Are you using 3.4.2 or older? And these were tested but the warnings only affect older versions. -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Sat, Jul 18, 2020 at 6:54 AM Reindl Harald <h.rei...@thelounge.net> wrote: > cool, until today i as not affected and recently my daily lint-check > triggered a mail - why can't you guys do that *before* push especially > in context of the stupidity of USER_IN_WELCOMELIST_TO > > Jul 18 12:30:03.470 [2184367] warn: rules: error: unknown eval > 'check_to_in_whitelist' for USER_IN_WELCOMELIST_TO > > 15-Jul-2020 10:07:16: SpamAssassin: Update processed successfully > 16-Jul-2020 10:04:42: SpamAssassin: Update processed successfully > 17-Jul-2020 10:07:59: SpamAssassin: Update processed successfully > 18-Jul-2020 10:19:33: SpamAssassin: Update processed successfully > > > Am 17.07.20 um 19:03 schrieb Kevin A. McGrail: > > Thanks. The fix is long since submitted with the rules but rule > > publishing is not including it. I have asked two other PMC members to > > take a look! > > > > On 7/17/2020 7:55 AM, Frédéric Nass wrote: > >> > >> Ok. 1879934.tar.gz has been published on sa-update.bitwell.fi as I can > >> download it with wget. > >> > >> So I've changed > >> /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY to > >> only use this particular mirror, but sa-update still downloads > >> 1879882.tar.gz instead of 1879934.tar.gz. > >> > >> Here is the debug log : > >> https://bul.univ-lorraine.fr/index.php/s/CS8z9nnxFncmMYP/download > >> > >> Cordialement, > >> > >> Frédéric Nass > >> Direction du Numérique > >> Sous-direction Infrastructures et Services > >> > >> Tél : 03.72.74.11.35 > >> Le 17/07/2020 à 13:29, Frédéric Nass a écrit : > >>> > >>> Sorry I meant "I'll let you know when I get 1879934". > >>> > >>> juil. 17 13:15:21.107 [21396] dbg: generic: lint check of site pre > >>> files succeeded, continuing with channel updates > >>> juil. 17 13:15:21.107 [21396] dbg: channel: MIRRORED.BY file is too > >>> old, forcing refresh > >>> juil. 17 13:15:21.107 [21396] dbg: channel: no MIRRORED.BY file > available > >>> juil. 17 13:15:21.111 [21396] dbg: http: GET request, > >>> http://spamassassin.apache.org/updates/MIRRORED.BY > >>> juil. 17 13:15:21.209 [21396] dbg: channel: MIRRORED.BY file retrieved > >>> juil. 17 13:15:21.209 [21396] dbg: channel: reading MIRRORED.BY file > >>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror > >>> http://sa-update.dnswl.org/ weight=3 > >>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror > >>> http://www.sa-update.pccc.com/ weight=5 > >>> juil. 17 13:15:21.209 [21396] dbg: channel: found mirror > >>> http://sa-update.secnap.net/ weight=5 > >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror > >>> http://sa-update.space-pro.be/ weight=1 > >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror > >>> http://sa-update.ena.com/ weight=5 > >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror > >>> http://sa-update.razx.cloud/ weight=5 > >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror > >>> http://sa-update.fossies.org/ weight=1 > >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror > >>> http://sa-update.verein-clean.net/ weight=10 > >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror > >>> http://sa-update.bitwell.fi/ weight=5 > >>> juil. 17 13:15:21.210 [21396] dbg: channel: found mirror > >>> http://sa-update.spamassassin.org/ weight=10 > >>> juil. 17 13:15:21.210 [21396] dbg: channel: selected mirror > >>> http://sa-update.verein-clean.net > >>> juil. 17 13:15:21.210 [21396] dbg: http: GET request, > >>> http://sa-update.verein-clean.net/1879882.tar.gz > >>> juil. 17 13:15:21.445 [21396] dbg: http: GET request, > >>> http://sa-update.verein-clean.net/1879882.tar.gz.sha1 > >>> juil. 17 13:15:21.497 [21396] dbg: http: GET request, > >>> http://sa-update.verein-clean.net/1879882.tar.gz.asc > >>> juil. 17 13:15:21.551 [21396] dbg: sha1: verification wanted: > >>> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be > >>> juil. 17 13:15:21.551 [21396] dbg: sha1: verification result: > >>> 8f1bb8f6ea5b714bc3402e3fd162eab5fd4405be > >>> > >>> I tried --channel and --channelfile but whatever the server name I > >>> specify, sa-update adds a "mirrors." in front of its name and fails: > >>> > >>> juil. 17 13:26:55.767 [23345] dbg: dns: query failed: > >>> 1.3.3.sa-update.spamassassin.org => NXDOMAIN > >>> juil. 17 13:26:55.768 [23345] dbg: dns: query failed: > >>> mirrors.sa-update.spamassassin.org => NXDOMAIN > >>> channel: no 'mirrors.sa-update.spamassassin.org' record found, > >>> channel failed > >>> juil. 17 13:26:55.768 [23345] dbg: diag: updates complete, exiting > >>> with code 4 > >>> > >>> Thats weird. > >>> > >>> Cordialement, > >>> > >>> Frédéric Nass > >>> Direction du Numérique > >>> Sous-direction Infrastructures et Services > >>> > >>> Tél : 03.72.74.11.35 > >>> Le 17/07/2020 à 12:01, Frédéric Nass a écrit : > >>>> > >>>> Hi Kevin, > >>>> > >>>> Thanks for taking care. I believe I'm still getting 1879434 (or > >>>> maybe 1879882?) as per the debug log below: > >>>> > >>>> juil. 17 11:55:27.015 [9424] dbg: gpg: release trusted key id list: > >>>> 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 > >>>> 26C900A46DD40CD5AD24F6D7DEE01987265FA05B > >>>> 0C2B1D7175B852C64B3CDC716C55397824F434CE > >>>> juil. 17 11:55:27.017 [9424] dbg: channel: attempting channel > >>>> updates.spamassassin.org > >>>> juil. 17 11:55:27.017 [9424] dbg: channel: update directory > >>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org > >>>> juil. 17 11:55:27.017 [9424] dbg: channel: channel cf file > >>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.cf > >>>> juil. 17 11:55:27.017 [9424] dbg: channel: channel pre file > >>>> /var/lib/spamassassin/3.003001/updates_spamassassin_org.pre > >>>> juil. 17 11:55:27.017 [9424] dbg: channel: metadata version = 1879434 > >>>> juil. 17 11:55:27.207 [9424] dbg: dns: > >>>> 1.3.3.updates.spamassassin.org => 1879882, parsed as 1879882 > >>>> juil. 17 11:55:27.207 [9424] dbg: channel: preparing temp directory > >>>> for new channel > >>>> juil. 17 11:55:27.207 [9424] dbg: generic: update tmp directory > >>>> /tmp/.spamassassin9424vbPoDttmp > >>>> juil. 17 11:55:27.207 [9424] dbg: generic: lint checking site pre > >>>> files once before attempting channel updates > >>>> juil. 17 11:55:27.207 [9424] dbg: generic: SpamAssassin version 3.3.1 > >>>> juil. 17 11:55:27.207 [9424] dbg: generic: Perl 5.010001, > >>>> PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, > >>>> LOCAL_RULES_DIR=/etc/mail/spamassassin, > >>>> LOCAL_STATE_DIR=/var/lib/spamassassin > >>>> juil. 17 11:55:27.207 [9424] dbg: config: timing enabled > >>>> juil. 17 11:55:27.208 [9424] dbg: config: score set 0 chosen. > >>>> juil. 17 11:55:27.209 [9424] dbg: dns: is Net::DNS::Resolver > >>>> available? yes > >>>> juil. 17 11:55:27.210 [9424] dbg: dns: Net::DNS version: 0.65 > >>>> > >>>> I will let you know when I get update 1879882 or 1879885. > >>>> > >>>> Regards, > >>>> > >>>> Frédéric. > >>>> > >>>> Cordialement, > >>>> > >>>> Frédéric Nass > >>>> Direction du Numérique > >>>> Sous-direction Infrastructures et Services > >>>> > >>>> Tél : 03.72.74.11.35 > >>>> Le 16/07/2020 à 21:15, Kevin A. McGrail a écrit : > >>>>> Frederic, I believe ruleset 1879934 has been published and should > >>>>> fix the issue. Can you confirm, please? > >>>>> -- > >>>>> Kevin A. McGrail > >>>>> Member, Apache Software Foundation > >>>>> Chair Emeritus Apache SpamAssassin Project > >>>>> https://www.linkedin.com/in/kmcgrail - 703.798.0171 > >>>>> > >>>>> > >>>>> On Wed, Jul 15, 2020 at 7:01 AM Kevin A. McGrail > >>>>> <kmcgr...@apache.org <mailto:kmcgr...@apache.org>> wrote: > >>>>> > >>>>> On 7/15/2020 6:29 AM, Frédéric Nass wrote: > >>>>>> As of today July 15th, sa-update (3.3.1) is trying to install > >>>>>> 1879817.tar.gz and it's still failing to do so. > >>>>> > >>>>> Hi Frederic, > >>>>> > >>>>> What's the error you are getting specifically? > >>>>> > >>>>>> Can you tell us in which revision of the signatures this is > >>>>>> expected to be fixed? And confirm that this fix will also work > >>>>>> for older versions of SA? > >>>>> > >>>>> I cannot because I don't know what problem you are having and > >>>>> it works for me with no lint errors on 3.4.5. with ruleset > >>>>> 1879817. I'd like to get it working and will look at the error > >>>>> from your sa-update. > >>>>> > >>>>> A couple more points: > >>>>> > >>>>> 3.3.1 is ancient released over a decade ago. 3.4.4 is > >>>>> significantly better not to mention more secure with numerous > >>>>> bugs and security issues fixed including a few CVEs along the > way. > >>>>> > >>>>> Also are you aware that the project's rule updates are ending > >>>>> for that version? We've been working to convey that info and > >>>>> it's on the website:*** On March 1, 2020, we will stop > >>>>> publishing rulesets with SHA-1 checksums. If you do not > >>>>> update to 3.4.2 or later, you will be stuck at the last ruleset > >>>>> with SHA-1 signatures. ***. This change is based on a policy > >>>>> requirement of the foundation and security issues with these > >>>>> weak hashes. >
