
--retry 5 --oknodo
start-stop-daemon --start --pidfile $PIDFILE --name $DAEMON \
start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
$NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
echo "$NAME."
......
# These will go away as soon as we've cleanly transitioned from ENABLED=1
init.d-script-should-always-start-service
duplicate-updaterc.d-calls-in-postinst
......@@ -11,9 +11,8 @@ if [ "$1" = "configure" ]; then
# If a new install, or an upgrade from 3.3.2-2 or earlier...
if ! getent passwd debian-spamd > /dev/null ; then
adduser --system --group --shell /bin/sh --disabled-password \
--home /var/lib/spamassassin debian-spamd
else
mkdir -p /var/lib/spamassassin
--home /var/lib/spamassassin --no-create-home \
debian-spamd
fi
OWNER=$(stat -c '%U' /var/lib/spamassassin)
......@@ -44,28 +43,40 @@ fi
#DEBHELPER#
# Note: the following mess should go away as soon as possible after
# the next stable release to complete the transition away from using
# ENABLED=1 in /etc/default/spamassassin
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || \
[ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
set +e
invoke-rc.d --query spamassassin start
code=$?
set -e
ENABLED=0
if [ -f /etc/default/spamassassin ]; then
. /etc/default/spamassassin
fi
if [ $code -eq 104 ] && \
! command -v systemctl > /dev/null ; then
# We're not using systemd and thus may have some sysvinit cleanup
# to do in order to comply with policy 9.3.3.1
ENABLED=0
if [ -f /etc/default/spamassassin ]; then
. /etc/default/spamassassin
fi
if [ -z "$ENABLED" -o "$ENABLED" = 0 ]; then
# The defaults were unmodified by the sysadmin. We'll
# preserve this setting by disabling the service:
# The rc?d symlinks are inconsistent with the value set in
# /etc/default/spamassassin. Update the symlinks to
# reflect the actual state.
update-rc.d -f spamassassin remove
update-rc.d -f spamassassin defaults-disabled
deb-systemd-helper disable spamassassin.service
fi
elif [ $code -eq 101 ] && \
command -v systemctl > /dev/null && \
[ $ENABLED -eq 1 ]; then
# We're running on a systemd system, and the service is not
# configured to start (the default), but the admin has
# previously enabled it via
# /etc/default/spamassassin. Preserve that configuration.
deb-systemd-helper enable spamassassin.service
fi
fi
......
......@@ -32,6 +32,15 @@ install|upgrade)
rm_conffile spamassassin "/etc/logcheck/ignore.d.paranoid/spamassassin"
rm_conffile spamassassin "/etc/logcheck/violations.ignore.d/spamassassin"
fi
if dpkg --compare-versions "$2" lt-nl "3.4.2" &&
! command -v systemctl > /dev/null; then
# spamd changed its process name in 3.4.2. If we're running a
# previous version under sysvinit, we need to stop the old
# version
start-stop-daemon --stop --oknodo \
--pidfile /var/run/spamd.pid \
--name /usr/sbin/spamd
fi
esac
#DEBHELPER#