[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#782143: marked as done (pu: package stunnel4/3:5.06-2+deb8u1)

Your message dated Tue, 28 Jun 2016 10:20:49 +0200
with message-id <20160628082049.GD3361@betterave.cristau.org>
and subject line Re: Bug#782143: pu: package stunnel4/3:5.06-2+deb8u1
has caused the Debian Bug report #782143,
regarding pu: package stunnel4/3:5.06-2+deb8u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
782143: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782143
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

This is a pre-approval request for unblocking a RC bugfix upload of
stunnel4 that will fix two RC bugs:
- #771421 - makes stunnel unusable for some users in certain
  configurations; not for everyone, but still, it happens too often to
  be ignored
- #782030 - makes stunnel start and stop properly, checking whether
  the action has actually succeeded

The full debdiff between version 3:5.06-2 (currently in unstable and
testing) and the proposed 3:5.06-3 is attached.

unblock stunnel4/3:5.06-3

Thanks in advance, and thanks for all your work!

G'luck,
Peter

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru stunnel4-5.06/debian/changelog stunnel4-5.06/debian/changelog
--- stunnel4-5.06/debian/changelog	2014-10-20 11:49:07.000000000 +0300
+++ stunnel4-5.06/debian/changelog	2015-04-08 14:00:56.000000000 +0300
@@ -1,3 +1,15 @@
+stunnel4 (3:5.06-3) unstable; urgency=medium
+
+  * Add the 17-upstream-hangup patch to fix prematurely closed
+    connections when there is still data to be written.
+    Thanks to Joachim Falk for backporting the patch!
+    Closes: #771241
+  * Add the 18-lsb-startup patch to make the daemons' startup consistent
+    with the way things are done in Debian.
+    Among other things, Closes: #782030
+
+ -- Peter Pentchev <roam@ringlet.net>  Wed, 08 Apr 2015 14:00:54 +0300
+
 stunnel4 (3:5.06-2) unstable; urgency=medium
 
   * Limit the systemd build dependency to Linux architectures only,
diff -Nru stunnel4-5.06/debian/patches/17-upstream-hangup.patch stunnel4-5.06/debian/patches/17-upstream-hangup.patch
--- stunnel4-5.06/debian/patches/17-upstream-hangup.patch	1970-01-01 02:00:00.000000000 +0200
+++ stunnel4-5.06/debian/patches/17-upstream-hangup.patch	2015-04-08 12:45:17.000000000 +0300
@@ -0,0 +1,74 @@
+Description: Fix premature data truncation in the POLLRDHUP handling
+DebianBug: https://bugs.debian.org/771241
+Origin: upstream; https://www.stunnel.org/pipermail/stunnel-users/2014-November/004860.html
+Last-Update: 2015-03-04
+
+--- a/src/client.c
++++ b/src/client.c
+@@ -515,6 +515,11 @@
+     int write_wants_read=0, write_wants_write=0;
+     /* actual conditions on file descriptors */
+     int sock_can_rd, sock_can_wr, ssl_can_rd, ssl_can_wr;
++#ifdef USE_WIN32
++    unsigned long bytes;
++#else
++    int bytes;
++#endif
+ 
+     c->sock_ptr=c->ssl_ptr=0;
+ 
+@@ -810,32 +815,44 @@
+         }
+ 
+         /****************************** check for hangup conditions */
+-        if(s_poll_rdhup(c->fds, c->sock_rfd->fd)) {
+-            s_log(LOG_INFO, "Read socket closed (hangup)");
++        /* http://marc.info/?l=linux-man&m=128002066306087 */
++        /* readsocket() must be the last sock_rfd operation before FIONREAD */
++        if(sock_open_rd && s_poll_rdhup(c->fds, c->sock_rfd->fd) &&
++                (ioctlsocket(c->sock_rfd->fd, FIONREAD, &bytes) || !bytes)) {
++            s_log(LOG_INFO, "Read socket closed (read hangup)");
+             sock_open_rd=0;
+         }
+-        if(s_poll_hup(c->fds, c->sock_wfd->fd)) {
++        if(sock_open_wr && s_poll_hup(c->fds, c->sock_wfd->fd)) {
+             if(c->ssl_ptr) {
+                 s_log(LOG_ERR,
+-                    "Write socket closed (hangup) with %d unsent byte(s)",
++                    "Write socket closed (write hangup) with %d unsent byte(s)",
+                     c->ssl_ptr);
+                 longjmp(c->err, 1); /* reset the socket */
+             }
+-            s_log(LOG_INFO, "Write socket closed (hangup)");
++            s_log(LOG_INFO, "Write socket closed (write hangup)");
+             sock_open_wr=0;
+         }
+-        if(s_poll_hup(c->fds, c->ssl_rfd->fd) ||
+-                s_poll_hup(c->fds, c->ssl_wfd->fd)) {
++        /* SSL_read() must be the last ssl_rfd operation before FIONREAD */
++        if(!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN) &&
++                s_poll_rdhup(c->fds, c->ssl_rfd->fd) &&
++                (ioctlsocket(c->ssl_rfd->fd, FIONREAD, &bytes) || !bytes)) {
+             /* hangup -> buggy (e.g. Microsoft) peer:
+              * SSL socket closed without close_notify alert */
++            s_log(LOG_INFO, "SSL socket closed (read hangup)");
++            SSL_set_shutdown(c->ssl,
++                SSL_get_shutdown(c->ssl)|SSL_RECEIVED_SHUTDOWN);
++        }
++        if(!(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN) &&
++                s_poll_hup(c->fds, c->ssl_wfd->fd)) {
+             if(c->sock_ptr || write_wants_write) {
+                 s_log(LOG_ERR,
+-                    "SSL socket closed (hangup) with %d unsent byte(s)",
++                    "SSL socket closed (write hangup) with %d unsent byte(s)",
+                     c->sock_ptr);
+                 longjmp(c->err, 1); /* reset the socket */
+             }
+-            s_log(LOG_INFO, "SSL socket closed (hangup)");
+-            SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
++            s_log(LOG_INFO, "SSL socket closed (write hangup)");
++            SSL_set_shutdown(c->ssl,
++                SSL_get_shutdown(c->ssl)|SSL_SENT_SHUTDOWN);
+         }
+ 
+         /****************************** check write shutdown conditions */
diff -Nru stunnel4-5.06/debian/patches/18-lsb-startup.patch stunnel4-5.06/debian/patches/18-lsb-startup.patch
--- stunnel4-5.06/debian/patches/18-lsb-startup.patch	1970-01-01 02:00:00.000000000 +0200
+++ stunnel4-5.06/debian/patches/18-lsb-startup.patch	2015-04-08 13:53:50.000000000 +0300
@@ -0,0 +1,199 @@
+Description: Use the LSB start/stop functions in the init script
+DebianBug: https://bugs.debian.org/782030
+Author: Peter Pentchev <roam@ringlet.net>
+Forwarded: not needed
+Last-Update: 2014-04-08
+
+--- a/tools/stunnel.init.in
++++ b/tools/stunnel.init.in
+@@ -29,7 +29,7 @@
+     grep -i "^$2=" | sed -e "s;^[^=]*=;;"
+ }
+ 
+-get_pids() {
++get_pidfile() {
+   local file=$1
+   if [ -f $file ]; then
+     CHROOT=`get_opt $file chroot`
+@@ -37,13 +37,13 @@
+     if [ "$PIDFILE" = "" ]; then
+       PIDFILE=$DEFAULTPIDFILE
+     fi
+-    if [ -f $CHROOT/$PIDFILE ]; then
+-      cat $CHROOT/$PIDFILE
+-    fi
++    echo "$CHROOT/$PIDFILE"
+   fi
+ }
+ 
+ startdaemons() {
++  local res file args pidfile warn status
++
+   if ! [ -d /var/run/stunnel4 ]; then
+     rm -rf /var/run/stunnel4
+     install -d -o stunnel4 -g stunnel4 /var/run/stunnel4
+@@ -51,52 +51,81 @@
+   if [ -n "$RLIMITS" ]; then
+     ulimit $RLIMITS
+   fi
++  res=0
+   for file in $FILES; do 
+     if [ -f $file ]; then
+-      ARGS="$file $OPTIONS"
+-      PROCLIST=`get_pids $file`
++      echo -n " $file: "
++      args="$file $OPTIONS"
++      pidfile=`get_pidfile $file`
+       if egrep -qe '^pid[[:space:]]*=' "$file"; then
+-	warn=''
++        warn=''
+       else
+-	warn=' (no pid=pidfile specified!)'
++        warn=' (no pid=pidfile specified!)'
+       fi
+-      if [ "$PROCLIST" ] && kill -s 0 $PROCLIST 2>/dev/null; then
+-        echo -n "[Already running$warn: $file] "
+-      elif $DAEMON $ARGS; then
+-	echo -n "[Started$warn: $file] "
++      status=0
++      start_daemon -p "$pidfile" "$DAEMON" $args || status=$?
++      if [ "$status" -eq 0 ]; then
++        echo -n "started$warn"
+       else
+-	echo "[Failed$warn: $file]"
+-	echo "You should check that you have specified the pid= in you configuration file"
+-	exit 1
++        echo "failed$warn"
++        echo "You should check that you have specified the pid= in you configuration file"
++        res=1
+       fi
+     fi
+   done;
++  echo ''
++  return "$res"
+ }
+ 
+ killdaemons()
+ {
+-  SIGNAL=${1:-TERM}
++  local sig file pidfile status
++
++  sig=${1:-TERM}
++  res=0
+   for file in $FILES; do
+-    PROCLIST=`get_pids $file`
+-    if [ "$PROCLIST" ] && kill -s 0 $PROCLIST 2>/dev/null; then
+-       kill -s $SIGNAL $PROCLIST
+-       echo -n "[stopped: $file] "
++    echo -n " $file: "
++    pidfile=`get_pidfile $file`
++    if [ ! -e "$pidfile" ]; then
++      echo -n "no pid file"
++    else
++      status=0
++      killproc -p "$pidfile" "$DAEMON" "$sig" || status=$?
++      if [ "$status" -eq 0 ]; then
++        echo -n 'stopped'
++      else
++        echo -n 'failed'
++        res=1
++      fi
+     fi
+   done
++  echo ''
++  return "$res"
+ }
+ 
+ querydaemons()
+ {
++  local res file pidfile status
++
+   res=0
+-  echo -n "$DESC status:"
+   for file in $FILES; do
+     echo -n " $file: "
+-    PROCLIST=`get_pids $file`
+-    if [ "$PROCLIST" ] && kill -s 0 $PROCLIST 2>/dev/null; then
+-      echo -n 'running'
+-    else
+-      echo -n 'stopped'
++    pidfile=`get_pidfile "$file"`
++    if [ ! -e "$pidfile" ]; then
++      echo -n 'no pid file'
+       res=1
++    else
++      status=0
++      pidofproc -p "$pidfile" "$DAEMON" >/dev/null || status="$?"
++      if [ "$status" = 0 ]; then
++        echo -n 'running'
++      elif [ "$status" = 4 ]; then
++        echo "cannot access the pid file $pidfile"
++        res=1
++      else
++        echo -n 'stopped'
++        res=1
++      fi
+     fi
+   done
+   echo ''
+@@ -133,42 +162,43 @@
+ 
+ set -e
+ 
++res=0
+ case "$1" in
+   start)
+-        echo -n "Starting $DESC: "
++        echo -n "Starting $DESC:"
+         startdaemons
+-        echo "$NAME."
++        res=$?
+         ;;
+   stop)
+-        echo -n "Stopping $DESC: "
++        echo -n "Stopping $DESC:"
+         killdaemons
+-        echo "$NAME."
++        res=$?
+         ;;
+   reopen-logs)
+-        echo -n "Reopening log files $DESC: "
++        echo -n "Reopening log files $DESC:"
+         killdaemons USR1
+-        echo "$NAME."
++        res=$?
+         ;;
+   force-reload|reload)
+-        echo -n "Reloading configuration $DESC: "
++        echo -n "Reloading configuration $DESC:"
+         killdaemons HUP
+-        echo "$NAME."
++        res=$?
+         ;;  
+   restart)
+-        echo -n "Restarting $DESC: "
+-        killdaemons
+-        sleep 5
+-        startdaemons
+-        echo "$NAME."
++        echo -n "Restarting $DESC:"
++        killdaemons && startdaemons
++        res=$?
+         ;;
+   status)
+-	querydaemons
+-	;;
++        echo -n "$DESC status:"
++        querydaemons
++        res=$?
++        ;;
+   *)
+         N=/etc/init.d/$NAME
+         echo "Usage: $N {start|stop|status|reload|reopen-logs|restart} [<stunnel instance>]" >&2
+-        exit 1
++        res=1
+         ;;
+ esac
+ 
+-exit 0
++exit "$res"
diff -Nru stunnel4-5.06/debian/patches/series stunnel4-5.06/debian/patches/series
--- stunnel4-5.06/debian/patches/series	2014-10-16 14:24:04.000000000 +0300
+++ stunnel4-5.06/debian/patches/series	2015-04-08 13:52:22.000000000 +0300
@@ -9,3 +9,5 @@
 14-lsb-init-functions.patch
 15-upstream-systemd-libs.patch
 16-upstream-sslv23-method.patch
+17-upstream-hangup.patch
+18-lsb-startup.patch

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
On Thu, Feb  4, 2016 at 00:24:28 +0100, Ana Guerrero Lopez wrote:

> On Sun, Apr 26, 2015 at 01:45:11AM +0300, Peter Pentchev wrote:
> > Control: retitle -1 pu: package stunnel4/3:5.06-2+deb8u1
> > 
> > On Thu, Apr 23, 2015 at 10:35:28PM +0100, Jonathan Wiltshire wrote:
> > > Control: retitle -1 pu: package stunnel4/3:5.06-3
> > > Control: tag -1 jessie
> > > 
> > > On Wed, Apr 08, 2015 at 02:32:49PM +0300, Peter Pentchev wrote:
> > > > This is a pre-approval request for unblocking a RC bugfix upload of
> > > > stunnel4 that will fix two RC bugs:
> > > > - #771421 - makes stunnel unusable for some users in certain
> > > >   configurations; not for everyone, but still, it happens too often to
> > > >   be ignored
> > > > - #782030 - makes stunnel start and stop properly, checking whether
> > > >   the action has actually succeeded
> > > 
> > > Deferring to a point release; SRM will confirm after release.
> > 
> > OK, here's an updated debdiff that retargets the upload towards
> > stable-proposed-updates; the only change is the header and the footer
> > of the changelog entry itself.
> > 
> 
> Ping!
> Are you still interested in this update? It only needs to be rebased
> on top of 3:5.06-2+deb8u1.
> 
Apparently not.  Closing.

Cheers,
Julien

--- End Message ---
Reply to: