Bug 1629491
Summary: | SpamAssassin 3.4.2 released with CVE disclosure | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> |
Component: | spamassassin | Assignee: | Kevin Fenzi <kevin> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 27 | CC: | jh.redhat-2018, jjelen, jskarvad, kevin, nb, philipp, shiva, simon.matter, smokris, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | spamassassin-3.4.2-2.fc28 spamassassin-3.4.2-2.fc29 spamassassin-3.4.2-2.fc27 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-09-23 20:19:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Harald Reindl
2018-09-16 21:42:36 UTC
Duplicate of bug 1629474. spamassassin-3.4.2-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bf4c5356f spamassassin-3.4.2-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-cfe3700eba spamassassin-3.4.2-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d42addb489 Two things I see here https://src.fedoraproject.org/rpms/spamassassin/blob/master/f/spamassassin.spec 1) %global saversion 3.004001 Should be 3.004002 2) Source12: sought.conf Should be removed, see bug #1630362 Yeah, will fix those up. Really the entire spec needs a bit of cleanup, but I wanted to get these updates out. Thanks for the feedback. spamassassin-3.4.2-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bf4c5356f spamassassin-3.4.2-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d42addb489 spamassassin-3.4.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-cfe3700eba Seeing: Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_body_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_compensate.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_drugs.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_dynrdns.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_head_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_html_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_phrases.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_porn.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/23_bayes.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/72_active.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/73_sandbox_manual_scores.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Probably related to comment #5. @Philip Prindeville: what about running "sa-update" as it is required after any version jump (often not remembered becaus eupstream only releases every half decade) [root@mail-gw:~]$ locate 20_advance_fee.cf /usr/share/spamassassin/20_advance_fee.cf /var/lib/spamassassin/3.004001/updates_spamassassin_org/20_advance_fee.cf /var/lib/spamassassin/3.004002/updates_spamassassin_org/20_advance_fee.cf (In reply to Harald Reindl from comment #12) > @Philip Prindeville: what about running "sa-update" as it is required after > any version jump (often not remembered becaus eupstream only releases every > half decade) > > [root@mail-gw:~]$ locate 20_advance_fee.cf > /usr/share/spamassassin/20_advance_fee.cf > /var/lib/spamassassin/3.004001/updates_spamassassin_org/20_advance_fee.cf > /var/lib/spamassassin/3.004002/updates_spamassassin_org/20_advance_fee.cf Hmm... I was missing DBI and Net::DNS::Nameserver it seems. Not sure why these weren't dependencies of sa-update. Installed those, then re-ran sa-update and updatedb. Not seeing the message after "systemctl reload mimedefang.service". because they are no dependency at all? [root@mail-gw:~]$ rpm -qa | grep -i dbi libdbi-0.9.0-9.fc27.x86_64 [root@mail-gw:~]$ rpm -qa | grep -i perl | grep -i dns perl-Net-DNS-1.15-1.fc27.noarch and that is a machine running hundrets of domains for years now all your stuff above is from "mail mimedefang-multiplexor" which has little to nothing to do with SpamAssassin! # sa-update -v -D Sep 20 13:02:11.617 [30434] dbg: logger: adding facilities: all Sep 20 13:02:11.617 [30434] dbg: logger: logging level is DBG Sep 20 13:02:11.617 [30434] dbg: generic: SpamAssassin version 3.4.2 Sep 20 13:02:11.617 [30434] dbg: generic: Perl 5.026002, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin Sep 20 13:02:11.617 [30434] dbg: config: timing enabled Sep 20 13:02:11.620 [30434] dbg: config: score set 0 chosen. Sep 20 13:02:11.629 [30434] dbg: generic: sa-update version 3.4.2 / svn1840377 Sep 20 13:02:11.629 [30434] dbg: generic: using update directory: /var/lib/spamassassin/3.004002 Sep 20 13:02:11.834 [30434] dbg: diag: perl platform: 5.026002 linux Sep 20 13:02:11.834 [30434] dbg: diag: [...] module installed: Digest::SHA, version 6.02 Sep 20 13:02:11.834 [30434] dbg: diag: [...] module installed: HTML::Parser, version 3.72 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::DNS, version 1.15 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: NetAddr::IP, version 4.079 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Time::HiRes, version 1.9753 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Archive::Tar, version 2.28 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Zlib, version 1.10 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Digest::SHA1, version 2.13 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: MIME::Base64, version 3.15 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: DB_File, version 1.842 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::SMTP, version 3.11 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Mail::SPF, version v2.009 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Geo::IP, version 1.50 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::CIDR::Lite, version 0.21 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Razor2::Client::Agent, version 2.84 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::IP, version 0.39 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.72 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::SSL, version 2.051 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Compress::Zlib, version 2.074 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Mail::DKIM, version 0.42 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module not installed: DBI ('require' failed) Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Getopt::Long, version 2.5 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: LWP::UserAgent, version 6.34 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: HTTP::Date, version 6.02 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Encode::Detect::Detector, version 1.01 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Net::Patricia, version 1.22 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module not installed: Net::DNS::Nameserver ('require' failed) Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: BSD::Resource, version 1.2911 Sep 20 13:02:11.837 [30434] dbg: gpg: Searching for 'gpg2' Sep 20 13:02:11.837 [30434] dbg: util: current PATH is: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin Sep 20 13:02:11.837 [30434] dbg: util: executable for gpg2 was found at /usr/bin/gpg2 Sep 20 13:02:11.838 [30434] dbg: gpg: found /usr/bin/gpg2 Sep 20 13:02:11.838 [30434] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 0C2B1D7175B852C64B3CDC716C55397824F434CE Sep 20 13:02:11.839 [30434] dbg: util: secure_tmpfile created a temporary file /tmp/.spamassassin30434fjfhoGtmp Sep 20 13:02:11.839 [30434] dbg: channel: attempting channel updates.spamassassin.org Sep 20 13:02:11.839 [30434] dbg: channel: using existing directory /var/lib/spamassassin/3.004002/updates_spamassassin_org Sep 20 13:02:11.839 [30434] dbg: channel: channel cf file /var/lib/spamassassin/3.004002/updates_spamassassin_org.cf Sep 20 13:02:11.839 [30434] dbg: channel: channel pre file /var/lib/spamassassin/3.004002/updates_spamassassin_org.pre Sep 20 13:02:11.839 [30434] dbg: channel: metadata version = 1841300, from file /var/lib/spamassassin/3.004002/updates_spamassassin_org.cf Sep 20 13:02:11.854 [30434] dbg: dns: 2.4.3.updates.spamassassin.org => 1841300, parsed as 1841300 Sep 20 13:02:11.854 [30434] dbg: channel: current version is 1841300, new version is 1841300, skipping channel Sep 20 13:02:11.854 [30434] dbg: diag: updates complete, exiting with code 1 Update finished, no fresh updates were available # spamassassin-3.4.2-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0df2c366 spamassassin-3.4.2-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-46d7a7f63e spamassassin-3.4.2-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ed251c42b The version issue has been corrected in the -2 version. Please test, thanks. spamassassin-3.4.2-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0df2c366 spamassassin-3.4.2-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ed251c42b spamassassin-3.4.2-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-46d7a7f63e spamassassin-3.4.2-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. spamassassin-3.4.2-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. spamassassin-3.4.2-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |