[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#917880: marked as done (stretch-pu: package kamailio/4.4.4-2+deb9u3)

Your message dated Sun, 12 Jul 2020 20:58:42 +0100
with message-id <45d44bb44dc8290eaa6af9619b88905ebcfd20db.camel@adam-barratt.org.uk>
and subject line Re: Bug#917880: stretch-pu: package kamailio/4.4.4-2+deb9u3
has caused the Debian Bug report #917880,
regarding stretch-pu: package kamailio/4.4.4-2+deb9u3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
917880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917880
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

version in stable can't be used with TLS enabled due to #902452 with
severity grave. If user enables TLS kamailio fails to start.

Upstream fix was included on 4.4.6 version[0]. Proposed update only include that fix.

[0] https://github.com/kamailio/kamailio/commit/406c02f7b76ada56d6e1f73e763fecb05c1f51c5

- -- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEjxnK3NQqQtRVY3MMUaCbGM9aUGgFAlwp7dUACgkQUaCbGM9a
UGj1SBAAmh+N9LaAj/MNe/X1R1bjFLnYQC8JNxn+zJ9q69MUpOUXqPuSVfqn7G7V
wsRhNW1498bVLu5rATfm4zxxzcaWF+TjsVzfjGye3NDBWQ1N3ukb/t8t0BtecYgw
m/rEMF+ekE8w1x0w/NlAqlsbIYr7elQomx31HaS6vCac0a2sxqJ5T5U6G2s1j5fR
zmeKOkjwlvrWdg7/Ad/MwJj7SkpZiqGzEEK7bwe/wBvxg5FE7mGbfYXe4QH9TA6c
ssVLWjQ26juJ5U7cCJhrA/bh/n0uiMns+w6So7NWJ/VttgfKBAa48CnNHe+pYTn3
WbwMfa0oq9GnAXlph+/8xqzkJBDscxT5EeCflzpjP/5ilsFKiLfTWKdivTNSxW4a
+qU28etGpAfF4amz34xe9KAhLhGcnwHEPSgNCgjzjWtgmk9Mf59Whzm15Rs7n/1y
x/oDJbv7KOqoMpfz4/dvCPDJE2NrQruC9Y+SIRRO6Xzm1cWyPgxmrTknu+OPC44l
4EwF8Zupl84LC/lVuQ3SvT11Q65xo7cZe8APYfdqeJjqji8W9ErsJOKX6RMRtHgh
pQr0aSktlyrRdxAjwUZMeQ+WasNGnB47DB+gKEWvc2eSfKPLMrttPuFIf+9Z/9vK
vDUzx3ZdZItC5xqGEisS5aai7PEPz+k8749ZN3GetPDn/53fNf8=
=u1vf
-----END PGP SIGNATURE-----

