Version 2.7.1 of amavisd-new has been released. It is available at: http://www.ijs.si/software/amavisd/amavisd-new-2.7.1.tar.gz (926kB) or: http://www.ijs.si/software/amavisd/amavisd-new-2.7.1.tar.xz (669kB)
Release notes are at: http://www.ijs.si/software/amavisd/release-notes.txt The 2.7.1 is a bug fixes -only release over 2.7.0. Problems which were discovered during a 2.8.0 development cycle were backported to 2.7. amavisd-new-2.7.1 release notes BUG FIXES - prevent rmdir() from failing with 'Invalid argument' on Solaris 10 when deleting a temporary directory: current working directory must not be within a directory which is about to be deleted; reported and diagnosed by Maciej Uhlig; - forwarding or quarantining through a 'pipe:' method failed with "Insecure dependency in exec while running with -T switch" when a sendmail command-line option -N was needed; reported by Andreas Schulze; - when multiple sockets are specified (e.g. in $forward_method) as a redundancy/failover mechanism, and SMTP session caching is enabled, a failed forwarding session does not clear a cached session, so all further attempts are stuck with the failed server, instead of picking a different server from the list; discovered by Michael Storz; - on establishing a SMTP session when multiple sockets are specified (e.g. in $forward_method) as a redundancy/failover mechanism, the random choice never picked the last socket in a list; discovered by Michael Storz; - fix defanging by mimedefang, it was failing with perl 5.10 or later due to an unhandled "Insecure dependency in sprintf" while logging the result if the $log_level was 2 or higher, or when debugging was enabled; thanks to Steve Scotter for a problem report; - fix defanging by Anomy::Sanitizer, it was failing with an error message: "mangling by anomy failed: replacement size 0, mail will pass unmodified"; - fix the 'xz' entry in a default @decoders list (in files amavisd.conf, amavisd.conf-default and amavisd); the first two variants ('xzdec' and 'xz') were glued together, so the xz decoder was only available if found under names 'unxz' or 'xzcat'; - provide a workaround for a bug [rt.cpan.org #64642] in a perl module Encode, which gratuitously untaints a string when encoding or decoding it: https://rt.cpan.org/Public/Bug/Display.html?id=64642 (still unfixed in Encode 2.44, perl 5.14.2); A module Scalar::Util is now required, which should not be a compatibility problem, as this module is a Perl core module since perl 5.8.0. - avoid the use of Encode::is_utf8 due to a bug in a perl module Encode as bundled with versions of Perl 5.8.0 to 5.8.8 (fixed in March 2007): Perl bug tracking: #32687: Encode::is_utf8 on tainted UTF8 string returns false https://rt.perl.org/rt3/Public/Bug/Display.html?id=32687 also referenced by #37170: https://rt.perl.org/rt3/Public/Bug/Display.html?id=37170 This is a re-manifestation of the same problem we had back in 2004, with a workaround provided by amavisd-new-2.2.1. Forgot that people are still using Perl 5.8 :) Reported by Peter Dieth; - fix a warning: _WARN: Invalid conversion in sprintf: "%a" - write informational messages during a stop/start/restart to stdout, instead of to stderr, avoiding unnecessary cron job messages; thanks to Cristian Seres, Sandro Janke and John Griffiths; also: https://bugzilla.redhat.com/show_bug.cgi?id=561389 - fix a syntactically incorrect 'Avira SAVAPI' av entry (missing closing bracket) in a sample configuration file amavisd.conf; - minor: get_body_digest incorrectly logged 8-bit body as 8-bit header; - no longer insist on a minimal version 2.22 of a module Digest::MD5, the 'clone' method is no longer needed since amavisd-new-2.7.0; - do not call $parser->max_parts($MAXFILES) with some old versions of MIME::Parser which did not yet provide this method; - pre-load a module File::Glob even with perl 5.8.0, otherwise autowhitelisting in SpamAssasssin may fail with "Insecure dependency"; - documentation: (files README.sql-mysql and README.sql-pg): fixed a field name "policy.unchecked_lover", previously incorrectly specified as "policy.unchecked_lovers_maps"; reported by TimH; - documentation: fixed the two SELECT examples in files README.sql-pg and README.sql-mysql, the field 'select' needs to be qualified with a table name: 'msgrcpt.content' to avoid ambiguity; reported by Gary V; - documentation bug in amavisd.conf-default: 'ESMTP' is not a valid setting for $protocol, just use 'SMTP' instead; reported by Pascal Volk; COMPATIBILITY - commented out the LHA entry in the default @decoders list and in do_executable(). The program seems to be unmaintained, was seen crashing and as such it may pose a security risk; pointed out by Thomas Jarosch; - due to popular demand, bring the 'spam-tag:' log line back to log level 2 (version 2.7.0 dropped it to log level 3) to retain compatibility with some log analyzers. Caveat: 'spam-tag' string is now entirely in lowercase. Suggested by Stefan Jakobs; OTHER - if a message is quarantined to more than one location using different quarantine methods, the SQL field msgs.quar_type indicates only the type of the last one. When archival quarantining is enabled this choice is unfortunate, as the primary quarantine type is more interesting than the permanent archival quarantine type. This is now reversed, the msgs.quar_type field now reflects the first quarantine type. Suggested by Patrick Ben Koetter. - SMTP session caching now no longer re-uses old sessions which are in use for more than a minute since their establishment; suggested by Michael Storz; - having the archive quarantine enabled should not be a sufficient reason to store information to SQL when $sql_store_info_for_all_msgs is off; Suggested by Patrick Ben Koetter. - ClamAV-clamd and ClamAV-clamd-stream av scanners: changed socket name in a sample configuration file amavisd.conf to /var/run/clamav/clamd.sock (previously the socket name was /var/run/clamav/clamd); this makes it compatible with a default socket name under several Linux distributions and under FreeBSD; suggested by Oliver Schinagl; - documentation updates; Mark
