--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package prosody/0.9.7-2+deb8u1
- From: Sergei Golovan <sgolovan@nes.ru>
- Date: Mon, 08 Jun 2015 09:24:44 +0300
- Message-id: <20150608062444.21340.35471.reportbug@jupiter.golovan.home>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi!
The prosody package (an XMPP server) currently in jessie suffers from
a bug in handling CNAME DNS records. Appears that it doesn't cache them
properly. This regularly breaks server-to-server communications either
returning errors to the sender or dropping the messages (which is much
worse). You can find the corresponding bugreports in [1] and [2].
This bug is already fixed in unstable and testing, but I'd like to
apply the fix to jessie as well. I'm attaching the diff between 0.9.7-2
currently in stable and the prospective 0.9.7-2+deb8u1.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787070
[2] https://code.google.com/p/lxmppd/issues/detail?id=487
-- System Information:
Debian Release: 8.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru prosody-0.9.7/debian/changelog prosody-0.9.7/debian/changelog
--- prosody-0.9.7/debian/changelog 2015-03-28 18:20:59.000000000 +0300
+++ prosody-0.9.7/debian/changelog 2015-06-08 09:03:24.000000000 +0300
@@ -1,3 +1,10 @@
+prosody (0.9.7-2+deb8u1) jessie; urgency=medium
+
+ * Apply upstream patch which fixes CNAME DNS record resolution
+ (closes: #787070)
+
+ -- Sergei Golovan <sgolovan@debian.org> Mon, 08 Jun 2015 09:02:50 +0300
+
prosody (0.9.7-2) unstable; urgency=high
* Apply upstream patch to validate UTF-8 strings before calling libidn
diff -Nru prosody-0.9.7/debian/patches/0007-Fix-CNAME-DNS-lookup.patch prosody-0.9.7/debian/patches/0007-Fix-CNAME-DNS-lookup.patch
--- prosody-0.9.7/debian/patches/0007-Fix-CNAME-DNS-lookup.patch 1970-01-01 03:00:00.000000000 +0300
+++ prosody-0.9.7/debian/patches/0007-Fix-CNAME-DNS-lookup.patch 2015-06-08 09:03:24.000000000 +0300
@@ -0,0 +1,53 @@
+Author: Upstream
+Description: Patch fixes DNS lookup for CNAME records.
+Bug: https://code.google.com/p/lxmppd/issues/detail?id=487
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787070
+Last-Modified: Tue, 02 Jun 2015 17:55:08 +0300
+
+--- a/net/dns.lua
++++ b/net/dns.lua
+@@ -694,15 +694,20 @@
+ end
+
+
+-function resolver:peek (qname, qtype, qclass) -- - - - - - - - - - - - peek
++function resolver:peek (qname, qtype, qclass, n) -- - - - - - - - - - - - peek
+ qname, qtype, qclass = standardize(qname, qtype, qclass);
+ local rrs = get(self.cache, qclass, qtype, qname);
+- if not rrs then return nil; end
++ if not rrs then
++ if n then if n <= 0 then return end else n = 3 end
++ rrs = get(self.cache, qclass, "CNAME", qname);
++ if not (rrs and rrs[1]) then return end
++ return self:peek(rrs[1].cname, qtype, qclass, n - 1);
++ end
+ if prune(rrs, socket.gettime()) and qtype == '*' or not next(rrs) then
+ set(self.cache, qclass, qtype, qname, nil);
+ return nil;
+ end
+- if self.unsorted[rrs] then table.sort (rrs, comp_mx); end
++ if self.unsorted[rrs] then table.sort (rrs, comp_mx); self.unsorted[rrs] = nil; end
+ return rrs;
+ end
+
+--- a/plugins/mod_s2s/s2sout.lib.lua
++++ b/plugins/mod_s2s/s2sout.lib.lua
+@@ -169,18 +169,6 @@
+ handle4 = adns.lookup(function (reply, err)
+ handle4 = nil;
+
+- -- COMPAT: This is a compromise for all you CNAME-(ab)users :)
+- if not (reply and reply[#reply] and reply[#reply].a) then
+- local count = max_dns_depth;
+- reply = dns.peek(connect_host, "CNAME", "IN");
+- while count > 0 and reply and reply[#reply] and not reply[#reply].a and reply[#reply].cname do
+- log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[#reply].cname), count);
+- reply = dns.peek(reply[#reply].cname, "A", "IN") or dns.peek(reply[#reply].cname, "CNAME", "IN");
+- count = count - 1;
+- end
+- end
+- -- end of CNAME resolving
+-
+ if reply and reply[#reply] and reply[#reply].a then
+ for _, ip in ipairs(reply) do
+ log("debug", "DNS reply for %s gives us %s", connect_host, ip.a);
diff -Nru prosody-0.9.7/debian/patches/series prosody-0.9.7/debian/patches/series
--- prosody-0.9.7/debian/patches/series 2015-03-28 18:20:59.000000000 +0300
+++ prosody-0.9.7/debian/patches/series 2015-06-08 09:03:24.000000000 +0300
@@ -3,3 +3,4 @@
0003-dpkg-buildflags.patch
0004-fix-package.path-of-ejabberd2prosody.patch
0005-Validate-UTF-8-strings-before-calling-libidn.patch
+0007-Fix-CNAME-DNS-lookup.patch
--- End Message ---