Bug 1629491
| Summary: | SpamAssassin 3.4.2 released with CVE disclosure | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> |
| Component: | spamassassin | Assignee: | Kevin Fenzi <kevin> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 27 | CC: | jh.redhat-2018, jjelen, jskarvad, kevin, nb, philipp, shiva, simon.matter, smokris, wtogami |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | spamassassin-3.4.2-2.fc28 spamassassin-3.4.2-2.fc29 spamassassin-3.4.2-2.fc27 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-09-23 20:19:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Harald Reindl
2018-09-16 21:42:36 UTC
Duplicate of bug 1629474. spamassassin-3.4.2-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bf4c5356f spamassassin-3.4.2-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-cfe3700eba spamassassin-3.4.2-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d42addb489 Two things I see here https://src.fedoraproject.org/rpms/spamassassin/blob/master/f/spamassassin.spec 1) %global saversion 3.004001 Should be 3.004002 2) Source12: sought.conf Should be removed, see bug #1630362 Yeah, will fix those up. Really the entire spec needs a bit of cleanup, but I wanted to get these updates out. Thanks for the feedback. spamassassin-3.4.2-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bf4c5356f spamassassin-3.4.2-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d42addb489 spamassassin-3.4.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-cfe3700eba Seeing: Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_body_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_compensate.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_drugs.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_dynrdns.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_head_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_html_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_phrases.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_porn.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/23_bayes.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/72_active.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/73_sandbox_manual_scores.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Probably related to comment #5. @Philip Prindeville: what about running "sa-update" as it is required after any version jump (often not remembered becaus eupstream only releases every half decade) [root@mail-gw:~]$ locate 20_advance_fee.cf /usr/share/spamassassin/20_advance_fee.cf /var/lib/spamassassin/3.004001/updates_spamassassin_org/20_advance_fee.cf /var/lib/spamassassin/3.004002/updates_spamassassin_org/20_advance_fee.cf (In reply to Harald Reindl from comment #12) > @Philip Prindeville: what about running "sa-update" as it is required after > any version jump (often not remembered becaus eupstream only releases every > half decade) > > [root@mail-gw:~]$ locate 20_advance_fee.cf > /usr/share/spamassassin/20_advance_fee.cf > /var/lib/spamassassin/3.004001/updates_spamassassin_org/20_advance_fee.cf > /var/lib/spamassassin/3.004002/updates_spamassassin_org/20_advance_fee.cf Hmm... I was missing DBI and Net::DNS::Nameserver it seems. Not sure why these weren't dependencies of sa-update. Installed those, then re-ran sa-update and updatedb. Not seeing the message after "systemctl reload mimedefang.service". because they are no dependency at all? [root@mail-gw:~]$ rpm -qa | grep -i dbi libdbi-0.9.0-9.fc27.x86_64 [root@mail-gw:~]$ rpm -qa | grep -i perl | grep -i dns perl-Net-DNS-1.15-1.fc27.noarch and that is a machine running hundrets of domains for years now all your stuff above is from "mail mimedefang-multiplexor" which has little to nothing to do with SpamAssassin! # sa-update -v -D
Sep 20 13:02:11.617 [30434] dbg: logger: adding facilities: all
Sep 20 13:02:11.617 [30434] dbg: logger: logging level is DBG
Sep 20 13:02:11.617 [30434] dbg: generic: SpamAssassin version 3.4.2
Sep 20 13:02:11.617 [30434] dbg: generic: Perl 5.026002, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin
Sep 20 13:02:11.617 [30434] dbg: config: timing enabled
Sep 20 13:02:11.620 [30434] dbg: config: score set 0 chosen.
Sep 20 13:02:11.629 [30434] dbg: generic: sa-update version 3.4.2 / svn1840377
Sep 20 13:02:11.629 [30434] dbg: generic: using update directory: /var/lib/spamassassin/3.004002
Sep 20 13:02:11.834 [30434] dbg: diag: perl platform: 5.026002 linux
Sep 20 13:02:11.834 [30434] dbg: diag: [...] module installed: Digest::SHA, version 6.02
Sep 20 13:02:11.834 [30434] dbg: diag: [...] module installed: HTML::Parser, version 3.72
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::DNS, version 1.15
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: NetAddr::IP, version 4.079
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Time::HiRes, version 1.9753
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Archive::Tar, version 2.28
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Zlib, version 1.10
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Digest::SHA1, version 2.13
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: MIME::Base64, version 3.15
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: DB_File, version 1.842
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::SMTP, version 3.11
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Mail::SPF, version v2.009
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Geo::IP, version 1.50
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::CIDR::Lite, version 0.21
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Razor2::Client::Agent, version 2.84
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::IP, version 0.39
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.72
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::SSL, version 2.051
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Compress::Zlib, version 2.074
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Mail::DKIM, version 0.42
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module not installed: DBI ('require' failed)
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Getopt::Long, version 2.5
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: LWP::UserAgent, version 6.34
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: HTTP::Date, version 6.02
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Encode::Detect::Detector, version 1.01
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Net::Patricia, version 1.22
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module not installed: Net::DNS::Nameserver ('require' failed)
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: BSD::Resource, version 1.2911
Sep 20 13:02:11.837 [30434] dbg: gpg: Searching for 'gpg2'
Sep 20 13:02:11.837 [30434] dbg: util: current PATH is: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
Sep 20 13:02:11.837 [30434] dbg: util: executable for gpg2 was found at /usr/bin/gpg2
Sep 20 13:02:11.838 [30434] dbg: gpg: found /usr/bin/gpg2
Sep 20 13:02:11.838 [30434] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 0C2B1D7175B852C64B3CDC716C55397824F434CE
Sep 20 13:02:11.839 [30434] dbg: util: secure_tmpfile created a temporary file /tmp/.spamassassin30434fjfhoGtmp
Sep 20 13:02:11.839 [30434] dbg: channel: attempting channel updates.spamassassin.org
Sep 20 13:02:11.839 [30434] dbg: channel: using existing directory /var/lib/spamassassin/3.004002/updates_spamassassin_org
Sep 20 13:02:11.839 [30434] dbg: channel: channel cf file /var/lib/spamassassin/3.004002/updates_spamassassin_org.cf
Sep 20 13:02:11.839 [30434] dbg: channel: channel pre file /var/lib/spamassassin/3.004002/updates_spamassassin_org.pre
Sep 20 13:02:11.839 [30434] dbg: channel: metadata version = 1841300, from file /var/lib/spamassassin/3.004002/updates_spamassassin_org.cf
Sep 20 13:02:11.854 [30434] dbg: dns: 2.4.3.updates.spamassassin.org => 1841300, parsed as 1841300
Sep 20 13:02:11.854 [30434] dbg: channel: current version is 1841300, new version is 1841300, skipping channel
Sep 20 13:02:11.854 [30434] dbg: diag: updates complete, exiting with code 1
Update finished, no fresh updates were available
#
spamassassin-3.4.2-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0df2c366 spamassassin-3.4.2-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-46d7a7f63e spamassassin-3.4.2-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ed251c42b The version issue has been corrected in the -2 version. Please test, thanks. spamassassin-3.4.2-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0df2c366 spamassassin-3.4.2-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ed251c42b spamassassin-3.4.2-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-46d7a7f63e spamassassin-3.4.2-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. spamassassin-3.4.2-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. spamassassin-3.4.2-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |