I know I can work around this with --install, but since you've been helping hard on this, I prefer to have you knowing whether the new rules will be automatically updated on older SA versions or not.
Best regards, Cordialement, Frédéric Nass Direction du Numérique Sous-direction Infrastructures et Services Tél : 03.72.74.11.35 Le 17/07/2020 à 13:55, Frédéric Nass a écrit :
Ok. 1879934.tar.gz has been published on sa-update.bitwell.fi as I can download it with wget.So I've changed /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY to only use this particular mirror, but sa-update still downloads 1879882.tar.gz instead of 1879934.tar.gz.Here is the debug log : https://bul.univ-lorraine.fr/index.php/s/CS8z9nnxFncmMYP/downloadCordialement, Frédéric Nass Direction du Numérique Sous-direction Infrastructures et Services Tél : 03.72.74.11.35 Le 17/07/2020 à 13:29, Frédéric Nass a écrit :Sorry I meant "I'll let you know when I get 1879934".juil. 17 13:15:21.107 [21396] dbg: generic: lint check of site pre files succeeded, continuing with channel updates juil. 17 13:15:21.107 [21396] dbg: channel: MIRRORED.BY file is too old, forcing refreshjuil. 17 13:15:21.107 [21396] dbg: channel: no MIRRORED.BY file availablejuil. 17 13:15:21.111 [21396] dbg: http: GET request, http://spamassassin.apache.org/updates/MIRRORED.BYjuil. 17 13:15:21.209 [21396] dbg: channel: MIRRORED.BY file retrieved juil. 17 13:15:21.209 [21396] dbg: channel: reading MIRRORED.BY filejuil. 17 13:15:21.209 [21396] dbg: channel: found mirror http://sa-update.dnswl.org/ weight=3 juil. 17 13:15:21.209 [21396] dbg: channel: found mirror http://www.sa-update.pccc.com/ weight=5 juil. 17 13:15:21.209 [21396] dbg: channel: found mirror http://sa-update.secnap.net/ weight=5 juil. 17 13:15:21.210 [21396] dbg: channel: found mirror http://sa-update.space-pro.be/ weight=1 juil. 17 13:15:21.210 [21396] dbg: channel: found mirror http://sa-update.ena.com/ weight=5 juil. 17 13:15:21.210 [21396] dbg: channel: found mirror http://sa-update.razx.cloud/ weight=5 juil. 17 13:15:21.210 [21396] dbg: channel: found mirror http://sa-update.fossies.org/ weight=1 juil. 17 13:15:21.210 [21396] dbg: channel: found mirror http://sa-update.verein-clean.net/ weight=10 juil. 17 13:15:21.210 [21396] dbg: channel: found mirror http://sa-update.bitwell.fi/ weight=5 juil. 17 13:15:21.210 [21396] dbg: channel: found mirror http://sa-update.spamassassin.org/ weight=10 juil. 17 13:15:21.210 [21396] dbg: channel: selected mirror http://sa-update.verein-clean.net juil. 17 13:15:21.210 [21396] dbg: http: GET request, http://sa-update.verein-clean.net/1879882.tar.gz juil. 17 13:15:21.445 [21396] dbg: http: GET request, http://sa-update.verein-clean.net/1879882.tar.gz.sha1 juil. 17 13:15:21.497 [21396] dbg: http: GET request, http://sa-update.verein-clean.net/1879882.tar.gz.asc juil. 17 13:15:21.551 [21396] dbg: sha1: verification wanted: 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be juil. 17 13:15:21.551 [21396] dbg: sha1: verification result: 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405beI tried --channel and --channelfile but whatever the server name I specify, sa-update adds a "mirrors." in front of its name and fails:juil. 17 13:26:55.767 [23345] dbg: dns: query failed: 1.3.3.sa-update.spamassassin.org => NXDOMAIN juil. 17 13:26:55.768 [23345] dbg: dns: query failed: mirrors.sa-update.spamassassin.org => NXDOMAIN channel: no 'mirrors.sa-update.spamassassin.org' record found, channel failed juil. 17 13:26:55.768 [23345] dbg: diag: updates complete, exiting with code 4Thats weird. Cordialement, Frédéric Nass Direction du Numérique Sous-direction Infrastructures et Services Tél : 03.72.74.11.35 Le 17/07/2020 à 12:01, Frédéric Nass a écrit :Hi Kevin,Thanks for taking care. I believe I'm still getting 1879434 (or maybe 1879882?) as per the debug log below:juil. 17 11:55:27.015 [9424] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 26C900A46DD40CD5AD24F6D7DEE01987265FA05B 0C2B1D7175B852C64B3CDC716C55397824F434CE juil. 17 11:55:27.017 [9424] dbg: channel: attempting channel updates.spamassassin.org juil. 17 11:55:27.017 [9424] dbg: channel: update directory /var/lib/spamassassin/3.003001/updates_spamassassin_org juil. 17 11:55:27.017 [9424] dbg: channel: channel cf file /var/lib/spamassassin/3.003001/updates_spamassassin_org.cf juil. 17 11:55:27.017 [9424] dbg: channel: channel pre file /var/lib/spamassassin/3.003001/updates_spamassassin_org.prejuil. 17 11:55:27.017 [9424] dbg: channel: metadata version = 1879434juil. 17 11:55:27.207 [9424] dbg: dns: 1.3.3.updates.spamassassin.org => 1879882, parsed as 1879882 juil. 17 11:55:27.207 [9424] dbg: channel: preparing temp directory for new channel juil. 17 11:55:27.207 [9424] dbg: generic: update tmp directory /tmp/.spamassassin9424vbPoDttmp juil. 17 11:55:27.207 [9424] dbg: generic: lint checking site pre files once before attempting channel updatesjuil. 17 11:55:27.207 [9424] dbg: generic: SpamAssassin version 3.3.1juil. 17 11:55:27.207 [9424] dbg: generic: Perl 5.010001, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassinjuil. 17 11:55:27.207 [9424] dbg: config: timing enabled juil. 17 11:55:27.208 [9424] dbg: config: score set 0 chosen.juil. 17 11:55:27.209 [9424] dbg: dns: is Net::DNS::Resolver available? yesjuil. 17 11:55:27.210 [9424] dbg: dns: Net::DNS version: 0.65 I will let you know when I get update 1879882 or 1879885. Regards, Frédéric. Cordialement, Frédéric Nass Direction du Numérique Sous-direction Infrastructures et Services Tél : 03.72.74.11.35 Le 16/07/2020 à 21:15, Kevin A. McGrail a écrit :Frederic, I believe ruleset 1879934 has been published and should fix the issue. Can you confirm, please?-- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail <kmcgr...@apache.org <mailto:kmcgr...@apache.org>> wrote:On 7/15/2020 6:29 AM, Frédéric Nass wrote:As of today July 15th, sa-update (3.3.1) is trying to install 1879817.tar.gz and it's still failing to do so.Hi Frederic, What's the error you are getting specifically?Can you tell us in which revision of the signatures this is expected to be fixed? And confirm that this fix will also work for older versions of SA?I cannot because I don't know what problem you are having and it works for me with no lint errors on 3.4.5. with ruleset 1879817. I'd like to get it working and will look at the error from your sa-update. A couple more points: 3.3.1 is ancient released over a decade ago. 3.4.4 is significantly better not to mention more secure with numerous bugs and security issues fixed including a few CVEs along the way. Also are you aware that the project's rule updates are ending for that version? We've been working to convey that info and it's on the website:*** On March 1, 2020, we will stop publishing rulesets with SHA-1 checksums. If you do not update to 3.4.2 or later, you will be stuck at the last ruleset with SHA-1 signatures. ***. This change is based on a policy requirement of the foundation and security issues with these weak hashes. Regards, KAM
smime.p7s
Description: Signature cryptographique S/MIME
