You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by km...@apache.org on 2018/09/08 20:42:12 UTC
svn commit: r1840379 - in /spamassassin/trunk/build: README
announcements/3.4.2.txt
Author: kmcgrail
Date: Sat Sep 8 20:42:11 2018
New Revision: 1840379
URL: http://svn.apache.org/viewvc?rev=1840379&view=rev
Log:
working to keep build process and announcements in sync in trunk and 3.4
Added:
spamassassin/trunk/build/announcements/3.4.2.txt
Modified:
spamassassin/trunk/build/README
Modified: spamassassin/trunk/build/README
URL: http://svn.apache.org/viewvc/spamassassin/trunk/build/README?rev=1840379&r1=1840378&r2=1840379&view=diff
==============================================================================
--- spamassassin/trunk/build/README (original)
+++ spamassassin/trunk/build/README Sat Sep 8 20:42:11 2018
@@ -54,10 +54,9 @@ APACHE SPAMASSASSIN RELEASE PROCEDURE
The output should be blank or look like this:
- ? rulesrc
- ? rules/SIQ.pm
- ? rules/sandbox-hstern.pm
- ? rules/sandbox-felicity.pm
+ ? rules
+ ? rulesrc
+ ? t.rules
(ie., no "M" or "C" files; any files marked "M" have been locally
modified, and should be "svn revert"ed before you continue.)
@@ -110,7 +109,7 @@ APACHE SPAMASSASSIN RELEASE PROCEDURE
$IS_DEVEL_BUILD is 0 even with rc and pre versions because rc and pre
numbers are never reused. Just increment higher each time.
- Full releases: no @EXTRA_VERSION is needed and IS_DEVEL_BUILD is 0.
+ Full releases: @EXTRA_VERSION is blank and IS_DEVEL_BUILD is 0.
- Ensure the new version number takes hold:
@@ -129,6 +128,10 @@ APACHE SPAMASSASSIN RELEASE PROCEDURE
- create the Changes file.
+ NOTE: If you do not use a fresh checkout, you may miss recent entries if
+ you also did development on the same checkout. Use a fresh checkout
+ when making your builds to avoid this issue.
+
MAKE CERTAIN THIS IS RUN IN THE ROOT OF YOUR CHECKOUT!
There are two options here:
@@ -258,7 +261,7 @@ APACHE SPAMASSASSIN RELEASE PROCEDURE
- For a maintainance release candidate(x.y.1-rc1), pre-release (x.y.1-preZ) or alpha (x.y.1-alphaZ):
- vers=3_4_2_pre_5
+ vers=3_4_2_rc_1
#Then run:
Added: spamassassin/trunk/build/announcements/3.4.2.txt
URL: http://svn.apache.org/viewvc/spamassassin/trunk/build/announcements/3.4.2.txt?rev=1840379&view=auto
==============================================================================
--- spamassassin/trunk/build/announcements/3.4.2.txt (added)
+++ spamassassin/trunk/build/announcements/3.4.2.txt Sat Sep 8 20:42:11 2018
@@ -0,0 +1,250 @@
+To: users, dev, announce
+Subject: ANNOUNCE: Apache SpamAssassin 3.4.2 available
+
+Release Notes -- Apache SpamAssassin -- Version 3.4.2
+
+Introduction
+------------
+
+Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
+past three and 1/2 years. As we release 3.4.2, we are preparing 4.0.0 which
+will move us into a full UTF-8 environment. We expect one final 3.4.3
+release.
+
+As with any release there are a number of functional patches, improvements as
+well as security reasons to upgrade to 3.4.2. In this case we have over 3
+years of issues being resolved at once. And we are laying thr groundwork for
+version 4.0 which is is designed to more natively handle UTF-8.
+
+However, there is one specific pressing reason to upgrade. Specifically, we
+will stop producing SHA-1 signatures for rule updates. This means that while
+we produce rule updates with the focus on them working for any release from
+v3.3.2 forward, they will start failing SHA-1 validation for sa-update.
+
+*** If you do not update to 3.4.2, you will be stuck at the last ruleset
+ with SHA-1 signatures in the near future. ***
+
+Many thanks to the committers, contributors, rule testers, mass checkers,
+and code testers who have made this release possible.
+
+Thanks to David Jones for stepping up and helping us found our SpamAssassin
+SysAdmin's group.
+
+And thanks to cPanel for helping making this release possible and contributing
+to the continued development of SpamAssassin. Please visit support.cpanel.net
+with any issues involving cPanel & WHM's integration with SpamAssassin.
+
+Notable features:
+=================
+
+New plugins
+-----------
+There are four new plugins added with this release:
+
+ Mail::SpamAssassin::Plugin::HashBL
+
+The HashBL plugin is the interface to The Email Blocklist (EBL).
+The EBL is intended to filter spam that is sent from IP addresses
+and domains that cannot be blocked without causing significant
+numbers of false positives.
+
+ Mail::SpamAssassin::Plugin::ResourceLimits
+
+This plugin leverages BSD::Resource to assure your spamd child processes
+do not exceed specified CPU or memory limit. If this happens, the child
+process will die. See the BSD::Resource for more details.
+
+ Mail::SpamAssassin::Plugin::FromNameSpoof
+
+This plugin allows for detection of the From:name field being used to mislead
+recipients into thinking an email is from another address. The man page
+includes examples and we expect to put test rules for this plugin into
+rulesrc soon!
+
+ Mail::SpamAssassin::Plugin::Phishing
+
+This plugin finds uris used in phishing campaigns detected by
+OpenPhish (https://openphish.com) or PhishTank (https://phishtank.com) feeds.
+
+These plugins are disabled by default. To enable, uncomment
+the loadplugin configuration options in file v342.pre, or add it to
+some local .pre file such as local.pre .
+
+Notable changes
+---------------
+
+For security reasons SSLv3 support has been removed from spamc(1).
+
+The spamd(1) daemon now is faster to start, thanks to code optimizations.
+
+Four CVE security bugs are included in this release for PDFInfo.pm and the
+SA core:
+ CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
+
+In sa-update script, optional support for SHA-256 / SHA-512 in addition
+to or instead of SHA1 has been added for better validation of rules.
+See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7614 for information
+on the end of SHA-1 signatures which will be the end of rule updates for
+releases prior to 3.4.2.
+
+Security updates include security improvements for TxRep, tmp file creation
+was hardened, the group list and setuid is hardened for spamd workers,
+eval tests have been hardened (Thanks to the cPanel Security Team!),
+a bug in earlier Perl versions that caused URIs to be skipped has been
+identified, and UTF-16 support is improved.
+
+GeoIP2 support has been added to RelayCountry and URILocalBL plugins due
+to GeoIP legacy API deprecations.
+
+New configuration options
+-------------------------
+
+A new template tag _DKIMSELECTOR_ that maps to the DKIM selector (the 's' tag)
+from valid signatures has been added.
+
+A 'uri_block_cont' option to URILocalBL plugin to score uris per continent has been added.
+Possible continent codes are:
+af, as, eu, na, oc, sa for Africa, Asia, Europe, North America,
+Oceania and South America.
+
+The 'country_db_type' and 'country_db_path' options has been added to be able
+to choose in RelayCountry plugin between GeoIP legacy
+(discontinued from 04/01/2018), GeoIP2, IP::Country::Fast
+and IP::Country::DB_File.
+GeoIP legacy is still the default option but it will be deprecated
+in future releases.
+
+A config option 'uri_country_db_path' has been added to be able to choose
+in URILocalBL plugin between GeoIP legacy and new GeoIP2 api.
+
+A config option 'resource_limit_cpu' (default: 0 or no limit) has been added
+to configure how many cpu cycles are allowed on a child process before it dies.
+
+A config option 'resource_limit_mem' (default: 0 or no limit) has been added
+to configure the maximum number of bytes of memory allowed both for
+(virtual) address space bytes and resident set size.
+
+A new config option 'report_wrap_width' (default: 70) has been added
+to set the wrap width for description lines in the X-Spam-Report header.
+
+Notable Internal changes
+------------------------
+
+SpamAssassin can cope with new Net::DNS module versions.
+The "bytes" pragma has been remove from both core modules and plugins for
+better utf-8 compatibility, there has been also some other utf-8 related fixes.
+The spamc(1) client can now be build against OpenSSL 1.1.0.
+The test framework has been switched to Test::More module.
+
+Other updates
+-------------
+
+Documentation was updated or enhanced. Project's testing and evaluation
+hosts and tools running on the ASF infrastructure were updated.
+
+A list of top-level domains in registrar boundaries was updated.
+
+Optimizations
+-------------
+
+Faster startup of the SpamAssassin daemon.
+Spamc client now correctly free(3) all the memory it uses.
+
+Downloading and availability
+----------------------------
+
+Downloads are available from:
+
+http://spamassassin.apache.org/downloads.cgi
+
+sha256sum of archive files:
+
+ f5562f0779be2b84d7f0fd55faf15338e65938eafbba94cfae2f09f134dedcea Mail-SpamAssassin-3.4.2-rc1.tar.bz2
+ 7996c062bcb0d4160944fc25dde005fb4bc94a9e65597fda85e2c93b156c2220 Mail-SpamAssassin-3.4.2-rc1.tar.gz
+ ac20095aa6f8922ba472b0a3b4eb51ef03515e8cffb82bc3f5c37b39d050d1bd Mail-SpamAssassin-3.4.2-rc1.zip
+ 297fb75d61566e948e138a6c56efb6df36d22ae2da28a0f16508fa6ffae2a7e4 Mail-SpamAssassin-rules-3.4.2-rc1.r1840104.tgz
+
+sha512sum of archive files:
+
+ 156c3c91616d81e65f010b4bb6147b1b919586d12ea252b7b934a1f9755a7dd8c1ca9812a266d9987d01591dbc2ea5115f62dbde10650da91c68dd49cd8c6388 Mail-SpamAssassin-3.4.2-rc1.tar.bz2
+ fc63cdd1261236d91edf7e2468fb18f5daefa2e2ead55fa052a6fa1b16b2085cc7ea6ca7569bd24f9c5adfcbd01de83eb0d7c105a54ab2a89181e120c998f0b3 Mail-SpamAssassin-3.4.2-rc1.tar.gz
+ 8934a71a244ff9ca73843b6e015deb6dd1e8e053f8f9e08688675c6fba51c6e342e3cfe045a4541632ac8c22a60cac64f2c061eab33566d7b6ff5f409f8e3497 Mail-SpamAssassin-3.4.2-rc1.zip
+ ecde74b54b69b9d2ca54fcf027d81e5b234e55ceef957818e464a1db842d5e08a31bae91958c13c1f3e71880971d98f86c6713a586476fd6a048d60abfeb60f8 Mail-SpamAssassin-rules-3.4.2-rc1.r1840104.tgz
+
+Note that the *-rules-*.tar.gz files are only necessary if you cannot,
+or do not wish to, run "sa-update" after install to download the latest
+fresh rules.
+
+See the INSTALL and UPGRADE files in the distribution for important
+installation notes.
+
+
+GPG Verification Procedure
+--------------------------
+The release files also have a .asc accompanying them. The file serves
+as an external GPG signature for the given release file. The signing
+key is available via the wwwkeys.pgp.net key server, as well as
+http://www.apache.org/dist/spamassassin/KEYS
+
+The key information is:
+
+pub 4096R/F7D39814 2009-12-02
+ Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814
+uid SpamAssassin Project Management Committee <pr...@spamassassin.apache.org>
+uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <de...@spamassassin.apache.org>
+sub 4096R/7B3265A5 2009-12-02
+
+To verify a release file, download the file with the accompanying .asc
+file and run the following commands:
+
+ gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814
+ gpg --verify Mail-SpamAssassin-3.4.1.tar.bz2.asc
+ gpg --fingerprint F7D39814
+
+Then verify that the key matches the signature.
+
+Note that older versions of gnupg may not be able to complete the steps
+above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11
+worked flawlessly.
+
+See http://www.apache.org/info/verification.html for more information
+on verifying Apache releases.
+
+
+About Apache SpamAssassin
+-------------------------
+
+Apache SpamAssassin is a mature, widely-deployed open source project
+that serves as a mail filter to identify spam. SpamAssassin uses a
+variety of mechanisms including mail header and text analysis, Bayesian
+filtering, DNS blocklists, and collaborative filtering databases. In
+addition, Apache SpamAssassin has a modular architecture that allows
+other technologies to be quickly incorporated as an addition or as a
+replacement for existing methods.
+
+Apache SpamAssassin typically runs on a server, classifies and labels
+spam before it reaches your mailbox, while allowing other components of
+a mail system to act on its results.
+
+Most of the Apache SpamAssassin is written in Perl, with heavily
+traversed code paths carefully optimized. Benefits are portability,
+robustness and facilitated maintenance. It can run on a wide variety of
+POSIX platforms.
+
+The server and the Perl library feels at home on Unix and Linux platforms
+and reportedly also works on MS Windows systems under ActivePerl.
+
+For more information, visit http://spamassassin.apache.org/
+
+
+About The Apache Software Foundation
+------------------------------------
+
+Established in 1999, The Apache Software Foundation provides
+organizational, legal, and financial support for more than 100
+freely-available, collaboratively-developed Open Source projects. The
+pragmatic Apache License enables individual and commercial users to
+easily deploy Apache software; the Foundation's intellectual property
+framework limits the legal exposure of its 2,500+ contributors.
+
+For more information, visit http://www.apache.org/