Add patch to fix releasing mail from sql quarantine

Conflicts:
	amavisd-new.spec

.gitignore

@@ -1 +1,4 @@
 amavisd-new-2.8.0.tar.gz
+/amavisd-new-2.8.1.tar.gz
+/amavisd-new-2.9.0.tar.xz
+/amavisd-new-2.9.1.tar.xz

amavis-clamd.conf

@@ -7,7 +7,7 @@ LogFacility LOG_MAIL
 
 # This option allows you to save a process identifier of the listening
 # daemon (main thread).
-PidFile /var/run/amavisd/clamd.pid
+PidFile /var/run/clamd.amavisd/clamd.pid
 
 # Remove stale socket after unclean shutdown.
 # Default: disabled
@@ -17,4 +17,4 @@ FixStaleSocket yes
 User amavis
 
 # Path to a local socket file the daemon will listen on.
-LocalSocket /var/spool/amavisd/clamd.sock
+LocalSocket /var/run/clamd.amavisd/clamd.sock

amavis-clamd.sysconfig

@@ -1,3 +1,3 @@
 CLAMD_CONFIGFILE=/etc/clamd.d/amavisd.conf
-CLAMD_SOCKET=/var/spool/amavisd/clamd.sock
+CLAMD_SOCKET=/var/run/clamd.amavisd/clamd.sock
 CLAMD_OPTIONS=

amavisd-conf.patch

@@ -92,7 +92,7 @@
 -# #   this entry; when running chrooted one may prefer a socket under $MYHOME.
 +  ### http://www.clamav.net/
 +  ['ClamAV-clamd',
-+    \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"],
++    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"],
 +    qr/\bOK$/m, qr/\bFOUND$/m,
 +    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 +  # NOTE: run clamd under the same user as amavisd - or run it under its own

amavisd-new-2.9.0-conf.patch

@@ -0,0 +1,139 @@
+commit 44707666dd30b5196e75002f1661da6b77e360f8
+Author: Juan Orti Alcaine <j.orti.alcaine@gmail.com>
+Date:   Mon May 12 09:59:27 2014 +0200
+
+    amavisd-conf.patch
+
+diff --git a/amavisd-agent b/amavisd-agent
+index 1ebe2bb..b8271a3 100755
+--- a/amavisd-agent
++++ b/amavisd-agent
+@@ -53,7 +53,7 @@ use BerkeleyDB;
+ 
+ my($dbfile) = 'snmp.db';
+ my($db_home) =  # DB databases directory
+-  defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/amavis/db';
++  defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/spool/amavisd/db';
+ 
+ my($wakeuptime) = 10;  # -w, sleep time in seconds, may be fractional
+ my($repeatcount);      # -c, repeat count (when defined)
+diff --git a/amavisd-nanny b/amavisd-nanny
+index 80b84dc..164549f 100755
+--- a/amavisd-nanny
++++ b/amavisd-nanny
+@@ -61,7 +61,7 @@ my($activettl) = 10*60; # stuck active children are sent a SIGTERM
+ 
+ my($dbfile) = 'nanny.db';
+ my($db_home) =  # DB databases directory
+-  defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/amavis/db';
++  defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/spool/amavisd/db';
+ my($wakeuptime) = 2;  # -w, sleep time in seconds, may be fractional
+ my($repeatcount);     # -c, repeat count (when defined)
+ 
+diff --git a/amavisd.conf b/amavisd.conf
+index a09597f..25db750 100644
+--- a/amavisd.conf
++++ b/amavisd.conf
+@@ -14,25 +14,25 @@ use strict;
+ # $bypass_decode_parts = 1;         # controls running of decoders&dearchivers
+ 
+ $max_servers = 2;            # num of pre-forked children (2..30 is common), -m
+-$daemon_user  = 'vscan';     # (no default;  customary: vscan or amavis), -u
+-$daemon_group = 'vscan';     # (no default;  customary: vscan or amavis), -g
++$daemon_user  = 'amavis';    # (no default;  customary: vscan or amavis), -u
++$daemon_group = 'amavis';    # (no default;  customary: vscan or amavis), -g
+ 
+ $mydomain = 'example.com';   # a convenient default for other settings
+ 
+-# $MYHOME = '/var/amavis';   # a convenient default for other settings, -H
++$MYHOME = '/var/spool/amavisd';   # a convenient default for other settings, -H
+ $TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
+ $ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
+-$QUARANTINEDIR = '/var/virusmails';  # -Q
++$QUARANTINEDIR = undef;      # -Q
+ # $quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine
+ # $release_format = 'resend';     # 'attach', 'plain', 'resend'
+ # $report_format  = 'arf';        # 'attach', 'plain', 'resend', 'arf'
+ 
+ # $daemon_chroot_dir = $MYHOME;   # chroot directory or undef, -R
+ 
+-# $db_home   = "$MYHOME/db";      # dir for bdb nanny/cache/snmp databases, -D
++$db_home   = "$MYHOME/db";        # dir for bdb nanny/cache/snmp databases, -D
+ # $helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S
+-# $lock_file = "$MYHOME/var/amavisd.lock";  # -L
+-# $pid_file  = "$MYHOME/var/amavisd.pid";   # -P
++$lock_file = "/var/run/amavisd/amavisd.lock";  # -L
++$pid_file  = "/var/run/amavisd/amavisd.pid";   # -P
+ #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
+ 
+ $log_level = 0;              # verbosity 0..5, -d
+@@ -116,11 +116,11 @@ $sa_local_tests_only = 0;    # only tests which do not require internet access?
+ # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP;
+ #   defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)
+ 
+-$virus_admin               = "virusalert\@$mydomain";  # notifications recip.
++$virus_admin               = undef;                    # notifications recip.
+ 
+-$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
+-$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
+-$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
++$mailfrom_notify_admin     = undef;                    # notifications sender
++$mailfrom_notify_recip     = undef;                    # notifications sender
++$mailfrom_notify_spamadmin = undef;                    # notifications sender
+ $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
+ 
+ @addr_extension_virus_maps      = ('virus');
+@@ -154,10 +154,10 @@ $defang_by_ccat{CC_BADH.",6"} = 1;  # header field syntax error
+ # $notify_method  = 'smtp:[127.0.0.1]:10025';
+ # $forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!
+ 
+-# $final_virus_destiny      = D_DISCARD;
+-# $final_banned_destiny     = D_DISCARD;
+-# $final_spam_destiny       = D_PASS;  #!!!  D_DISCARD / D_REJECT
+-# $final_bad_header_destiny = D_PASS;
++$final_virus_destiny      = D_DISCARD;
++$final_banned_destiny     = D_BOUNCE;
++$final_spam_destiny       = D_DISCARD;  #!!!  D_DISCARD / D_REJECT
++$final_bad_header_destiny = D_BOUNCE;
+ # $bad_header_quarantine_method = undef;
+ 
+ # $os_fingerprint_method = 'p0f:*:2345';  # to query p0f-analyzer.pl
+@@ -338,9 +338,9 @@ $banned_filename_re = new_RE(
+   ['arj',  \&do_unarj, ['unarj', 'arj'] ],
+   ['arc',  \&do_arc,   ['nomarch', 'arc'] ],
+   ['zoo',  \&do_zoo,   ['zoo', 'unzoo'] ],
+-  ['doc',  \&do_ole,   'ripole'],
++# ['doc',  \&do_ole,   'ripole'],  # no ripole package so far
+   ['cab',  \&do_cabextract, 'cabextract'],
+-  ['tnef', \&do_tnef_ext, 'tnef'],
++# ['tnef', \&do_tnef_ext, 'tnef'],  # use internal do_tnef() instead
+   ['tnef', \&do_tnef],
+ # ['lha',  \&do_lha,   'lha'],  # not safe, use 7z instead
+ # ['sit',  \&do_unstuff, 'unstuff'],  # not safe
+@@ -378,16 +378,16 @@ $banned_filename_re = new_RE(
+ #   qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m ],
+ # settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1
+ 
+-# ### http://www.clamav.net/
+-# ['ClamAV-clamd',
+-#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
+-#   qr/\bOK$/m, qr/\bFOUND$/m,
+-#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
+-# # NOTE: run clamd under the same user as amavisd - or run it under its own
+-# #   uid such as clamav, add user clamav to the amavis group, and then add
+-# #   AllowSupplementaryGroups to clamd.conf;
+-# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
+-# #   this entry; when running chrooted one may prefer a socket under $MYHOME.
++  ### http://www.clamav.net/
++  ['ClamAV-clamd',
++    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"],
++    qr/\bOK$/m, qr/\bFOUND$/m,
++    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
++  # NOTE: run clamd under the same user as amavisd - or run it under its own
++  #   uid such as clamav, add user clamav to the amavis group, and then add
++  #   AllowSupplementaryGroups to clamd.conf;
++  # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
++  #   this entry; when running chrooted one may prefer a socket under $MYHOME.
+ 
+ # ### http://www.clamav.net/ and CPAN  (memory-hungry! clamd is preferred)
+ # # note that Mail::ClamAV requires perl to be build with threading!

amavisd-new-2.9.1-release_mail_from_sql_quarantine.patch

@@ -0,0 +1,51 @@
+diff --git a/amavisd b/amavisd
+index f721756..2a2c418 100755
+--- a/amavisd
++++ b/amavisd
+@@ -20208,7 +20208,7 @@ sub preprocess_policy_query($$) {
+     new_am_id('rel-'.$msginfo->mail_id)  if $releasing;
+     if ($releasing && $quar_type eq 'Q') {  # releasing from SQL
+       do_log(5, "preprocess_policy_query: opening in sql: %s",
+-                $msginfo->mail_id);
++                $msginfo->parent_mail_id);
+       my $obj = $Amavis::sql_storage;
+       $Amavis::extra_code_sql_quar && $obj
+         or die "SQL quarantine code not enabled (3)";
+@@ -20218,31 +20218,31 @@ sub preprocess_policy_query($$) {
+       if (!defined($msginfo->partition_tag) &&
+           defined($sel_msg) && $sel_msg ne '') {
+         do_log(5, "preprocess_policy_query: missing partition_tag in request,".
+-                  " fetching msgs record for mail_id=%s", $msginfo->mail_id);
++                  " fetching msgs record for mail_id=%s", $msginfo->parent_mail_id);
+         # find a corresponding partition_tag if missing from a release request
+         $conn_h->begin_work_nontransaction;  #(re)connect if necessary
+-        $conn_h->execute($sel_msg, untaint($msginfo->mail_id));
++        $conn_h->execute($sel_msg, untaint($msginfo->parent_mail_id));
+         my $a_ref; my $cnt = 0; my $partition_tag;
+         while ( defined($a_ref=$conn_h->fetchrow_arrayref($sel_msg)) ) {
+           $cnt++;
+           $partition_tag = $a_ref->[0]  if !defined $partition_tag;
+           ll(5) && do_log(5, "release: got msgs record for mail_id=%s: %s",
+-                             $msginfo->mail_id, join(', ',@$a_ref));
++                             $msginfo->parent_mail_id, join(', ',@$a_ref));
+         }
+         $conn_h->finish($sel_msg)  if defined $a_ref;  # only if not all read
+         $cnt <= 1 or die "Multiple ($cnt) records with same mail_id exist, ".
+                          "specify a partition_tag in the AM.PDP request";
+         if ($cnt < 1) {
+           do_log(0, "release: no records with msgs.mail_id=%s in a database, ".
+-                    "trying to read from a quar. anyway", $msginfo->mail_id);
++                    "trying to read from a quar. anyway", $msginfo->parent_mail_id);
+         }
+         $msginfo->partition_tag($partition_tag);  # could still be undef/NULL !
+       }
+       ll(5) && do_log(5, "release: opening mail_id=%s, partition_tag=%s",
+-                         $msginfo->mail_id, $msginfo->partition_tag);
++                         $msginfo->parent_mail_id, $msginfo->partition_tag);
+       $conn_h->begin_work_nontransaction;  # (re)connect if not connected
+       $fh = Amavis::IO::SQL->new;
+-      $fh->open($conn_h, $sel_quar, untaint($msginfo->mail_id),
++      $fh->open($conn_h, $sel_quar, untaint($msginfo->parent_mail_id),
+                 'r', untaint($msginfo->partition_tag))
+         or die "Can't open sql obj for reading: $!";  1;
+     } else {  # mail checking or releasing from a file

amavisd-new-tmpfiles.conf

@@ -1,2 +1,2 @@
 d /var/run/amavisd 755 amavis amavis -
-d /var/run/clamd.amavisd 755 amavis amavis -
+d /var/run/clamd.amavisd 770 amavis clamupdate -

