You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/01/28 11:22:43 UTC
[Bug 4111] New: SA does not detect URIs with uppercase scheme (like Http)
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
Summary: SA does not detect URIs with uppercase scheme (like
Http)
Product: Spamassassin
Version: 3.0.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Libraries
AssignedTo: dev@spamassassin.apache.org
ReportedBy: alex-bugzilla@zeitform.de
As discussed on http://www.rulesemporium.com/forums/showthread.php?s=&threadid=83
it looks like SA is not detecting URIs that have a non-lowercase scheme:
Http://www.domain.com is detected
Http://domain.com is not detected
As browsers can open those links, this might be an approach to avoid surbl and
uri rules.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From jeffc@surbl.org 2005-01-29 01:47 -------
OK Thanks for that. Probably 2.64 needs to be patched then.
Daniel, do we just open another ticket and set the version to 2.64?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From wolfgang.zeikat@desy.de 2005-01-29 11:13 -------
could someone put me in Cc: for this bug?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
mewolf1@gmx.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mewolf1@gmx.net
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From wolfgang.zeikat@desy.de 2005-04-13 15:15 -------
(In reply to comment #5)
> OK Thanks for that. Probably 2.64 needs to be patched then.
as i noticed only now, using body instead of uri in rules like
body SPAMCOP_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+2')
fixes the problem in 2.6.4. doh, i had noticed that fixes the problem in simple
uri rules, but didn't try it with the spamcop_uri ones ...
that adequate workaround does not work in my existing 3.0.2 installations tho.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From wolfgang.zeikat@desy.de 2005-01-28 12:16 -------
Can i apply the fix to an existing SA 2.64 / SpamCopURI 0.22 installation
without upgrading the entire SA?
And how about an existing SA 3.* installation?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From wolfgang.zeikat@desy.de 2005-01-30 13:26 -------
and how would you apply the fix to an existing SA 3.* installation where SA
comes from a distributor? can the affected perl module be installed via a CPAN
shell for example?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From jeffc@surbl.org 2005-01-29 02:38 -------
OK Would soemone more familiar with SA rules please consider do that?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From wolfgang.zeikat@desy.de 2005-01-29 10:24 -------
(In reply to comment #7)
> OK Would soemone more familiar with SA rules please consider do that?
and post it here if possible?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From mkettler_sa@comcast.net 2005-06-14 13:03 -------
Can someone identify which version of SA has this fix? Someone marked this bug
as resolved but did not identify what branch got the fix and left the target
milestone as undefined.
It appears to be in the 3.1.0 SVN, and not 3.0.x, but the bug should reflect that.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From wolfgang.zeikat@desy.de 2005-04-22 10:55 -------
(In reply to comment #15)
> Perhaps I should send this in private email, but here goes.
> The patch associated with Comment #1 is as follows:
> ==============================================================================
> --- spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm (original)
> +++ spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm Fri Jan 28
> @@ -1812,7 +1812,7 @@
>
> for (@$textary) {
> # NOTE: do not modify $_ in this loop
> - while (/($uriRe)/go) {
> + while (/($uriRe)/igo) {
> my $uri = $1;
>
> $uri =~ s/^<(.*)>$/$1/;
>
> You could hand edit PerMsgStatus.pm to apply it. The line number for the
> changed code is 1790 for 3.0.2.
Thanks, changing that line doesnt change the behaviour here tho, whereas
changing line 1710 from
my $schemeRE = qr/(?:https?|ftp|mailto|javascript|file)/;
to
my $schemeRE = qr/(?:https?|ftp|mailto|javascript|file)/i;
lets Http:// also be detected
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From quinlan@pathname.com 2005-01-29 02:28 -------
Subject: Re: SA does not detect URIs with uppercase scheme (like Http)
> OK Thanks for that. Probably 2.64 needs to be patched then.
>
> Daniel, do we just open another ticket and set the version to 2.64?
No.
1) There's only a remote chance 2.64 would be revised and then, it would
only be for a severe security issue.
2) Just create a rule for capitalized schemes to compensate, maybe a
meta rule of some sort.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From wolfgang.zeikat@desy.de 2005-04-13 15:58 -------
(In reply to comment #13)
> that adequate workaround does not work in my existing 3.0.2 installations tho.
to clarify the above statement: the 3.0.2 URIBL already uses body rules.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
wolfgang.zeikat@desy.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wolfgang.zeikat@desy.de
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
quinlan@pathname.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From quinlan@pathname.com 2005-01-28 02:40 -------
found the one place this can be missed, fixed it in SVN HEAD, closing as fixed
thanks!
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From wolfgang.zeikat@desy.de 2005-01-29 01:39 -------
(In reply to comment #3)
> First, have you confirmed this is a bug with SpamCopURI under SA 2.64. Have you
> duplicated it there?
yes i have.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From schulz@adi.com 2005-04-14 06:38 -------
Perhaps I should send this in private email, but here goes.
The patch associated with Comment #1 is as follows:
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm Fri Jan 28
@@ -1812,7 +1812,7 @@
for (@$textary) {
# NOTE: do not modify $_ in this loop
- while (/($uriRe)/go) {
+ while (/($uriRe)/igo) {
my $uri = $1;
$uri =~ s/^<(.*)>$/$1/;
You could hand edit PerMsgStatus.pm to apply it. The line number for the
changed code is 1790 for 3.0.2.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From jeffc@surbl.org 2005-01-30 00:06 -------
To clarify, the comment: "Users having these issues with SA 2.64 should upgrade
to SA 3.X" is mine. "I think that makes the most sense" is Eric's.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
------- Additional Comments From jeffc@surbl.org 2005-01-30 00:05 -------
Here is Eric Kolve's response and my suggestion.
> > Took a look at the bug and it looks like SA 2.64 would need
> > to be patched. Since the code that I patch for spamcopuri
> > is the same as what needs to be fixed, I could modify the
> > version I ship to correct this. I don't really like the
> > idea, but it can be done. Though I think it might make
> > more sense for the user to just upgrade...
>
> > --eric
>
> Well it sounds like 2.64 is not going to get officially
> updated or maintained, so perhaps the best thing is to tell
> people to use 3.x.
To which Eric replied:
I think that makes the most sense.
Users having these issues with SA 2.64 should upgrade to SA 3.X
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
felicity@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.1.0
------- Additional Comments From felicity@apache.org 2005-06-14 13:27 -------
the milestone should have been set, but wasn't.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4111] SA does not detect URIs with uppercase scheme (like Http)
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111
jeffc@surbl.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jeffc@surbl.org
------- Additional Comments From jeffc@surbl.org 2005-01-28 22:54 -------
First, have you confirmed this is a bug with SpamCopURI under SA 2.64. Have you
duplicated it there?
I'm not sure to what extent SpamCop URI relies on SA 2.64 for URI extraction and
parsing, but I assume it's extensive. Not sure to what extent an SA 3.0 patch
could be applied to 2.64, or whether that branch is being actively maintained
any longer. Probably there should be a separate ticket for 2.64.
Manually forwarding to SpamCopURI author Eric Kolve.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.