FH_DATE_PAST_20XX scores on all mails dated 2010 or later

Same in 9.10.

SRU JUSTIFICATION

1. Impact: legitmate mail can be marked as spam

2. Development branch is still affected

3. debdiff for hardy is attached

4. TEST CASE: Send an email through an unpatched spamassassin, it is marked with 'X-Spam-Status: ...,FH_DATE_PAST_20XX,.... With a patched spamassassin, this is not present.

5. regression potential is considered low due to the one character, minimal patch.

Uploaded 3.2.4-1ubuntu1.2 to hardy-proposed and subscribing ubuntu-sru for approval and verification.

To ubuntu-server, et al: I do not plan to work on SRUs for the other releases.

Check does not exist in SA 3.1 (Dapper release version).

Also not applicable to 3.1.7 in dapper-backports

Ack from ubuntu-backporters for patched backport to fix in hardy-backports.

Proposed SRU uploaded for all active releases.

ACK from the SRU team

Accepted into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Accepted into intrepid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Accepted into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Accepted into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Accepted for all affected releases. Sent mail to ubuntu-server ML asking for testers.

Scott, many thanks for this quick update! (I'm using SA, but only on lenny, so I can't test this in a production environment)

Scott Kitterman <email address hidden> writes:

> Accepted into hardy-proposed, the package will build now and be
> available in a few hours. Please test and give feedback here. See
> https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
> to enable and use -proposed. Thank you in advance!

I can confirm that the package in hardy-proposed works and fixes the
problem for me.

--
James

This bug was fixed in the package spamassassin - 3.2.4-1ubuntu1.2

---------------
spamassassin (3.2.4-1ubuntu1.2) hardy-proposed; urgency=low

  * fix for year 2010 bug (LP: #502071)
 -- Jamie Strandboge <email address hidden> Fri, 01 Jan 2010 12:46:22 -0600

Thanks for testing! Waiving 7 day maturing period for this critical update, and releasing hardy.

Hardy is verified (times -0500 on #ubuntu-release):

[16:27:27] <lamont> ScottK: hardy-proposed/amd64 1) has the fix, and 2) didn't kill my home mail server
[16:27:30] <lamont> +1

Tested from karmic-proposed, works fine for me in Ubuntu Karmic 9.10 amd64.

Testing was done in a virtualbox-ose VM locally, not a production mailserver. Tested scanning of mail with Date: in 2009, 2010 and in 2020.

Tested hardy and works for me.

This bug was fixed in the package spamassassin - 3.2.5-4ubuntu0.1

---------------
spamassassin (3.2.5-4ubuntu0.1) karmic-proposed; urgency=low

  * Add debian/patches/95_fix_FH_DATE_PAST_20XX.dpatch and related
    debian/NEWS update from 3.2.5-7 (LP: #502071)
    - Fixes Y2010 problem
 -- Scott Kitterman <email address hidden> Sat, 02 Jan 2010 09:45:27 -0500

Releasing karmic, keeping verification-needed for intrepid/jaunty.

Probably I'm wrong, but shouldn't sa-update take care of this? (at least it did for me: have not installed any updates, but runnin sa-update manually fixed it).
As far as I know, if I had not run it manually, a daily cron job (cron.daily/spamassassin) would have taken care of it.

The cronjob is disabled by default and sa-update only got a corrected FH_DATE_PAST_20XX on Jan 2nd, before that it was identical to the one in the released version.

Regardless of sa-update, we still need to provide fixed packages since we can't assume all users will enable sa-update.

Tested the package on Intrepid, from intrepid-proposed and I can confirm it's working.

One small observation: I've set it up through amavisd-new, and after doing 'apt-get update' (after enabling -proposed), it installed OK, and I saw the updated /usr/share/spamassassin/72_active.cf, but it did not work. I had to _restart amavis manually_.

This bug was fixed in the package spamassassin - 3.2.5-1ubuntu1.2

---------------
spamassassin (3.2.5-1ubuntu1.2) intrepid-proposed; urgency=low

  * Add debian/patches/95_fix_FH_DATE_PAST_20XX.dpatch and related
    debian/NEWS update from 3.2.5-7 (LP: #502071)
    - Fixes Y2010 problem
 -- Scott Kitterman <email address hidden> Sat, 02 Jan 2010 10:01:24 -0500

Thanks, releasing intrepid update. Now only Jaunty is left for verification.

Verified Jaunty package, too, confirming it's working OK. Same observation (obviously) as above.

This bug was fixed in the package spamassassin - 3.2.5-4ubuntu0.0.1

---------------
spamassassin (3.2.5-4ubuntu0.0.1) jaunty-proposed; urgency=low

  * Add debian/patches/95_fix_FH_DATE_PAST_20XX.dpatch and related
    debian/NEWS update from 3.2.5-7 (LP: #502071)
    - Fixes Y2010 problem
 -- Scott Kitterman <email address hidden> Sat, 02 Jan 2010 09:45:27 -0500

Is this really fixed in Karmic? Looking at the source package at spamassassin-3.2.5/rules/72_active.cf I see

##{ FH_DATE_PAST_20XX
header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX The date is grossly in the future.
##} FH_DATE_PAST_20XX

That is also what is installed on my system

@Peter please, see spamassassin-3.2.5/debian/patches/95_fix_FH_DATE_PAST_20XX.dpatch. The file you're reading is the one coming from upstream.

OTOH, remember that you can update SA rules with sa-update command.

On Mon, Apr 12, 2010 at 06:46:53AM -0000, Peter Schwenke wrote:
> Is this really fixed in Karmic? Looking at the source package at
> spamassassin-3.2.5/rules/72_active.cf I see

> ##{ FH_DATE_PAST_20XX
> header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]
> describe FH_DATE_PAST_20XX The date is grossly in the future.
> ##} FH_DATE_PAST_20XX

The fix is in a patch in the debian/patches directory of the source package.

> That is also what is installed on my system

The file from spamassassin 3.2.5-4ubuntu0.1 has the regexp changed to

  header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]

Please double-check that you have the karmic-updates repository enabled in
your software sources.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>

Sorry about the false alarm.

Thanks, Steve and Alex. I spotted the patch file a little while ago and have been checking the package build. The build does the correct thing and I see the correct file in built package. I had updated the rules using sa-update earlier and the correct rule was installed.

Anyway, after building the package I noticed the different naming with ubuntu0.1 tacked on. It turns out that for some reason my remote machine (linode) didn't have karmic-updates for main and restricted in /etc/apt/sources.list. Odd. Of course, the package was installed correctly after fixing that.

Yes. It's fixed.

@Peter Thanks for mentioning that you had a linode. I'd been scratching my head for weeks as to why I supposedly had everything updated but still this problem. I added in the extra karmic-updates lines and that fixed it for me, too.