Re: Bug reported on 2.2.1-8+deb7u1 (scheduled for (old)stable releases)
On Mon, Jun 17, 2013 at 10:26:10AM +0200, Alberto Gonzalez Iniesta wrote:
> On Sat, Jun 15, 2013 at 08:34:12PM +0100, Adam D. Barratt wrote:
> > [Mail-Followup-To overridden, as iirc you're not reading -release]
> >
> > On 2013-06-15 20:11, Alberto Gonzalez Iniesta wrote:
> > >Dear SRM, I have just received this [1] bug report. I'm AFK this
> > >weekend, don't know if I would be able to test tomorrow (hope so),
> > >please consider holding (if possible) this upgrade to (old)stable
> > >just
> > >in case the report is right. The bug solution could wait till next
> > >release(s).
> > [...]
> > >[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712414
> >
> > Unfortunately the stable point release has already happened; indeed,
> > the bug log indicates that the reporter is running a system updated
> > after the release (hence the reference to 7.1 as Debian version).
> >
> > If the report does transpire to be accurate then we can look at
> > releasing a fix via stable-updates if appropriate.
>
> Seems that the bug affects some specific configurations, did't find out
> with yet. Should we avoid the release of 2.1.3-2+squeeze2 for the time
> being?
Back again.
The problem was a bug in the code that was triggered when GCC was
updated after the first build of openvpn-2.2.1-8.
The patch is here: https://community.openvpn.net/openvpn/ticket/297
I have already a package for Wheezy, please find attached the debdiff
for it.
Please let me know how I should proceed now.
The bug does not affect 2.1.3-2+squeeze2 (since the gcc version is
older) so the package can be included in the next Squeeze point release.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
diff -Nru openvpn-2.2.1/debian/changelog openvpn-2.2.1/debian/changelog
--- openvpn-2.2.1/debian/changelog 2013-06-04 09:46:37.000000000 +0000
+++ openvpn-2.2.1/debian/changelog 2013-06-17 15:48:39.000000000 +0000
@@ -1,3 +1,10 @@
+openvpn (2.2.1-8+deb7u2) wheezy; urgency=low
+
+ * Applied upstream patch to fix UDP fails.
+ Thanks Gert Doering for the pointer (Closes: #712414)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Jun 2013 15:46:47 +0000
+
openvpn (2.2.1-8+deb7u1) wheezy; urgency=low
* Applied upstream patch to fix use of non-constant-time memcmp
diff -Nru openvpn-2.2.1/debian/patches/openvpn-2.3.1-udp-send.patch openvpn-2.2.1/debian/patches/openvpn-2.3.1-udp-send.patch
--- openvpn-2.2.1/debian/patches/openvpn-2.3.1-udp-send.patch 1970-01-01 00:00:00.000000000 +0000
+++ openvpn-2.2.1/debian/patches/openvpn-2.3.1-udp-send.patch 2013-06-17 15:45:58.000000000 +0000
@@ -0,0 +1,41 @@
+Index: openvpn-2.2.1/socket.c
+===================================================================
+--- openvpn-2.2.1.orig/socket.c 2013-06-17 15:45:42.000000000 +0000
++++ openvpn-2.2.1/socket.c 2013-06-17 15:45:53.908830414 +0000
+@@ -3079,6 +3079,7 @@
+ struct iovec iov;
+ struct msghdr mesg;
+ struct cmsghdr *cmsg;
++ union openvpn_pktinfo opi;
+
+ iov.iov_base = BPTR (buf);
+ iov.iov_len = BLEN (buf);
+@@ -3088,11 +3089,10 @@
+ {
+ case AF_INET:
+ {
+- struct openvpn_in4_pktinfo msgpi4;
+ mesg.msg_name = &to->dest.addr.sa;
+ mesg.msg_namelen = sizeof (struct sockaddr_in);
+- mesg.msg_control = &msgpi4;
+- mesg.msg_controllen = sizeof msgpi4;
++ mesg.msg_control = &opi;
++ mesg.msg_controllen = sizeof (struct openvpn_in4_pktinfo);
+ mesg.msg_flags = 0;
+ cmsg = CMSG_FIRSTHDR (&mesg);
+ cmsg->cmsg_len = sizeof (struct openvpn_in4_pktinfo);
+@@ -3118,12 +3118,11 @@
+ #ifdef USE_PF_INET6
+ case AF_INET6:
+ {
+- struct openvpn_in6_pktinfo msgpi6;
+ struct in6_pktinfo *pkti6;
+ mesg.msg_name = &to->dest.addr.sa;
+ mesg.msg_namelen = sizeof (struct sockaddr_in6);
+- mesg.msg_control = &msgpi6;
+- mesg.msg_controllen = sizeof msgpi6;
++ mesg.msg_control = &opi;
++ mesg.msg_controllen = sizeof (struct openvpn_in6_pktinfo);
+ mesg.msg_flags = 0;
+ cmsg = CMSG_FIRSTHDR (&mesg);
+ cmsg->cmsg_len = sizeof (struct openvpn_in6_pktinfo);
diff -Nru openvpn-2.2.1/debian/patches/series openvpn-2.2.1/debian/patches/series
--- openvpn-2.2.1/debian/patches/series 2013-05-17 11:32:40.000000000 +0000
+++ openvpn-2.2.1/debian/patches/series 2013-06-17 15:45:52.000000000 +0000
@@ -10,3 +10,4 @@
manpage_fixes.patch
use-dpkg-buildflags.patch
cve-2013-2061.patch
+openvpn-2.3.1-udp-send.patch
Reply to: