Guillem Jover authored May 15, 2021 and Noah Meyerhans committed May 29, 2021

While the init script is still left supporting the variable being set
to 0 to disallow the execution of the service, we stop supporting the
variable on configure as otherwise this forcefully disables the service
on upgrades on sysvinit systems, even when the daemon is currently
running, as ENABLED is now gone from /etc/default/spamassassin, which
means the user configuration will not be preserved anymore.

Closes: #947086

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7848

Drop patches already incorporated upstream, including half of
debian/patches/bug_766718-net-dns-vers

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7891

Upstream bugs fixed in the 3.4 branch following the 3.4.5-pre1
release:

    Bug 7892 - T_KAM_HTML_FONT_INVALID false positive for " !important"
    Bug 7897 - URIDNSBL does not trigger meta rules anymore
    Bug 7851 - charset=ascii is not recognized, leading to MIME_CHARSET_FARAWAY hit
    Bug 7857 - <a data-saferedirecturl="">
    Bug 7866 - TextCat: Improper language classification on URIs in plain/text
    Bug 7871 - URILocalBL does not instantiate Geo::IP correctly for the ISP database
    Bug 7879 - Body Length without Signature
    svn commit 1886188 - do not consider oleobject1.bin files as bad, they could also be images
    Bug 7777 - askdns problem with multi-valued resource records
    Bug 7875 - AskDNS plugin does not correctly handle CNAMEs leading to TXTs
    Bug_7848 - Rule parser doesn't support nested if/ifplugins

postinst: Fix perms only if dir exists

See merge request debian/spamassassin!5

If spamassassin is installed via the debian installer while
start-stop-daemon is diverted via dpkg-divert, sa-compile will not have
run, so the output dir doesn't exist when the postinst script tries to
change its permissions. That causes an error while configuring
sa-compile.

Fix that by checking if the dir exists.

This may still mean the permissions aren't set properly after the
package has been installed (because dpkg-diverting start-stop-daemon
means that sa-compile hasn't been run), but at least the package
installs now. If you run sa-compile manually afterwards you can set the
permissions correctly afterwards as well.

Closes: #977957

During the second build round in the reprotest job, the unit test suite is
failing.  This change disables the reprotest suite in order to avoid masking
pipeline failures caused by failures in other jobs.  Reprotest should be
re-enabled as soon as possible.

There were more python2 requirements than just the Depends line in
debian/tests/control.  Rather than update to python3, I replaced the tests with
equivalent bash-based tests and dropped the python dependencies entirely.

Closes: #967039

Pulled fixes for the following from upstream's svn:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7810
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7817
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7834

Replace python with python3 in autopkgtest dependencies in support of the
python2 removal effort

Closes: #967039

Closes: #964060

Retroactively document these fixes, which were not publicly documented when
3.4.4-rc1 was released by upstream.

We don't use gbp to construct an orig tarball, since upstream sources aren't
tracked in this repository.

This lintian check is intended to identify postinst scripts that are using
s-s-d to start long-lived daemons, when invoke-rc.d should be used for that
purpose.  In spamassassin's case, s-s-d is only used to invoke the short-lived
sa-update and sa-compile programs with the appropriate uid/gid and environment.

Upstream is not entirely consistent with their tagging convention.  Case in
point, tags/spamassassin_release_3_4_4 exists, refers to 3.4.4~rc1.  This
change adds the ability to override the snapshot location, rather than deriving
it from the latest version in debian/changelog.  In general we want to use the
version from the changelog, so print a warning whenever the override is used.

    - CVE-2018-11805: Malicious rules files, possibly retrieved
      automatically via sa-update, can run arbitrary commands.
    - CVE-2019-12420: A message can be crafted in a way to use excessive
      resources, resulting in a denial of service.

Fix some issues reported by lintian

See merge request debian/spamassassin!3

Fixes lintian: uses-debhelper-compat-file
See https://lintian.debian.org/tags/uses-debhelper-compat-file.html for more details.

+ Use dh_installsystemd rather than deprecated dh_systemd_enable.
+ Use dh_installsystemd rather than deprecated dh_systemd_start.

Fixes lintian: package-uses-old-debhelper-compat-version
See https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html for more details.

Fixes lintian: debian-watch-uses-insecure-uri
See https://lintian.debian.org/tags/debian-watch-uses-insecure-uri.html for more details.