Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package amavisd-new for openSUSE:Factory
checked in at 2022-04-08 22:45:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/amavisd-new (Old)
and /work/SRC/openSUSE:Factory/.amavisd-new.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "amavisd-new"
Fri Apr 8 22:45:46 2022 rev:76 rq:967699 version:2.12.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/amavisd-new/amavisd-new.changes 2022-01-04
19:38:58.270046354 +0100
+++ /work/SRC/openSUSE:Factory/.amavisd-new.new.1900/amavisd-new.changes
2022-04-08 22:45:55.287004154 +0200
@@ -1,0 +2,13 @@
+Wed Mar 30 07:45:18 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 2.12.2:
+ * Allow $timestamp_fmt_mysql to be used with the DBD::MariaDB driver.
+ * Resolve utf8mb4 problems when using DBD-MariaDB.
+ * Set correct originating flag when using milter/AM.PDP without policy banks.
+ * Resolve crash on reload with insufficient permissions.
+ Amavis now tests whether it is able read and evaluate its
+ configuration files with dropped privileges.
+ In case it cannot, amavis fails to start and refuses to reload.
+ * Resolve SSL client connection hangups with broken pipe
+
+-------------------------------------------------------------------
Old:
----
amavis-v2.12.1.tar.bz2
New:
----
amavis-v2.12.2.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ amavisd-new.spec ++++++
--- /var/tmp/diff_new_pack.i63n2Q/_old 2022-04-08 22:45:56.482990880 +0200
+++ /var/tmp/diff_new_pack.i63n2Q/_new 2022-04-08 22:45:56.490990791 +0200
@@ -1,7 +1,7 @@
#
# spec file for package amavisd-new
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
%define logmsg logger -t %{name}/rpm
Name: amavisd-new
-Version: 2.12.1
+Version: 2.12.2
Release: 0
Summary: High-Performance E-Mail Virus Scanner
License: GPL-2.0-or-later
++++++ amavis-v2.12.1.tar.bz2 -> amavis-v2.12.2.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amavis-v2.12.1/RELEASE_NOTES
new/amavis-v2.12.2/RELEASE_NOTES
--- old/amavis-v2.12.1/RELEASE_NOTES 2020-11-13 13:55:37.000000000 +0100
+++ new/amavis-v2.12.2/RELEASE_NOTES 2021-10-13 10:10:54.000000000 +0200
@@ -1,4 +1,40 @@
---------------------------------------------------------------------------
+ October 13, 2021
+amavis-2.12.2 release notes
+
+BUG FIXES
+
+- Allow $timestamp_fmt_mysql to be used with the DBD::MariaDB driver.
+ Reported by Marcel Evenson.
+ Issue: https://gitlab.com/amavis/amavis/issues/79
+ MR: https://gitlab.com/amavis/amavis/merge_requests/78
+
+- Resolve utf8mb4 problems when using DBD-MariaDB.
+ Reported by Marcel Evenson.
+ Issue: https://gitlab.com/amavis/amavis/issues/67
+ MR: https://gitlab.com/amavis/amavis/merge_requests/80
+
+- Set correct originating flag when using milter/AM.PDP without policy banks.
+ Reported by Henrik K.
+ Issue: https://gitlab.com/amavis/amavis/issues/61
+ MR: https://gitlab.com/amavis/amavis/merge_requests/81
+
+- Resolve crash on reload with insufficient permissions.
+ Amavis now tests whether it is able read and evaluate its
+ configuration files with dropped privileges.
+ In case it cannot, amavis fails to start and refuses to reload.
+ Reported by Michael Orlitzky.
+ Suggestions by Ralph Seichter and Michael Orlitzky.
+ Issue: https://gitlab.com/amavis/amavis/issues/10
+ MR: https://gitlab.com/amavis/amavis/merge_requests/74
+ MR: https://gitlab.com/amavis/amavis/merge_requests/75
+
+- Resolve SSL client connection hangups with broken pipe
+ Reported by @kolbma.
+ Issue: https://gitlab.com/amavis/amavis/issues/73
+ MR: https://gitlab.com/amavis/amavis/merge_requests/71
+
+---------------------------------------------------------------------------
November 13, 2020
amavis-2.12.1 release notes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amavis-v2.12.1/amavisd new/amavis-v2.12.2/amavisd
--- old/amavis-v2.12.1/amavisd 2020-11-13 13:55:37.000000000 +0100
+++ new/amavis-v2.12.2/amavisd 2021-10-13 10:10:54.000000000 +0200
@@ -684,7 +684,7 @@
$myprogram_name = $0; # typically 'amavisd'
local $1; $myprogram_name =~ s{([^/]*)\z}{$1}s;
$myproduct_name = 'amavisd-new';
- $myversion_id = '2.12.1'; $myversion_date = '20201113';
+ $myversion_id = '2.12.2'; $myversion_date = '20211013';
$myversion = "$myproduct_name-$myversion_id ($myversion_date)";
$myversion_id_numeric = # x.yyyzzz, allows numerical compare, like Perl $]
@@ -8235,7 +8235,7 @@
use Time::HiRes ();
use IO::Socket;
use IO::Socket::UNIX;
-#use IO::Socket::SSL;
+use IO::Socket::SSL;
# Connect to one of the specified sockets. The $socket_specs may be a
# simple string ([inet-host]:port, [inet6-host]:port, or a unix socket name),
@@ -8509,7 +8509,8 @@
} elsif ($! == EAGAIN || $! == EINTR) {
$self->{last_event} = 'read-intr'.(0+$!);
$idle_cnt = 0;
- do_log(2, 'rw_loop read interrupted: %s',
+ do_log($SSL_ERROR == SSL_WANT_READ ? 4 : 2,
+ 'rw_loop read interrupted: %s',
!$self->{ssl_active} ? $! : $sock->errstr.", $!");
Time::HiRes::sleep(0.1); # slow down, just in case
# retry
@@ -8693,6 +8694,14 @@
$self->{last_event} = 'ssl-upgrade';
$self->{last_event_time} = $self->{last_event_tx_time} = Time::HiRes::time;
$self->{ssl_active} = 1;
+ # An IO::Socket::SSL socket can block a sysread
+ # even if selected for read. See issue 74 and
+ # perldoc IO::Socket::SSL `Using Non-Blocking Sockets`
+ if (defined $sock->blocking(0)) {
+ do_log(4, "Setting TLS socket to non-blocking");
+ } else {
+ die "Error setting TLS socket to non-blocking: $!";
+ }
ll(3) && do_log(3,"TLS cipher: %s", $sock->get_cipher);
ll(5) && do_log(5,"TLS certif: %s", $sock->dump_peer_certificate);
1;
@@ -18864,7 +18873,7 @@
[-R chroot_dir | -R ''] [-S helpers_home_dir] [-T tempbase_dir]
( [start] | stop | reload | restart | debug | debug-sa | foreground |
showkeys {domains} | testkeys {domains} | genrsa file_name [nbits]
- convert_keysfile file_name )
+ convert_keysfile file_name | test-config )
where area is a SpamAssassin debug area, e.g. all,util,rules,plugin,dkim,dcc
or:
$myprogram_name (-h | -V) ... show help or version, then exit
@@ -18895,6 +18904,34 @@
$< != 0 or die "Effective UID changed, but Real UID is 0, aborting\n";
}
+sub read_configs_and_exit {
+ my $user = $ENV{AMAVIS_TEST_CONFIG_USER};
+ my $group = $ENV{AMAVIS_TEST_CONFIG_GROUP};
+
+ if ($user && $user ne '') {
+ drop_priv($user, $group);
+ }
+ Amavis::Conf::include_config_files(@config_files);
+ exit 0;
+}
+
+sub configs_readable($) {
+ my $amavisd = shift;
+ local $ENV{AMAVIS_TEST_CONFIG} = 1;
+ local $ENV{AMAVIS_TEST_CONFIG_USER} = $daemon_user;
+ local $ENV{AMAVIS_TEST_CONFIG_GROUP} = $daemon_group;
+ return 0 == system map untaint($_), $amavisd, @ARGV;
+}
+
+sub sig_hup {
+ my $self = $_[0];
+ if (configs_readable($self->commandline->[0])) {
+ $self->SUPER::sig_hup(@_);
+ } else {
+ do_log(-1, 'Rejecting reload, some config files unreadable or
erroneous');
+ }
+}
+
#
# Main program starts here
#
@@ -19039,7 +19076,7 @@
}
my $cmd = lc(shift @argv);
if ($cmd !~ /^(?:start|debug|debug-sa|foreground|reload|restart|stop|
- showkeys?|testkeys?|genrsa|convert_keysfile)?\z/xs) {
+
showkeys?|testkeys?|genrsa|convert_keysfile|test-config)?\z/xs) {
die "$myversion:\n Unknown command line parameter: $cmd\n\n" . usage();
} elsif (@argv > 0 &&
$cmd !~ /^(:?showkeys?|testkeys?|genrsa|convert_keysfile)/xs) {
@@ -19115,8 +19152,12 @@
}
# Read and evaluate config files, which may override default settings
+read_configs_and_exit if $ENV{AMAVIS_TEST_CONFIG};
Amavis::Conf::include_config_files(@config_files);
Amavis::Conf::supply_after_defaults();
+exit 1 unless $warm_restart || $cmd eq 'stop' || configs_readable($0);
+exit 0 if $cmd eq 'test-config';
+
update_current_log_level();
add_entropy($Amavis::Conf::myhostname, $Amavis::Conf::myversion_date);
@@ -21870,6 +21911,7 @@
Amavis::load_policy_bank($_,$msginfo) for @bank_names_cl;
# additional banks from the request
Amavis::load_policy_bank(untaint($_),$msginfo) for @$bank_names_ref;
+ $msginfo->originating(c('originating'));
my $sender = $msginfo->sender;
if (defined $policy_bank{'MYUSERS'} &&
$sender ne '' && $msginfo->originating &&
@@ -27437,7 +27479,7 @@
eval {
# MySQL does not like a standard iso8601 delimiter 'T' or a timezone
# when data type of msgs.time_iso is TIMESTAMP (instead of a string)
- my $time_iso = $timestamp_fmt_mysql && $conn_h->driver_name eq 'mysql'
+ my $time_iso = $timestamp_fmt_mysql && ($conn_h->driver_name eq 'mysql'
|| $conn_h->driver_name eq 'MariaDB')
? iso8601_utc_timestamp($msginfo->rx_time,1,'')
: iso8601_utc_timestamp($msginfo->rx_time);
# insert a placeholder msgs record with sender information
@@ -27544,16 +27586,14 @@
$_ = !defined($_) ? '' :untaint($_) for ($subj,$from,$m_id,$q_to,$os_fp);
for ($subj,$from) { # character set decoding, sanitation
chomp; s/\n(?=[ \t])//gs; s/^[ \t]+//s; s/[ \t]+\z//s; # unfold, trim
- eval { # convert to UTF-8 octets, truncate to 255 bytes
- my $chars = safe_decode_mime($_); # to logical characters
- my $octets = safe_encode_utf8($chars); # to bytes, UTF-8 encoded
- $octets = truncate_utf_8($octets,255);
- # man DBI: Drivers should accept [unicode and non-unicode] strings
- # and, if required, convert them to the character set of the
- # database being used. Similarly, when fetching from the database
- # character data that isn't iso-8859-1 the driver should convert
- # it into UTF-8.
- $_ = $octets; 1; # pass bytes to SQL, UTF-8, works better
+ eval { # decode mime and truncate to 255 bytes
+ my $chars = safe_decode_mime($_); # to logical characters
+ substr($chars, 255) = '' if length($chars) > 255;
+ # DBD::mysql will throw an error with native encoding, while
+ # DBD::MariaDB and DBD::Pg can cope with native as well as utf8.
+ # Upgrade to be on the safe side. Suggestion via issue#67.
+ utf8::upgrade($chars);
+ $_ = $chars; 1;
} or do {
my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat;
do_log(1,"save_info_final INFO: header field ".
