Hi Vincent, Quoting Vincent Lefevre (2025-01-30 02:44:41) > On 2025-01-28 16:05:13 +0100, Johannes Schauer Marin Rodrigues wrote: > > I can confirm this issue with mailgraph on our systems. This makes mailgraph > > completely unusable, thus raising the severity to RC. Here is an example of > > an > > anonymized log snippet which fails: > > > > 2025-01-28T14:12:33.468866+01:00 email imapd: LOGIN, user=, ip=[::ffff:], > > port=[61585], protocol=IMAP > > 2025-01-28T14:12:37.980934+01:00 email imapd: Connection, ip=[::ffff:], > > port=[50131] > > 2025-01-28T14:12:38.404263+01:00 email imapd: LOGIN, user=, > > ip=[::ffff:31.16.250.164], port=[50131], protocol=IMAP > > 2025-01-28T14:13:28.289022+01:00 email postfix/smtpd[92141]: connect from > > unknown[] > > 2025-01-28T14:13:28.349994+01:00 email postfix/smtpd[92141]: disconnect > > from unknown[] ehlo=1 auth=0/1 quit=1 > > I don't understand. This seems to be the same date format as on > bookworm. For instance, on my machine: > > 2025-01-30T02:41:37.887175+01:00 joooj postfix/smtp[310973]: [...] > > This was fixed there: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051496
lets look at some reproducers. For easier copypasting of the multiline log snippet into a shell one-liner I'm converting my example snippet from above to the following gzipped base64 representation: echo H4sICIztmGcAA2xvZwCVjz1PwzAQQPf+ittJXd/ZMbYlD6gDqsTXwBZliPKhWiR2mjiCn0+BCRoJuOV0y3v3iFO+5bgl/YzSIlkhmFRaK3XF0XIO7VD5HvxQjY2Fu8fbw0MGy9xOLgM/usLa7jy2zGCMU3KFwlznH9cUU6xj7w73N08burBcM6O5EXLNso8htHXyMaw7co4CyxWoZpJLUuJfrwtkqBjl/LzkD8cvHcKSZqQNJ/qmHOOcOv+2m4c0NoUhlFhaqL+yoJviAEt4CfE1FBcZn0whjTHyD8zGz+tYaI99dAjVko6O7xBOi08ON++wHLyi8AEAAA== | base64 -d | gzip -cd 2025-01-28T14:12:33.468866+01:00 email imapd: LOGIN, user=, ip=[::ffff:], port=[61585], protocol=IMAP 2025-01-28T14:12:37.980934+01:00 email imapd: Connection, ip=[::ffff:], port=[50131] 2025-01-28T14:12:38.404263+01:00 email imapd: LOGIN, user=, ip=[::ffff:31.16.250.164], port=[50131], protocol=IMAP 2025-01-28T14:13:28.289022+01:00 email postfix/smtpd[92141]: connect from unknown[] 2025-01-28T14:13:28.349994+01:00 email postfix/smtpd[92141]: disconnect from unknown[] ehlo=1 auth=0/1 quit=1 First lets try the log snippet above with mailgraph from bookworm: mmdebstrap --include=mailgraph \ --customize-hook='echo H4sICIztmGcAA2xvZwCVjz1PwzAQQPf+ittJXd/ZMbYlD6gDqsTXwBZliPKhWiR2mjiCn0+BCRoJuOV0y3v3iFO+5bgl/YzSIlkhmFRaK3XF0XIO7VD5HvxQjY2Fu8fbw0MGy9xOLgM/usLa7jy2zGCMU3KFwlznH9cUU6xj7w73N08burBcM6O5EXLNso8htHXyMaw7co4CyxWoZpJLUuJfrwtkqBjl/LzkD8cvHcKSZqQNJ/qmHOOcOv+2m4c0NoUhlFhaqL+yoJviAEt4CfE1FBcZn0whjTHyD8zGz+tYaI99dAjVko6O7xBOi08ON++wHLyi8AEAAA== | base64 -d | gzip -cd > "$1"/log' \ --chrooted-customize-hook='mailgraph --logfile /log --cat' bookworm /dev/null This will result in the following output: WARNING: line not in syslog format: 2025-01-28T14:12:33.468866+01:00 email imapd: LOGIN, user=, ip=[::ffff:], port=[61585], protocol=IMAP WARNING: line not in syslog format: 2025-01-28T14:12:37.980934+01:00 email imapd: Connection, ip=[::ffff:], port=[50131] WARNING: line not in syslog format: 2025-01-28T14:12:38.404263+01:00 email imapd: LOGIN, user=, ip=[::ffff:31.16.250.164], port=[50131], protocol=IMAP WARNING: line not in syslog format: 2025-01-28T14:13:28.289022+01:00 email postfix/smtpd[92141]: connect from unknown[] WARNING: line not in syslog format: 2025-01-28T14:13:28.349994+01:00 email postfix/smtpd[92141]: disconnect from unknown[] ehlo=1 auth=0/1 quit=1 The error message comes from here: https://sources.debian.org/src/mailgraph/1.14-20/mailgraph.pl/#L218 So lets have a look at the time regex a few lines above: (\S{3})\s+(\d+) # date -- 1, 2 \s (\d+):(\d+):(\d+) # time -- 3, 4, 5 This cannot possibly match the ISO8601 date from the log above. Do you agree? If you look at mailgraph in Trixie, it still uses the same regex: https://sources.debian.org/src/mailgraph/1.14-22/mailgraph.pl/#L229 Then look at the patch I provided in my last message. The important part is hunk 5 which changes the regex to this one: (\d+)-(\d+)-(\d+)T(\d+):(\d+):(\d+)\S+ # datetime That is why the patch provided by Dimitar and updated by me fixes this. I hope this helps clearing things up. :) Thanks! cheers, josch
signature.asc
Description: signature