Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1

To: 836910@bugs.debian.org
Subject: Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1
From: Victor Seva <linuxmaniac@torreviejawireless.org>
Date: Wed, 7 Sep 2016 11:48:46 +0200
Message-id: <[🔎] CAAgy_V=L9HhttFwh7rF5WcCYXDjaJNgXj3hXfkX4QidmGj3aQw@mail.gmail.com>
Reply-to: Victor Seva <linuxmaniac@torreviejawireless.org>, 836910@bugs.debian.org
In-reply-to: <[🔎] 45b29e320990b03ad7c1e7df860b4c34@mail.adam-barratt.org.uk>
References: <[🔎] 147323244779.14460.4642532582803148450.reportbug@fiesta> <[🔎] 45b29e320990b03ad7c1e7df860b4c34@mail.adam-barratt.org.uk>

2016-09-07 9:30 GMT+02:00 Adam D. Barratt <adam@adam-barratt.org.uk>:
> Thanks for caring about fixing this in jessie.
>
> In order to okay an upload, however, we'd need to see a source debdiff for
> the proposed package, built and tested on a jessie system.

Sure.

Before:
dpkg -l | grep kamailio
ii  kamailio                       4.2.0-2+deb8u1              amd64
     very fast and configurable SIP proxy
ii  kamailio-tls-modules:amd64     4.2.0-2+deb8u1              amd64
     contains the TLS kamailio transport module

root@debian-jessie-plain:/etc/kamailio# systemctl status kamailio -l
● kamailio.service - LSB: Start the Kamailio SIP proxy server
   Loaded: loaded (/etc/init.d/kamailio)
   Active: active (exited) since Wed 2016-09-07 11:36:47 CEST; 44s ago
  Process: 16399 ExecStop=/etc/init.d/kamailio stop (code=exited,
status=0/SUCCESS)
  Process: 16410 ExecStart=/etc/init.d/kamailio start (code=exited,
status=0/SUCCESS)

Sep 07 11:36:47 debian-jessie-plain kamailio[16410]: udp: localhost:5060
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
rr [rr_mod.c:160]: mod_init(): outbound module not available
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
usrloc [hslot.c:53]: ul_init_locks(): locks array size 1024
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
tls [tls_mod.c:346]: mod_init(): With ECDH-Support!
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
tls [tls_mod.c:349]: mod_init(): With Diffie Hellman
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: : tls
[tls_init.c:515]: init_tls_h(): ERROR: tls: init_tls_h: installed
openssl library version is too different from the library the ser tls
module was compiled with: installed "OpenSSL 1.0.1t  3 May 2016"
(0x1000114f), compiled "OpenSSL 1.0.1k 8 Jan 2015" (0x100010bf).
                                                                Please
make sure a compatible version is used (tls_force_run in ser.cfg will
override this check)
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]:
CRITICAL: <core> [main.c:2521]: main(): could not initialize tls,
exiting...
Sep 07 11:36:47 debian-jessie-plain kamailio[16410]: already running ... failed!
Sep 07 11:36:47 debian-jessie-plain kamailio[16410]: .

$ dpkg -l | grep openssl
ii  libgnutls-openssl27:amd64      3.3.8-6+deb8u3              amd64
     GNU TLS library - OpenSSL wrapper
ii  openssl                        1.0.1k-3+deb8u5             amd64
     Secure Sockets Layer toolkit - cryptographic utility


After:
$ dpkg -l | grep kamailio
ii  kamailio                       4.2.0-2+deb8u2              amd64
     very fast and configurable SIP proxy
ii  kamailio-tls-modules:amd64     4.2.0-2+deb8u2              amd64
     contains the TLS kamailio transport module

$ systemctl status kamailio -l
● kamailio.service - LSB: Start the Kamailio SIP proxy server
   Loaded: loaded (/etc/init.d/kamailio)
   Active: active (running) since Wed 2016-09-07 11:45:11 CEST; 7s ago
   CGroup: /system.slice/kamailio.service

Installing previous openssl version has no effect, so fix works properly

diff -Nru kamailio-4.2.0/debian/changelog kamailio-4.2.0/debian/changelog
--- kamailio-4.2.0/debian/changelog	2016-03-21 00:24:40.000000000 +0100
+++ kamailio-4.2.0/debian/changelog	2016-09-07 10:00:32.000000000 +0200
@@ -1,3 +1,12 @@
+kamailio (4.2.0-2+deb8u2) stable-proposed-updates; urgency=medium
+
+  * use my DD account \o/
+  * add upstream fix for:
+    proper check of libssl versions used for compilation
+    and available on system (Closes: #833973)
+
+ -- Victor Seva <vseva@debian.org>  Wed, 07 Sep 2016 10:00:32 +0200
+
 kamailio (4.2.0-2+deb8u1) jessie-security; urgency=medium
 
   * CVE-2016-2385
diff -Nru kamailio-4.2.0/debian/control kamailio-4.2.0/debian/control
--- kamailio-4.2.0/debian/control	2015-01-28 20:48:03.000000000 +0100
+++ kamailio-4.2.0/debian/control	2016-09-07 10:00:32.000000000 +0200
@@ -2,7 +2,7 @@
 Section: net
 Priority: optional
 Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
-Uploaders: Victor Seva <linuxmaniac@torreviejawireless.org>,
+Uploaders: Victor Seva <vseva@debian.org>,
            Tzafrir Cohen <tzafrir@debian.org>
 Build-Depends: bison,
                debhelper (>= 9),
diff -Nru kamailio-4.2.0/debian/patches/fix_tls.patch kamailio-4.2.0/debian/patches/fix_tls.patch
--- kamailio-4.2.0/debian/patches/fix_tls.patch	1970-01-01 01:00:00.000000000 +0100
+++ kamailio-4.2.0/debian/patches/fix_tls.patch	2016-09-07 10:00:32.000000000 +0200
@@ -0,0 +1,34 @@
+From 0a5f99b28d01d79cf2675df6d2a6220167e2476e Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <miconda@gmail.com>
+Date: Tue, 7 Jun 2016 15:21:06 +0200
+Subject: [PATCH] tls: proper check of libssl versions used for compilation and
+ available on system
+
+- shift out the last 12bits, being the patch version and status (see man
+  SSLeay)
+- reported by Victor Seva, GH #662
+
+(cherry picked from commit c38b4c7345a6806f48a0cdb07841e10bc962e1bf)
+(cherry picked from commit 253909bf673c0a59e7adf578bb5df73eb157d0f2)
+(cherry picked from commit 5632abc108bf8ed8157a77806ea80b962db3fa4f)
+---
+ modules/tls/tls_init.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
+index a381be1..7bfc10f 100644
+--- a/modules/tls/tls_init.c
++++ b/modules/tls/tls_init.c
+@@ -543,8 +543,10 @@ int init_tls_h(void)
+ #endif
+ 	ssl_version=SSLeay();
+ 	/* check if version have the same major minor and fix level
+-	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not) */
+-	if ((ssl_version>>8)!=(OPENSSL_VERSION_NUMBER>>8)){
++	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
++	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
++	 *   0x00090705f == 0.9.7e release */
++	if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){
+ 		LOG(L_CRIT, "ERROR: tls: init_tls_h: installed openssl library "
+ 				"version is too different from the library the ser tls module "
+ 				"was compiled with: installed \"%s\" (0x%08lx), compiled "
diff -Nru kamailio-4.2.0/debian/patches/series kamailio-4.2.0/debian/patches/series
--- kamailio-4.2.0/debian/patches/series	2016-03-21 00:23:37.000000000 +0100
+++ kamailio-4.2.0/debian/patches/series	2016-09-07 10:00:32.000000000 +0200
@@ -6,3 +6,4 @@
 default_ctl.patch
 fix-mips.patch
 CVE-2016-2385.patch
+fix_tls.patch

Attachment: kamailio_4.2.0-2+deb8u2_amd64.build.bz2
Description: BZip2 compressed data

Reply to:

Follow-Ups:
- Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1
  - From: Julien Cristau <jcristau@debian.org>

References:
- Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1
  - From: Victor Seva <linuxmaniac@torreviejawireless.org>
- Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#836917: transition: openmpi
Next by Date: Bug#836866: jessie-pu: package tor/0.2.5.12-2
Previous by thread: Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1
Next by thread: Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1
Index(es):
- Date
- Thread