[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

SAUCE 0.7.16 in stable, or not ?

I've found a bug in SAUCE which means that one of its main features
suddenly stopped working last Saturday (time_t=0x40000000).  It was
buggy before, but the symptoms were much less serious and no-one had
noticed yet.  I'm upstream as well as Debian maintainer, and have
released two new versions to fix it: a fully new version, and a
backport of the fix to the previous release.

I wanted your opinion about whether I should upload 0.7.16 to stable.
See my upstream release announcement below, about the problem and what
I've done about it.

You may also want to read the diff from 0.7.14 (current stable) to
0.7.16, which is at:
 http://www.chiark.greenend.org.uk/~ian/sauce/ftp/sauce-0.7.14-0.7.16.diff.gz

Another option, which I'd be prepared to do, would be to make a
version with _only_ the fix to make new entries not expire straight
away, and not the script to clean out old cruft from the database.

What do you think ?

Thanks,
Ian.
--- Begin Message --- 
-----BEGIN PGP SIGNED MESSAGE-----

Introduction
============

I am pleased to announce a new public BETA release of GNU SAUCE,
version 0.8.1.  This contains new features, bugfixes, and some changes
to the default settings and policies (to cope with new spam patterns).

However, I also regret to inform you that there is moderately serious
time-dependent bug in GNU SAUCE before 0.7.16.  All users are
encouraged to upgrade, either to the bugfix release 0.7.16, or to the
newer version 0.8.1, or to apply the immediate remedy below.  Please
read the information below about the time-dependent bug.

0.7.16 and 0.8.1 are not currently available via ftp.gnu.org, but
they are available via my own server at
  http://www.chiark.greenend.org.uk/~ian/sauce/
  http://www.chiark.greenend.org.uk/~ian/sauce/ftp/
along with more information about SAUCE, including details of the
mailing lists, CVS repository, and of course the distribution files.

Debian users should be able to acquire the current version of SAUCE
(0.8.1) from the Debian unstable distribution shortly, and can use
usual Debian support channels.


Changes in 0.8.1
================

  Bugfixes:
  * site-annoy database expires properly
    (NB you must clean it when you upgrade!)
  * Fix descriptor leak in ic msg_checkeof.
  * More sensible debug.log entries for firewall commands.
  * Display ipchains/iptables commands in debug.log.

  New features:
  * Support Linux 2.4 iptables.
  * Sobig.F shibboleth implemented (taboo_virus_hack, default=off).
  * New X-SAUCE-Notice header informs receiving user of anger towards
    sending site.
  * busyfury_firewall has new value `immed' meaning firewall for every
    `421 too busy' or `421 excessive concurrency', not just when
    maximally furious.
  * New `errok-' policy option for stopping SAUCE from getting too upset
    with .forward-upstreams and mailing list hosts.  Untested yet.
  * Stalling pure-teergrube server for over-aggressive callers.
  * Reinvoking thread_typedefine made safe: doesn't reset id counter.
    (Means you can patch the running SAUCE more easily.)

  Changes to autoblacklisting:
  * blmessage.text split into blmessage-site.text and -addr.text.
  * blmessage.text updated from chiark (no unblacklist policy).
  * Update blacklist timeouts.  (2mth/2mth -> 7d/12mth)


MD5 checksums
=============
53de5879aa4162f1b111c76da471a29d  sauce-0.7.14-0.7.16.diff.gz
daab7a3e61a33a2e596227e3683008f5  sauce_0.7.16.dsc
445366bf12284f33533ce4a0c91a454a  sauce_0.7.16.tar.gz
0a1167bff75c368946815538070ed77c  sauce_0.7.16_all.deb
235fe0eb1d594d367ecd6d383ba1660a  sauce_0.7.16_i386.changes
64c5651645461cfb626eaaf4f838ad0b  sauce_0.8.1.dsc
52f473d24eb80acdd0503b21ca3dc893  sauce_0.8.1.tar.gz
a5f68900c6ba1384ea56e3131fde083e  sauce_0.8.1_all.deb
3b14d09e3780573112075283bc642537  sauce_0.8.1_i386.changes


Time-dependent bug
==================

SAUCE maintains a database known as `site-annoy', in which it records
its current `opinion' about calling IP addresses.  This information is
used for various purposes, including capacity reservation and
teergrube.  Each site's entry is supposed to be kept for a certain
length of time and then to expire.