amavisd-new.spec

@@ -2,13 +2,13 @@
 
 Summary:        Email filter with virus scanner and spamassassin support
 Name:           amavisd-new
-Version:        2.8.0
-Release:        8%{?prerelease:.%{prerelease}}%{?dist}
+Version:        2.9.1
+Release:        2%{?prerelease:.%{prerelease}}%{?dist}
 # LDAP schema is GFDL, some helpers are BSD, core is GPLv2+
 License:        GPLv2+ and BSD and GFDL
 Group:          Applications/System
 URL:            http://www.ijs.si/software/amavisd/
-Source0:        http://www.ijs.si/software/amavisd/amavisd-new-%{version}%{?prerelease:-%{prerelease}}.tar.gz
+Source0:        http://www.ijs.si/software/amavisd/amavisd-new-%{version}%{?prerelease:-%{prerelease}}.tar.xz
 Source1:        amavis-clamd.init
 Source2:        amavis-clamd.conf
 Source3:        amavis-clamd.sysconfig
@@ -17,7 +17,7 @@ Source5:        README.quarantine
 Source6:        amavisd.cron
 Source7:        amavisd-snmp.init
 Source8:        amavisd-new-tmpfiles.conf
-Patch0:         amavisd-conf.patch
+Patch0:         amavisd-new-2.9.0-conf.patch
 Patch1:         amavisd-init.patch
 Patch2:         amavisd-condrestart.patch
 # Don't source /etc/sysconfig/network in init script; the network check
@@ -25,8 +25,13 @@ Patch2:         amavisd-condrestart.patch
 # and it can't be relied upon to exist in recent Fedora builds. Mail
 # sent upstream to amavis-users ML 2013-05-10. -adamw
 Patch3:         amavisd-new-2.8.0-init_network.patch
+# Fix bug #1121552
+# http://lists.amavis.org/pipermail/amavis-users/2014-June/002957.html
+Patch4:         amavisd-new-2.9.1-release_mail_from_sql_quarantine.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires:       /usr/sbin/clamd, /etc/clamd.d
+BuildRequires:  systemd
+Requires:       clamav-server
+Requires:       clamav-server-sysvinit
 Requires:       /usr/sbin/tmpwatch, /etc/cron.daily
 Requires:       /usr/bin/ar
 Requires:       altermime
@@ -76,9 +81,11 @@ Requires:       perl(Mail::SpamAssassin)
 Requires:       perl(Net::DNS)
 Requires:       perl(Net::LDAP)
 Requires:       perl(Net::SSLeay)
+Requires:       perl(Net::Server)
 Requires:       perl(NetAddr::IP)
 Requires:       perl(Razor2::Client::Version)
 Requires:       perl(Socket6)
+Requires:       perl(Unix::Syslog)
 Requires:       perl(URI)
 Requires(pre):  shadow-utils
 Requires(post): /sbin/chkconfig
@@ -90,6 +97,7 @@ BuildArch:      noarch
 Group:          Applications/System
 Summary:        Exports amavisd SNMP data
 Requires:       %{name} = %{version}-%{release}
+Requires:       perl(NetSNMP::OID)
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/service, /sbin/chkconfig
 Requires(postun): /sbin/service
@@ -120,9 +128,10 @@ alerting purposes.
 %patch1 -p1
 %patch2 -p0
 %patch3 -p1
+%patch4 -p1
 
 install -p -m 644 %{SOURCE4} %{SOURCE5} README_FILES/
-sed -e 's,/var/amavis/amavisd.sock\>,/var/spool/amavisd/amavisd.sock,' -i amavisd-release
+sed -e 's,/var/amavis/amavisd.sock\>,%{_localstatedir}/spool/amavisd/amavisd.sock,' -i amavisd-release
 
 %build
 
@@ -145,12 +154,11 @@ install -D -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/clamd.d/amavisd.co
 install -D -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.amavisd
 install -D -p -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/amavisd
 
-mkdir -p $RPM_BUILD_ROOT/var/spool/amavisd/{tmp,db,quarantine}
-touch $RPM_BUILD_ROOT/var/spool/amavisd/clamd.sock
-mkdir -p $RPM_BUILD_ROOT/var/run/{amavisd,clamd.amavisd}
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/amavisd/{tmp,db,quarantine}
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/{amavisd,clamd.amavisd}
 
 %if 0%{?fedora}%{?rhel} > 6
-install -D -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/tmpfiles.d/amavisd-new.conf
+install -D -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_tmpfilesdir}/amavisd-new.conf
 %endif
 
 %clean
@@ -158,7 +166,10 @@ rm -rf $RPM_BUILD_ROOT
 
 %pre
 getent group amavis > /dev/null || %{_sbindir}/groupadd -r amavis
-getent passwd amavis > /dev/null || %{_sbindir}/useradd -r -g amavis -d /var/spool/amavisd -s /sbin/nologin -c "User for amavisd-new" amavis
+getent passwd amavis > /dev/null || \
+  %{_sbindir}/useradd -r -g amavis -d %{_localstatedir}/spool/amavisd -s /sbin/nologin \
+  -c "User for amavisd-new" amavis
+exit 0
 
 %preun
 if [ $1 -eq 0 ]; then
@@ -206,19 +217,15 @@ fi
 %{_sbindir}/amavisd
 %{_sbindir}/clamd.amavisd
 %{_bindir}/amavisd-*
-%dir %attr(710,amavis,amavis) /var/spool/amavisd
-%dir %attr(700,amavis,amavis) /var/spool/amavisd/tmp
-%dir %attr(700,amavis,amavis) /var/spool/amavisd/db
-%dir %attr(700,amavis,amavis) /var/spool/amavisd/quarantine
-%ghost /var/spool/amavisd/clamd.sock
+%dir %attr(750,amavis,amavis) %{_localstatedir}/spool/amavisd
+%dir %attr(750,amavis,amavis) %{_localstatedir}/spool/amavisd/tmp
+%dir %attr(750,amavis,amavis) %{_localstatedir}/spool/amavisd/db
+%dir %attr(750,amavis,amavis) %{_localstatedir}/spool/amavisd/quarantine
 %if 0%{?fedora}%{?rhel} > 6
-%attr(644,root,root) %{_sysconfdir}/tmpfiles.d/amavisd-new.conf
-%ghost %dir %attr(755,amavis,amavis) /var/run/amavisd
-%ghost %dir %attr(755,amavis,amavis) /var/run/clamd.amavisd
-%else
-%dir %attr(755,amavis,amavis) /var/run/amavisd
-%dir %attr(755,amavis,amavis) /var/run/clamd.amavisd
+%attr(644,root,root) %{_tmpfilesdir}/amavisd-new.conf
 %endif
+%dir %attr(755,amavis,amavis) %{_localstatedir}/run/amavisd
+%dir %attr(770,amavis,clamupdate) %{_localstatedir}/run/clamd.amavisd
 
 %files snmp
 %defattr(-,root,root,-)
@@ -227,6 +234,26 @@ fi
 %{_sbindir}/amavisd-snmp-subagent
 
 %changelog
+* Sun Aug 03 2014 Juan Orti Alcaine <jorti@fedoraproject.org> 2.9.1-2
+- Add patch to fix releasing mail from sql quarantine
+
+* Mon Jun 30 2014 Juan Orti Alcaine <jorti@fedoraproject.org> 2.9.1-1
+- Update to version 2.9.1
+
+* Fri Jun 27 2014 Juan Orti Alcaine <jorti@fedoraproject.org> 2.9.0-2
+- Change permissions of /var/spool/amavisd folders to 750. Fix bug #906396
+
+* Thu Jun 26 2014 Juan Orti Alcaine <jorti@fedoraproject.org> 2.9.0-1
+- Update to version 2.9.0
+- Rework amavisd-conf.patch
+
+* Sun Feb 16 2014 Juan Orti Alcaine <jorti@fedoraproject.org> 2.8.1-1
+- Update to version 2.8.1
+- Add missing dependencies
+- Place tmpfiles conf in _tmpfilesdir
+- Use _localstatedir macro
+- Change clamd socket location to /var/run/clamd.amavisd/clamd.sock
+
 * Mon Dec 02 2013 Robert Scheck <robert@fedoraproject.org> 2.8.0-8
 - Commented ripole(1) decoder as the binary is not packaged
 - Commented tnef(1) decoder as the perl module is a dependency
@@ -289,7 +316,7 @@ fi
 - Update to 2.6.2.
 - Drop smtpdaemon dependency (BZ# 438078).
 
-* Wed Jul 15 2008 Steven Pritchard <steve@kspei.com> 2.6.1-1
+* Tue Jul 15 2008 Steven Pritchard <steve@kspei.com> 2.6.1-1
 - Update to 2.6.1.
 - Require Crypt::OpenSSL::RSA, Digest::SHA, Digest::SHA1, IO::Socket::SSL,
   Mail::DKIM, Net::SSLeay, NetAddr::IP, and Socket6.

sources

@@ -1 +1 @@
-9851ce19f0c8fcab36f254c4e0251618  amavisd-new-2.8.0.tar.gz
+2b83d60b49855943c297743db0029218  amavisd-new-2.9.1.tar.xz