Debian Bug report logs - #640496
RM: whitelister -- ROM; unmaintained upstream, obsolete

Package: ftp.debian.org; Maintainer for ftp.debian.org is Debian FTP Master <ftpmaster@ftp-master.debian.org>;

Reported by: Philipp Kern <pkern@debian.org>

Date: Sun, 10 Jan 2010 12:48:01 UTC

Severity: serious

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#564576; Package libspf0. (Sun, 10 Jan 2010 12:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tanguy Ortolo <tanguy+debian@ortolo.eu>:
New Bug report received and forwarded. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sun, 10 Jan 2010 12:48:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Tanguy Ortolo <tanguy+debian@ortolo.eu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libspf0: fails with IPv6
Date: Sun, 10 Jan 2010 13:41:46 +0100
Package: libspf0
Version: 0.999-1.0.0-p3.dfsg-2
Severity: important

Hello,

It seems that libspf0 has a problem with validation of IPv6 addresses. I
discovered this problem with spfmilter, and I could reproduce it with
spfqtool. Here is the transcript of a test, with spfquery (libspf2) and
spfqtool (libspf0):
    % spfquery -i 2a01:e34:ee8f:150:201:c0ff:fe04:d58b -s foobar@listes.ortolo.eu
    pass                                                                            
    
    spfquery: domain of listes.ortolo.eu designates 2a01:e34:ee8f:150:201:c0ff:fe04:d58b as permitted sender
    Received-SPF: pass (spfquery: domain of listes.ortolo.eu designates 2a01:e34:ee8f:150:201:c0ff:fe04:d58b as permitted sender) client-ip=2a01:e34:ee8f:150:201:c0ff:fe04:d58b; envelope-from=foobar@listes.ortolo.eu;

    % spfqtool -h vanvogt.ortolo.eu -i 2a01:e34:ee8f:150:201:c0ff:fe04:d58b -s foobar@listes.ortolo.eu
    SPF short result:   fail                                                                             
    SPF verbose result: policy result: [fail] from rule [-all]
    RFC2822 header:     Received-SPF: fail (vanvogt.ortolo.eu: domain of foobar@listes.ortolo.eu does not designate 2a01:e34:ee8f:15 as permitted sender) receiver=vanvogt.ortolo.eu; client_ip=2a01:e34:ee8f:15; envelope-from=foobar@listes.ortolo.eu;

Here, spfquery is right and spfqtool is wrong, because:
    listes.ortolo.eu.   86400   IN  SPF     "v=spf1 +a:mx1.ortolo.eu +a:mx2.ortolo.eu -all"
    mx2.ortolo.eu.      86400   IN  AAAA    2a01:e34:ee8f:150:201:c0ff:fe04:d58b
(yes, the RFC for SPF defines the “a:” mechanism with A or AAAA lookups,
depending on the IP address family).

Regards,

-- 
Tanguy Ortolo

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.31.5-grsec-xxxx-grs-ipv6-32 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libspf0 depends on:
ii  libc6                         2.7-18     GNU C Library: Shared libraries

libspf0 recommends no packages.

libspf0 suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#564576; Package libspf0. (Mon, 14 Feb 2011 15:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Scott Kitterman <scott@kitterman.com>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Mon, 14 Feb 2011 15:03:03 GMT) Full text and rfc822 format available.

Message #10 received at 564576@bugs.debian.org (full text, mbox):

From: Scott Kitterman <scott@kitterman.com>
To: 564576@bugs.debian.org
Subject: Package completely fails to support IPv6
Date: Mon, 14 Feb 2011 10:00:59 -0500
[Message part 1 (text/plain, inline)]
I think this should be RC for Wheezy as libspf appears to completely lack IPv6 
support.

$ spfqtool -i 2607:f0d0:3001:aa::2 -s scott@mailout03.controlledmail.com -h 
mailout03.controlledmail.com
SPF short result:   fail
SPF verbose result: policy result: [fail] from rule [-all]
RFC2822 header:     Received-SPF: fail (mailout03.controlledmail.com: domain 
of scott@mailout03.controlledmail.com does not designate 2607:f0d0:3001:a as 
permitted sender) receiver=mailout03.controlledmail.com; 
client_ip=2607:f0d0:3001:a; envelope-from=scott@mailout03.controlledmail.com;

It seems to fail to handle IPv6 IP addresses at all, as a result, legitimate 
mail sent from IPv6 addresses could be rejected (data loss).

Scott K
[signature.asc (application/pgp-signature, inline)]

Severity set to 'grave' from 'important' Request was from kitterma@mailout00.controlledmail.com (Scott Kitterman) to control@bugs.debian.org. (Mon, 14 Feb 2011 15:06:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#564576; Package libspf0. (Mon, 14 Feb 2011 23:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sandro Tosi <morph@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Mon, 14 Feb 2011 23:21:03 GMT) Full text and rfc822 format available.

Message #17 received at 564576@bugs.debian.org (full text, mbox):

From: Sandro Tosi <morph@debian.org>
To: Scott Kitterman <scott@kitterman.com>, 564576@bugs.debian.org
Subject: Re: Bug#564576: Package completely fails to support IPv6
Date: Mon, 14 Feb 2011 23:18:22 +0000
On Mon, Feb 14, 2011 at 15:00, Scott Kitterman <scott@kitterman.com> wrote:
> I think this should be RC for Wheezy as libspf appears to completely lack IPv6
> support.

why? IPv6 support is a release goal for wheezy, and RG does not
warrant a RC severity: please fix it.

[1] http://release.debian.org/wheezy/goals.txt

Regards,
-- 
Sandro Tosi (aka morph, morpheus, matrixhasu)
My website: http://matrixhasu.altervista.org/
Me at Debian: http://wiki.debian.org/SandroTosi




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#564576; Package libspf0. (Wed, 16 Feb 2011 15:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Scott Kitterman <scott@kitterman.com>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Wed, 16 Feb 2011 15:00:03 GMT) Full text and rfc822 format available.

Message #22 received at 564576@bugs.debian.org (full text, mbox):

From: Scott Kitterman <scott@kitterman.com>
To: 564576@bugs.debian.org
Subject: Re: Bug#564576: Package completely fails to support IPv6
Date: Wed, 16 Feb 2011 09:56:32 -0500
I replied directly, rather than to the bug by mistake.

I will contact the maintainers of the two rdepends (spfmilter and whitelister) 
to see if they will fix libspf0, port their packages to libspf2 (which does 
support IPv6), or have them removed.

Scott K




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#564576; Package libspf0. (Wed, 16 Feb 2011 15:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Scott Kitterman <scott@kitterman.com>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Wed, 16 Feb 2011 15:03:06 GMT) Full text and rfc822 format available.

Message #27 received at 564576@bugs.debian.org (full text, mbox):

From: Scott Kitterman <scott@kitterman.com>
To: 564576@bugs.debian.org
Subject: Re: Bug#564576: Package completely fails to support IPv6
Date: Wed, 16 Feb 2011 10:00:38 -0500
Also, I think it does warrant RC severity due to dataloss potential, not due 
to release goals.  Wheezy will be released in 1.5 - 2 years and supported 
until a year after Wheezy +1.  That means 4 - 5 years.  In that time frame I 
think it's highly likely that incorrectly rejecting mail due to lack of IPv6 
support (without even any warning that's why it's doing it) will result in 
significant data loss.

Scott K




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#564576; Package libspf0. (Mon, 05 Sep 2011 10:09:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Philipp Kern <pkern@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Mon, 05 Sep 2011 10:09:22 GMT) Full text and rfc822 format available.

Message #32 received at 564576@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: Scott Kitterman <scott@kitterman.com>, 564576@bugs.debian.org
Cc: spfmilter@packages.debian.org, whitelister@packages.debian.org
Subject: Re: Bug#564576: Package completely fails to support IPv6
Date: Mon, 5 Sep 2011 12:05:55 +0200
[Message part 1 (text/plain, inline)]
clone 564576 -1
clone 564576 -2
reassign -1 spfmilter
severity -1 important
retitle -1 libspf0 going away
reassign -2 whitelister
severity -2 important
retitle -2 libspf0 going away

On Wed, Feb 16, 2011 at 09:56:32AM -0500, Scott Kitterman wrote:
> I replied directly, rather than to the bug by mistake.
> 
> I will contact the maintainers of the two rdepends (spfmilter and whitelister) 
> to see if they will fix libspf0, port their packages to libspf2 (which does 
> support IPv6), or have them removed.

Given that the orphan bug is already quite old (2007, #433108) and that it
causes data loss, let's get rid of it.  Filing bugs against its reverse
dependencies because the library is going away.

I'll try to remember to ask for its removal in a few weeks and upgrade those
bugs to serious then.

Kind regards
Philipp Kern
[signature.asc (application/pgp-signature, inline)]

Bug 564576 cloned as bug 640495. Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Mon, 05 Sep 2011 10:09:28 GMT) Full text and rfc822 format available.

Bug 564576 cloned as bug 640496. Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Mon, 05 Sep 2011 10:09:29 GMT) Full text and rfc822 format available.

Bug reassigned from package 'libspf0' to 'whitelister'. Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Mon, 05 Sep 2011 10:09:35 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions libspf/0.999-1.0.0-p3.dfsg-2. Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Mon, 05 Sep 2011 10:09:35 GMT) Full text and rfc822 format available.

Severity set to 'important' from 'grave' Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Mon, 05 Sep 2011 10:09:36 GMT) Full text and rfc822 format available.

Changed Bug title to 'libspf0 going away' from 'libspf0: fails with IPv6' Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Mon, 05 Sep 2011 10:09:37 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Pierre Habouzit <madcoder@debian.org>:
Bug#640496; Package whitelister. (Fri, 21 Oct 2011 19:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Philipp Kern <pkern@debian.org>:
Extra info received and forwarded to list. Copy sent to Pierre Habouzit <madcoder@debian.org>. (Fri, 21 Oct 2011 19:42:05 GMT) Full text and rfc822 format available.

Message #49 received at 640496@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: 640496@bugs.debian.org, 640495@bugs.debian.org
Cc: whitelister@packages.debian.org, control@bugs.debian.org, debian@kitterman.com, mike@markley.org, madcoder@debian.org, spfmilter@packages.debian.org
Subject: Re: Bug#564576: Package completely fails to support IPv6
Date: Fri, 21 Oct 2011 21:16:20 +0200
[Message part 1 (text/plain, inline)]
severity 640496 serious
severity 640495 serious
thanks

On Mon, Sep 05, 2011 at 12:05:55PM +0200, Philipp Kern wrote:
> On Wed, Feb 16, 2011 at 09:56:32AM -0500, Scott Kitterman wrote:
> > I replied directly, rather than to the bug by mistake.
> > 
> > I will contact the maintainers of the two rdepends (spfmilter and whitelister) 
> > to see if they will fix libspf0, port their packages to libspf2 (which does 
> > support IPv6), or have them removed.
> 
> Given that the orphan bug is already quite old (2007, #433108) and that it
> causes data loss, let's get rid of it.  Filing bugs against its reverse
> dependencies because the library is going away.
> 
> I'll try to remember to ask for its removal in a few weeks and upgrade those
> bugs to serious then.

Upgrading now.  I'll ask for libspf0's removal at the end of the
month.

Kind regards
Philipp Kern


[signature.asc (application/pgp-signature, inline)]

Severity set to 'serious' from 'important' Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Fri, 21 Oct 2011 19:42:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#640496; Package whitelister. (Sat, 22 Oct 2011 17:18:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Pierre Habouzit <madcoder@debian.org>:
Extra info received and forwarded to list. (Sat, 22 Oct 2011 17:18:05 GMT) Full text and rfc822 format available.

Message #56 received at 640496@bugs.debian.org (full text, mbox):

From: Pierre Habouzit <madcoder@debian.org>
To: Philipp Kern <pkern@debian.org>
Cc: 640496@bugs.debian.org, 640495@bugs.debian.org, whitelister@packages.debian.org
Subject: Re: Bug#564576: Package completely fails to support IPv6
Date: Sat, 22 Oct 2011 19:06:10 +0200
On Fri, Oct 21, 2011 at 09:16:20PM +0200, Philipp Kern wrote:
> severity 640496 serious
> severity 640495 serious
> thanks
> 
> On Mon, Sep 05, 2011 at 12:05:55PM +0200, Philipp Kern wrote:
> > On Wed, Feb 16, 2011 at 09:56:32AM -0500, Scott Kitterman wrote:
> > > I replied directly, rather than to the bug by mistake.
> > > 
> > > I will contact the maintainers of the two rdepends (spfmilter and whitelister) 
> > > to see if they will fix libspf0, port their packages to libspf2 (which does 
> > > support IPv6), or have them removed.
> > 
> > Given that the orphan bug is already quite old (2007, #433108) and that it
> > causes data loss, let's get rid of it.  Filing bugs against its reverse
> > dependencies because the library is going away.
> > 
> > I'll try to remember to ask for its removal in a few weeks and upgrade those
> > bugs to serious then.
> 
> Upgrading now.  I'll ask for libspf0's removal at the end of the
> month.
> 
> Kind regards
> Philipp Kern
> 
> 

You can remove whitelsiter, I don't maintain (upstream) it anymore.


-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org




Information forwarded to debian-bugs-dist@lists.debian.org, Pierre Habouzit <madcoder@debian.org>:
Bug#640496; Package whitelister. (Sat, 22 Oct 2011 21:39:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Philipp Kern <pkern@debian.org>:
Extra info received and forwarded to list. Copy sent to Pierre Habouzit <madcoder@debian.org>. (Sat, 22 Oct 2011 21:39:07 GMT) Full text and rfc822 format available.

Message #61 received at 640496@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: Pierre Habouzit <madcoder@debian.org>, 640496@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#640496: Bug#564576: Package completely fails to support IPv6
Date: Sat, 22 Oct 2011 23:34:56 +0200
[Message part 1 (text/plain, inline)]
retitle 640496 RM: whitelister -- ROM; unmaintained upstream, obsolete
reassign 640496 ftp.debian.org
thanks

Hi Pierre,

On Sat, Oct 22, 2011 at 07:06:10PM +0200, Pierre Habouzit wrote:
> You can remove whitelsiter, I don't maintain (upstream) it anymore.

then let's do that.  ;)

Kind regards and thanks for your reply!
Philipp Kern
[signature.asc (application/pgp-signature, inline)]

Changed Bug title to 'RM: whitelister -- ROM; unmaintained upstream, obsolete' from 'libspf0 going away' Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Sat, 22 Oct 2011 21:39:10 GMT) Full text and rfc822 format available.

Bug reassigned from package 'whitelister' to 'ftp.debian.org'. Request was from Philipp Kern <pkern@debian.org> to control@bugs.debian.org. (Sat, 22 Oct 2011 21:39:11 GMT) Full text and rfc822 format available.

Changed Bug submitter to 'Philipp Kern <pkern@debian.org>' from 'Tanguy Ortolo <tanguy+debian@ortolo.eu>' Request was from Philipp Kern <pkern@thrall.0x539.de> to control@bugs.debian.org. (Sun, 23 Oct 2011 09:30:31 GMT) Full text and rfc822 format available.

Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Sun, 23 Oct 2011 12:32:05 GMT) Full text and rfc822 format available.

Notification sent to Philipp Kern <pkern@debian.org>:
Bug acknowledged by developer. (Sun, 23 Oct 2011 12:32:16 GMT) Full text and rfc822 format available.

Message #72 received at 640496-close@bugs.debian.org (full text, mbox):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 640496-close@bugs.debian.org
Cc: whitelister@packages.debian.org, whitelister@packages.qa.debian.org
Subject: Bug#640496: Removed package(s) from unstable
Date: Sun, 23 Oct 2011 12:15:47 +0000
We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

whitelister |      0.8-5 | source
whitelister |   0.8-5+b1 | amd64, hurd-i386, i386, kfreebsd-amd64, kfreebsd-i386, powerpc, sparc

------------------- Reason -------------------
ROM; unmaintained upstream, obsolete
----------------------------------------------

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

We try to close Bugs which have been reported against this package
automatically.  But please check all old bugs, if they where closed
correctly or should have been re-assign to another package.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 640496@bugs.debian.org.

The full log for this bug can be viewed at http://bugs.debian.org/640496

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 21 Nov 2011 07:39:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 09:46:57 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.