All previous versions of SAUCE have had a bug which means that the
expiry time was calculated incorrectly.  The expiry time is converted
from an elapsed interval in seconds to an absolute time as a time_t,
by adding the current time - however, buggy versions of SAUCE perform
this calculation twice.

This has two effects:

Firstly, entries created before some time around the 10th of January
2004 (or all entries on 64-bit machines) have a ridiculously large
expiry time.  This is a performance and disk space problem (the
site-annoy decay algorithm means that the very old data is not acted
on erroneously).

Secondly, entries created (on 32-bit machines) after approximately the
10th of January 2004 expire immediately (since on the 10th of January
time_t reached 0x40000000, so that 2*time_t overflows a signed
integer).  This effectively lobotomises SAUCE, so that it forgets
which sites are `friendly' and which `hostile'.

I recommend correcting the bug, and I also recommend cleaning the
site-annoy database to remove the overly-persistent entries.
Depending on your circumstances, the following routes may be followed
for a fix:

 A. Debian users:
    Download the replacement 0.7.16 .deb package (or 0.8.1) and
    install it with dpkg -i.  (Alternatively, Debian users can take
    one of the approaches below.)  The package (or a derivative) may
    go into the next update of Debian stable, but this is not certain.

 B. Install new version:
      1. Download the 0.7.16 or 0.8.1 source, or fetch and apply
         the 0.7.14-0.7.16 patch.
      2. Build the new version (`make').
      3. Stop SAUCE.
      4. make install
      5. Either run /usr/local/share/sauce/clean-site-annoy,
         or delete /var/lib/sauce/db-site.annoy.* [1]
      6. Restart SAUCE.

 C. Minimal fix by hand:
      1. Stop SAUCE.
      2. Apply the patch below to the installed
         /usr/local/share/sauce/smtp.
      3. Delete /var/lib/sauce/db-site.annoy.* [1]
      4. Restart SAUCE.

[1] Cleaning the site-annoy database can be postponed.  You can either
    run the supplied cleaning script, which deletes only entries with
    implausible expiry times, or you can delete the whole database
    (which is fairly harmless, and in any case no worse than the
    effects of the bug).  But, you must not mess with the site-annoy
    database while SAUCE is running, or it will probably undo your
    changes.

Patch
=====

The following patch fixes the actual problem, and can be applied to
the source code smtp.tcl, or to the installed file (usually
/usr/local/share/sauce/smtp).

 diff -u -u -r1.14 -r1.14.2.1
 --- smtp.tcl	15 Jun 2003 15:46:40 -0000	1.14
 +++ smtp.tcl	14 Jan 2004 22:56:33 -0000	1.14.2.1
 @@ -274,7 +274,7 @@
      if {$cv < -$annoy_love_max} { set cv -$annoy_love_max }
      ds_set site-annoy $ra \
	     [string map {{ } a - m} [list $now $cv]] \
 -	    [expr {$now + 3*$annoy_halflife}]
 +	    [expr {3*$annoy_halflife}]
      if {$cv <= -$annoy_love_max/2 && $cv <= -($annoy_grumpy+$annoy_actout_max)} {
	 set irritamt Ecstatic
      } elseif {$cv <= 0} {

This is not the complete diff between 0.7.14 and 0.7.16.  0.7.16 also
contains the clean-site-annoy script, Debian packaging to invoke it,
plus of course new-release administrivia.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBQAXlScMWjroj9a3bAQHX5QQAhs22Y+gNm/vMHLUZ/YjmCZd0h+Z4vHbH
myLrc0hz2tRC2jtW6+KbLtbSgu52iKthz4YgSEB1Fw/ua2EqeO7+uRyiRK04Kc3U
ZRX6PLuBSx6cbMj1YXXn61wPW7uZGbtJ+Yk9bfQ1B/ULQjAXldwSec/NuAQd++Te
gPy1xBTipPA=
=CZb9
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: