--- razor-2.85.orig/debian/changelog +++ razor-2.85/debian/changelog @@ -0,0 +1,470 @@ +razor (1:2.85-4build1) precise; urgency=low + + * Rebuild for Perl 5.14. + + -- Colin Watson Wed, 16 Nov 2011 01:10:20 +0000 + +razor (1:2.85-4) unstable; urgency=low + + * [7e80fb6] Add use-Digest-SHA.patch to use Digest::SHA instead of + Digest::SHA1 and drop libdigest-sha1-perl (Build-)Depends. + Thanks to Salvatore Bonaccorso (Closes: #624579) + + -- Giuseppe Iuculano Sat, 28 May 2011 16:46:31 +0200 + +razor (1:2.85-3) unstable; urgency=low + + * [1ac1321] Adopting razor, thanks to Francois Marier and Corrin + Lakeland for the prior work on razor (Closes: #521390) + * [a45a504] Switch to quilt + * [1244161] debian/control: Updated VCS and added DM-Upload-Allowed + fields + * [1d4c95a] debian/rules: Use dh_installlogcheck to install the + logchek ignore file + * [1b83e29] + debian/patches/02_fix_empty_attachments_identified_as_spam.patch: + Empty attachments might be identified as spam, fixed + * [bdce9d8] debian/patches/03_accept_relative_path.patch: Do not chdir + to / prior to trying to open the file. (Closes: #242174) + + -- Giuseppe Iuculano Fri, 27 Mar 2009 18:33:46 +0100 + +razor (1:2.85-2) unstable; urgency=low + + * Orphan this package at the request of the MIA team (closes: #519352) + * Bump Standards-Version up to 3.8.1 + * Bump debhelper compatibility and dependency to 7 + * debian/rules: make use of dh_prep + + -- Francois Marier Thu, 19 Mar 2009 20:55:52 +1300 + +razor (1:2.85-1) unstable; urgency=low + + * New upstream release (no code changes, new license) + * Update copyright file since the license has changed + * Bump Standards-Version up to 3.8.0 (no changes) + * Bump debhelper compatibility and dependency to 6 + + -- Francois Marier Wed, 23 Jul 2008 13:25:06 +1200 + +razor (1:2.84-6) unstable; urgency=low + + * Clarify which user account needs to register in README.Debian + (closes: #457429) + * Add missing perl dependencies through ${perl:Depends} (closes: #463145) + + -- Francois Marier Wed, 30 Jan 2008 11:37:27 +1300 + +razor (1:2.84-5) unstable; urgency=low + + * Fix sf.net URL in the watch file (closes: #453533) + * Bump Standards-Version to 3.7.3 (no changes) + * Fix typo in Vcs-Svn + * Remove vim variables at the end of the changelog + * Remove empty directory in debian/rules + + -- Francois Marier Tue, 11 Dec 2007 13:19:58 +1300 + +razor (1:2.84-4) unstable; urgency=low + + * Add the "missingok" option to logrotate (closes: #450397). + Thanks to OHURA Makoto for the patch! + * Rename the XS-Vcs-* fields to Vcs-* + + -- Francois Marier Tue, 20 Nov 2007 15:49:28 +1300 + +razor (1:2.84-3) unstable; urgency=low + + * Set the default logfile to be /var/log/razor-agent.log + (closes: #285406, #448140) + * Provide a logrotate file + * Remove README.Logging + + -- Francois Marier Sat, 03 Nov 2007 22:50:01 +1300 + +razor (1:2.84-2) unstable; urgency=low + + * Add a watch file + * Set the homepage field in debian/control + * Add a few entries in the logcheck ignore file + + -- Francois Marier Wed, 31 Oct 2007 15:08:30 +1300 + +razor (1:2.84-1) unstable; urgency=low + + * New upstream release (closes: #417399) + + * debian/control: + * Add myself to uploaders with maintainer's permission + * Mention svn repository (collab-maint) in debian/control + * Bump Standards-Version to 3.7.2 + * Increase the versioned dependency on debhelper + * debian/rules: + * Remove unncessary commented-out lines + * Add an empty binary-indep target (closes: #395749) + * Log to syslog by default to work-around root directory bug (closes: #247057, #425437) + * Fix "make distclean" lintian warning + * Make use of the CURDIR environment variable everywhere + * Move some directory creations to debian/dirs + * Remove broken PERL5LIB lines + * debian/compat: Set debhelper compatibility to 5 + + * README.Debian: Remove obsolete "razor-client" line (closes: #384035) + * README.Logging: Update for the change to the default logfile + + * Introduce an epoch to sync version numbers with upstream + * Install a logcheck ignore file (closes: #270559) + * Put all of the Makefiles in the right section (fixes lintian warnings) + + -- Francois Marier Wed, 17 Oct 2007 14:59:44 +1300 + +razor (2.810-2) unstable; urgency=low + * Removed incorrect dependency for sid (Closes: #361033) + + -- Corrin Lakeland Fri, 7 Apr 2006 09:42:29 +1200 + +razor (2.810-1) unstable; urgency=low + + * New version, (Closes: #360199) + Razor is finally free again + + -- Corrin Lakeland Wed, 5 Apr 2006 14:42:29 +1200 + +razor (2.720-2) unstable; urgency=medium + + * New upstream + * Fix to corrupted emails crashing razor (Closes: #314433) + * Sys-syslog logging is still broken in this release. I wanted to get this + release out quickly to avoid the potential DOS attack. + + -- Corrin Lakeland Fri, 24 Jun 2005 10:21:35 +1200 + +razor (2.710-1) unstable; urgency=low + + * New upstream, minor bug fix. + + -- Corrin Lakeland Thu, 16 Jun 2005 14:21:30 +1200 + +razor (2.700-1) unstable; urgency=low + + * New upstream, mostly bug-fixes. Lets hope this finally fixes /.razor + + -- Corrin Lakeland Thu, 16 Jun 2004 12:44:38 +1200 + +razor (2.670-2) unstable; urgency=low + + * Removed dependency on nilsisma (Closes: #294494) + + -- Corrin Lakeland Fri, 11 Feb 2005 10:15:49 +1300 + +razor (2.670-1) unstable; urgency=low + + * Lots of changes, mostly upstream fixes meaning we need fewer fixes. + * Upgrade to latest stable release (Closes: #261506) + * Don't include upstream changelogs in debian changes (Closes: #292181) + * Fixed typos (Closes: #288558, #281098) + * RAZOR_HOME is now derived automatically and cannot be manually set. + The logic for deriving it automatically has been improved so you + shouldn't see any problems unless they're trying to do something odd. + I'm going to close the old bug reports about logging to / because + I cannot reproduce them at all with this version + (Closes: #269723, #262765, #247057) + This also fixes the potential security concerns with logging to /tmp + as logging to /tmp should never happen now. (Closes: #292420) + For all users, the default configuration file is + /etc/razor/razor-agent.conf unless this file does not exist. + Any user, including root, can override this default by creating a + file ~/.razor/razor-agent.conf. If the latter file exists, then the + file in /etc will be ignored. Note that this behaviour is different + to previous versions of razor. + * Patches to support tainting have been included upstream and are no longer + applied specifically for debian. + * Mentions syslog in man page (Closes: #278981) + * No known missing dependencies (Closes: #271809) -- reopen if you know any + * Logcheck from is included (Closes #270559). + It has not been enabled by default mostly because razor does not use + syslog by default so I'd rather not rotate a log file that probably does + not exist. + * Better timeouts when the servers are unavailable. This still isn't + totally fixed but I think it is sufficiently fixed to close the bug + reports. To summarise: Networks are unreliable and sometimes cloudmark + will be down, but sometimes it is just slow. Razor waits a while and then + gives up. Some programs get impatient and terminate razor while it is + still waiting. (Closes: #213227, #176013) + -- Corrin Lakeland Thu, 10 Feb 2005 08:30:06 +1300 + +razor (2.610-2) unstable; urgency=low + + * No major changes, mostly clearing out old bug reports. + * Incomporated upstream change of the default logic method to 5 + instead of 4. The difference in logic method relates to messages + with multiple MIME components. If the method is 4 then any nonspam + MIME component says the message is nonspam, while method 5 classifies + components as 'disputed' and resolves based on the rest of the message. + + Using method 4 makes it trivial for spammers to bypass razor (by adding + a nonspam mime component to every spam) but in the past method 5 + resulted in some valid emails being marked as spam (because they + included a background picture that was also used in spams.) Vipul + believes the problems with method 5 have been resolved and we should + use the method that is harder to bypass. + * Source code tweaks to assist with logging (Closes #262765, #269723) + Thanks to Rene Konasz + * Latest version is now in Debian (Closes #261506) + * Added a readme explaining how to log via syslog (Closes: #262711) + * Support for logrotate will not be added; users wanting this should log via + syslog, which already supports logrotate (Closes: #255937) + * Revised the readme about razor-register (Closes: #268383) + * As far as I can see, this leaves one bug outstanding -- when + razor is unable to access cloudmark it gets unhappy. This bug is present + in all versions of razor. Hopefully it will be fixed one day. + + -- Corrin Lakeland Mon, 6 Sep 2004 10:20:46 +1200 + +razor (2.610-1) unstable; urgency=low + + * New upstream + + -- Corrin Lakeland Sat, 7 Aug 2004 18:01:34 +1200 + +razor (2.400-3) unstable; urgency=low + + * Also reapplied Findlay's patch which prevents razor logging to / + * This should be much less important now since people running razor system + * wide should probably be using syslog instead of file. + * Closing some old bugs related to this (Closes: #153619, #151415) + + -- Corrin Lakeland Sun, 13 Jun 2004 19:44:38 +1200 + +razor (2.400-2) unstable; urgency=low + + * First real attempt at fixing tainting issues + * Added an extra ugly untaint to Config.pm, specifically + * untainting the filename. I'm not entirely happy about this, but + * I can't see any better solutions. Superficial code analysis implies + * it won't add any security holes (it would require the cracker to have + * write permission to the system wide configuration file in order to + * hijack razor, and that file should have at least as tight permissions as + * the razor process so a cracker with access to that file won't gain + * much (perhaps another method to add a backdoor for themselves?) + + -- Corrin Lakeland Sun, 30 May 2004 18:14:43 +1200 + +razor (2.400-1) unstable; urgency=low + + * New upstream (quite a big change) + * + * Razor now supports syslog! (Lots of you have asked for this) + * + * If you are using razor system wide rather than per user, then + * turn on syslog logging for proper log support, log rotation, etc. + * Without syslog, razor logs to RAZOR_HOME, which defaults to /tmp. + * I am not going to change the default RAZOR_HOME to /var/log as one + * person requested because people that would not work for individual + * users (no write permission). + * + * I'm going to say that this change closes the bug request for logging + * to /var/log since syslog provides this (Closes: #240525) + * + * Updated the readme, making it clear razor-admin must be run + * (Closes: #234043) + * + * This code now integrates the variable tainting directly, so if it doesn't + * work for you, please report it as a bug. + + -- Corrin Lakeland Sat, 3 Apr 2004 11:45:56 +1200 + +razor (2.361-3) unstable; urgency=low + + * Applied patch to log somewhere sensible instead of / + * Thanks to Duncan Findlay (Closes: #166012) + + -- Corrin Lakeland Thu, 18 Dec 2003 18:26:16 +1300 + +razor (2.361-2) unstable; urgency=low + + * Applied patch to work with spamassassin from + http://www.ijs.si/software/amavisd/Razor2.patch-quinlan + (Closes: #211097, #212647) + + -- Corrin Lakeland Fri, 10 Oct 2003 04:30:28 +0200 + +razor (2.361-1) unstable; urgency=low + + * Changed back to being a debian native package. Sorry all, stupid mistake + (Closes: #214579). The orig.tar.gz is from upstream and should match MD5 + * I had to bump the version number in order for it to allow a new release, + so this is _not_ a new upstream. + + -- Corrin Lakeland Tue, 7 Oct 2003 21:32:40 +0200 + +razor (2.360-1) unstable; urgency=low + + * Changed version to 2.360 (Closes: #213093) + + -- Corrin Lakeland Fri, 3 Oct 2003 22:26:57 +0200 + +razor (2.220-3) unstable; urgency=low + + * Changed depends on libc6 to ${shlibs:Depends} as suggested by Santiago + Vila. This makes it easier to keep the dependancies working. + + + -- Corrin Lakeland Thu, 27 Mar 2003 09:23:47 +1200 + +razor (2.220-2) unstable; urgency=low + + * Changed depends on libc6 to support alpha (Closes: #186189) + + -- Corrin Lakeland Tue, 25 Mar 2003 15:57:23 +1200 + +razor (2.220-1) unstable; urgency=low + + * Upgrade to 2.22 (Closes #170752) + * Depends on libc6 to make woody backporting safer (Closes: #181115) + * Include the man5 directory (Closes: #181035, #163445, #161712) + * Change default logic method to 5 (Closes: #178470) + * There is a serious bug with razor that means an email cotaining + * a MIME part that is known spam is by default considered spam. There + * have been various workarounds but none are working yet. This decision + * makes it trivial to bypass razor but is probably a better temporary + * measure than false positives + -- Corrin Lakeland Mon, 24 Mar 2003 16:06:16 +1200 + +razor (2.200-2) unstable; urgency=low + + * Fixed missing export of PERL5LIB based on patches from several people + * (Closes: 176011) + * The timeout problem and a couple others (# 171227) may be fixed, + * but I'm not confident enough to close the bug report yet + + -- Corrin Lakeland Sat, 18 Jan 2003 21:55:47 +1300 + +razor (2.200-1) unstable; urgency=low + + * New upstream + * Various fixes suggested by Santiago Vila + * First steps towards fixing log problems (no bugs closed yet) + * Note that 2.20 (and before) have a bug relating to MIME handling. + * This causes them to sometimes tag valid messages as spam. + * this has been fixed in 2.22 which is considered too unstable to release + + -- Corrin Lakeland Tue, 26 Nov 2002 14:57:36 +1300 + +razor (2.152-4) unstable; urgency=low + + * Fix to logic in postinst (designed to make users not notice bug + if upgrading from 2.14-2) (Closes: #162833) + + -- Corrin Lakeland Tue, 1 Oct 2002 09:39:42 +1200 + +razor (2.152-3) unstable; urgency=low + + * Fixed build depends (Patch from: lamont+buildd) (Closes: #162661) + + -- Corrin Lakeland Sun, 29 Sep 2002 09:21:50 +1200 + +razor (2.152-2) unstable; urgency=low + + * Fixed syntax error in postinst + + -- Corrin Lakeland Sat, 28 Sep 2002 08:52:07 +1200 + +razor (2.152-1) unstable; urgency=low + + * New upstream + * Fixed incorrect removal of symlinks which prevented regeneration + * (Closes: #162266) + * Razor no longer auto registers. For most sites the users are the + * ones that report spam so they must register seperatly. In the case + * of single user machines, seeing a debconf question was likely to cause + * confusion with the user thinking they had already registered. + * If I get any complaints I'll put it back with priorty=low and/or + * put a note in. + * As a side effect this fixes a packaging bug (Closes: #161711) + * Thanks to new HTML.c this package is now arch:any rather than all. + + -- Corrin Lakeland Thu, 26 Sep 2002 21:03:29 +1200 + +razor (2.14-4) unstable; urgency=low + + * Removed debconf calls. Some people will want to register razor system + * wide, but more people will want to register as an ordinary user. + + -- Corrin Lakeland Sun, 22 Sep 2002 14:58:16 +1200 + +razor (2.14-3) unstable; urgency=low + + * Many more fixes from Santiago Vila + * Some minor changes to the default configuration file + * This still needs some work so expect it to change a bit over the + * next few releases + + -- Corrin Lakeland Sun, 22 Sep 2002 11:21:19 +1200 + +razor (2.14-2) unstable; urgency=low + + * Many fixes from Santiago Vila + * Changed "libtime-hires-perl" to "libtime-hires-perl | perl (>= 5.8)" + * since perl-5.8 now provides Time::HiRes (as suggested by Joey Hess). + * Changed Provides: to razor2 + * Moved the call of razor-client to rules rather than postinst + * + -- Corrin Lakeland Sat, 21 Sep 2002 15:19:49 +1200 + +razor (2.14-1) unstable; urgency=low + + * New upstream version (now works with spamassassin) + * (Closes: #154682, #161068) + * New version fixes spamassassin incompatability (Closes: #143471) + * New version no longer includes (Closes: #148488) + * New version makes razor-report bug unreproducable (Closes: #143370) + * New maintainer: Corrin Lakeland + * Added .orig file downloaded from razor.sourceforge.net. + * razor is no longer incorrectly classified as debian native + * Moved /.razor.lst to /var/cache/razor/.razor.lst + * (Closes: #155734, #150415) + * Applied by hand the parts of David Kilzer's patch that still applied + * (Closes: #125940, #157413) + * Added a README.Debian from Francois Marier (Closes: #152519) + * Added a man page for razor-client + * The following fixes were added by Robert but the bugs weren't closed: + * Depends on libmime-base64 (Closes: #150658) + * Depends on libnet-dns-perl (it always has??) (Closes: #150296) + * Depends on libdigest-hmac-perl (Closes: #149738) + + -- Corrin Lakeland Sat, 21 Sep 2002 10:36:07 +1200 + +razor (1.20-1) unstable; urgency=low + + * New upstream version (Closes: #130612) + * Depend on fresher libtime-hires-perl version (Closes: #132948, #134711) + * removed INSTALL file from deb (Closes: #135554) + * moved pod that wasn't to manpage that is. (Closes: #138303) + + -- Robert van der Meulen Mon, 15 Apr 2002 21:21:14 +0200 + +razor (1.19-1) unstable; urgency=low + + * New upstream release + * This upstream fixes 125938 - (Closes: #125938) + * Added default razor.conf and razor.lst (Closes: #125940) + + -- Robert van der Meulen Mon, 15 Apr 2002 21:10:01 +0200 + +razor (1.17-1) unstable; urgency=low + + * New upstream release (Closes: #122791) + * Removed unneeded dirs (Closes: #122882) + * Fixed typo in copyright (Closes: #122624) + * Added manpage for razor.conf (Closes: #122515, #123093) + * Provides: librazor-perl added (Closes: #122898) + + -- Robert van der Meulen Mon, 10 Dec 2001 20:10:36 +0100 + +razor (1.13-1) unstable; urgency=low + + * Initial Release. + + -- Robert van der Meulen Wed, 28 Nov 2001 18:04:27 +0100 + --- razor-2.85.orig/debian/rules +++ razor-2.85/debian/rules @@ -0,0 +1,74 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +include /usr/share/quilt/quilt.make + +configure: configure-stamp +configure-stamp: + dh_testdir + touch configure-stamp + +build: $(QUILT_STAMPFN) configure-stamp build-stamp +build-stamp: + dh_testdir + perl Makefile.PL INSTALLDIRS=vendor + $(MAKE) + pod2text Changes > changelog + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + [ ! -f Makefile ] || $(MAKE) realclean + rm -f changelog + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + $(MAKE) install PREFIX=$(CURDIR)/debian/razor/usr \ + INSTALLMAN5DIR=$(CURDIR)/debian/razor/usr/share/man/man5 + echo "# See razor-agent.conf (5)" > $(CURDIR)/debian/razor/etc/razor/razor-agent.conf + echo "# Change this to 5 for safer classification of MIME attachments. This will let more spam through" >> $(CURDIR)/debian/razor/etc/razor/razor-agent.conf + echo "logic_method = 4" >> $(CURDIR)/debian/razor/etc/razor/razor-agent.conf + echo "# Change the next line to a file to stop using syslog" >> $(CURDIR)/debian/razor/etc/razor/razor-agent.conf + echo "logfile = /var/log/razor-agent.log" >> $(CURDIR)/debian/razor/etc/razor/razor-agent.conf + cp $(CURDIR)/blib/man5/* $(CURDIR)/debian/razor/usr/share/man/man5 + cp $(CURDIR)/debian/razor-client.1p $(CURDIR)/debian/razor/usr/share/man/man1 + mv $(CURDIR)/debian/razor/usr/lib/perl5/Razor2/* $(CURDIR)/debian/razor/usr/share/perl5/Razor2/ + rmdir $(CURDIR)/debian/razor/usr/lib/perl5/Razor2 + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs + dh_installexamples + dh_installmenu + dh_installcron + dh_installman + dh_installinfo + dh_installchangelogs changelog + dh_installlogrotate + dh_installlogcheck + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_perl + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-arch binary-indep +.PHONY: build clean binary-indep binary-arch binary install configure --- razor-2.85.orig/debian/watch +++ razor-2.85/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://sf.net/razor/razor-agents-([\d.]*).tar.bz2 --- razor-2.85.orig/debian/razor.logcheck.ignore.server +++ razor-2.85/debian/razor.logcheck.ignore.server @@ -0,0 +1,6 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ check\[[0-9]+]: \[ 2\] \[bootup\] Logging initiated LogDebugLevel=[0-9] to sys-syslog$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ check\[[0-9]+]: \[ 3\] mail [0-9]+ is (not )?known spam\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ report\[[0-9]+\]: \[ 3\] Finished report.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ revoke\[[0-9]+\]: \[ 3\] Sent revoke.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ check\[[0-9]+\]: spamd: server killed by SIGTERM, shutting down$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ check\[[0-9]+\]: spamd: server started on port [0-9]+/tcp \(running version [0-9.]+\)$ --- razor-2.85.orig/debian/razor-client.1p +++ razor-2.85/debian/razor-client.1p @@ -0,0 +1,36 @@ +.\" Hey, EMACS: -*- nroff -*- +.TH RAZOR-CLIENT 1p "September 21, 2002" +.\" +.SH NAME +razor-client \- Meta program for the razor utilities +.SH SYNOPSIS +Do not call this program directly, instead call the symlinks: +.BI razor\-check +.BI razor\-report +.BI razor\-revoke +.BI razor\-admin +.SH DESCRIPTION +This manual page briefly documents +.B razor\-client\c +, the razor metaprogram. +.br +This manual page was written for the Debian GNU/Linux distribution +because the original program does not have a manual page. +Instead, the subcommands are documented; to access this information, type +.nf +.I man razor\-check +.I man razor\-report +.I man razor\-revoke +.I man razor\-admin +.fi +.PP +.SH SEE ALSO +.I razor\-check\c +.I razor\-report\c +.I razor\-revoke\c +.I razor\-admin\c +.SH AUTHORS +Vipul Ved Prakash +.br +This manual page was written by Corrin Lakeland , +for the Debian GNU/Linux system (but may be used by others). --- razor-2.85.orig/debian/compat +++ razor-2.85/debian/compat @@ -0,0 +1 @@ +7 --- razor-2.85.orig/debian/README.Debian +++ razor-2.85/debian/README.Debian @@ -0,0 +1,25 @@ +Reporting Spam with razor +-------------------------- + +Razor requires you to be registered before you can report spam. For a user to +setup an account with the Vipul's Razor spam-reporting system (highly +recommended) simply run the following commands. The distributed and +collaborative system that makes razor so useful relies on user reports. + + $ razor-admin --create [creates the razor home] + $ razor-admin --register [registers an account] + +The user account from which razor is run is the one that needs to execute the +above commands. + + +Razor and SpamAssassin +----------------------- + +If you intend to use Razor as an add-on to Spamassassin (a perl-based spam +filter using text analysis), you do not need to change the default +configuration of either programs. Spamassassin will automatically look for +Razor and use it if available. + +Reporting spam using SpamAssassin will require the root user to be registered +using the commands above. --- razor-2.85.orig/debian/control +++ razor-2.85/debian/control @@ -0,0 +1,29 @@ +Source: razor +Section: mail +Priority: optional +Maintainer: Giuseppe Iuculano +Build-Depends: debhelper (>= 7), libnet-dns-perl, libtime-hires-perl | perl (>= 5.8), liburi-perl, quilt (>= 0.40) +Standards-Version: 3.8.1 +Homepage: http://razor.sourceforge.net +Vcs-git: git://git.debian.org/git/users/derevko-guest/razor.git +Vcs-Browser: http://git.debian.org/?p=users/derevko-guest/razor.git +DM-Upload-Allowed: yes + +Package: razor +Architecture: any +Depends: ${shlibs:Depends}, libdigest-hmac-perl, libdigest-md5-perl, libmime-base64-perl, libnet-dns-perl, libtime-hires-perl | perl (>= 5.8), libtest-simple-perl, liburi-perl, ${perl:Depends} +Provides: librazor2-perl +Description: spam-catcher using a collaborative filtering network + Vipul's Razor is a distributed, collaborative, spam detection and + filtering network. Razor establishes a distributed and constantly updating + catalogue of spam in propagation. This catalogue is used by clients to + filter out known spam. On receiving a spam, a Razor Reporting Agent (run + by an end-user or a troll box) calculates and submits a 20-character unique + identification of the spam (a SHA Digest) to its closest Razor + Catalogue Server. The Catalogue Server echos this signature to other + trusted servers after storing it in its database. Prior to manual + processing or transport-level reception, Razor Filtering Agents (end-users + and MTAs) check their incoming mail against a Catalogue Server and filter + out or deny transport in case of a signature match. Catalogued spam, once + identified and reported by a Reporting Agent, can be blocked out by the + rest of the Filtering Agents on the network. --- razor-2.85.orig/debian/dirs +++ razor-2.85/debian/dirs @@ -0,0 +1,9 @@ +etc +etc/razor +etc/logcheck/ignore.d.server +usr/bin +usr/share/doc/razor +usr/share/man/man1 +usr/share/man/man5 +usr/share/perl5/Razor2 +var/cache/razor --- razor-2.85.orig/debian/copyright +++ razor-2.85/debian/copyright @@ -0,0 +1,182 @@ +This package was first put together by Robert van der Meulen +and Corrin Lakeland . + +The source for this package was taken from http://razor.sourceforge.net + +Upstream Author: Vipul Ved Prakash + +Copyright: (c) 1998-2008 Vipul Ved Prakash + +License: + +Artistic License 2.0 + +Copyright (c) 2000-2006, The Perl Foundation. + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. Preamble + +This license establishes the terms under which a given free software +Package may be copied, modified, distributed, and/or +redistributed. The intent is that the Copyright Holder maintains some +artistic control over the development of that Package while still +keeping the Package available as open source and free software. + +You are always permitted to make arrangements wholly outside of this +license directly with the Copyright Holder of a given Package. If the +terms of this license do not permit the full use that you propose to +make of the Package, you should contact the Copyright Holder and seek +a different licensing arrangement. Definitions + +"Copyright Holder" means the individual(s) or organization(s) named in +the copyright notice for the entire Package. + +"Contributor" means any party that has contributed code or other +material to the Package, in accordance with the Copyright Holder's +procedures. + +"You" and "your" means any person who would like to copy, distribute, +or modify the Package. + +"Package" means the collection of files distributed by the Copyright +Holder, and derivatives of that collection and/or of those files. A +given Package may consist of either the Standard Version, or a +Modified Version. + +"Distribute" means providing a copy of the Package or making it +accessible to anyone else, or in the case of a company or +organization, to others outside of your company or organization. + +"Distributor Fee" means any fee that you charge for Distributing this +Package or providing support for this Package to another party. It +does not mean licensing fees. + +"Standard Version" refers to the Package if it has not been modified, +or has been modified only in ways explicitly requested by the +Copyright Holder. + +"Modified Version" means the Package, if it has been changed, and such +changes were not explicitly requested by the Copyright Holder. + +"Original License" means this Artistic License as Distributed with the +Standard Version of the Package, in its current version or as it may +be modified by The Perl Foundation in the future. + +"Source" form means the source code, documentation source, and +configuration files for the Package. + +"Compiled" form means the compiled bytecode, object code, binary, or +any other form resulting from mechanical transformation or translation +of the Source form. Permission for Use and Modification Without +Distribution + +(1) You are permitted to use the Standard Version and create and use +Modified Versions for any purpose without restriction, provided that +you do not Distribute the Modified Version. Permissions for +Redistribution of the Standard Version + +(2) You may Distribute verbatim copies of the Source form of the +Standard Version of this Package in any medium without restriction, +either gratis or for a Distributor Fee, provided that you duplicate +all of the original copyright notices and associated disclaimers. At +your discretion, such verbatim copies may or may not include a +Compiled form of the Package. + +(3) You may apply any bug fixes, portability changes, and other +modifications made available from the Copyright Holder. The resulting +Package will still be considered the Standard Version, and as such +will be subject to the Original License. Distribution of Modified +Versions of the Package as Source + +(4) You may Distribute your Modified Version as Source (either gratis +or for a Distributor Fee, and with or without a Compiled form of the +Modified Version) provided that you clearly document how it differs +from the Standard Version, including, but not limited to, documenting +any non-standard features, executables, or modules, and provided that +you do at least ONE of the following: + +(a) make the Modified Version available to the Copyright Holder of the +Standard Version, under the Original License, so that the Copyright +Holder may include your modifications in the Standard Version. (b) +ensure that installation of your Modified Version does not prevent the +user installing or running the Standard Version. In addition, the +Modified Version must bear a name that is different from the name of +the Standard Version. (c) allow anyone who receives a copy of the +Modified Version to make the Source form of the Modified Version +available to others under (i) the Original License or (ii) a license +that permits the licensee to freely copy, modify and redistribute the +Modified Version using the same licensing terms that apply to the copy +that the licensee received, and requires that the Source form of the +Modified Version, and of any works derived from it, be made freely +available in that license fees are prohibited but Distributor Fees are +allowed. Distribution of Compiled Forms of the Standard Version or +Modified Versions without the Source + +(5) You may Distribute Compiled forms of the Standard Version without +the Source, provided that you include complete instructions on how to +get the Source of the Standard Version. Such instructions must be +valid at the time of your distribution. If these instructions, at any +time while you are carrying out such distribution, become invalid, you +must provide new instructions on demand or cease further +distribution. If you provide valid instructions or cease distribution +within thirty days after you become aware that the instructions are +invalid, then you do not forfeit any of your rights under this +license. + +(6) You may Distribute a Modified Version in Compiled form without the +Source, provided that you comply with Section 4 with respect to the +Source of the Modified Version. Aggregating or Linking the Package + +(7) You may aggregate the Package (either the Standard Version or +Modified Version) with other packages and Distribute the resulting +aggregation provided that you do not charge a licensing fee for the +Package. Distributor Fees are permitted, and licensing fees for other +components in the aggregation are permitted. The terms of this license +apply to the use and Distribution of the Standard or Modified Versions +as included in the aggregation. + +(8) You are permitted to link Modified and Standard Versions with +other works, to embed the Package in a larger work of your own, or to +build stand-alone binary or bytecode versions of applications that +include the Package, and Distribute the result without restriction, +provided the result does not expose a direct interface to the Package. +Items That are Not Considered Part of a Modified Version + +(9) Works (including, but not limited to, modules and scripts) that +merely extend or make use of the Package, do not, by themselves, cause +the Package to be a Modified Version. In addition, such works are not +considered parts of the Package itself, and are not subject to the +terms of this license. General Provisions + +(10) Any use, modification, and distribution of the Standard or +Modified Versions is governed by this Artistic License. By using, +modifying or distributing the Package, you accept this license. Do not +use, modify, or distribute the Package, if you do not accept this +license. + +(11) If your Modified Version has been derived from a Modified Version +made by someone other than you, you are nevertheless required to +ensure that your Modified Version complies with the requirements of +this license. + +(12) This license does not grant you the right to use any trademark, +service mark, tradename, or logo of the Copyright Holder. + +(13) This license includes the non-exclusive, worldwide, +free-of-charge patent license to make, have made, use, offer to sell, +sell, import and otherwise transfer the Package with respect to any +patent claims licensable by the Copyright Holder that are necessarily +infringed by the Package. If you institute patent litigation +(including a cross-claim or counterclaim) against any party alleging +that the Package constitutes direct or contributory patent +infringement, then this Artistic License to you shall terminate on the +date that such litigation is filed. + +(14) Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT +HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED +WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT +PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT +HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE +OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --- razor-2.85.orig/debian/postinst +++ razor-2.85/debian/postinst @@ -0,0 +1,10 @@ +#!/bin/sh +set -e + +# following line is to avoid a bug in previous package + +if [ ! -e /usr/bin/razor-check ]; + then /usr/bin/razor-client; +fi + +#DEBHELPER# --- razor-2.85.orig/debian/razor.logrotate +++ razor-2.85/debian/razor.logrotate @@ -0,0 +1,8 @@ +/var/log/razor-agent.log { + weekly + rotate 3 + compress + nomail + notifempty + missingok +} --- razor-2.85.orig/debian/docs +++ razor-2.85/debian/docs @@ -0,0 +1,6 @@ +BUGS +CREDITS +FAQ +README +SERVICE_POLICY +debian/README.Debian --- razor-2.85.orig/debian/patches/use-Digest-SHA.patch +++ razor-2.85/debian/patches/use-Digest-SHA.patch @@ -0,0 +1,105 @@ +Description: Use Digest::SHA instead of Digest::SHA1 +Origin: vendor +Bug: http://bugs.debian.org/624579 +Author: Salvatore Bonaccorso +Last-Update: 2011-05-21 + +--- a/META.yml ++++ b/META.yml +@@ -5,7 +5,7 @@ version: 2.84 + version_from: lib/Razor2/Client/Version.pm + installdirs: site + requires: +- Digest::SHA1: 0 ++ Digest::SHA: 0 + File::Copy: 0 + File::Spec: 0 + Getopt::Long: 0 +--- a/Makefile.PL ++++ b/Makefile.PL +@@ -18,7 +18,7 @@ WriteMakefile ( + VERSION_FROM => 'lib/Razor2/Client/Version.pm', + EXE_FILES => [ qw( bin/razor-client bin/razor-admin bin/razor-check bin/razor-report bin/razor-revoke ) ], + PREREQ_PM => { +- 'Digest::SHA1' => 0, ++ 'Digest::SHA' => 0, + 'File::Copy' => 0, + 'File::Spec' => 0, + 'Getopt::Long' => 0, +--- a/lib/Razor2/String.pm ++++ b/lib/Razor2/String.pm +@@ -1,7 +1,7 @@ + # $Id: String.pm,v 1.48 2005/06/13 21:09:59 vipul Exp $ + package Razor2::String; + +-use Digest::SHA1 qw(sha1_hex); ++use Digest::SHA qw(sha1_hex); + use URI::Escape; + use Razor2::Preproc::enBase64; + use Data::Dumper; +@@ -69,12 +69,12 @@ sub hmac2_sha1 { + return unless $text && $iv1 && $iv2; + die "no ref's allowed" if ref($text); + +- my $ctx = Digest::SHA1->new; ++ my $ctx = Digest::SHA->new; + $ctx->add($iv2); + $ctx->add($text); + my $digest = $ctx->hexdigest; + +- $ctx = Digest::SHA1->new; ++ $ctx = Digest::SHA->new; + $ctx->add($iv1); + $ctx->add($digest); + $digest = $ctx->hexdigest; +--- a/lib/Razor2/Client/Engine.pm ++++ b/lib/Razor2/Client/Engine.pm +@@ -1,7 +1,7 @@ + package Razor2::Client::Engine; + + use strict; +-use Digest::SHA1 qw(sha1_hex); ++use Digest::SHA qw(sha1_hex); + use Data::Dumper; + use Razor2::Signature::Ephemeral; + use Razor2::Engine::VR8; +--- a/lib/Razor2/Signature/Ephemeral.pm ++++ b/lib/Razor2/Signature/Ephemeral.pm +@@ -2,7 +2,7 @@ + + package Razor2::Signature::Ephemeral; + use strict; +-use Digest::SHA1; ++use Digest::SHA; + use Data::Dumper; + + sub new { +@@ -86,7 +86,7 @@ sub hexdigest { + } + + my $digest; +- my $ctx = Digest::SHA1->new; ++ my $ctx = Digest::SHA->new; + + if ($seclength > 128) { + $ctx->add($section1); +--- a/lib/Razor2/Signature/Whiplash.pm ++++ b/lib/Razor2/Signature/Whiplash.pm +@@ -7,7 +7,7 @@ + + package Razor2::Signature::Whiplash; + +-use Digest::SHA1; ++use Digest::SHA; + + sub new { + +@@ -683,7 +683,7 @@ sub whiplash { + # the value of length to the nearest multiple of ``length_error''. + # Take the first 20 hex chars from SHA1 and call it the signature. + +- my $sha1 = Digest::SHA1->new(); ++ my $sha1 = Digest::SHA->new(); + + $sha1->add($host); + $sig = substr $sha1->hexdigest, 0, 12; --- razor-2.85.orig/debian/patches/02_fix_empty_attachments_identified_as_spam.patch +++ razor-2.85/debian/patches/02_fix_empty_attachments_identified_as_spam.patch @@ -0,0 +1,21 @@ +A MIME message with multipart/alternative body (text/plain and text/html) +and binary application/octet-stream attachment may be falsely identified as +spam. + +There's no text in message body; Razor2::Client::Core::compute_sigs() +should ignore empty text/plain part, but it doesn't because a certain regex +is too strict. + +It so happens that that empty body is in Razor database, and is marked as +spam (e4 sig: ui-ZAL0e9rWPUDaa4GWPttamsYEA). +--- a/lib/Razor2/Client/Core.pm ++++ b/lib/Razor2/Client/Core.pm +@@ -560,7 +560,7 @@ sub compute_sigs { + $self->log(6,"preproc: mail $objp->{id} went from $olen bytes to 0, erasing"); + $objp->{skipme} = 1; + next; +- } elsif (($clen < 128) and ($clnpart =~ /^(Content\S*:[^\n]*\n\r?)+(Content\S*:[^\n]*)?\s*$/s)) { ++ } elsif (($clen < 128) and ($clnpart_vr8 =~ /^(Content\S*:.*\n\r?)+(Content\S*:.*)?\s*$/s)) { + $self->log(6,"preproc: mail $objp->{id} seems empty, erasing"); + $objp->{skipme} = 1; + next; --- razor-2.85.orig/debian/patches/01_Makefile.PL.patch +++ razor-2.85/debian/patches/01_Makefile.PL.patch @@ -0,0 +1,27 @@ + - +--- a/Makefile.PL ++++ b/Makefile.PL +@@ -28,10 +28,10 @@ WriteMakefile ( + 'URI::Escape' => 0, + }, + MAN1PODS => { +- 'docs/razor-check.pod' => '$(INST_MAN1DIR)/razor-check.1', +- 'docs/razor-report.pod' => '$(INST_MAN1DIR)/razor-report.1', +- 'docs/razor-admin.pod' => '$(INST_MAN1DIR)/razor-admin.1', +- 'docs/razor-revoke.pod' => '$(INST_MAN1DIR)/razor-revoke.1', ++ 'docs/razor-check.pod' => '$(INST_MAN1DIR)/razor-check.1p', ++ 'docs/razor-report.pod' => '$(INST_MAN1DIR)/razor-report.1p', ++ 'docs/razor-admin.pod' => '$(INST_MAN1DIR)/razor-admin.1p', ++ 'docs/razor-revoke.pod' => '$(INST_MAN1DIR)/razor-revoke.1p', + }, + dist => { + 'COMPRESS' => 'bzip2', +@@ -118,7 +118,7 @@ sub MY::manifypods { + manifypods-razor : docs/razor-agent.conf.pod \ + docs/razor-agents.pod \ + docs/razor-whitelist.pod +- $(POD2MAN) \ ++ $(POD2MAN) --section=$(MAN5EXT) \ + docs/razor-agent.conf.pod \ + $(INST_MAN5DIR)/razor-agent.conf.$(MAN5EXT) \ + docs/razor-agents.pod \ --- razor-2.85.orig/debian/patches/03_accept_relative_path.patch +++ razor-2.85/debian/patches/03_accept_relative_path.patch @@ -0,0 +1,12 @@ +Do not chdir and so accept relative paths +--- a/lib/Razor2/Client/Agent.pm ++++ b/lib/Razor2/Client/Agent.pm +@@ -745,7 +745,7 @@ sub reportit { + + # background myself + unless ($self->{opt}->{foreground}) { +- chdir '/'; ++ #chdir '/'; + fork && return 0; + POSIX::setsid; + # close 0, 1, 2; --- razor-2.85.orig/debian/patches/series +++ razor-2.85/debian/patches/series @@ -0,0 +1,4 @@ +01_Makefile.PL.patch +02_fix_empty_attachments_identified_as_spam.patch +03_accept_relative_path.patch +use-Digest-SHA.patch