Mailing List Archive

Jul 11, 2020, 2:55 PM

Post #2 of 34 (1919 views)

Marcus Schopen skrev den 2020-07-11 23:43:
> config: warning: description exists for non-existent rule
> USER_IN_ALLOWLIST_TO

meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)

i have still some bricks of Ritter Sport chocolate :=)

Re: update fail [ In reply to ]

Jul 12, 2020, 1:59 PM

Post #3 of 34 (1914 views)

Thanks. Please see https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7838
and this should be resolved. I'm surprised a warning caused a failure
though.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Sat, Jul 11, 2020 at 5:55 PM Benny Pedersen <me@junc.eu> wrote:

> Marcus Schopen skrev den 2020-07-11 23:43:
> > config: warning: description exists for non-existent rule
> > USER_IN_ALLOWLIST_TO
>
> meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)
>
> i have still some bricks of Ritter Sport chocolate :=)
>

Re: update fail [ In reply to ]

sca at andreasschulze

Jul 14, 2020, 4:19 AM

Post #4 of 34 (1908 views)

Am 11.07.20 um 23:55 schrieb Benny Pedersen:
> Marcus Schopen skrev den 2020-07-11 23:43:
>> config: warning: description exists for non-existent rule
>> USER_IN_ALLOWLIST_TO
>
> meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)

Hello,

My SA hit the same update issue. It was unable to update to 1879805.

I tried to place "meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)" in $LOCAL_RULES_DIR/local.cf
But that failed, too.

I had to place the line in $LOCAL_RULES_DIR/local.pre. To me it looks like sa-update read only files named $LOCAL_RULES_DIR/*.pre

Andreas

Re: update fail [ In reply to ]

Jul 14, 2020, 4:55 AM

Post #5 of 34 (1908 views)

It will get fixed when masscheck pushes out a new ruleset.

On Tue, Jul 14, 2020, 07:20 A. Schulze <sca@andreasschulze.de> wrote:

>
>
> Am 11.07.20 um 23:55 schrieb Benny Pedersen:
> > Marcus Schopen skrev den 2020-07-11 23:43:
> >> config: warning: description exists for non-existent rule
> >> USER_IN_ALLOWLIST_TO
> >
> > meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)
>
> Hello,
>
> My SA hit the same update issue. It was unable to update to 1879805.
>
> I tried to place "meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)" in
> $LOCAL_RULES_DIR/local.cf
> But that failed, too.
>
> I had to place the line in $LOCAL_RULES_DIR/local.pre. To me it looks like
> sa-update read only files named $LOCAL_RULES_DIR/*.pre
>
> Andreas
>

Re: update fail [ In reply to ]

hege at hege

Jul 14, 2020, 5:04 AM

Post #6 of 34 (1908 views)

The lint failure was only changed to debug since 3.4.3.

On Sun, Jul 12, 2020 at 04:59:51PM -0400, Kevin A. McGrail wrote:
> Thanks.? Please see?[1]https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7838
> and this should be resolved.? I'm surprised a warning caused a failure though.
> --
> Kevin A. McGrail
> Member, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> [2]https://www.linkedin.com/in/kmcgrail?- 703.798.0171
>
>
> On Sat, Jul 11, 2020 at 5:55 PM Benny Pedersen <[4]me@junc.eu> wrote:
>
> Marcus Schopen skrev den 2020-07-11 23:43:
> > config: warning: description exists for non-existent rule
> > USER_IN_ALLOWLIST_TO
>
> meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)
>
> i have still some bricks of Ritter Sport chocolate :=)
>
>
> References:
>
> [1] https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7838
> [2] https://www.linkedin.com/in/kmcgrail
> [4] mailto:me@junc.eu

Re: update fail [ In reply to ]

Jul 14, 2020, 5:05 AM

Post #7 of 34 (1908 views)

Ahh yes. So it's an older SpamAssassin install. Good call.

On Tue, Jul 14, 2020, 08:04 Henrik K <hege@hege.li> wrote:

>
> The lint failure was only changed to debug since 3.4.3.
>
> On Sun, Jul 12, 2020 at 04:59:51PM -0400, Kevin A. McGrail wrote:
> > Thanks. Please see [1]
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7838
> > and this should be resolved. I'm surprised a warning caused a failure
> though.
> > --
> > Kevin A. McGrail
> > Member, Apache Software Foundation
> > Chair Emeritus Apache SpamAssassin Project
> > [2]https://www.linkedin.com/in/kmcgrail - 703.798.0171
> >
> >
> > On Sat, Jul 11, 2020 at 5:55 PM Benny Pedersen <[4]me@junc.eu> wrote:
> >
> > Marcus Schopen skrev den 2020-07-11 23:43:
> > > config: warning: description exists for non-existent rule
> > > USER_IN_ALLOWLIST_TO
> >
> > meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)
> >
> > i have still some bricks of Ritter Sport chocolate :=)
> >
> >
> > References:
> >
> > [1] https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7838
> > [2] https://www.linkedin.com/in/kmcgrail
> > [4] mailto:me@junc.eu
>

Re: update fail [ In reply to ]

Jul 14, 2020, 7:34 AM

Post #8 of 34 (1908 views)

Kevin A. McGrail skrev den 2020-07-14 13:55:
> It will get fixed when masscheck pushes out a new ruleset.

until this happen all can restore old ruleset from tarballs

please do not make this problem ever again

Re: update fail [ In reply to ]

Jul 14, 2020, 7:43 AM

Post #9 of 34 (1908 views)

A. Schulze skrev den 2020-07-14 13:19:

> I tried to place "meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)" in
> $LOCAL_RULES_DIR/local.cf
> But that failed, too.

sorry then, my rule ensure that USER_IN_ALLOWLIST_TO exists if
USER_IN_WHITELIST_TO exists aswell

if none of them exists you still have problems where rules depend on one
of them

i use sa 3.4.4 where the problem is none existsing with sa-update

> I had to place the line in $LOCAL_RULES_DIR/local.pre. To me it looks
> like sa-update read only files named $LOCAL_RULES_DIR/*.pre

want to provide sa-update -D on this ?

if you miss plugins, it could fail on lint

Re: update fail [ In reply to ]

Jul 14, 2020, 7:46 AM

Post #10 of 34 (1908 views)

We believe this problem is related to both a problem in the rules as well
as the outdated version of SA by the user. Sa-update on 3.4.3+ will
install on a lint warning.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Tue, Jul 14, 2020 at 10:34 AM Benny Pedersen <me@junc.eu> wrote:

> Kevin A. McGrail skrev den 2020-07-14 13:55:
> > It will get fixed when masscheck pushes out a new ruleset.
>
> until this happen all can restore old ruleset from tarballs
>
> please do not make this problem ever again
>

Re: update fail [ In reply to ]

Jul 14, 2020, 8:00 AM

Post #11 of 34 (1908 views)

Kevin A. McGrail skrev den 2020-07-14 16:46:
> We believe this problem is related to both a problem in the rules as
> well as the outdated version of SA by the user. Sa-update on 3.4.3+
> will install on a lint warning.

its a clear bug on its own

Re: update fail [ In reply to ]

Jul 14, 2020, 8:04 AM

Post #12 of 34 (1908 views)

Yep, agreed. A fix has been committed on the 10th but it's got to go
through masscheck to get published which might take another few days.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Tue, Jul 14, 2020 at 11:00 AM Benny Pedersen <me@junc.eu> wrote:

> Kevin A. McGrail skrev den 2020-07-14 16:46:
> > We believe this problem is related to both a problem in the rules as
> > well as the outdated version of SA by the user. Sa-update on 3.4.3+
> > will install on a lint warning.
>
> its a clear bug on its own
>

Re: update fail [ In reply to ]

Jul 15, 2020, 1:10 AM

Post #13 of 34 (1908 views)

Am Dienstag, den 14.07.2020, 16:43 +0200 schrieb Benny Pedersen:
> A. Schulze skrev den 2020-07-14 13:19:
>
> > I tried to place "meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)"
> > in
> > $LOCAL_RULES_DIR/local.cf
> > But that failed, too.
>
> sorry then, my rule ensure that USER_IN_ALLOWLIST_TO exists if
> USER_IN_WHITELIST_TO exists aswell
>
> if none of them exists you still have problems where rules depend on
> one
> of them
>
> i use sa 3.4.4 where the problem is none existsing with sa-update
>
> > I had to place the line in $LOCAL_RULES_DIR/local.pre. To me it
> > looks
> > like sa-update read only files named $LOCAL_RULES_DIR/*.pre
>
> want to provide sa-update -D on this ?
>
> if you miss plugins, it could fail on lint

Problem now "USER_IN_WELCOMELIST_TO" with spamassassin 3.4.2-
0ubuntu0.16.04.4 on Ubuntu 16.04 LTS:

-------
/etc/cron.hourly/spamassassin:
config: warning: description exists for non-existent rule
USER_IN_WELCOMELIST_TO

channel: lint check of update failed, channel failed
sa-update failed for unknown reasons
-------

So all Ubuntu 16.04 LTS and my be older Debian installations are
affected.

Ciao!

Re: update fail [ In reply to ]

Jul 15, 2020, 3:26 AM

Post #14 of 34 (1908 views)

Yeah, that's just a lint warning. A fix was committed but I had to work
out a merge complaint on the rule system publishing this morning. I
believe a

Can you try now and lmk, please? I think the current ruleset is 1879881
has it fixed and is published.

However SA 3.4.3+ will still install updates with just a warning. Can
you upgrade your SA or are you stuck at 3.4.2?

Regards,

KAM

> Problem now "USER_IN_WELCOMELIST_TO" with spamassassin 3.4.2-
> 0ubuntu0.16.04.4 on Ubuntu 16.04 LTS:
>
> -------
> /etc/cron.hourly/spamassassin:
> config: warning: description exists for non-existent rule
> USER_IN_WELCOMELIST_TO
>
> channel: lint check of update failed, channel failed
> sa-update failed for unknown reasons
> -------
>
> So all Ubuntu 16.04 LTS and my be older Debian installations are
> affected.
>
> Ciao!
>
>
--
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

update fail [ In reply to ]

Jul 15, 2020, 3:29 AM

Post #15 of 34 (1908 views)

Hello Kevin,

As of today July 15th, sa-update (3.3.1) is trying to install 1879817.tar.gz and it's still failing to do so.

Can you tell us in which revision of the signatures this is expected to be fixed? And confirm that this fix will also work for older versions of SA?

Best regards,

Frédéric.

Re: update fail [ In reply to ]

Jul 15, 2020, 3:59 AM

Post #16 of 34 (1908 views)

Am Mittwoch, den 15.07.2020, 06:26 -0400 schrieb Kevin A. McGrail:
> Yeah, that's just a lint warning. A fix was committed but I had to
> work
> out a merge complaint on the rule system publishing this morning. I
> believe a

Yes, but it prevents the signatures from being updated!

> Can you try now and lmk, please? I think the current ruleset is
> 1879881
> has it fixed and is published.
>
> However SA 3.4.3+ will still install updates with just a warning.
> Can
> you upgrade your SA or are you stuck at 3.4.2?

The version for Ubuntu 16.04 LTS is Spamassassin 2.4.2. I don't want to
update the whole server or build a backport on the fly.

In this respect it would be good if the updates are also suitable for a
still supported Ubuntu LTS.

1879817 is the current version and still fails.

Ciao
Marcus

Re: update fail [ In reply to ]

Jul 15, 2020, 4:01 AM

Post #17 of 34 (1908 views)

On 7/15/2020 6:29 AM, Frédéric Nass wrote:
> As of today July 15th, sa-update (3.3.1) is trying to install
> 1879817.tar.gz and it's still failing to do so.

Hi Frederic,

What's the error you are getting specifically?

> Can you tell us in which revision of the signatures this is expected
> to be fixed? And confirm that this fix will also work for older
> versions of SA?

I cannot because I don't know what problem you are having and it works
for me with no lint errors on 3.4.5. with ruleset 1879817. I'd like to
get it working and will look at the error from your sa-update.

A couple more points:

3.3.1 is ancient released over a decade ago. 3.4.4 is significantly
better not to mention more secure with numerous bugs and security issues
fixed including a few CVEs along the way.

Also are you aware that the project's rule updates are ending for that
version? We've been working to convey that info and it's on the
website:*** On March 1, 2020, we will stop publishing rulesets with
SHA-1 checksums. If you do not update to 3.4.2 or later, you will be
stuck at the last ruleset with SHA-1 signatures. ***. This change is
based on a policy requirement of the foundation and security issues with
these weak hashes.

Regards,

KAM

Re: update fail [ In reply to ]

Jul 15, 2020, 4:03 AM

Post #18 of 34 (1908 views)

Am Mittwoch, den 15.07.2020, 12:59 +0200 schrieb Marcus Schopen:
> The version for Ubuntu 16.04 LTS is Spamassassin 2.4.2.

Sorry, Spamassassin 3.4.2-0ubuntu0.16.04.4 of course.

Re: update fail [ In reply to ]

uhlar at fantomas

Jul 15, 2020, 4:06 AM

Post #19 of 34 (1908 views)

On 15.07.20 12:29, Fr?d?ric Nass wrote:
>From: Fr?d?ric Nass <frederic.nass@univ-lorraine.fr>
>To: kmcgrail@apache.org, users@spamassassin.apache.org
>Subject: update fail
>
>
>Hello Kevin,

I am not kevin, is that fine?

>As of today July 15th, sa-update (3.3.1) is trying to install 1879817.tar.gz and it's still failing to do so.
>
>Can you tell us in which revision of the signatures this is expected to be fixed? And confirm that this fix will also work for older versions of SA?

it's described here and not expected to get fixed:

https://spamassassin.apache.org/news.html

*** On March 1, 2020, we will stop publishing rulesets with SHA-1 checksums. If you do not update to 3.4.2 or later, you will be stuck at the last ruleset with SHA-1 checksums. ***

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.

Re: update fail [ In reply to ]

Jul 15, 2020, 4:07 AM

Post #20 of 34 (1908 views)

This isn't the issue.? We haven't turned off the sha1 sigs (yet).

On 7/15/2020 7:06 AM, Matus UHLAR - fantomas wrote:
>
> it's described here and not expected to get fixed:

--
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: update fail [ In reply to ]

Jul 15, 2020, 4:08 AM

Post #21 of 34 (1908 views)

If it is still not working, what error are you getting, please?

On 7/15/2020 6:59 AM, Marcus Schopen wrote:
>> Can you try now and lmk, please? I think the current ruleset is
>> 1879881
>> has it fixed and is published.

--
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: update fail [ In reply to ]

Jul 15, 2020, 4:13 AM

Post #22 of 34 (1908 views)

Am Mittwoch, den 15.07.2020, 07:08 -0400 schrieb Kevin A. McGrail:
> If it is still not working, what error are you getting, please?

On 7/15/2020 6:59 AM, Marcus Schopen wrote:
> > > Can you try now and lmk, please? I think the current ruleset is
> > > 1879881
> > > has it fixed and is published.

---------
config: warning: description exists for non-existent rule
USER_IN_WELCOMELIST_TO

Jul 15 13:10:33.621 [2458] dbg: diag: updates complete, exiting with
code 4
Update failed, exiting with code 4
sa-update failed for unknown reasons
---------

I will send you the complete output.

Ciao!

Re: update fail [ In reply to ]

Jul 15, 2020, 4:58 AM

Post #23 of 34 (1907 views)

On 7/15/2020 7:13 AM, Marcus Schopen wrote:
> ---------
> config: warning: description exists for non-existent rule
> USER_IN_WELCOMELIST_TO
>
> Jul 15 13:10:33.621 [2458] dbg: diag: updates complete, exiting with
> code 4
> Update failed, exiting with code 4
> sa-update failed for unknown reasons
> ---------
>
> I will send you the complete output.
>
Ahh, that is a new problem and only affects old versions 3.4.2 and
before. Working on it.

--
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: update fail [ In reply to ]

Jul 15, 2020, 5:33 AM

Post #24 of 34 (1907 views)

Kevin,

Thank you for your quick and enlightening response! I've seen your other post today about rule update #1879885 that is to be realesed.
Thank you for fixing it for older SA versions (SA 3.3.1 is still the one in CentOS/RHEL 6.10 supported until Nov. 30th).

Best regards,
Frédéric.

----- Le 15 Juil 20, à 13:01, kmcgrail <kmcgrail@apache.org> a écrit :

> On 7/15/2020 6:29 AM, Frédéric Nass wrote:

>> As of today July 15th, sa-update (3.3.1) is trying to install 1879817.tar.gz and
>> it's still failing to do so.

> Hi Frederic,

> What's the error you are getting specifically?

>> Can you tell us in which revision of the signatures this is expected to be
>> fixed? And confirm that this fix will also work for older versions of SA?

> I cannot because I don't know what problem you are having and it works for me
> with no lint errors on 3.4.5. with ruleset 1879817. I'd like to get it working
> and will look at the error from your sa-update.

> A couple more points:

> 3.3.1 is ancient released over a decade ago. 3.4.4 is significantly better not
> to mention more secure with numerous bugs and security issues fixed including a
> few CVEs along the way.

> Also are you aware that the project's rule updates are ending for that version?
> We've been working to convey that info and it's on the website:*** On March 1,
> 2020, we will stop publishing rulesets with SHA-1 checksums. If you do not
> update to 3.4.2 or later, you will be stuck at the last ruleset with SHA-1
> signatures. ***. This change is based on a policy requirement of the foundation
> and security issues with these weak hashes.

> Regards,

> KAM

Re: update fail [ In reply to ]

Jul 15, 2020, 5:59 AM

Post #25 of 34 (1907 views)

On 7/15/2020 8:33 AM, Frédéric Nass wrote:
> Thank you for your quick and enlightening response! I've seen your
> other post today about rule update #1879885 that is to be realesed.
Thanks, Frederic. I hope that fix will resolve your issue as well. I
believe they are one and the same, i.e. a lint warning being treated as
an error on older sa-updates but it gave me the opportunity to
streamline the rule.
> Thank you for fixing it for older SA versions (SA 3.3.1 is still the
> one in CentOS/RHEL 6.10 supported until Nov. 30th).

While we don't try and break older releases on purpose, distro policies
that backport rather than upgrade is not the responsibility of the
Apache SpamAssassin project.

Here's our release support information:

/A major release is supported for no less than 6 months after the
release of the next major release. /

/This means that as of November 30, 2014, all versions prior to
3.4.0 are considered unsupported./

So the version you are using is 6 years out of support. When 4.0.0
comes out as a major release, we will start looking at dropping support
for 3.4. I'm sure someone has produced an RPM for CentOS 6 for 3.4.4 by
now. You might consider asking about that and upgrading. There's a lot
of great features (and bug and security fixes) in 3.4.4. And 3.4.5 will
be coming soon too. A pre1 release is already out and I'm tweaking a
pre2 for the past week.

Regards,
KAM

Re: update fail [ In reply to ]

shiva at sewingwitch

Jul 15, 2020, 12:21 PM

Post #26 of 34 (766 views)

--On Wednesday, July 15, 2020 9:59 AM -0400 "Kevin A. McGrail"
<kmcgrail@apache.org> wrote:

> I'm sure someone has produced an RPM for CentOS 6 for 3.4.4 by
> now.

I'm using John Hardin's recommendation from his 2020-02-07 post and it's
working fine on CentOS 7:

> You can download the original (as well as later versions if/when they are
> produced) from FC rawhide here:
>
>
http://mirror.siena.edu/fedora/linux/development/rawhide/Everything/source/tree/Packages/s/
>
> (or whatever your closest FC Rawhide mirror is)
>
> Per Amir, if you install the perl-generators package from EPEL you can
> build that with no changes needed.

Re: update fail [ In reply to ]

Jul 16, 2020, 12:15 PM

Post #27 of 34 (764 views)

Frederic, I believe ruleset 1879934 has been published and should fix the
issue. Can you confirm, please?
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail <kmcgrail@apache.org>
wrote:

> On 7/15/2020 6:29 AM, Frédéric Nass wrote:
>
> As of today July 15th, sa-update (3.3.1) is trying to install
> 1879817.tar.gz and it's still failing to do so.
>
> Hi Frederic,
>
> What's the error you are getting specifically?
>
> Can you tell us in which revision of the signatures this is expected to be
> fixed? And confirm that this fix will also work for older versions of SA?
>
> I cannot because I don't know what problem you are having and it works for
> me with no lint errors on 3.4.5. with ruleset 1879817. I'd like to get it
> working and will look at the error from your sa-update.
>
> A couple more points:
>
> 3.3.1 is ancient released over a decade ago. 3.4.4 is significantly
> better not to mention more secure with numerous bugs and security issues
> fixed including a few CVEs along the way.
>
> Also are you aware that the project's rule updates are ending for that
> version? We've been working to convey that info and it's on the
> website:*** On March 1, 2020, we will stop publishing rulesets with SHA-1
> checksums. If you do not update to 3.4.2 or later, you will be stuck at
> the last ruleset with SHA-1 signatures. ***. This change is based on a
> policy requirement of the foundation and security issues with these weak
> hashes.
>
> Regards,
>
> KAM
>
>
>
>

Re: update fail [ In reply to ]

Jul 17, 2020, 3:01 AM

Post #28 of 34 (764 views)

Hi Kevin,

Thanks for taking care. I believe I'm still getting 1879434 (or maybe
1879882?) as per the debug log below:

juil. 17 11:55:27.015 [9424] dbg: gpg: release trusted key id list:
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
26C900A46DD40CD5AD24F6D7DEE01987265FA05B
0C2B1D7175B852C64B3CDC716C55397824F434CE
juil. 17 11:55:27.017 [9424] dbg: channel: attempting channel
updates.spamassassin.org
juil. 17 11:55:27.017 [9424] dbg: channel: update directory
/var/lib/spamassassin/3.003001/updates_spamassassin_org
juil. 17 11:55:27.017 [9424] dbg: channel: channel cf file
/var/lib/spamassassin/3.003001/updates_spamassassin_org.cf
juil. 17 11:55:27.017 [9424] dbg: channel: channel pre file
/var/lib/spamassassin/3.003001/updates_spamassassin_org.pre
juil. 17 11:55:27.017 [9424] dbg: channel: metadata version = 1879434
juil. 17 11:55:27.207 [9424] dbg: dns: 1.3.3.updates.spamassassin.org =>
1879882, parsed as 1879882
juil. 17 11:55:27.207 [9424] dbg: channel: preparing temp directory for
new channel
juil. 17 11:55:27.207 [9424] dbg: generic: update tmp directory
/tmp/.spamassassin9424vbPoDttmp
juil. 17 11:55:27.207 [9424] dbg: generic: lint checking site pre files
once before attempting channel updates
juil. 17 11:55:27.207 [9424] dbg: generic: SpamAssassin version 3.3.1
juil. 17 11:55:27.207 [9424] dbg: generic: Perl 5.010001, PREFIX=/usr,
DEF_RULES_DIR=/usr/share/spamassassin,
LOCAL_RULES_DIR=/etc/mail/spamassassin,
LOCAL_STATE_DIR=/var/lib/spamassassin
juil. 17 11:55:27.207 [9424] dbg: config: timing enabled
juil. 17 11:55:27.208 [9424] dbg: config: score set 0 chosen.
juil. 17 11:55:27.209 [9424] dbg: dns: is Net::DNS::Resolver available? yes
juil. 17 11:55:27.210 [9424] dbg: dns: Net::DNS version: 0.65

I will let you know when I get update 1879882 or 1879885.

Regards,

Frédéric.

Cordialement,

Frédéric Nass
Direction du Numérique
Sous-direction Infrastructures et Services

Tél : 03.72.74.11.35

Le 16/07/2020 à 21:15, Kevin A. McGrail a écrit :
> Frederic, I believe ruleset 1879934 has been published and should fix
> the issue. Can you confirm, please?
> --
> Kevin A. McGrail
> Member, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>
>
> On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail <kmcgrail@apache.org
> <mailto:kmcgrail@apache.org>> wrote:
>
> On 7/15/2020 6:29 AM, Frédéric Nass wrote:
>> As of today July 15th, sa-update (3.3.1) is trying to install
>> 1879817.tar.gz and it's still failing to do so.
>
> Hi Frederic,
>
> What's the error you are getting specifically?
>
>> Can you tell us in which revision of the signatures this is
>> expected to be fixed? And confirm that this fix will also work
>> for older versions of SA?
>
> I cannot because I don't know what problem you are having and it
> works for me with no lint errors on 3.4.5. with ruleset 1879817.
> I'd like to get it working and will look at the error from your
> sa-update.
>
> A couple more points:
>
> 3.3.1 is ancient released over a decade ago. 3.4.4 is
> significantly better not to mention more secure with numerous bugs
> and security issues fixed including a few CVEs along the way.
>
> Also are you aware that the project's rule updates are ending for
> that version? We've been working to convey that info and it's on
> the website:*** On March 1, 2020, we will stop publishing rulesets
> with SHA-1 checksums. If you do not update to 3.4.2 or later, you
> will be stuck at the last ruleset with SHA-1 signatures. ***. This
> change is based on a policy requirement of the foundation and
> security issues with these weak hashes.
>
> Regards,
>
> KAM
>
>
>

Re: update fail [ In reply to ]

Jul 17, 2020, 4:29 AM

Post #29 of 34 (764 views)

Sorry I meant "I'll let you know when I get 1879934".

juil. 17 13:15:21.107 [21396] dbg: generic: lint check of site pre files
succeeded, continuing with channel updates
juil. 17 13:15:21.107 [21396] dbg: channel: MIRRORED.BY file is too old,
forcing refresh
juil. 17 13:15:21.107 [21396] dbg: channel: no MIRRORED.BY file available
juil. 17 13:15:21.111 [21396] dbg: http: GET request,
http://spamassassin.apache.org/updates/MIRRORED.BY
juil. 17 13:15:21.209 [21396] dbg: channel: MIRRORED.BY file retrieved
juil. 17 13:15:21.209 [21396] dbg: channel: reading MIRRORED.BY file
juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
http://sa-update.dnswl.org/ weight=3
juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
http://www.sa-update.pccc.com/ weight=5
juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
http://sa-update.secnap.net/ weight=5
juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
http://sa-update.space-pro.be/ weight=1
juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
http://sa-update.ena.com/ weight=5
juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
http://sa-update.razx.cloud/ weight=5
juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
http://sa-update.fossies.org/ weight=1
juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
http://sa-update.verein-clean.net/ weight=10
juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
http://sa-update.bitwell.fi/ weight=5
juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
http://sa-update.spamassassin.org/ weight=10
juil. 17 13:15:21.210 [21396] dbg: channel: selected mirror
http://sa-update.verein-clean.net
juil. 17 13:15:21.210 [21396] dbg: http: GET request,
http://sa-update.verein-clean.net/1879882.tar.gz
juil. 17 13:15:21.445 [21396] dbg: http: GET request,
http://sa-update.verein-clean.net/1879882.tar.gz.sha1
juil. 17 13:15:21.497 [21396] dbg: http: GET request,
http://sa-update.verein-clean.net/1879882.tar.gz.asc
juil. 17 13:15:21.551 [21396] dbg: sha1: verification wanted:
8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
juil. 17 13:15:21.551 [21396] dbg: sha1: verification result:
8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be

I tried --channel and --channelfile but whatever the server name I
specify, sa-update adds a "mirrors." in front of its name and fails:

juil. 17 13:26:55.767 [23345] dbg: dns: query failed:
1.3.3.sa-update.spamassassin.org => NXDOMAIN
juil. 17 13:26:55.768 [23345] dbg: dns: query failed:
mirrors.sa-update.spamassassin.org => NXDOMAIN
channel: no 'mirrors.sa-update.spamassassin.org' record found, channel
failed
juil. 17 13:26:55.768 [23345] dbg: diag: updates complete, exiting with
code 4

Thats weird.

Cordialement,

Frédéric Nass
Direction du Numérique
Sous-direction Infrastructures et Services

Tél : 03.72.74.11.35

Le 17/07/2020 à 12:01, Frédéric Nass a écrit :
>
> Hi Kevin,
>
> Thanks for taking care. I believe I'm still getting 1879434 (or maybe
> 1879882?) as per the debug log below:
>
> juil. 17 11:55:27.015 [9424] dbg: gpg: release trusted key id list:
> 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
> 26C900A46DD40CD5AD24F6D7DEE01987265FA05B
> 0C2B1D7175B852C64B3CDC716C55397824F434CE
> juil. 17 11:55:27.017 [9424] dbg: channel: attempting channel
> updates.spamassassin.org
> juil. 17 11:55:27.017 [9424] dbg: channel: update directory
> /var/lib/spamassassin/3.003001/updates_spamassassin_org
> juil. 17 11:55:27.017 [9424] dbg: channel: channel cf file
> /var/lib/spamassassin/3.003001/updates_spamassassin_org.cf
> juil. 17 11:55:27.017 [9424] dbg: channel: channel pre file
> /var/lib/spamassassin/3.003001/updates_spamassassin_org.pre
> juil. 17 11:55:27.017 [9424] dbg: channel: metadata version = 1879434
> juil. 17 11:55:27.207 [9424] dbg: dns: 1.3.3.updates.spamassassin.org
> => 1879882, parsed as 1879882
> juil. 17 11:55:27.207 [9424] dbg: channel: preparing temp directory
> for new channel
> juil. 17 11:55:27.207 [9424] dbg: generic: update tmp directory
> /tmp/.spamassassin9424vbPoDttmp
> juil. 17 11:55:27.207 [9424] dbg: generic: lint checking site pre
> files once before attempting channel updates
> juil. 17 11:55:27.207 [9424] dbg: generic: SpamAssassin version 3.3.1
> juil. 17 11:55:27.207 [9424] dbg: generic: Perl 5.010001, PREFIX=/usr,
> DEF_RULES_DIR=/usr/share/spamassassin,
> LOCAL_RULES_DIR=/etc/mail/spamassassin,
> LOCAL_STATE_DIR=/var/lib/spamassassin
> juil. 17 11:55:27.207 [9424] dbg: config: timing enabled
> juil. 17 11:55:27.208 [9424] dbg: config: score set 0 chosen.
> juil. 17 11:55:27.209 [9424] dbg: dns: is Net::DNS::Resolver
> available? yes
> juil. 17 11:55:27.210 [9424] dbg: dns: Net::DNS version: 0.65
>
> I will let you know when I get update 1879882 or 1879885.
>
> Regards,
>
> Frédéric.
>
> Cordialement,
>
> Frédéric Nass
> Direction du Numérique
> Sous-direction Infrastructures et Services
>
> Tél : 03.72.74.11.35
> Le 16/07/2020 à 21:15, Kevin A. McGrail a écrit :
>> Frederic, I believe ruleset 1879934 has been published and should fix
>> the issue. Can you confirm, please?
>> --
>> Kevin A. McGrail
>> Member, Apache Software Foundation
>> Chair Emeritus Apache SpamAssassin Project
>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>
>>
>> On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail <kmcgrail@apache.org
>> <mailto:kmcgrail@apache.org>> wrote:
>>
>> On 7/15/2020 6:29 AM, Frédéric Nass wrote:
>>> As of today July 15th, sa-update (3.3.1) is trying to install
>>> 1879817.tar.gz and it's still failing to do so.
>>
>> Hi Frederic,
>>
>> What's the error you are getting specifically?
>>
>>> Can you tell us in which revision of the signatures this is
>>> expected to be fixed? And confirm that this fix will also work
>>> for older versions of SA?
>>
>> I cannot because I don't know what problem you are having and it
>> works for me with no lint errors on 3.4.5. with ruleset 1879817.
>> I'd like to get it working and will look at the error from your
>> sa-update.
>>
>> A couple more points:
>>
>> 3.3.1 is ancient released over a decade ago. 3.4.4 is
>> significantly better not to mention more secure with numerous
>> bugs and security issues fixed including a few CVEs along the way.
>>
>> Also are you aware that the project's rule updates are ending for
>> that version? We've been working to convey that info and it's on
>> the website:*** On March 1, 2020, we will stop publishing
>> rulesets with SHA-1 checksums. If you do not update to 3.4.2 or
>> later, you will be stuck at the last ruleset with SHA-1
>> signatures. ***. This change is based on a policy requirement of
>> the foundation and security issues with these weak hashes.
>>
>> Regards,
>>
>> KAM
>>
>>
>>

Re: update fail [ In reply to ]

Jul 17, 2020, 4:55 AM

Post #30 of 34 (764 views)

Ok. 1879934.tar.gz has been published on sa-update.bitwell.fi as I can
download it with wget.

So I've changed
/var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY to
only use this particular mirror, but sa-update still downloads
1879882.tar.gz instead of 1879934.tar.gz.

Here is the debug log :
https://bul.univ-lorraine.fr/index.php/s/CS8z9nnxFncmMYP/download

Cordialement,

Frédéric Nass
Direction du Numérique
Sous-direction Infrastructures et Services

Tél : 03.72.74.11.35

Le 17/07/2020 à 13:29, Frédéric Nass a écrit :
>
> Sorry I meant "I'll let you know when I get 1879934".
>
> juil. 17 13:15:21.107 [21396] dbg: generic: lint check of site pre
> files succeeded, continuing with channel updates
> juil. 17 13:15:21.107 [21396] dbg: channel: MIRRORED.BY file is too
> old, forcing refresh
> juil. 17 13:15:21.107 [21396] dbg: channel: no MIRRORED.BY file available
> juil. 17 13:15:21.111 [21396] dbg: http: GET request,
> http://spamassassin.apache.org/updates/MIRRORED.BY
> juil. 17 13:15:21.209 [21396] dbg: channel: MIRRORED.BY file retrieved
> juil. 17 13:15:21.209 [21396] dbg: channel: reading MIRRORED.BY file
> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
> http://sa-update.dnswl.org/ weight=3
> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
> http://www.sa-update.pccc.com/ weight=5
> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
> http://sa-update.secnap.net/ weight=5
> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> http://sa-update.space-pro.be/ weight=1
> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> http://sa-update.ena.com/ weight=5
> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> http://sa-update.razx.cloud/ weight=5
> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> http://sa-update.fossies.org/ weight=1
> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> http://sa-update.verein-clean.net/ weight=10
> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> http://sa-update.bitwell.fi/ weight=5
> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> http://sa-update.spamassassin.org/ weight=10
> juil. 17 13:15:21.210 [21396] dbg: channel: selected mirror
> http://sa-update.verein-clean.net
> juil. 17 13:15:21.210 [21396] dbg: http: GET request,
> http://sa-update.verein-clean.net/1879882.tar.gz
> juil. 17 13:15:21.445 [21396] dbg: http: GET request,
> http://sa-update.verein-clean.net/1879882.tar.gz.sha1
> juil. 17 13:15:21.497 [21396] dbg: http: GET request,
> http://sa-update.verein-clean.net/1879882.tar.gz.asc
> juil. 17 13:15:21.551 [21396] dbg: sha1: verification wanted:
> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
> juil. 17 13:15:21.551 [21396] dbg: sha1: verification result:
> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
>
> I tried --channel and --channelfile but whatever the server name I
> specify, sa-update adds a "mirrors." in front of its name and fails:
>
> juil. 17 13:26:55.767 [23345] dbg: dns: query failed:
> 1.3.3.sa-update.spamassassin.org => NXDOMAIN
> juil. 17 13:26:55.768 [23345] dbg: dns: query failed:
> mirrors.sa-update.spamassassin.org => NXDOMAIN
> channel: no 'mirrors.sa-update.spamassassin.org' record found, channel
> failed
> juil. 17 13:26:55.768 [23345] dbg: diag: updates complete, exiting
> with code 4
>
> Thats weird.
>
> Cordialement,
>
> Frédéric Nass
> Direction du Numérique
> Sous-direction Infrastructures et Services
>
> Tél : 03.72.74.11.35
> Le 17/07/2020 à 12:01, Frédéric Nass a écrit :
>>
>> Hi Kevin,
>>
>> Thanks for taking care. I believe I'm still getting 1879434 (or maybe
>> 1879882?) as per the debug log below:
>>
>> juil. 17 11:55:27.015 [9424] dbg: gpg: release trusted key id list:
>> 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
>> 26C900A46DD40CD5AD24F6D7DEE01987265FA05B
>> 0C2B1D7175B852C64B3CDC716C55397824F434CE
>> juil. 17 11:55:27.017 [9424] dbg: channel: attempting channel
>> updates.spamassassin.org
>> juil. 17 11:55:27.017 [9424] dbg: channel: update directory
>> /var/lib/spamassassin/3.003001/updates_spamassassin_org
>> juil. 17 11:55:27.017 [9424] dbg: channel: channel cf file
>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.cf
>> juil. 17 11:55:27.017 [9424] dbg: channel: channel pre file
>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.pre
>> juil. 17 11:55:27.017 [9424] dbg: channel: metadata version = 1879434
>> juil. 17 11:55:27.207 [9424] dbg: dns: 1.3.3.updates.spamassassin.org
>> => 1879882, parsed as 1879882
>> juil. 17 11:55:27.207 [9424] dbg: channel: preparing temp directory
>> for new channel
>> juil. 17 11:55:27.207 [9424] dbg: generic: update tmp directory
>> /tmp/.spamassassin9424vbPoDttmp
>> juil. 17 11:55:27.207 [9424] dbg: generic: lint checking site pre
>> files once before attempting channel updates
>> juil. 17 11:55:27.207 [9424] dbg: generic: SpamAssassin version 3.3.1
>> juil. 17 11:55:27.207 [9424] dbg: generic: Perl 5.010001,
>> PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin,
>> LOCAL_RULES_DIR=/etc/mail/spamassassin,
>> LOCAL_STATE_DIR=/var/lib/spamassassin
>> juil. 17 11:55:27.207 [9424] dbg: config: timing enabled
>> juil. 17 11:55:27.208 [9424] dbg: config: score set 0 chosen.
>> juil. 17 11:55:27.209 [9424] dbg: dns: is Net::DNS::Resolver
>> available? yes
>> juil. 17 11:55:27.210 [9424] dbg: dns: Net::DNS version: 0.65
>>
>> I will let you know when I get update 1879882 or 1879885.
>>
>> Regards,
>>
>> Frédéric.
>>
>> Cordialement,
>>
>> Frédéric Nass
>> Direction du Numérique
>> Sous-direction Infrastructures et Services
>>
>> Tél : 03.72.74.11.35
>> Le 16/07/2020 à 21:15, Kevin A. McGrail a écrit :
>>> Frederic, I believe ruleset 1879934 has been published and should
>>> fix the issue. Can you confirm, please?
>>> --
>>> Kevin A. McGrail
>>> Member, Apache Software Foundation
>>> Chair Emeritus Apache SpamAssassin Project
>>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>>
>>>
>>> On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail
>>> <kmcgrail@apache.org <mailto:kmcgrail@apache.org>> wrote:
>>>
>>> On 7/15/2020 6:29 AM, Frédéric Nass wrote:
>>>> As of today July 15th, sa-update (3.3.1) is trying to install
>>>> 1879817.tar.gz and it's still failing to do so.
>>>
>>> Hi Frederic,
>>>
>>> What's the error you are getting specifically?
>>>
>>>> Can you tell us in which revision of the signatures this is
>>>> expected to be fixed? And confirm that this fix will also work
>>>> for older versions of SA?
>>>
>>> I cannot because I don't know what problem you are having and it
>>> works for me with no lint errors on 3.4.5. with ruleset
>>> 1879817. I'd like to get it working and will look at the error
>>> from your sa-update.
>>>
>>> A couple more points:
>>>
>>> 3.3.1 is ancient released over a decade ago. 3.4.4 is
>>> significantly better not to mention more secure with numerous
>>> bugs and security issues fixed including a few CVEs along the way.
>>>
>>> Also are you aware that the project's rule updates are ending
>>> for that version? We've been working to convey that info and
>>> it's on the website:*** On March 1, 2020, we will stop
>>> publishing rulesets with SHA-1 checksums. If you do not update
>>> to 3.4.2 or later, you will be stuck at the last ruleset with
>>> SHA-1 signatures. ***. This change is based on a policy
>>> requirement of the foundation and security issues with these
>>> weak hashes.
>>>
>>> Regards,
>>>
>>> KAM
>>>
>>>
>>>

Re: update fail [ In reply to ]

Jul 17, 2020, 6:34 AM

Post #31 of 34 (764 views)

Is there a mandatory update path that sa-update observes to reach the
last update? Like it has to go through all updates to reach the last
one? That would explain why it's still trying to install 1879882.tar.gz
instead of 1879934.tar.gz

I know I can work around this with --install, but since you've been
helping hard on this, I prefer to have you knowing whether the new rules
will be automatically updated on older SA versions or not.

Best regards,

Cordialement,

Frédéric Nass
Direction du Numérique
Sous-direction Infrastructures et Services

Tél : 03.72.74.11.35

Le 17/07/2020 à 13:55, Frédéric Nass a écrit :
>
> Ok. 1879934.tar.gz has been published on sa-update.bitwell.fi as I can
> download it with wget.
>
> So I've changed
> /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY to
> only use this particular mirror, but sa-update still downloads
> 1879882.tar.gz instead of 1879934.tar.gz.
>
> Here is the debug log :
> https://bul.univ-lorraine.fr/index.php/s/CS8z9nnxFncmMYP/download
>
> Cordialement,
>
> Frédéric Nass
> Direction du Numérique
> Sous-direction Infrastructures et Services
>
> Tél : 03.72.74.11.35
> Le 17/07/2020 à 13:29, Frédéric Nass a écrit :
>>
>> Sorry I meant "I'll let you know when I get 1879934".
>>
>> juil. 17 13:15:21.107 [21396] dbg: generic: lint check of site pre
>> files succeeded, continuing with channel updates
>> juil. 17 13:15:21.107 [21396] dbg: channel: MIRRORED.BY file is too
>> old, forcing refresh
>> juil. 17 13:15:21.107 [21396] dbg: channel: no MIRRORED.BY file available
>> juil. 17 13:15:21.111 [21396] dbg: http: GET request,
>> http://spamassassin.apache.org/updates/MIRRORED.BY
>> juil. 17 13:15:21.209 [21396] dbg: channel: MIRRORED.BY file retrieved
>> juil. 17 13:15:21.209 [21396] dbg: channel: reading MIRRORED.BY file
>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
>> http://sa-update.dnswl.org/ weight=3
>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
>> http://www.sa-update.pccc.com/ weight=5
>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
>> http://sa-update.secnap.net/ weight=5
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.space-pro.be/ weight=1
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.ena.com/ weight=5
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.razx.cloud/ weight=5
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.fossies.org/ weight=1
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.verein-clean.net/ weight=10
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.bitwell.fi/ weight=5
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.spamassassin.org/ weight=10
>> juil. 17 13:15:21.210 [21396] dbg: channel: selected mirror
>> http://sa-update.verein-clean.net
>> juil. 17 13:15:21.210 [21396] dbg: http: GET request,
>> http://sa-update.verein-clean.net/1879882.tar.gz
>> juil. 17 13:15:21.445 [21396] dbg: http: GET request,
>> http://sa-update.verein-clean.net/1879882.tar.gz.sha1
>> juil. 17 13:15:21.497 [21396] dbg: http: GET request,
>> http://sa-update.verein-clean.net/1879882.tar.gz.asc
>> juil. 17 13:15:21.551 [21396] dbg: sha1: verification wanted:
>> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
>> juil. 17 13:15:21.551 [21396] dbg: sha1: verification result:
>> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
>>
>> I tried --channel and --channelfile but whatever the server name I
>> specify, sa-update adds a "mirrors." in front of its name and fails:
>>
>> juil. 17 13:26:55.767 [23345] dbg: dns: query failed:
>> 1.3.3.sa-update.spamassassin.org => NXDOMAIN
>> juil. 17 13:26:55.768 [23345] dbg: dns: query failed:
>> mirrors.sa-update.spamassassin.org => NXDOMAIN
>> channel: no 'mirrors.sa-update.spamassassin.org' record found,
>> channel failed
>> juil. 17 13:26:55.768 [23345] dbg: diag: updates complete, exiting
>> with code 4
>>
>> Thats weird.
>>
>> Cordialement,
>>
>> Frédéric Nass
>> Direction du Numérique
>> Sous-direction Infrastructures et Services
>>
>> Tél : 03.72.74.11.35
>> Le 17/07/2020 à 12:01, Frédéric Nass a écrit :
>>>
>>> Hi Kevin,
>>>
>>> Thanks for taking care. I believe I'm still getting 1879434 (or
>>> maybe 1879882?) as per the debug log below:
>>>
>>> juil. 17 11:55:27.015 [9424] dbg: gpg: release trusted key id list:
>>> 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
>>> 26C900A46DD40CD5AD24F6D7DEE01987265FA05B
>>> 0C2B1D7175B852C64B3CDC716C55397824F434CE
>>> juil. 17 11:55:27.017 [9424] dbg: channel: attempting channel
>>> updates.spamassassin.org
>>> juil. 17 11:55:27.017 [9424] dbg: channel: update directory
>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org
>>> juil. 17 11:55:27.017 [9424] dbg: channel: channel cf file
>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.cf
>>> juil. 17 11:55:27.017 [9424] dbg: channel: channel pre file
>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.pre
>>> juil. 17 11:55:27.017 [9424] dbg: channel: metadata version = 1879434
>>> juil. 17 11:55:27.207 [9424] dbg: dns:
>>> 1.3.3.updates.spamassassin.org => 1879882, parsed as 1879882
>>> juil. 17 11:55:27.207 [9424] dbg: channel: preparing temp directory
>>> for new channel
>>> juil. 17 11:55:27.207 [9424] dbg: generic: update tmp directory
>>> /tmp/.spamassassin9424vbPoDttmp
>>> juil. 17 11:55:27.207 [9424] dbg: generic: lint checking site pre
>>> files once before attempting channel updates
>>> juil. 17 11:55:27.207 [9424] dbg: generic: SpamAssassin version 3.3.1
>>> juil. 17 11:55:27.207 [9424] dbg: generic: Perl 5.010001,
>>> PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin,
>>> LOCAL_RULES_DIR=/etc/mail/spamassassin,
>>> LOCAL_STATE_DIR=/var/lib/spamassassin
>>> juil. 17 11:55:27.207 [9424] dbg: config: timing enabled
>>> juil. 17 11:55:27.208 [9424] dbg: config: score set 0 chosen.
>>> juil. 17 11:55:27.209 [9424] dbg: dns: is Net::DNS::Resolver
>>> available? yes
>>> juil. 17 11:55:27.210 [9424] dbg: dns: Net::DNS version: 0.65
>>>
>>> I will let you know when I get update 1879882 or 1879885.
>>>
>>> Regards,
>>>
>>> Frédéric.
>>>
>>> Cordialement,
>>>
>>> Frédéric Nass
>>> Direction du Numérique
>>> Sous-direction Infrastructures et Services
>>>
>>> Tél : 03.72.74.11.35
>>> Le 16/07/2020 à 21:15, Kevin A. McGrail a écrit :
>>>> Frederic, I believe ruleset 1879934 has been published and should
>>>> fix the issue. Can you confirm, please?
>>>> --
>>>> Kevin A. McGrail
>>>> Member, Apache Software Foundation
>>>> Chair Emeritus Apache SpamAssassin Project
>>>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>>>
>>>>
>>>> On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail
>>>> <kmcgrail@apache.org <mailto:kmcgrail@apache.org>> wrote:
>>>>
>>>> On 7/15/2020 6:29 AM, Frédéric Nass wrote:
>>>>> As of today July 15th, sa-update (3.3.1) is trying to install
>>>>> 1879817.tar.gz and it's still failing to do so.
>>>>
>>>> Hi Frederic,
>>>>
>>>> What's the error you are getting specifically?
>>>>
>>>>> Can you tell us in which revision of the signatures this is
>>>>> expected to be fixed? And confirm that this fix will also work
>>>>> for older versions of SA?
>>>>
>>>> I cannot because I don't know what problem you are having and
>>>> it works for me with no lint errors on 3.4.5. with ruleset
>>>> 1879817. I'd like to get it working and will look at the error
>>>> from your sa-update.
>>>>
>>>> A couple more points:
>>>>
>>>> 3.3.1 is ancient released over a decade ago. 3.4.4 is
>>>> significantly better not to mention more secure with numerous
>>>> bugs and security issues fixed including a few CVEs along the way.
>>>>
>>>> Also are you aware that the project's rule updates are ending
>>>> for that version? We've been working to convey that info and
>>>> it's on the website:*** On March 1, 2020, we will stop
>>>> publishing rulesets with SHA-1 checksums. If you do not
>>>> update to 3.4.2 or later, you will be stuck at the last ruleset
>>>> with SHA-1 signatures. ***. This change is based on a policy
>>>> requirement of the foundation and security issues with these
>>>> weak hashes.
>>>>
>>>> Regards,
>>>>
>>>> KAM
>>>>
>>>>
>>>>

Re: update fail [ In reply to ]

Jul 17, 2020, 10:03 AM

Post #32 of 34 (763 views)

Thanks. The fix is long since submitted with the rules but rule
publishing is not including it. I have asked two other PMC members to
take a look!

On 7/17/2020 7:55 AM, Frédéric Nass wrote:
>
> Ok. 1879934.tar.gz has been published on sa-update.bitwell.fi as I can
> download it with wget.
>
> So I've changed
> /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY to
> only use this particular mirror, but sa-update still downloads
> 1879882.tar.gz instead of 1879934.tar.gz.
>
> Here is the debug log :
> https://bul.univ-lorraine.fr/index.php/s/CS8z9nnxFncmMYP/download
>
> Cordialement,
>
> Frédéric Nass
> Direction du Numérique
> Sous-direction Infrastructures et Services
>
> Tél : 03.72.74.11.35
> Le 17/07/2020 à 13:29, Frédéric Nass a écrit :
>>
>> Sorry I meant "I'll let you know when I get 1879934".
>>
>> juil. 17 13:15:21.107 [21396] dbg: generic: lint check of site pre
>> files succeeded, continuing with channel updates
>> juil. 17 13:15:21.107 [21396] dbg: channel: MIRRORED.BY file is too
>> old, forcing refresh
>> juil. 17 13:15:21.107 [21396] dbg: channel: no MIRRORED.BY file available
>> juil. 17 13:15:21.111 [21396] dbg: http: GET request,
>> http://spamassassin.apache.org/updates/MIRRORED.BY
>> juil. 17 13:15:21.209 [21396] dbg: channel: MIRRORED.BY file retrieved
>> juil. 17 13:15:21.209 [21396] dbg: channel: reading MIRRORED.BY file
>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
>> http://sa-update.dnswl.org/ weight=3
>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
>> http://www.sa-update.pccc.com/ weight=5
>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
>> http://sa-update.secnap.net/ weight=5
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.space-pro.be/ weight=1
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.ena.com/ weight=5
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.razx.cloud/ weight=5
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.fossies.org/ weight=1
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.verein-clean.net/ weight=10
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.bitwell.fi/ weight=5
>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
>> http://sa-update.spamassassin.org/ weight=10
>> juil. 17 13:15:21.210 [21396] dbg: channel: selected mirror
>> http://sa-update.verein-clean.net
>> juil. 17 13:15:21.210 [21396] dbg: http: GET request,
>> http://sa-update.verein-clean.net/1879882.tar.gz
>> juil. 17 13:15:21.445 [21396] dbg: http: GET request,
>> http://sa-update.verein-clean.net/1879882.tar.gz.sha1
>> juil. 17 13:15:21.497 [21396] dbg: http: GET request,
>> http://sa-update.verein-clean.net/1879882.tar.gz.asc
>> juil. 17 13:15:21.551 [21396] dbg: sha1: verification wanted:
>> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
>> juil. 17 13:15:21.551 [21396] dbg: sha1: verification result:
>> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
>>
>> I tried --channel and --channelfile but whatever the server name I
>> specify, sa-update adds a "mirrors." in front of its name and fails:
>>
>> juil. 17 13:26:55.767 [23345] dbg: dns: query failed:
>> 1.3.3.sa-update.spamassassin.org => NXDOMAIN
>> juil. 17 13:26:55.768 [23345] dbg: dns: query failed:
>> mirrors.sa-update.spamassassin.org => NXDOMAIN
>> channel: no 'mirrors.sa-update.spamassassin.org' record found,
>> channel failed
>> juil. 17 13:26:55.768 [23345] dbg: diag: updates complete, exiting
>> with code 4
>>
>> Thats weird.
>>
>> Cordialement,
>>
>> Frédéric Nass
>> Direction du Numérique
>> Sous-direction Infrastructures et Services
>>
>> Tél : 03.72.74.11.35
>> Le 17/07/2020 à 12:01, Frédéric Nass a écrit :
>>>
>>> Hi Kevin,
>>>
>>> Thanks for taking care. I believe I'm still getting 1879434 (or
>>> maybe 1879882?) as per the debug log below:
>>>
>>> juil. 17 11:55:27.015 [9424] dbg: gpg: release trusted key id list:
>>> 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
>>> 26C900A46DD40CD5AD24F6D7DEE01987265FA05B
>>> 0C2B1D7175B852C64B3CDC716C55397824F434CE
>>> juil. 17 11:55:27.017 [9424] dbg: channel: attempting channel
>>> updates.spamassassin.org
>>> juil. 17 11:55:27.017 [9424] dbg: channel: update directory
>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org
>>> juil. 17 11:55:27.017 [9424] dbg: channel: channel cf file
>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.cf
>>> juil. 17 11:55:27.017 [9424] dbg: channel: channel pre file
>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.pre
>>> juil. 17 11:55:27.017 [9424] dbg: channel: metadata version = 1879434
>>> juil. 17 11:55:27.207 [9424] dbg: dns:
>>> 1.3.3.updates.spamassassin.org => 1879882, parsed as 1879882
>>> juil. 17 11:55:27.207 [9424] dbg: channel: preparing temp directory
>>> for new channel
>>> juil. 17 11:55:27.207 [9424] dbg: generic: update tmp directory
>>> /tmp/.spamassassin9424vbPoDttmp
>>> juil. 17 11:55:27.207 [9424] dbg: generic: lint checking site pre
>>> files once before attempting channel updates
>>> juil. 17 11:55:27.207 [9424] dbg: generic: SpamAssassin version 3.3.1
>>> juil. 17 11:55:27.207 [9424] dbg: generic: Perl 5.010001,
>>> PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin,
>>> LOCAL_RULES_DIR=/etc/mail/spamassassin,
>>> LOCAL_STATE_DIR=/var/lib/spamassassin
>>> juil. 17 11:55:27.207 [9424] dbg: config: timing enabled
>>> juil. 17 11:55:27.208 [9424] dbg: config: score set 0 chosen.
>>> juil. 17 11:55:27.209 [9424] dbg: dns: is Net::DNS::Resolver
>>> available? yes
>>> juil. 17 11:55:27.210 [9424] dbg: dns: Net::DNS version: 0.65
>>>
>>> I will let you know when I get update 1879882 or 1879885.
>>>
>>> Regards,
>>>
>>> Frédéric.
>>>
>>> Cordialement,
>>>
>>> Frédéric Nass
>>> Direction du Numérique
>>> Sous-direction Infrastructures et Services
>>>
>>> Tél : 03.72.74.11.35
>>> Le 16/07/2020 à 21:15, Kevin A. McGrail a écrit :
>>>> Frederic, I believe ruleset 1879934 has been published and should
>>>> fix the issue. Can you confirm, please?
>>>> --
>>>> Kevin A. McGrail
>>>> Member, Apache Software Foundation
>>>> Chair Emeritus Apache SpamAssassin Project
>>>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>>>
>>>>
>>>> On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail
>>>> <kmcgrail@apache.org <mailto:kmcgrail@apache.org>> wrote:
>>>>
>>>> On 7/15/2020 6:29 AM, Frédéric Nass wrote:
>>>>> As of today July 15th, sa-update (3.3.1) is trying to install
>>>>> 1879817.tar.gz and it's still failing to do so.
>>>>
>>>> Hi Frederic,
>>>>
>>>> What's the error you are getting specifically?
>>>>
>>>>> Can you tell us in which revision of the signatures this is
>>>>> expected to be fixed? And confirm that this fix will also work
>>>>> for older versions of SA?
>>>>
>>>> I cannot because I don't know what problem you are having and
>>>> it works for me with no lint errors on 3.4.5. with ruleset
>>>> 1879817. I'd like to get it working and will look at the error
>>>> from your sa-update.
>>>>
>>>> A couple more points:
>>>>
>>>> 3.3.1 is ancient released over a decade ago. 3.4.4 is
>>>> significantly better not to mention more secure with numerous
>>>> bugs and security issues fixed including a few CVEs along the way.
>>>>
>>>> Also are you aware that the project's rule updates are ending
>>>> for that version? We've been working to convey that info and
>>>> it's on the website:*** On March 1, 2020, we will stop
>>>> publishing rulesets with SHA-1 checksums. If you do not
>>>> update to 3.4.2 or later, you will be stuck at the last ruleset
>>>> with SHA-1 signatures. ***. This change is based on a policy
>>>> requirement of the foundation and security issues with these
>>>> weak hashes.
>>>>
>>>> Regards,
>>>>
>>>> KAM
>>>>
>>>>
>>>>
--
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

Re: update fail [ In reply to ]

Jul 18, 2020, 1:48 PM

Post #33 of 34 (752 views)

Are you using 3.4.2 or older?
And these were tested but the warnings only affect older versions.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Sat, Jul 18, 2020 at 6:54 AM Reindl Harald <h.reindl@thelounge.net>
wrote:

> cool, until today i as not affected and recently my daily lint-check
> triggered a mail - why can't you guys do that *before* push especially
> in context of the stupidity of USER_IN_WELCOMELIST_TO
>
> Jul 18 12:30:03.470 [2184367] warn: rules: error: unknown eval
> 'check_to_in_whitelist' for USER_IN_WELCOMELIST_TO
>
> 15-Jul-2020 10:07:16: SpamAssassin: Update processed successfully
> 16-Jul-2020 10:04:42: SpamAssassin: Update processed successfully
> 17-Jul-2020 10:07:59: SpamAssassin: Update processed successfully
> 18-Jul-2020 10:19:33: SpamAssassin: Update processed successfully
>
>
> Am 17.07.20 um 19:03 schrieb Kevin A. McGrail:
> > Thanks. The fix is long since submitted with the rules but rule
> > publishing is not including it. I have asked two other PMC members to
> > take a look!
> >
> > On 7/17/2020 7:55 AM, Frédéric Nass wrote:
> >>
> >> Ok. 1879934.tar.gz has been published on sa-update.bitwell.fi as I can
> >> download it with wget.
> >>
> >> So I've changed
> >> /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY to
> >> only use this particular mirror, but sa-update still downloads
> >> 1879882.tar.gz instead of 1879934.tar.gz.
> >>
> >> Here is the debug log :
> >> https://bul.univ-lorraine.fr/index.php/s/CS8z9nnxFncmMYP/download
> >>
> >> Cordialement,
> >>
> >> Frédéric Nass
> >> Direction du Numérique
> >> Sous-direction Infrastructures et Services
> >>
> >> Tél : 03.72.74.11.35
> >> Le 17/07/2020 à 13:29, Frédéric Nass a écrit :
> >>>
> >>> Sorry I meant "I'll let you know when I get 1879934".
> >>>
> >>> juil. 17 13:15:21.107 [21396] dbg: generic: lint check of site pre
> >>> files succeeded, continuing with channel updates
> >>> juil. 17 13:15:21.107 [21396] dbg: channel: MIRRORED.BY file is too
> >>> old, forcing refresh
> >>> juil. 17 13:15:21.107 [21396] dbg: channel: no MIRRORED.BY file
> available
> >>> juil. 17 13:15:21.111 [21396] dbg: http: GET request,
> >>> http://spamassassin.apache.org/updates/MIRRORED.BY
> >>> juil. 17 13:15:21.209 [21396] dbg: channel: MIRRORED.BY file retrieved
> >>> juil. 17 13:15:21.209 [21396] dbg: channel: reading MIRRORED.BY file
> >>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
> >>> http://sa-update.dnswl.org/ weight=3
> >>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
> >>> http://www.sa-update.pccc.com/ weight=5
> >>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror
> >>> http://sa-update.secnap.net/ weight=5
> >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> >>> http://sa-update.space-pro.be/ weight=1
> >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> >>> http://sa-update.ena.com/ weight=5
> >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> >>> http://sa-update.razx.cloud/ weight=5
> >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> >>> http://sa-update.fossies.org/ weight=1
> >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> >>> http://sa-update.verein-clean.net/ weight=10
> >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> >>> http://sa-update.bitwell.fi/ weight=5
> >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror
> >>> http://sa-update.spamassassin.org/ weight=10
> >>> juil. 17 13:15:21.210 [21396] dbg: channel: selected mirror
> >>> http://sa-update.verein-clean.net
> >>> juil. 17 13:15:21.210 [21396] dbg: http: GET request,
> >>> http://sa-update.verein-clean.net/1879882.tar.gz
> >>> juil. 17 13:15:21.445 [21396] dbg: http: GET request,
> >>> http://sa-update.verein-clean.net/1879882.tar.gz.sha1
> >>> juil. 17 13:15:21.497 [21396] dbg: http: GET request,
> >>> http://sa-update.verein-clean.net/1879882.tar.gz.asc
> >>> juil. 17 13:15:21.551 [21396] dbg: sha1: verification wanted:
> >>> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
> >>> juil. 17 13:15:21.551 [21396] dbg: sha1: verification result:
> >>> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be
> >>>
> >>> I tried --channel and --channelfile but whatever the server name I
> >>> specify, sa-update adds a "mirrors." in front of its name and fails:
> >>>
> >>> juil. 17 13:26:55.767 [23345] dbg: dns: query failed:
> >>> 1.3.3.sa-update.spamassassin.org => NXDOMAIN
> >>> juil. 17 13:26:55.768 [23345] dbg: dns: query failed:
> >>> mirrors.sa-update.spamassassin.org => NXDOMAIN
> >>> channel: no 'mirrors.sa-update.spamassassin.org' record found,
> >>> channel failed
> >>> juil. 17 13:26:55.768 [23345] dbg: diag: updates complete, exiting
> >>> with code 4
> >>>
> >>> Thats weird.
> >>>
> >>> Cordialement,
> >>>
> >>> Frédéric Nass
> >>> Direction du Numérique
> >>> Sous-direction Infrastructures et Services
> >>>
> >>> Tél : 03.72.74.11.35
> >>> Le 17/07/2020 à 12:01, Frédéric Nass a écrit :
> >>>>
> >>>> Hi Kevin,
> >>>>
> >>>> Thanks for taking care. I believe I'm still getting 1879434 (or
> >>>> maybe 1879882?) as per the debug log below:
> >>>>
> >>>> juil. 17 11:55:27.015 [9424] dbg: gpg: release trusted key id list:
> >>>> 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
> >>>> 26C900A46DD40CD5AD24F6D7DEE01987265FA05B
> >>>> 0C2B1D7175B852C64B3CDC716C55397824F434CE
> >>>> juil. 17 11:55:27.017 [9424] dbg: channel: attempting channel
> >>>> updates.spamassassin.org
> >>>> juil. 17 11:55:27.017 [9424] dbg: channel: update directory
> >>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org
> >>>> juil. 17 11:55:27.017 [9424] dbg: channel: channel cf file
> >>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.cf
> >>>> juil. 17 11:55:27.017 [9424] dbg: channel: channel pre file
> >>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.pre
> >>>> juil. 17 11:55:27.017 [9424] dbg: channel: metadata version = 1879434
> >>>> juil. 17 11:55:27.207 [9424] dbg: dns:
> >>>> 1.3.3.updates.spamassassin.org => 1879882, parsed as 1879882
> >>>> juil. 17 11:55:27.207 [9424] dbg: channel: preparing temp directory
> >>>> for new channel
> >>>> juil. 17 11:55:27.207 [9424] dbg: generic: update tmp directory
> >>>> /tmp/.spamassassin9424vbPoDttmp
> >>>> juil. 17 11:55:27.207 [9424] dbg: generic: lint checking site pre
> >>>> files once before attempting channel updates
> >>>> juil. 17 11:55:27.207 [9424] dbg: generic: SpamAssassin version 3.3.1
> >>>> juil. 17 11:55:27.207 [9424] dbg: generic: Perl 5.010001,
> >>>> PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin,
> >>>> LOCAL_RULES_DIR=/etc/mail/spamassassin,
> >>>> LOCAL_STATE_DIR=/var/lib/spamassassin
> >>>> juil. 17 11:55:27.207 [9424] dbg: config: timing enabled
> >>>> juil. 17 11:55:27.208 [9424] dbg: config: score set 0 chosen.
> >>>> juil. 17 11:55:27.209 [9424] dbg: dns: is Net::DNS::Resolver
> >>>> available? yes
> >>>> juil. 17 11:55:27.210 [9424] dbg: dns: Net::DNS version: 0.65
> >>>>
> >>>> I will let you know when I get update 1879882 or 1879885.
> >>>>
> >>>> Regards,
> >>>>
> >>>> Frédéric.
> >>>>
> >>>> Cordialement,
> >>>>
> >>>> Frédéric Nass
> >>>> Direction du Numérique
> >>>> Sous-direction Infrastructures et Services
> >>>>
> >>>> Tél : 03.72.74.11.35
> >>>> Le 16/07/2020 à 21:15, Kevin A. McGrail a écrit :
> >>>>> Frederic, I believe ruleset 1879934 has been published and should
> >>>>> fix the issue. Can you confirm, please?
> >>>>> --
> >>>>> Kevin A. McGrail
> >>>>> Member, Apache Software Foundation
> >>>>> Chair Emeritus Apache SpamAssassin Project
> >>>>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
> >>>>>
> >>>>>
> >>>>> On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail
> >>>>> <kmcgrail@apache.org <mailto:kmcgrail@apache.org>> wrote:
> >>>>>
> >>>>> On 7/15/2020 6:29 AM, Frédéric Nass wrote:
> >>>>>> As of today July 15th, sa-update (3.3.1) is trying to install
> >>>>>> 1879817.tar.gz and it's still failing to do so.
> >>>>>
> >>>>> Hi Frederic,
> >>>>>
> >>>>> What's the error you are getting specifically?
> >>>>>
> >>>>>> Can you tell us in which revision of the signatures this is
> >>>>>> expected to be fixed? And confirm that this fix will also work
> >>>>>> for older versions of SA?
> >>>>>
> >>>>> I cannot because I don't know what problem you are having and
> >>>>> it works for me with no lint errors on 3.4.5. with ruleset
> >>>>> 1879817. I'd like to get it working and will look at the error
> >>>>> from your sa-update.
> >>>>>
> >>>>> A couple more points:
> >>>>>
> >>>>> 3.3.1 is ancient released over a decade ago. 3.4.4 is
> >>>>> significantly better not to mention more secure with numerous
> >>>>> bugs and security issues fixed including a few CVEs along the
> way.
> >>>>>
> >>>>> Also are you aware that the project's rule updates are ending
> >>>>> for that version? We've been working to convey that info and
> >>>>> it's on the website:*** On March 1, 2020, we will stop
> >>>>> publishing rulesets with SHA-1 checksums. If you do not
> >>>>> update to 3.4.2 or later, you will be stuck at the last ruleset
> >>>>> with SHA-1 signatures. ***. This change is based on a policy
> >>>>> requirement of the foundation and security issues with these
> >>>>> weak hashes.
>

Re: update fail [ In reply to ]

Jul 19, 2020, 12:32 AM

Post #34 of 34 (752 views)