ANNOUNCE: amavisd-new-2.7.1 has been released
Mark Martinec
Mark.Martinec+amavis at ijs.si
Sun Apr 29 04:24:53 CEST 2012
Version 2.7.1 of amavisd-new has been released.
It is available at:
http://www.ijs.si/software/amavisd/amavisd-new-2.7.1.tar.gz
(926kB)
or:
http://www.ijs.si/software/amavisd/amavisd-new-2.7.1.tar.xz
(669kB)
Release notes are at:
http://www.ijs.si/software/amavisd/release-notes.txt
The 2.7.1 is a bug fixes -only release over 2.7.0.
Problems which were discovered during a 2.8.0 development cycle
were backported to 2.7.
amavisd-new-2.7.1 release notes
BUG FIXES
- prevent rmdir() from failing with 'Invalid argument' on Solaris 10 when
deleting a temporary directory: current working directory must not be
within a directory which is about to be deleted; reported and diagnosed
by Maciej Uhlig;
- forwarding or quarantining through a 'pipe:' method failed with
"Insecure dependency in exec while running with -T switch" when a
sendmail command-line option -N was needed; reported by Andreas Schulze;
- when multiple sockets are specified (e.g. in $forward_method) as a
redundancy/failover mechanism, and SMTP session caching is enabled,
a failed forwarding session does not clear a cached session, so all
further attempts are stuck with the failed server, instead of picking
a different server from the list; discovered by Michael Storz;
- on establishing a SMTP session when multiple sockets are specified
(e.g. in $forward_method) as a redundancy/failover mechanism, the
random choice never picked the last socket in a list;
discovered by Michael Storz;
- fix defanging by mimedefang, it was failing with perl 5.10 or later
due to an unhandled "Insecure dependency in sprintf" while logging the
result if the $log_level was 2 or higher, or when debugging was enabled;
thanks to Steve Scotter for a problem report;
- fix defanging by Anomy::Sanitizer, it was failing with an error message:
"mangling by anomy failed: replacement size 0, mail will pass unmodified";
- fix the 'xz' entry in a default @decoders list (in files amavisd.conf,
amavisd.conf-default and amavisd); the first two variants ('xzdec' and
'xz') were glued together, so the xz decoder was only available if found
under names 'unxz' or 'xzcat';
- provide a workaround for a bug [rt.cpan.org #64642] in a perl module
Encode, which gratuitously untaints a string when encoding or decoding it:
https://rt.cpan.org/Public/Bug/Display.html?id=64642
(still unfixed in Encode 2.44, perl 5.14.2);
A module Scalar::Util is now required, which should not be a compatibility
problem, as this module is a Perl core module since perl 5.8.0.
- avoid the use of Encode::is_utf8 due to a bug in a perl module Encode
as bundled with versions of Perl 5.8.0 to 5.8.8 (fixed in March 2007):
Perl bug tracking: #32687:
Encode::is_utf8 on tainted UTF8 string returns false
https://rt.perl.org/rt3/Public/Bug/Display.html?id=32687
also referenced by #37170:
https://rt.perl.org/rt3/Public/Bug/Display.html?id=37170
This is a re-manifestation of the same problem we had back in 2004,
with a workaround provided by amavisd-new-2.2.1. Forgot that people
are still using Perl 5.8 :) Reported by Peter Dieth;
- fix a warning: _WARN: Invalid conversion in sprintf: "%a"
- write informational messages during a stop/start/restart to stdout,
instead of to stderr, avoiding unnecessary cron job messages;
thanks to Cristian Seres, Sandro Janke and John Griffiths;
also: https://bugzilla.redhat.com/show_bug.cgi?id=561389
- fix a syntactically incorrect 'Avira SAVAPI' av entry (missing
closing bracket) in a sample configuration file amavisd.conf;
- minor: get_body_digest incorrectly logged 8-bit body as 8-bit header;
- no longer insist on a minimal version 2.22 of a module Digest::MD5,
the 'clone' method is no longer needed since amavisd-new-2.7.0;
- do not call $parser->max_parts($MAXFILES) with some old versions
of MIME::Parser which did not yet provide this method;
- pre-load a module File::Glob even with perl 5.8.0, otherwise
autowhitelisting in SpamAssasssin may fail with "Insecure dependency";
- documentation: (files README.sql-mysql and README.sql-pg):
fixed a field name "policy.unchecked_lover", previously incorrectly
specified as "policy.unchecked_lovers_maps"; reported by TimH;
- documentation: fixed the two SELECT examples in files README.sql-pg and
README.sql-mysql, the field 'select' needs to be qualified with a table
name: 'msgrcpt.content' to avoid ambiguity; reported by Gary V;
- documentation bug in amavisd.conf-default: 'ESMTP' is not a valid
setting for $protocol, just use 'SMTP' instead; reported by Pascal Volk;
COMPATIBILITY
- commented out the LHA entry in the default @decoders list and in
do_executable(). The program seems to be unmaintained, was seen crashing
and as such it may pose a security risk; pointed out by Thomas Jarosch;
- due to popular demand, bring the 'spam-tag:' log line back to log level 2
(version 2.7.0 dropped it to log level 3) to retain compatibility with
some log analyzers. Caveat: 'spam-tag' string is now entirely in lowercase.
Suggested by Stefan Jakobs;
OTHER
- if a message is quarantined to more than one location using different
quarantine methods, the SQL field msgs.quar_type indicates only the
type of the last one. When archival quarantining is enabled this choice
is unfortunate, as the primary quarantine type is more interesting
than the permanent archival quarantine type. This is now reversed,
the msgs.quar_type field now reflects the first quarantine type.
Suggested by Patrick Ben Koetter.
- SMTP session caching now no longer re-uses old sessions which are
in use for more than a minute since their establishment; suggested
by Michael Storz;
- having the archive quarantine enabled should not be a sufficient reason
to store information to SQL when $sql_store_info_for_all_msgs is off;
Suggested by Patrick Ben Koetter.
- ClamAV-clamd and ClamAV-clamd-stream av scanners: changed socket name
in a sample configuration file amavisd.conf to /var/run/clamav/clamd.sock
(previously the socket name was /var/run/clamav/clamd); this makes it
compatible with a default socket name under several Linux distributions
and under FreeBSD; suggested by Oliver Schinagl;
- documentation updates;
Mark
More information about the amavis-users
mailing list