amavisd-new-2.7.1-rc1 release candidate
Mark Martinec
Mark.Martinec+amavis at ijs.si
Tue Apr 10 20:30:08 CEST 2012
The amavisd-new-2.7.1-rc1 is a release candidate for a bug-fix -only
update over the current stable version 2.7.0. All known bug fixes
have been backported from a development version (2.8.0).
Available at:
http://www.ijs.si/software/amavisd/amavisd-new-2.7.1-rc1.tar.gz
Release notes:
http://www.ijs.si/software/amavisd/release-notes.txt
Review and testing is welcome, the final 2.7.1 release is
expected in a week or so.
amavisd-new-2.7.1 release notes
BUG FIXES
- prevent rmdir() from failing with 'Invalid argument' on Solaris 10 when
deleting a temporary directory: current working directory must not be
within a directory which is about to be deleted; reported and diagnosed
by Maciej Uhlig;
- forwarding or quarantining through a 'pipe:' method failed with
"Insecure dependency in exec while running with -T switch" when a
sendmail command-line option -N was needed; reported by Andreas Schulze;
- fix defanging by mimedefang, it was failing with perl 5.10 or later
due to an unhandled "Insecure dependency in sprintf" while logging the
result if the $log_level was 2 or higher, or when debugging was enabled;
thanks to Steve Scotter for a problem report;
- fix defanging by Anomy::Sanitizer, it was failing with an error message:
"mangling by anomy failed: replacement size 0, mail will pass unmodified";
- fix the 'xz' entry in a default @decoders list (in files amavisd.conf,
amavisd.conf-default and amavisd); the first two variants ('xzdec' and
'xz') were glued together, so the xz decoder was only available if found
under names 'unxz' or 'xzcat';
- provide a workaround for a bug [rt.cpan.org #64642] in a perl module
Encode, which gratuitously untaints a string when encoding or decoding it:
https://rt.cpan.org/Public/Bug/Display.html?id=64642
(still unfixed in Encode 2.44, perl 5.14.2);
A module Scalar::Util is now required, which should not be a compatibility
problem, as this module is a Perl core module since perl 5.8.0.
- avoid the use of Encode::is_utf8 due to a bug in a perl module Encode
as bundled with versions of Perl 5.8.0 to 5.8.8 (fixed in March 2007):
Perl bug tracking: #32687:
Encode::is_utf8 on tainted UTF8 string returns false
https://rt.perl.org/rt3/Public/Bug/Display.html?id=32687
also referenced by #37170:
https://rt.perl.org/rt3/Public/Bug/Display.html?id=37170
This is a re-manifestation of the same problem we had back in 2004,
with a workaround provided by amavisd-new-2.2.1. Forgot that people
are still using Perl 5.8 :) Reported by Peter Dieth;
- fix a warning: _WARN: Invalid conversion in sprintf: "%a"
- write informational messages during a stop/start/restart to stdout,
instead of to stderr, avoiding unnecessary cron job messages;
thanks to Cristian Seres, Sandro Janke and John Griffiths;
also: https://bugzilla.redhat.com/show_bug.cgi?id=561389
- fix a syntactically incorrect 'Avira SAVAPI' av entry (missing
closing bracket) in a sample configuration file amavisd.conf;
- minor: get_body_digest incorrectly logged 8-bit body as 8-bit header;
- no longer insist on a minimal version 2.22 of a module Digest::MD5,
the 'clone' method is no longer needed since amavisd-new-2.7.0;
- do not call $parser->max_parts($MAXFILES) with some old versions
of MIME::Parser which did not yet provide this method;
- pre-load a module File::Glob even with perl 5.8.0, otherwise
autowhitelisting in SpamAssasssin may fail with "Insecure dependency";
COMPATIBILITY
- commented out the LHA entry in the default @decoders list and in
do_executable(). The program seems to be unmaintained, was seen crashing
and as such it may pose a security risk; pointed out by Thomas Jarosch;
- due to popular demand, bring the 'spam-tag:' log line back to log level 2
(version 2.7.0 dropped it to log level 3) to retain compatibility with
some log analyzers. Caveat: 'spam-tag' string is now entirely in lowercase.
Suggested by Stefan Jakobs;
OTHER
- if a message is quarantined to more than one location using different
quarantine methods, the SQL field msgs.quar_type indicates only the
type of the last one. When archival quarantining is enabled this choice
is unfortunate, as the primary quarantine type is more interesting
than the permanent archival quarantine type. This is now reversed,
the msgs.quar_type field now reflects the first quarantine type.
Suggested by Patrick Ben Koetter.
- ClamAV-clamd and ClamAV-clamd-stream av scanners: changed socket name
in a sample configuration file amavisd.conf to /var/run/clamav/clamd.sock
(previously the socket name was /var/run/clamav/clamd); this makes it
compatible with a default socket name under several Linux distributions
and under FreeBSD; suggested by Oliver Schinagl;
- documentation updates;
Mark
More information about the amavis-users
mailing list