diff -Nru kamailio-4.4.4/debian/changelog kamailio-4.4.4/debian/changelog
--- kamailio-4.4.4/debian/changelog	2018-09-07 23:15:42.000000000 +0200
+++ kamailio-4.4.4/debian/changelog	2018-12-31 10:28:23.000000000 +0100
@@ -1,3 +1,10 @@
+kamailio (4.4.4-2+deb9u4) stretch; urgency=medium
+
+  * fix kerberos and zlib check (Closes: #902452)
+    so TLS can be used again via kamailio-tls-modules
+
+ -- Victor Seva <vseva@debian.org>  Mon, 31 Dec 2018 10:28:23 +0100
+
 kamailio (4.4.4-2+deb9u3) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru kamailio-4.4.4/debian/patches/series kamailio-4.4.4/debian/patches/series
--- kamailio-4.4.4/debian/patches/series	2018-09-07 23:15:42.000000000 +0200
+++ kamailio-4.4.4/debian/patches/series	2018-12-31 10:28:23.000000000 +0100
@@ -3,6 +3,7 @@
 upstream/0001-tmx-allocate-space-to-store-ending-0-for-branch-valu.patch
 upstream/0002-core-improve-to-header-check-guards-str-consists-of-.patch
 upstream/0001-core-improve-header-safe-guards-for-Via-handling.patch
+upstream/0001-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch
 #
 no_lib64_on_64_bits.patch
 no_INSTALL_file.patch
diff -Nru kamailio-4.4.4/debian/patches/upstream/0001-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch kamailio-4.4.4/debian/patches/upstream/0001-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch
--- kamailio-4.4.4/debian/patches/upstream/0001-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch	1970-01-01 01:00:00.000000000 +0100
+++ kamailio-4.4.4/debian/patches/upstream/0001-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch	2018-12-31 10:28:23.000000000 +0100
@@ -0,0 +1,57 @@
+From 406c02f7b76ada56d6e1f73e763fecb05c1f51c5 Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <miconda@gmail.com>
+Date: Fri, 31 Mar 2017 12:56:52 +0200
+Subject: [PATCH] tls: do kerberos and zlib init checks only for libssl < 1.1.0
+
+- using string matching inside libssl compile flags is no longer
+  reliable
+- reported by GH #1050
+
+(cherry picked from commit e59fa823b7b9513d3d1adb958d5e8ec055082d83)
+(cherry picked from commit b12ac4ea9efae41b83a2664ea4f25b1d59bc2032)
+---
+ modules/tls/tls_init.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
+index af2d4c54e..133bc7fc8 100644
+--- a/modules/tls/tls_init.c
++++ b/modules/tls/tls_init.c
+@@ -563,11 +563,13 @@ int init_tls_h(void)
+ {
+ 	/*struct socket_info* si;*/
+ 	long ssl_version;
++#if OPENSSL_VERSION_NUMBER < 0x010100000L
+ 	int lib_kerberos;
+ 	int lib_zlib;
+ 	int kerberos_support;
+ 	int comp_support;
+ 	const char* lib_cflags;
++#endif
+ 	int low_mem_threshold1;
+ 	int low_mem_threshold2;
+ 	str tls_grp;
+@@ -603,6 +605,10 @@ int init_tls_h(void)
+ 		else
+ 			return -1; /* safer to exit */
+ 	}
++
++/* check kerberos support using compile flags only for version < 1.1.0 */
++#if OPENSSL_VERSION_NUMBER < 0x010100000L
++
+ #ifdef TLS_KERBEROS_SUPPORT
+ 	kerberos_support=1;
+ #else
+@@ -672,6 +678,9 @@ int init_tls_h(void)
+ 			" kerberos support will be disabled...\n");
+ 	}
+ 	#endif
++
++#endif /* libssl version < 1.1.0 (OPENSSL_VERSION_NUMBER < 0x010100000L) */
++
+ 	/* set free memory threshold for openssl bug #1491 workaround */
+ 	low_mem_threshold1 = cfg_get(tls, tls_cfg, low_mem_threshold1);
+ 	low_mem_threshold2 = cfg_get(tls, tls_cfg, low_mem_threshold2);
+-- 
+2.19.2
+

--- End Message ---
--- Begin Message --- 
On Mon, 2020-06-15 at 20:29 +0100, Adam D. Barratt wrote:
> On Tue, 2019-08-20 at 23:09 +0100, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Mon, 2018-12-31 at 11:22 +0100, Victor Seva wrote:
> > > version in stable can't be used with TLS enabled due to #902452
> > > with
> > > severity grave. If user enables TLS kamailio fails to start.
> > > 
> > 
> > Apologies for the delay in getting back to you.
> > 
> > Is the result of the patch that kamaillo assumes that Kerberos is
> > always OK with newer OpenSSL versions, or the reverse?
> > 
> 
> Ping? We're starting to plan for the final point release for stretch.
> 

The window for getting fixes into that point release just closed, so
I'm afraid that I'm going to close this request now.

Regards,

Adam

--- End Message ---
Reply to: