Razor appears to be vulnerable to overly long Content-Type headers like SpamAssassin (bug #94722).
Waiting for upstream fix.
2.71 is in. Not sure this is widely public, so calling arch liaisons to test and mark stable. x86->tester amd64->blubb ppc->hansmi sparc->gustavoz alpha->kloeri Target KEYWORDS="x86 ppc sparc alpha amd64"
Adding lu_zero as I'm busy.
adding luckyduck as i'm currently busy
there is any standard way to test it?
Can't even merge it on amd64: Installing /var/tmp/portage/razor-2.71/image/usr/man/man5/razor-agents.5 Installing /var/tmp/portage/razor-2.71/image/usr/man/man5/razor-agent.conf.5 Installing /var/tmp/portage/razor-2.71/image/usr/man/man5/razor-whitelist.5 Installing /var/tmp/portage/razor-2.71/image/usr/bin/razor-client Writing /var/tmp/portage/razor-2.71/image//usr/lib/perl5/vendor_perl/5.8.5/x86_64-linux/auto/razor-agents/.packlist Appending installation info to /var/tmp/portage/razor-2.71/image//usr/lib/perl5/5.8.5/x86_64-linux/perllocal.pod /usr/bin/razor-client make: /usr/bin/razor-client: Command not found make: *** [install_razor_agents] Error 127 !!! ERROR: mail-filter/razor-2.71 failed. !!! Function perl-module_src_install, Line 132, Exitcode 2 !!! (no error message) !!! If you need support, post the topmost build error, NOT this status message.
Now public
*** Bug 96293 has been marked as a duplicate of this bug. ***
Adding arch aliases
> Not sure this is widely public, so calling arch liaisons to test and mark stable. Yep, not widely public.
(In reply to comment #6) > Can't even merge it on amd64: > > Installing /var/tmp/portage/razor-2.71/image/usr/man/man5/razor-agents.5 > Installing /var/tmp/portage/razor-2.71/image/usr/man/man5/razor-agent.conf.5 > Installing /var/tmp/portage/razor-2.71/image/usr/man/man5/razor-whitelist.5 > Installing /var/tmp/portage/razor-2.71/image/usr/bin/razor-client > Writing > /var/tmp/portage/razor-2.71/image//usr/lib/perl5/vendor_perl/5.8.5/x86_64-linux/auto/razor-agents/.packlist > Appending installation info to > /var/tmp/portage/razor-2.71/image//usr/lib/perl5/5.8.5/x86_64-linux/perllocal.pod > /usr/bin/razor-client > make: /usr/bin/razor-client: Command not found > make: *** [install_razor_agents] Error 127 > > !!! ERROR: mail-filter/razor-2.71 failed. > !!! Function perl-module_src_install, Line 132, Exitcode 2 > !!! (no error message) > !!! If you need support, post the topmost build error, NOT this status message. 2.71 was released to address this issue in 2.70, but seems not to have fixed every case. Can you provide the full build log especially including the line 'perl Makefile.PL ...'? In Makefile.PL we do $(DESTDIR)$(INSTALLSCRIPT)/razor-client to build the symlinks, but this method is likely to be changed soon seeing as how it's causing problems.
Same issue on ppc. A full log will follow shortly
Created attachment 61345 [details] full emerge log I hope it helps
(In reply to comment #14) > Created an attachment (id=61345) [edit] > full emerge log > > I hope it helps Almost :) It doesn't show the 'perl Makefile.PL' command, which is right at the source of the bug. I'm trying to find some hardware here that I can build up all the perl packages on to try this, but I think we're just going to release a 2.72 with this issue fixed for good.
Damn, sorry about that, this error only occurs if you didn't have razor installed earlier (obviously), and I didn't unmerge then remerge when testing because I was in a bit of a hurry to get it bumped for this bug. I'll bump to 2.72 as soon as it's ready.
(In reply to comment #16) > Damn, sorry about that, this error only occurs if you didn't have razor > installed earlier (obviously), and I didn't unmerge then remerge when testing > because I was in a bit of a hurry to get it bumped for this bug. I'll bump to > 2.72 as soon as it's ready. No worries, thanks for passing along the information.
(In reply to comment #16) > Damn, sorry about that, this error only occurs if you didn't have razor > installed earlier (obviously), and I didn't unmerge then remerge when testing > because I was in a bit of a hurry to get it bumped for this bug. I'll bump to > 2.72 as soon as it's ready. 2.72 is now released to sourceforge; we ripped out the symlinks and custom Makefile stuff that's been causing problems for package maintainers everywhere. No user-visible changes to this release; I'll keep watch on this bug to see how it goes.
(In reply to comment #18) > 2.72 is now released to sourceforge; we ripped out the symlinks and custom > Makefile stuff that's been causing problems for package maintainers everywhere. > No user-visible changes to this release; I'll keep watch on this bug to see how > it goes. I've added the new ebuild to CVS.
Back to arches stableization
sparc happy.
ppc too
Bug #96293 was in fact not a dupe but apparently contains another issue: --- Vipul has released razor-agents 2.71 to address two critical issues in all prior razor-agents. One of these issues addresses a bug in the discovery logic, where a razor-agent that cannot reach the discover server may go into an infinite loop until discover is available, slowly leaking memory and eventually crashing the system. --- I guess the other is the Content-Type bug similar to SA. Cannot find any upstream reference to this issue and didn't realize that Richard was a Razor dev (Sorry Richard). I'll draft the GLSA a few hours.
alpha tasty !
amd64 stable
x86 happy
The security implications of the discovery bug seems questionable and the DoS issue is rather limited, holding off GLSA for now. [18:15:21] <taviso> $ time razor-check viagra.txt [18:15:21] <taviso> real 0m1.331s [18:15:27] <taviso> $ time razor-check viagra2.txt [18:15:28] <taviso> real 0m13.325s
Combined GLSA with bug #94722.
GLSA 200506-17