You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/06/11 22:14:00 UTC
ANNOUNCE: Apache SpamAssassin 3.2.1 available
Apache SpamAssassin 3.2.1 is now available! This is a maintenance and
security release of the 3.2.x branch. It is highly recommended that
people upgrade to this version from 3.2.0.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200706111806
The release file will also be available via CPAN in the near future.
md5sum of archive files:
7b2fdbcdca5e9a181d4bb1b17663c138 Mail-SpamAssassin-3.2.1.tar.bz2
a7d51294c565999da01f212e5ad2a031 Mail-SpamAssassin-3.2.1.tar.gz
e058ed0dfe82ee62f617c12cc02e538b Mail-SpamAssassin-3.2.1.zip
sha1sum of archive files:
3095b38d90d0362c4e47e117fb612778a2ac362b Mail-SpamAssassin-3.2.1.tar.bz2
fbb5f538238e188f985c8e6672dad531fa035eea Mail-SpamAssassin-3.2.1.tar.gz
d6566975544cd706052d310481d7a100ffce14d1 Mail-SpamAssassin-3.2.1.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <re...@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.2.1 is a major bug-fix release, including a potential local DoS. The
major highlights are:
- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
vulnerability. It only affects systems where spamd is run as root, is used
with vpopmail or virtual users via the "-v"/"--vpopmail" OR
"--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
This is not default on any distro package, and is not a common configuration.
More details of the vulnerability can be read at
<http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.
- bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB and
FH_HOST_EQ_D_D_D_D.
- bug 5257: re-raise autolearn ham threshold to 1.0; the lower value
used in 3.2.0 was creating problems.
- bug 5422: in spamd, deleting hash entries from the SIGCHLD signal handler is
unsafe, causes corruption of the data structure, and results in 'prefork:
ordered child N to accept, but they reported state '1', killing rogue'
errors. fix.
- bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs.
- bug 5457: spamc build and test should handle not having zlib available.
- bug 5379: spamd could crash at startup if its preloading temporary directory
already exists. fix.
- bug 4616: spamc config can cause command line options to be ignored. fix.
- bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll always fire
due to defaults (unless there's an explicit SIGNALL policy).
- bug 5492: VBounce rule was looking in header instead of body for whitelisted
relays. fix.
- bug 5487: prevent multiple "urirhssub"s using the same zone from overwriting
each other.
- bug 5432 - Change default in Win32 build to not build spamc.
- bug 5446: add --updatedir option to sa-compile and remove inaccurate re2c
required version info from pod.
- bug 5436: add omitted "ifplugin" statements to the configuration, which would
otherwise cause lint errors if the default plugins were disabled.
- bug 5477: prevent Rule2XSBody info message from appearing on stderr during
spamd startup.
RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available
Posted by "Stein, Mr. Fred" <FS...@thehill.org>.
-----Original Message-----
From: Daniel J McDonald [mailto:dan.mcdonald@austinenergy.com]
Sent: Tuesday, June 12, 2007 7:29 AM
To: users@spamassassin.apache.org
Subject: RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available
On Mon, 2007-06-11 at 21:09 -0400, Rose, Bobby wrote:
> I'm seeing the same kind of messages mentioned after compiling from
> source on Redhat ES4 and running make test.
I'm wondering if this is the reason:
+ make FULLPERL=/usr/bin/perl test
/usr/bin/perl5.8.7 build/mkrules --exit_on_no_src --src rulesrc --out
rules --manifest MANIFEST --manifestskip MANIFEST.SKIP
no source directory found: exiting
I don't see any other compilation errors. The build process complained
about a few missing packages at the beginning Razor2, Mail::DKIM, and
Encode::Detect. I was able to install all of those other than
Encode::Detect (I can't get the perl-Encode-Detect srpm to recompile,
and I can't figure out what pre-requisites it is missing, since it
complained about not having ExtUtils::CBuilder, but installing that
didn't seem to mollify it).
I built 3.2.0 on this same box just a couple of weeks ago, and didn't
see anything in the release notes, or the bugs that I read, telling me
that I would need to make major changes, so I'm flummoxed.
>
> -----Original Message-----
> From: Daniel J McDonald [mailto:dan.mcdonald@austinenergy.com]
> Sent: Monday, June 11, 2007 6:35 PM
> To: users@spamassassin.apache.org
> Subject: Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available
>
> On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote:
> > Apache SpamAssassin 3.2.1 is now available! This is a maintenance
and
>
> > security release of the 3.2.x branch. It is highly recommended that
> > people upgrade to this version from 3.2.0.
>
>
> Whilst compiling the RPM for mandriva corporate server 4:
>
> t/spamc_optC................ Not found: reported spam = Message
> successfully reported/revoked
> # Failed test 2 in t/SATest.pm at line 635 Output can be examined in:
> log/d.spamc_optC/out.1
> t/spamc_optC................NOK 2 Not found: revoked ham =
Message
> successfully reported/revoked
> # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be
> examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3
> t/spamc_optC................NOK 4 Not found: failed to report
spam
> = Unable to report/revoke message
> [...]
> Output can be examined in: log/d.spamc_optC/out.1
log/d.spamc_optC/out.3
> log/d.spamc_optC/out.5 log/d.spamc_optC/out.7
> t/spamc_optC................FAILED tests 2, 4, 6,
> 8
> Failed 4/9 tests, 55.56% okay
> t/spamc_optL................# Failed test 1 in t/spamc_optL.t at line
20
> Not found: learned spam = Message successfully un/learned
[...]
> t/spamc_optL................FAILED tests 1-16
> Failed 16/16 tests, 0.00% okay
>
> Failed Test Stat Wstat Total Fail Failed List of
Failed
>
------------------------------------------------------------------------
> -------
> t/spamc_optC.t 9 4 44.44% 2 4 6 8
> t/spamc_optL.t 16 16 100.00% 1-16
> t/spamd_allow_user_rules.t 5 1 20.00% 4
> t/spamd_plugin.t 6 2 33.33% 4 6
> 17 tests skipped.
> Failed 4/129 test scripts, 96.90% okay. 23/1981 subtests failed,
98.84%
> okay.
> make: *** [test_dynamic] Error 255
> error: Bad exit status from /var/tmp/rpm-tmp.45769 (%check)
>
>
> Any thoughts?
> --
> Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy
> http://www.austinenergy.com
>
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com
I am getting the same make test errors on Centos 3.0, fedora 2, and
Centos 4.2
Fred Stein
Network Administrator
The Hill School
717 E. High Street
Pottstown, PA 19464
fstein@thehill.org
www.thehill.org
RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available
Posted by Daniel J McDonald <da...@austinenergy.com>.
On Mon, 2007-06-11 at 21:09 -0400, Rose, Bobby wrote:
> I'm seeing the same kind of messages mentioned after compiling from
> source on Redhat ES4 and running make test.
I'm wondering if this is the reason:
+ make FULLPERL=/usr/bin/perl test
/usr/bin/perl5.8.7 build/mkrules --exit_on_no_src --src rulesrc --out
rules --manifest MANIFEST --manifestskip MANIFEST.SKIP
no source directory found: exiting
I don't see any other compilation errors. The build process complained
about a few missing packages at the beginning Razor2, Mail::DKIM, and
Encode::Detect. I was able to install all of those other than
Encode::Detect (I can't get the perl-Encode-Detect srpm to recompile,
and I can't figure out what pre-requisites it is missing, since it
complained about not having ExtUtils::CBuilder, but installing that
didn't seem to mollify it).
I built 3.2.0 on this same box just a couple of weeks ago, and didn't
see anything in the release notes, or the bugs that I read, telling me
that I would need to make major changes, so I'm flummoxed.
>
> -----Original Message-----
> From: Daniel J McDonald [mailto:dan.mcdonald@austinenergy.com]
> Sent: Monday, June 11, 2007 6:35 PM
> To: users@spamassassin.apache.org
> Subject: Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available
>
> On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote:
> > Apache SpamAssassin 3.2.1 is now available! This is a maintenance and
>
> > security release of the 3.2.x branch. It is highly recommended that
> > people upgrade to this version from 3.2.0.
>
>
> Whilst compiling the RPM for mandriva corporate server 4:
>
> t/spamc_optC................ Not found: reported spam = Message
> successfully reported/revoked
> # Failed test 2 in t/SATest.pm at line 635 Output can be examined in:
> log/d.spamc_optC/out.1
> t/spamc_optC................NOK 2 Not found: revoked ham = Message
> successfully reported/revoked
> # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be
> examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3
> t/spamc_optC................NOK 4 Not found: failed to report spam
> = Unable to report/revoke message
> [...]
> Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3
> log/d.spamc_optC/out.5 log/d.spamc_optC/out.7
> t/spamc_optC................FAILED tests 2, 4, 6,
> 8
> Failed 4/9 tests, 55.56% okay
> t/spamc_optL................# Failed test 1 in t/spamc_optL.t at line 20
> Not found: learned spam = Message successfully un/learned [...]
> t/spamc_optL................FAILED tests 1-16
> Failed 16/16 tests, 0.00% okay
>
> Failed Test Stat Wstat Total Fail Failed List of Failed
> ------------------------------------------------------------------------
> -------
> t/spamc_optC.t 9 4 44.44% 2 4 6 8
> t/spamc_optL.t 16 16 100.00% 1-16
> t/spamd_allow_user_rules.t 5 1 20.00% 4
> t/spamd_plugin.t 6 2 33.33% 4 6
> 17 tests skipped.
> Failed 4/129 test scripts, 96.90% okay. 23/1981 subtests failed, 98.84%
> okay.
> make: *** [test_dynamic] Error 255
> error: Bad exit status from /var/tmp/rpm-tmp.45769 (%check)
>
>
> Any thoughts?
> --
> Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy
> http://www.austinenergy.com
>
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com
RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available
Posted by "Rose, Bobby" <br...@med.wayne.edu>.
I'm seeing the same kind of messages mentioned after compiling from
source on Redhat ES4 and running make test.
-----Original Message-----
From: Daniel J McDonald [mailto:dan.mcdonald@austinenergy.com]
Sent: Monday, June 11, 2007 6:35 PM
To: users@spamassassin.apache.org
Subject: Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available
On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote:
> Apache SpamAssassin 3.2.1 is now available! This is a maintenance and
> security release of the 3.2.x branch. It is highly recommended that
> people upgrade to this version from 3.2.0.
Whilst compiling the RPM for mandriva corporate server 4:
t/spamc_optC................ Not found: reported spam = Message
successfully reported/revoked
# Failed test 2 in t/SATest.pm at line 635 Output can be examined in:
log/d.spamc_optC/out.1
t/spamc_optC................NOK 2 Not found: revoked ham = Message
successfully reported/revoked
# Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be
examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3
t/spamc_optC................NOK 4 Not found: failed to report spam
= Unable to report/revoke message
[...]
Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3
log/d.spamc_optC/out.5 log/d.spamc_optC/out.7
t/spamc_optC................FAILED tests 2, 4, 6,
8
Failed 4/9 tests, 55.56% okay
t/spamc_optL................# Failed test 1 in t/spamc_optL.t at line 20
Not found: learned spam = Message successfully un/learned [...]
t/spamc_optL................FAILED tests 1-16
Failed 16/16 tests, 0.00% okay
Failed Test Stat Wstat Total Fail Failed List of Failed
------------------------------------------------------------------------
-------
t/spamc_optC.t 9 4 44.44% 2 4 6 8
t/spamc_optL.t 16 16 100.00% 1-16
t/spamd_allow_user_rules.t 5 1 20.00% 4
t/spamd_plugin.t 6 2 33.33% 4 6
17 tests skipped.
Failed 4/129 test scripts, 96.90% okay. 23/1981 subtests failed, 98.84%
okay.
make: *** [test_dynamic] Error 255
error: Bad exit status from /var/tmp/rpm-tmp.45769 (%check)
Any thoughts?
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy
http://www.austinenergy.com
Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available
Posted by Daniel J McDonald <da...@austinenergy.com>.
On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote:
> Apache SpamAssassin 3.2.1 is now available! This is a maintenance and
> security release of the 3.2.x branch. It is highly recommended that
> people upgrade to this version from 3.2.0.
Whilst compiling the RPM for mandriva corporate server 4:
t/spamc_optC................ Not found: reported spam = Message
successfully reported/revoked
# Failed test 2 in t/SATest.pm at line 635
Output can be examined in: log/d.spamc_optC/out.1
t/spamc_optC................NOK 2 Not found: revoked ham = Message
successfully reported/revoked
# Failed test 4 in t/SATest.pm at line 635 fail #2
Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3
t/spamc_optC................NOK 4 Not found: failed to report spam
= Unable to report/revoke message
[...]
Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3
log/d.spamc_optC/out.5 log/d.spamc_optC/out.7
t/spamc_optC................FAILED tests 2, 4, 6,
8
Failed 4/9 tests, 55.56% okay
t/spamc_optL................# Failed test 1 in t/spamc_optL.t at line 20
Not found: learned spam = Message successfully un/learned
[...]
t/spamc_optL................FAILED tests 1-16
Failed 16/16 tests, 0.00% okay
Failed Test Stat Wstat Total Fail Failed List of Failed
-------------------------------------------------------------------------------
t/spamc_optC.t 9 4 44.44% 2 4 6 8
t/spamc_optL.t 16 16 100.00% 1-16
t/spamd_allow_user_rules.t 5 1 20.00% 4
t/spamd_plugin.t 6 2 33.33% 4 6
17 tests skipped.
Failed 4/129 test scripts, 96.90% okay. 23/1981 subtests failed, 98.84%
okay.
make: *** [test_dynamic] Error 255
error: Bad exit status from /var/tmp/rpm-tmp.45769 (%check)
Any thoughts?
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com