Control: severity -1 serious On Wed, 04 Dec 2024 17:35:29 +0200 Dimitar Angelov <mi...@edabg.com> wrote: > Upstream version of mailgraph contains embeded Parse:Syslog package version > 1.09 which doesn't support RFC3339 dates and new rsyslog format. > > As result mailgraph can't read properly mail logs because of invalid date > format for parser. > All lines from logs are discarded. > > There are two solutions of the problem. > The first solution is to remove embeded in mailgraph.pl Parse:Syslog package > and use libparse-syslog-perl 1.11. > This is not case because in Debian bookwarm libparse-syslog-perl is 1.10 which > is not case. > This solution is applicable for Debian trixie. > The second solution is to embed Parse:Syslog package version 1.11 in > mailgraph.pl. > > Proposing patch to resolve issue by replacing embeded Parse:Syslog package.
I can confirm this issue with mailgraph on our systems. This makes mailgraph completely unusable, thus raising the severity to RC. Here is an example of an anonymized log snippet which fails: 2025-01-28T14:12:33.468866+01:00 email imapd: LOGIN, user=, ip=[::ffff:], port=[61585], protocol=IMAP 2025-01-28T14:12:37.980934+01:00 email imapd: Connection, ip=[::ffff:], port=[50131] 2025-01-28T14:12:38.404263+01:00 email imapd: LOGIN, user=, ip=[::ffff:31.16.250.164], port=[50131], protocol=IMAP 2025-01-28T14:13:28.289022+01:00 email postfix/smtpd[92141]: connect from unknown[] 2025-01-28T14:13:28.349994+01:00 email postfix/smtpd[92141]: disconnect from unknown[] ehlo=1 auth=0/1 quit=1 As Dimitar already pointed out, the problem is in the date format parser. The embedded version of Parse:Syslog in mailgraph as it is currently found in unstable and testing is unable to deal with date/timestamps in a format such as the above. As Dimitar suggested, bumping the version of the embedded Parse:Syslog fixes the issue. As there have been some uploads of mailgraph since Dimitar posted the patch, that original patch does not apply anymore. I refreshed the patch for the version that is currently in unstable. Please find the debdiff attached. Thanks! cheers, josch
diff -Nru mailgraph-1.14/debian/changelog mailgraph-1.14/debian/changelog
--- mailgraph-1.14/debian/changelog 2024-06-30 19:29:48.000000000 +0200
+++ mailgraph-1.14/debian/changelog 2025-01-28 15:53:19.000000000 +0100
@@ -1,3 +1,11 @@
+mailgraph (1.14-22.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Upgrade Parse::Syslog to version 1.11 to support RFC3339 or syslog-ng ISO
+ dates. (Closes: #1089039)
+
+ -- Johannes Schauer Marin Rodrigues <jo...@debian.org> Tue, 28 Jan 2025 15:53:19 +0100
+
mailgraph (1.14-22) unstable; urgency=medium
* Refresh debian/patches/0100-new_syslog_format.patch:
diff -Nru mailgraph-1.14/debian/patches/120_syslog-parse-upgrade.patch mailgraph-1.14/debian/patches/120_syslog-parse-upgrade.patch
--- mailgraph-1.14/debian/patches/120_syslog-parse-upgrade.patch 1970-01-01 01:00:00.000000000 +0100
+++ mailgraph-1.14/debian/patches/120_syslog-parse-upgrade.patch 2025-01-28 15:53:13.000000000 +0100
@@ -0,0 +1,119 @@
+--- a/mailgraph.pl
++++ b/mailgraph.pl
+@@ -17,6 +17,7 @@ use Time::Local;
+ use IO::File;
+ use strict;
+ use vars qw($VERSION);
++use warnings;
+ my %months_map = (
+ 'Jan' => 0, 'Feb' => 1, 'Mar' => 2,
+ 'Apr' => 3, 'May' => 4, 'Jun' => 5,
+@@ -79,6 +80,12 @@ sub str2time($$$$$$$$)
+ my $time;
+ if($GMT) {
+ $time = timegm(@_);
++ # with explicit timezone:
++ if($GMT =~ /^([\+\-])(\d\d):(\d\d)$/) {
++ my $off_secs = 60 * (60*$2 + $3);
++ $off_secs *= -1 if ($1 eq '+');
++ $time += $off_secs;
++ }
+ }
+ else {
+ $time = timelocal(@_);
+@@ -144,11 +151,11 @@ sub new($$;%)
+ }
+ elsif(! ref $file) {
+ if($file eq '-') {
+- my $io = new IO::Handle;
++ my $io = IO::Handle->new();
+ $data{file} = $io->fdopen(fileno(STDIN),"r");
+ }
+ else {
+- $data{file} = new IO::File($file, "<");
++ $data{file} = IO::File->new($file, "<");
+ defined $data{file} or croak "can't open $file: $!";
+ }
+ }
+@@ -207,45 +214,43 @@ sub _next_syslog($)
+ my $file = $self->{file};
+ line: while(defined (my $str = $self->_next_line)) {
+ # date, time and host
+- my ($year, $mon, $day, $hour, $min, $sec, $host, $text);
+- if($self->{type} eq 'rsyslog') {
+- ($year, $mon, $day, $hour, $min, $sec, $host, $text) = $str =~ /^
+- (\d+)-(\d+)-(\d+)T(\d+):(\d+):(\d+)\S+ # datetime
+- \s+
+- (\S+) # host
+- \s+
+- (.*) # text
+- $/x or do
+- {
+- warn "WARNING: line not in high precision rsyslog format: $str";
+- next line;
+- };
+- $mon--;
+- $self->{year}=$year;
+- }
+- else {
+- my($montxt);
+- ($mon, $day, $hour, $min, $sec, $host, $text) = $str =~ /^
+- (\S{3})\s+(\d+) # date
+- \s
+- (\d+):(\d+):(\d+) # time
+- (?:\s<\w+\.\w+>)? # FreeBSD's verbose-mode
+- \s
+- ([-\w\.\@:]+) # host
+- \s+
+- (?:\[LOG_[A-Z]+\]\s+)? # FreeBSD
+- (.*) # text
+- $/x or do
+- {
+- warn "WARNING: line not in syslog format: $str";
+- next line;
+- };
+- $mon = $months_map{$montxt};
+- defined $mon or croak "unknown month $montxt\n";
+- $self->_year_increment($mon);
+- }
++ $str =~ /^
++ (\S{3})\s+(\d+) # date -- 1, 2
++ \s
++ (\d+):(\d+):(\d+) # time -- 3, 4, 5
++ (?:\s<\w+\.\w+>)? # FreeBSD's verbose-mode
++ \s
++ ([-\w\.\@:]+) # host -- 6
++ \s+
++ (?:\[LOG_[A-Z]+\]\s+)? # FreeBSD
++ (.*) # text -- 7
++ $/x or
++ $str =~ /^
++ (\d\d\d\d)-(\d\d)-(\d\d) # RFC3339 or syslog-ng ISO date -- 1, 2, 3
++ T
++ (\d+):(\d+):(\d+)(?:\.\d+)? # time (optional frac_sec) -- 4, 5, 6
++ (Z|[\+\-]\d\d:\d\d) # TZ -- 7
++ \s
++ ([-\w\.\@:]+) # host -- 8
++ \s+
++ (.*) # text -- 9
++ $/x or do
++ {
++ warn "WARNING: line not in syslog format: $str";
++ next line;
++ };
++ my ($time, $host, $text);
+ # convert to unix time
+- my $time = $self->str2time($sec,$min,$hour,$day,$mon,$self->{year}-1900,$self->{GMT});
++ if (defined($months_map{$1})) { # BSD Syslog
++ my $mon = $months_map{$1};
++ defined $mon or croak "unknown month $1\n";
++ $self->_year_increment($mon);
++ $time = $self->str2time($5,$4,$3,$2,$mon,$self->{year}-1900,$self->{GMT});
++ ($host, $text) = ($6, $7);
++ } else { # RFC3339/syslog-ng
++ $time = $self->str2time($6,$5,$4,$3,$2-1,$1-1900,$7);
++ ($host, $text) = ($8, $9);
++ }
+ if(not $self->{allow_future}) {
+ # accept maximum one day in the present future
+ if($time - time > 86400) {
diff -Nru mailgraph-1.14/debian/patches/series mailgraph-1.14/debian/patches/series
--- mailgraph-1.14/debian/patches/series 2024-06-30 19:12:06.000000000 +0200
+++ mailgraph-1.14/debian/patches/series 2025-01-28 15:37:51.000000000 +0100
@@ -8,3 +8,4 @@
#105_postscreen.diff
#110_mailgraph.cgi.patch
0100-new_syslog_format.patch
+120_syslog-parse-upgrade.patch
signature.asc
Description: signature
