You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Giampaolo Tomassoni <Gi...@Tomassoni.biz> on 2010/10/28 14:29:41 UTC
SA 3.3.1 and NetAddr::IP 4.034
Hi,
this morning Gentoo people liked to upgrade NetAddr::IP from 4.033 to 4.034.
People with "stable" systems (a Gentoo feature) actually runs SpamAssassin
3.3.1.
Soon after upgrading NetAddr::IP, a lint run reported these:
warn: netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been
included
warn: netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been
included
warn: netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been
included
warn: netset: cannot include 192.168.0.0/16 as it has already been included
warn: netset: cannot include 10.x.0.0/16 as it has already been included
warn: netset: cannot include x.x.x.x/32 as it has already been included
warn: netset: cannot include y.y.y.y/32 as it has already been included
warn: netset: cannot include z.z.z.z/32 as it has already been included
warn: netset: cannot include k.k.k.k/32 as it has already been included
Worse, every and each mail message I used to test SA, triggered the
ALL_TRUSTED rule!!!
I know NetAddr::IP recently got a re-design and probably SA have to cope
with this.
Do I have to place a bug report, or this is a known problem? I didn't find
any bug related to this, but maybe it's me...
Thank you,
Giampaolo
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
On 10/29/10 9:18 AM, Michael Scheidell wrote:
> On 10/29/10 12:11 PM, Mark Martinec wrote:
>> Sure, go ahead, can't hurt. The patch is now in the SA trunk.
>> Is it worth opening a ticket and putting it into the 3.3 branch too?
>>
>> Mark
> looks like Freebsd ports has an older version, so it should be ok.
>
> pkg_info | grep NetAddr
> p5-NetAddr-IP-4.02.8 Perl module for working with IP addresses and blocks thereo
>
>
You might be able to get better results with: Net-Patricia-1.18 which I released earlier this week.
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Michael Scheidell <mi...@secnap.com>.
On 10/29/10 12:11 PM, Mark Martinec wrote:
> Sure, go ahead, can't hurt. The patch is now in the SA trunk.
> Is it worth opening a ticket and putting it into the 3.3 branch too?
>
> Mark
looks like Freebsd ports has an older version, so it should be ok.
pkg_info | grep NetAddr
p5-NetAddr-IP-4.02.8 Perl module for working with IP addresses and
blocks thereo
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Mark Martinec <Ma...@ijs.si>.
Giampaolo,
> > still incorrect:
> > $ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127/8")'
> > 0:0:0:0:0:0:7F00:0/8
>
> This seems way too ambiguos to me, isn't?
No, it isn't ambiguous, it is a perfectly valid syntax for an IPv4
network, although nowadays somewhat deprecated in favour for the
more obvious full quad notation.
> How could the NetAddr::IP module get you're instantiating an IPv6 net
> address, after all. That seems to me a valid IPv6 syntax, too...
No, it isn't a valid IPv6 address. The IPv6 addressing syntax
does not allow shortening in the same way as was allowed for IPv4.
An IPv6 address must specify full 128 bits, but allows for
compaction using a :: notation, e.g. 2001:db8::/32
> > A workaround for SpamAssassin is to avoid shorthand IPv4 network
> > specifications, both in a config file (trusted/internal networks,
> > if any), as well as the hardwired one:
> >
> > - $set->add_cidr ('127/8');
> > + $set->add_cidr ('127.0.0.0/8');
>
> Wow, such a beast was in Conf.pm, uhu?
Well, yes. Not nice, but not wrong either.
> So, SA 3.3.2 will be NetAddr::IP 4.035 -compatible, right?
There would still be an issue if a site config file uses a
shorthand IPv4 network syntax, so the NetAddr::IP would better
be fixed anyway.
Michael,
> > A workaround for SpamAssassin is to avoid shorthand IPv4 network
> > specifications, both in a config file (trusted/internal networks,
> > if any), as well as the hardwired one:
> Patch for SpamAssassin Ports, rpm's and yum? or would it hurt to do this
> to 3.3.2 before it gets released?
Sure, go ahead, can't hurt. The patch is now in the SA trunk.
Is it worth opening a ticket and putting it into the 3.3 branch too?
Mark
R: SA 3.3.1 and NetAddr::IP 4.034
Posted by Giampaolo Tomassoni <gi...@tomassoni.biz>.
> still incorrect:
> $ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127/8")'
> 0:0:0:0:0:0:7F00:0/8
This seems way too ambiguos to me, isn't? How could the NetAddr::IP module
get you're instantiating an IPv6 net address, after all. That seems to me a
valid IPv6 syntax, too...
> A workaround for SpamAssassin is to avoid shorthand IPv4 network
> specifications, both in a config file (trusted/internal networks,
> if any), as well as the hardwired one:
>
> - $set->add_cidr ('127/8');
> + $set->add_cidr ('127.0.0.0/8');
Wow, such a beast was in Conf.pm, uhu?
So, SA 3.3.2 will be NetAddr::IP 4.035 -compatible, right?
Thanks Mark.
Giampaolo
> Mark
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Michael Scheidell <mi...@secnap.com>.
Patch for SpamAssassin Ports, rpm's and yum? or would it hurt to do this
to 3.3.2 before it gets released?
On 10/29/10 11:01 AM, Mark Martinec wrote:
> A workaround for SpamAssassin is to avoid shorthand IPv4 network
> specifications, both in a config file (trusted/internal networks,
> if any), as well as the hardwired one:
>
> --- Mail/SpamAssassin/Conf.pm~
> +++ Mail/SpamAssassin/Conf.pm
> @@ -3972,7 +3972,7 @@
> sub new_netset {
> my ($self) = @_;
> my $set = Mail::SpamAssassin::NetSet->new();
> - $set->add_cidr ('127/8');
> + $set->add_cidr ('127.0.0.0/8');
> $set->add_cidr ('::1');
> return $set;
> }
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Mark Martinec <Ma...@ijs.si>.
On Friday 29 October 2010 16:35:31 Mark Martinec wrote:
> > | Thu Oct 28 19:41:16 2010 michael [...] bizsystems.com
> >
> > fixed in release 4.035
>
> Actually ... maybe not fixed ... investigating
NetAddr::IP 4.035:
correct, this case is now fixed:
$ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127.0.0.0/8")'
0:0:0:0:0:0:7F00:0/104
still incorrect:
$ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127/8")'
0:0:0:0:0:0:7F00:0/8
A workaround for SpamAssassin is to avoid shorthand IPv4 network
specifications, both in a config file (trusted/internal networks,
if any), as well as the hardwired one:
--- Mail/SpamAssassin/Conf.pm~
+++ Mail/SpamAssassin/Conf.pm
@@ -3972,7 +3972,7 @@
sub new_netset {
my ($self) = @_;
my $set = Mail::SpamAssassin::NetSet->new();
- $set->add_cidr ('127/8');
+ $set->add_cidr ('127.0.0.0/8');
$set->add_cidr ('::1');
return $set;
}
Mark
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Mark Martinec <Ma...@ijs.si>.
> | Thu Oct 28 19:41:16 2010 michael [...] bizsystems.com
> fixed in release 4.035
Actually ... maybe not fixed ... investigating
Mark
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Mark Martinec <Ma...@ijs.si>.
On Thursday 28 October 2010 17:34:28 Giampaolo Tomassoni wrote:
> I'm too late: Steve Huff already did it...
> See: https://rt.cpan.org/Public/Bug/Display.html?id=62521 .
Perfect. Thank you guys.
| Thu Oct 28 19:41:16 2010 michael [...] bizsystems.com
fixed in release 4.035
Mark
RE: SA 3.3.1 and NetAddr::IP 4.034
Posted by Giampaolo Tomassoni <Gi...@Tomassoni.biz>.
> > If you confirm this, I can take care of reporting the bug to
> upstream.
>
> Please do so, thanks!
I'm too late: Steve Huff already did it...
See: https://rt.cpan.org/Public/Bug/Display.html?id=62521 .
Giampaolo
> Mark
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Mark Martinec <Ma...@ijs.si>.
> > Looks like a but in NetAddr::IP 4.034, it forgets to adjust the CIDR
> > mask when converting an IPv4 address to an IPv6 notation:
s/but/BUG/ :)
> > correct (NetAddr-IP-4.033):
> > $ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127.0.0.0/8")'
> > 0:0:0:0:0:0:7F00:0/104
> >
> > wrong (NetAddr-IP-4.034):
> > $ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127.0.0.0/8")'
> > 0:0:0:0:0:0:7F00:0/8
> Mmmh.
> In fact it seems they bobbed few lines from 4.033...
The offending change is:
--- NetAddr-IP-4.033/Lite/Lite.pm 2010-09-29 19:35:16.000000000 +0200
+++ NetAddr-IP-4.034/Lite/Lite.pm 2010-10-26 01:20:12.000000000 +0200
@@ -696,3 +696,3 @@
if ($mask =~ /^(\d+)$/) {
- if (index($ip,':') < 0) { # is ipV4
+ if (! $isV6 && index($ip,':') < 0) { # is ipV4
if ($1 == 32) { # cidr 32
(which is in fact the only functional change in 4.034)
> You sure new6 may be used with IPv4 address, huh?
Yes. According to docs:
Methods
"->new([$addr, [ $mask|IPv6 ]])"
"->new6([$addr, [ $mask]])"
"->new_no([$addr, [ $mask]])"
"->new_from_aton($netaddr)"
The first two methods create a new address with the supplied
address in $addr and an optional netmask $mask
[...]
"->new6" marks the address as being in ipV6 address space even if
the format would suggest otherwise.
i.e. ->new6('1.2.3.4') will result in ::102:304
addresses submitted to ->new in ipV6 notation will
remain in that notation permanently. i.e.
->new('::1.2.3.4') will result in ::102:304
whereas new('1.2.3.4') would print out as 1.2.3.4
$addr can be almost anything that can be resolved to an IP address
in all the notations I have seen over time. It can optionally
contain the mask in CIDR notation.
> If you confirm this, I can take care of reporting the bug to upstream.
Please do so, thanks!
Mark
RE: SA 3.3.1 and NetAddr::IP 4.034
Posted by Giampaolo Tomassoni <Gi...@Tomassoni.biz>.
> Mmmh.
>
> In fact it seems they bobbed few lines from 4.033...
>
> You sure new6 may be used with IPv4 address, huh?
>
> If you confirm this, I can take care of reporting the bug to upstream.
>
> Giampaolo
Aha, you're too fast! ;)
Giampaolo
>
>
> > Mark
RE: SA 3.3.1 and NetAddr::IP 4.034
Posted by Giampaolo Tomassoni <Gi...@Tomassoni.biz>.
> > Looking into it...
>
> > > I know NetAddr::IP recently got a re-design and probably SA have to
> cope
> > > with this.
>
> Looks like a but in NetAddr::IP 4.034, it forgets to adjust the CIDR
> mask
> when converting an IPv4 address to an IPv6 notation:
>
> correct (NetAddr-IP-4.033):
> $ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127.0.0.0/8")'
> 0:0:0:0:0:0:7F00:0/104
>
> wrong (NetAddr-IP-4.034):
> $ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127.0.0.0/8")'
> 0:0:0:0:0:0:7F00:0/8
Mmmh.
In fact it seems they bobbed few lines from 4.033...
You sure new6 may be used with IPv4 address, huh?
If you confirm this, I can take care of reporting the bug to upstream.
Giampaolo
> Mark
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Mark Martinec <Ma...@ijs.si>.
> Looking into it...
> > I know NetAddr::IP recently got a re-design and probably SA have to cope
> > with this.
Looks like a but in NetAddr::IP 4.034, it forgets to adjust the CIDR mask
when converting an IPv4 address to an IPv6 notation:
correct (NetAddr-IP-4.033):
$ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127.0.0.0/8")'
0:0:0:0:0:0:7F00:0/104
wrong (NetAddr-IP-4.034):
$ perl -le 'use NetAddr::IP; print NetAddr::IP->new6("127.0.0.0/8")'
0:0:0:0:0:0:7F00:0/8
Mark
Re: SA 3.3.1 and NetAddr::IP 4.034
Posted by Mark Martinec <Ma...@ijs.si>.
On Thursday 28 October 2010 14:29:41 Giampaolo Tomassoni wrote:
> this morning Gentoo people liked to upgrade NetAddr::IP from 4.033 to
> 4.034.
>
> People with "stable" systems (a Gentoo feature) actually runs SpamAssassin
> 3.3.1.
>
> Soon after upgrading NetAddr::IP, a lint run reported these:
>
> warn: netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been
> included
> [...]
> Worse, every and each mail message I used to test SA, triggered the
> ALL_TRUSTED rule!!!
>
> I know NetAddr::IP recently got a re-design and probably SA have to cope
> with this.
>
> Do I have to place a bug report, or this is a known problem? I didn't find
> any bug related to this, but maybe it's me...
Looking into it...
Mark