Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1629491
Summary: | SpamAssassin 3.4.2 released with CVE disclosure | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> |
Component: | spamassassin | Assignee: | Kevin Fenzi <kevin> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 27 | CC: | jh.redhat-2018, jjelen, jskarvad, kevin, nb, philipp, shiva, simon.matter, smokris, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | spamassassin-3.4.2-2.fc28 spamassassin-3.4.2-2.fc29 spamassassin-3.4.2-2.fc27 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-09-23 20:19:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Harald Reindl
2018-09-16 21:42:36 UTC
Duplicate of bug 1629474. spamassassin-3.4.2-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bf4c5356f spamassassin-3.4.2-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-cfe3700eba spamassassin-3.4.2-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d42addb489 Two things I see here https://src.fedoraproject.org/rpms/spamassassin/blob/master/f/spamassassin.spec 1) %global saversion 3.004001 Should be 3.004002 2) Source12: sought.conf Should be removed, see bug #1630362 Yeah, will fix those up. Really the entire spec needs a bit of cleanup, but I wanted to get these updates out. Thanks for the feedback. spamassassin-3.4.2-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bf4c5356f spamassassin-3.4.2-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d42addb489 spamassassin-3.4.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-cfe3700eba Seeing: Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_body_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_compensate.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_drugs.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_dynrdns.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_head_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_html_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_phrases.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_porn.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/23_bayes.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/72_active.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/73_sandbox_manual_scores.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407. Probably related to comment #5. @Philip Prindeville: what about running "sa-update" as it is required after any version jump (often not remembered becaus eupstream only releases every half decade) [root@mail-gw:~]$ locate 20_advance_fee.cf /usr/share/spamassassin/20_advance_fee.cf /var/lib/spamassassin/3.004001/updates_spamassassin_org/20_advance_fee.cf /var/lib/spamassassin/3.004002/updates_spamassassin_org/20_advance_fee.cf (In reply to Harald Reindl from comment #12) > @Philip Prindeville: what about running "sa-update" as it is required after > any version jump (often not remembered becaus eupstream only releases every > half decade) > > [root@mail-gw:~]$ locate 20_advance_fee.cf > /usr/share/spamassassin/20_advance_fee.cf > /var/lib/spamassassin/3.004001/updates_spamassassin_org/20_advance_fee.cf > /var/lib/spamassassin/3.004002/updates_spamassassin_org/20_advance_fee.cf Hmm... I was missing DBI and Net::DNS::Nameserver it seems. Not sure why these weren't dependencies of sa-update. Installed those, then re-ran sa-update and updatedb. Not seeing the message after "systemctl reload mimedefang.service". because they are no dependency at all? [root@mail-gw:~]$ rpm -qa | grep -i dbi libdbi-0.9.0-9.fc27.x86_64 [root@mail-gw:~]$ rpm -qa | grep -i perl | grep -i dns perl-Net-DNS-1.15-1.fc27.noarch and that is a machine running hundrets of domains for years now all your stuff above is from "mail mimedefang-multiplexor" which has little to nothing to do with SpamAssassin! # sa-update -v -D Sep 20 13:02:11.617 [30434] dbg: logger: adding facilities: all Sep 20 13:02:11.617 [30434] dbg: logger: logging level is DBG Sep 20 13:02:11.617 [30434] dbg: generic: SpamAssassin version 3.4.2 Sep 20 13:02:11.617 [30434] dbg: generic: Perl 5.026002, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin Sep 20 13:02:11.617 [30434] dbg: config: timing enabled Sep 20 13:02:11.620 [30434] dbg: config: score set 0 chosen. Sep 20 13:02:11.629 [30434] dbg: generic: sa-update version 3.4.2 / svn1840377 Sep 20 13:02:11.629 [30434] dbg: generic: using update directory: /var/lib/spamassassin/3.004002 Sep 20 13:02:11.834 [30434] dbg: diag: perl platform: 5.026002 linux Sep 20 13:02:11.834 [30434] dbg: diag: [...] module installed: Digest::SHA, version 6.02 Sep 20 13:02:11.834 [30434] dbg: diag: [...] module installed: HTML::Parser, version 3.72 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::DNS, version 1.15 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: NetAddr::IP, version 4.079 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Time::HiRes, version 1.9753 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Archive::Tar, version 2.28 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Zlib, version 1.10 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Digest::SHA1, version 2.13 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: MIME::Base64, version 3.15 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: DB_File, version 1.842 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::SMTP, version 3.11 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Mail::SPF, version v2.009 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Geo::IP, version 1.50 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::CIDR::Lite, version 0.21 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Razor2::Client::Agent, version 2.84 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::IP, version 0.39 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.72 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::SSL, version 2.051 Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Compress::Zlib, version 2.074 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Mail::DKIM, version 0.42 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module not installed: DBI ('require' failed) Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Getopt::Long, version 2.5 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: LWP::UserAgent, version 6.34 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: HTTP::Date, version 6.02 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Encode::Detect::Detector, version 1.01 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Net::Patricia, version 1.22 Sep 20 13:02:11.836 [30434] dbg: diag: [...] module not installed: Net::DNS::Nameserver ('require' failed) Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: BSD::Resource, version 1.2911 Sep 20 13:02:11.837 [30434] dbg: gpg: Searching for 'gpg2' Sep 20 13:02:11.837 [30434] dbg: util: current PATH is: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin Sep 20 13:02:11.837 [30434] dbg: util: executable for gpg2 was found at /usr/bin/gpg2 Sep 20 13:02:11.838 [30434] dbg: gpg: found /usr/bin/gpg2 Sep 20 13:02:11.838 [30434] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 0C2B1D7175B852C64B3CDC716C55397824F434CE Sep 20 13:02:11.839 [30434] dbg: util: secure_tmpfile created a temporary file /tmp/.spamassassin30434fjfhoGtmp Sep 20 13:02:11.839 [30434] dbg: channel: attempting channel updates.spamassassin.org Sep 20 13:02:11.839 [30434] dbg: channel: using existing directory /var/lib/spamassassin/3.004002/updates_spamassassin_org Sep 20 13:02:11.839 [30434] dbg: channel: channel cf file /var/lib/spamassassin/3.004002/updates_spamassassin_org.cf Sep 20 13:02:11.839 [30434] dbg: channel: channel pre file /var/lib/spamassassin/3.004002/updates_spamassassin_org.pre Sep 20 13:02:11.839 [30434] dbg: channel: metadata version = 1841300, from file /var/lib/spamassassin/3.004002/updates_spamassassin_org.cf Sep 20 13:02:11.854 [30434] dbg: dns: 2.4.3.updates.spamassassin.org => 1841300, parsed as 1841300 Sep 20 13:02:11.854 [30434] dbg: channel: current version is 1841300, new version is 1841300, skipping channel Sep 20 13:02:11.854 [30434] dbg: diag: updates complete, exiting with code 1 Update finished, no fresh updates were available # spamassassin-3.4.2-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0df2c366 spamassassin-3.4.2-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-46d7a7f63e spamassassin-3.4.2-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ed251c42b The version issue has been corrected in the -2 version. Please test, thanks. spamassassin-3.4.2-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0df2c366 spamassassin-3.4.2-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ed251c42b spamassassin-3.4.2-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-46d7a7f63e spamassassin-3.4.2-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. spamassassin-3.4.2-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. spamassassin-3.4.2-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |