Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-29 Thread Noah Meyerhans 
reassign 601601 libnetaddr-ip-perl
retitle 601601 NetAddr::IP-new6 fails to adjust netmask when mapping a v4 
address
thanks

Something within libnetaddr-ip-perl perl changed between version
4.028+dfsg-1 (currently in squeeze) and version 4.034+dfsg-1 (currently
in sid).  Consider the attached perl program.  The
_convert_ipv4_cidr_to_ipv6 function is pulled from spamassassin's
Mail::SpamAssassin::NetSet module.  On a squeeze system, the program
outputs the following:

Loopback network: 127.0.0.0/8
converted to v6 mapped: 0:0:0:0:0::7F00:0/104
IPv6 loopback address: 0:0:0:0:0:0:0:1/128
Is 0:0:0:0:0:0:0:1/128 contained within 0:0:0:0:0::7F00:0/104? 0

On a sid sytem, the program outputs this:
Loopback network: 127.0.0.0/8
converted to v6 mapped: 0:0:0:0:0::7F00:0/8
IPv6 loopback address: 0:0:0:0:0:0:0:1/128
Is 0:0:0:0:0:0:0:1/128 contained within 0:0:0:0:0::7F00:0/8? 1

Note the differences in the network mask when the loopback /8 is
mapped to a v6 address.  Note that this leads to the
NetAddr::IP-contains method returning an incorrect value.

Thanks.
noah

#!/usr/bin/perl

use NetAddr::IP;

sub _convert_ipv4_cidr_to_ipv6 {
  my ($cidr) = @_;

  # only do this for IPv4 addresses
  return undef unless ($cidr =~ /^\d+[.\/]/);

  if ($cidr !~ /\//) {  # no mask
return NetAddr::IP-new6(:::.$cidr);
  }

  # else we have a CIDR mask specified. use new6() to do this
  #
  my $ip6 = +(NetAddr::IP-new6($cidr));
  # 127.0.0.1 - 0:0:0:0:0:0:7F00:0001/128
  # 127/8 - 0:0:0:0:0:0:7F00:0/104

  # now, move that from 0:0:0:0:0:0: space to 0:0:0:0:0:: space
  if (!defined $ip6 || $ip6 !~ /^0:0:0:0:0:0:(.*)$/) {
warn oops! unparseable IPv6 address for $cidr: $ip6;
return undef;
  }

  return NetAddr::IP-new6(:::$1);
}

my $a = NetAddr::IP-new('127.0.0.0/8');
my $b = NetAddr::IP-new('::1');
my $converted = _convert_ipv4_cidr_to_ipv6($a);

print Loopback network:  . $a . \n;
print converted to v6 mapped: $converted\n;
print IPv6 loopback address: $b\n;

print Is $b contained within $converted?  . $converted-contains($b) . \n;



signature.asc
Description: Digital signature

Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-29 Thread Justin Mason 
hi guys, it's a NetAddr::IP regression.   Mark Martinec said (on the
SA users list):

 Looks like a but in NetAddr::IP 4.034, it forgets to adjust the  CIDR mask
 when converting an IPv4 address to an IPv6 notation:

 correct (NetAddr-IP-4.033):
  $ perl -le 'use NetAddr::IP; print NetAddr::IP-new6(127.0.0.0/8)'
 0:0:0:0:0:0:7F00:0/104

 wrong (NetAddr-IP-4.034):
  $ perl -le 'use NetAddr::IP; print NetAddr::IP-new6(127.0.0.0/8)'
 0:0:0:0:0:0:7F00:0/8


upstream: https://rt.cpan.org/Public/Bug/Display.html?id=62521

hth,

--j.


On Fri, Oct 29, 2010 at 07:48, Noah Meyerhans no...@debian.org wrote:
 reassign 601601 libnetaddr-ip-perl
 retitle 601601 NetAddr::IP-new6 fails to adjust netmask when mapping a v4 
 address
 thanks

 Something within libnetaddr-ip-perl perl changed between version
 4.028+dfsg-1 (currently in squeeze) and version 4.034+dfsg-1 (currently
 in sid).  Consider the attached perl program.  The
 _convert_ipv4_cidr_to_ipv6 function is pulled from spamassassin's
 Mail::SpamAssassin::NetSet module.  On a squeeze system, the program
 outputs the following:

 Loopback network: 127.0.0.0/8
 converted to v6 mapped: 0:0:0:0:0::7F00:0/104
 IPv6 loopback address: 0:0:0:0:0:0:0:1/128
 Is 0:0:0:0:0:0:0:1/128 contained within 0:0:0:0:0::7F00:0/104? 0

 On a sid sytem, the program outputs this:
 Loopback network: 127.0.0.0/8
 converted to v6 mapped: 0:0:0:0:0::7F00:0/8
 IPv6 loopback address: 0:0:0:0:0:0:0:1/128
 Is 0:0:0:0:0:0:0:1/128 contained within 0:0:0:0:0::7F00:0/8? 1

 Note the differences in the network mask when the loopback /8 is
 mapped to a v6 address.  Note that this leads to the
 NetAddr::IP-contains method returning an incorrect value.

 Thanks.
 noah


 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (GNU/Linux)

 iD4DBQFMym5PYrVLjBFATsMRAhiuAJiQjUHeRiH6yYnF3a2KBbsfgMJaAJ9jipmk
 1ILZCji᭖닒컋ʒ⠛==
 =JZSb
 -END PGP SIGNATURE-





--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-29 Thread Damien Wyart 
NetAddr-IP-4.035 should fix this bug, but after upgrading manually
/usr/lib/perl5/NetAddr/IP/Lite.pm to 1.21, I still see the problem when
spamassassin starts, learns new spam or when the daily cron job is
called.

So not sure the upstream fix in netAddr::IP has cured the initial
problem reported for spamassassin in but 601601. Or maybe I did
something stupid when doing these tests...


Best,
-- 
Damien Wyart



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-29 Thread Damien Wyart 
To test in a more clean way, I manually built
libnetaddr-ip-perl_4.035+dfsg-1_amd64.deb using the sources from CPAN
and the 4.035 packaging from Debian, and I can confirm the cannot
include messages from spamassassin are still there, so I guess the fix
might have corrected part of the problem, but we are not yet back to
4.033 situation wrt spamassassin.

Could someone with better knowledge of all this reopen the upstream bug
after some further analysis?

Many thanks in advance.


Best,

Damien

 NetAddr-IP-4.035 should fix this bug, but after upgrading manually
 /usr/lib/perl5/NetAddr/IP/Lite.pm to 1.21, I still see the problem when
 spamassassin starts, learns new spam or when the daily cron job is
 called.
 
 So not sure the upstream fix in netAddr::IP has cured the initial
 problem reported for spamassassin in but 601601. Or maybe I did
 something stupid when doing these tests...
 
 
 Best,

-- 
Damien Wyart



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-28 Thread Noah Meyerhans 
On Wed, Oct 27, 2010 at 06:38:22PM +0200, Jakub Wilk wrote:
 Every time I pipe a message through spamassassin or sa-learn, I get the  
 following warnings:

 $ sa-learn --ham --mbox /dev/null
 netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
 netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
 Learned tokens from 0 message(s) (0 message(s) examined)

Remove ::1 from trusted_networks or internal_networks or wherever you've
added it.  It's hardcoded by default, so including it in your configs
amounts to adding it a second time.

noah



signature.asc
Description: Digital signature

Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-28 Thread Jakub Wilk 

* Noah Meyerhans no...@debian.org, 2010-10-28, 20:23:

Every time I pipe a message through spamassassin or sa-learn, I get the
following warnings:

$ sa-learn --ham --mbox /dev/null
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
Learned tokens from 0 message(s) (0 message(s) examined)


Remove ::1 from trusted_networks or internal_networks or wherever you've
added it.  It's hardcoded by default, so including it in your configs
amounts to adding it a second time.


Thanks for a tip, but I don't have any *_networks in my config. In fact, 
I can reproduce this bug in a clean chroot, with pristine configuration.


--
Jakub Wilk


signature.asc
Description: Digital signature

Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-28 Thread Francois Marier 
On 2010-10-29 at 02:36:28, Jakub Wilk wrote:
 Thanks for a tip, but I don't have any *_networks in my config. In
 fact, I can reproduce this bug in a clean chroot, with pristine
 configuration.

Same for me, I've grepped for _networks in /etc/spamassassin and
~/.spamassassin and didn't get a single match.

Cheers,
Francois



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-28 Thread Noah Meyerhans 
On Fri, Oct 29, 2010 at 02:28:33PM +1300, Francois Marier wrote:
  Thanks for a tip, but I don't have any *_networks in my config. In
  fact, I can reproduce this bug in a clean chroot, with pristine
  configuration.
 
 Same for me, I've grepped for _networks in /etc/spamassassin and
 ~/.spamassassin and didn't get a single match.

Confirmed.  I don't see anything in upstream's bugzilla, so I'll look
into it.

noah



signature.asc
Description: Digital signature

Bug#601601: spamassassin: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included

2010-10-27 Thread Jakub Wilk 

Package: spamassassin
Version: 3.3.1-1
Severity: minor

Every time I pipe a message through spamassassin or sa-learn, I get the 
following warnings:


$ sa-learn --ham --mbox /dev/null
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
Learned tokens from 0 message(s) (0 message(s) examined)


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages spamassassin depends on:
pn  libarchive-tar-perl none   (no description available)
ii  libdigest-sha1-perl 2.13-1   NIST SHA-1 message digest algorith
ii  libhtml-parser-perl 3.68-1   collection of modules that parse H
ii  libnet-dns-perl 0.66-2   Perform DNS queries from a Perl sc
ii  libnetaddr-ip-perl  4.034+dfsg-1 IP address manipulation module
ii  libsocket6-perl 0.23-1   Perl extensions for IPv6
ii  libsys-hostname-long-perl   1.4-2Figure out the long (fully-qualifi
ii  libwww-perl 5.837-1  simple and consistent interface to
ii  perl5.10.1-15Larry Wall's Practical Extraction 
ii  perl-modules [libio-zlib-pe 5.10.1-15Core Perl modules


Versions of packages spamassassin recommends:
ii  gcc   4:4.4.5-1  The GNU C compiler
ii  gnupg 1.4.10-4   GNU privacy guard - a free PGP rep
ii  libc6-dev 2.11.2-6   Embedded GNU C Library: Developmen
pn  libio-socket-inet6-perl   none (no description available)
pn  libmail-spf-perl  none (no description available)
ii  make  3.81-8 An utility for Directing compilati
ii  perl [libsys-syslog-perl] 5.10.1-15  Larry Wall's Practical Extraction 
ii  re2c  0.13.5-1   tool for generating fast C-based r

pn  spamc none (no description available)

Versions of packages spamassassin suggests:
pn  libdbi-perl   none (no description available)
ii  libio-socket-ssl-perl 1.33-1 Perl module implementing object or
pn  libmail-dkim-perl none (no description available)
pn  libnet-ident-perl none (no description available)
ii  perl [libcompress-zlib-perl]  5.10.1-15  Larry Wall's Practical Extraction 
pn  pyzor none (no description available)

pn  razor none (no description available)

--
Jakub Wilk



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org