control: owner -1 ! On Thu, Feb 19, 2015 at 11:33:25PM +0100, Michal Jirků wrote: > Package: ucspi-tcp-ipv6 > Version: 1:0.88-3 > Severity: normal > Tags: ipv6 > > Dear Gerrit,
Hi, I am currently in the process of adopting maintainership of the ucspi-tcp package, so I came across this bug report that was filed some years ago. > I have found a problem with ucspi-tcp-ipv6 package; namely that > tcprules dies when it encounters ipv6 address in rules file. > E.g. adding ipv6 address to /etc/tcp.smtp fails: > > 2 root@palladium ~ # qmailctl cdb > tcprules: fatal: unable to parse this line: > 2001:4898:e0:66:82fa:5bff:fe0f:c0c9:allow,WHITELISTED="yes" > Reloaded /etc/tcp.smtp. Can you still reproduce this bug with a recent version of the ucspi-tcp-ipv6 package? If I run the attached shell program: a) on my Debian testing laptop, b) in a Debian unstable chroot environment, and c) in a Debian Stretch chroot environment with ucspi-tcp-ipv6 version 1:0.88-3.1 ...it always succeeds: the tcprules invocation succeeds, and all the tcprulescheck invocations produce the expected result. Can you run it on your system and see what happens? If something goes wrong with attaching it (I have deliberately changed its extension to .txt so that it should not give any mail filters a scare, but then who knows), you can also find it at: https://devel.ringlet.net/misc/test-tcprules/test-tcprules.txt > I have discussed this issue with Felix von Leitner (the original > author of the ipv6 patch for ucspi-tcp) and he's under the impression > this is an issue related to this debian package. > > Because his patch does add the support for ipv6 addresses in tcprules. > (works for him) > > We compared the tcprules.c file and the one shipping with ucspi-tcp-ipv6 > package seems to be unaffected by the changes providing the necessary > support. E.g. tcprules.c:126 reads: > > colon = byte_chr(x,len,':'); [snip] Yes, but the ucspi-tcp source package builds ucspi-tcp twice: once in the actual source directory, and once in an ipv6/ subdirectory after copying all the files there and applying Felix von Leitner's IPv6 patch. So the fact that you cannot see the change in the tcprules.c file in the source package still does not mean that the patch is not applied. Sorry for bothering you if you have moved on to another way of doing things in the years since you filed that bug report. Still, thank you for trying to improve Debian by reporting a problem! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org p...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
#!/bin/sh
#
# Copyright (c) 2023 Peter Pentchev <r...@ringlet.net>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
set -e
set -x
check()
{
if [ "$#" -lt 2 ]; then
echo 'Internal error: check() invoked with too few arguments'
1>&2
exit 1
fi
local ipaddr="$1"
shift
env TCPREMOTEIP="$ipaddr" tcprulescheck rules.cdb > result.txt
cat result.txt
local arg=''
for arg; do
grep -Fe "$arg" result.txt
grep -Fqe "$arg" result.txt
done
}
# First, make sure the package is installed
dpkg-query -W -f '${Package}\t${Version}\n' ucspi-tcp-ipv6 | grep -Fe '1:0.88-'
# Create a temporary directory
tempd="$(mktemp -d -t test-tcprules.XXXXXX)"
trap "rm -rf -- '$tempd'" HUP INT QUIT TERM EXIT
cd -- "$tempd"
# Create the input file
cat <<'EOINPUT' > rules.txt
127.0.0.:allow,SOURCE="localnet"
127.0.1.:deny,SOURCE="localnet2"
128.:deny,SOURCE="weird"
::1:allow,SOURCE="localhost6"
2001:4898:e0:66:82fa:5bff:fe0f:c0c9:allow,WHITELISTED="yes"
2002:4898:e0:66:82fa:5bff:fe0f:c0c9:allow,WHITELISTED="not really"
EOINPUT
# Create the rules database
tcprules rules.cdb rules.cdb.tmp < rules.txt
# Run a couple of tests
check 127.0.0.1 'rule 127.0.0.:' 'SOURCE=localnet' 'allow connection'
check 127.0.1.1 'rule 127.0.1.:' 'deny connection'
check 128.2.3.4 'rule 128.:' 'deny connection'
check 1.2.3.4 'default:' 'allow connection'
check ::1 'rule ::1:' 'SOURCE=localhost6' 'allow connection'
check 2001:4898:e0:66:82fa:5bff:fe0f:c0c9 'WHITELISTED=yes' 'allow connection'
check 2002:4898:e0:66:82fa:5bff:fe0f:c0c9 'WHITELISTED=not really' 'allow
connection'
set +x
echo 'Seems fine!'
signature.asc
Description: PGP signature
