Bug#959157: marked as done (fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard)

Fri, 01 May 2020 10:55:22 -0700 

Your message dated Fri, 01 May 2020 17:52:02 +0000
with message-id <e1juzps-0005vl...@fasolo.debian.org>
and subject line Bug#959157: fixed in wireguard-linux-compat 1.0.20200429-2
has caused the Debian Bug report #959157,
regarding fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
959157: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959157
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: wireguard
Version: 1.0.20200319-1~bpo10+1
Severity: grave

Hello wireguard package maintainer,

DSA 4667-1, a Linux security update released on 2020-04-28, includes a
fix for CVE-2020-1749 that changes ipv6_stub to use ip6_dst_lookup_flow
instead of ip6_dst_lookup.

In wireguard-linux-compat/src/compat/compat.h, the following must be
corrected such that ipv6_dst_lookup_flow is used for Debian linux kernel
4.19.0-9:

 99 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0) && LINUX_VERSION_CODE >= 
KERNEL_VERSION(3, 16, 83)
100 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup_flow(b, c, d)
101 #elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) && LINUX_VERSION_CODE 
>= KERNEL_VERSION(5, 4, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18) 
&& !defined(ISRHEL82))
102 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c) + 
(void *)0 ?: dst
103 #endif

Otherwise, line 102 is used and the code fails to build from source.

Thanks,

Luca

-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable'), (90, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wireguard depends on:
ii  wireguard-dkms   0.0.20200318-1~bpo10+1
ii  wireguard-tools  1.0.20200319-1~bpo10+1

wireguard recommends no packages.

wireguard suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: wireguard-linux-compat
Source-Version: 1.0.20200429-2
Done: Daniel Kahn Gillmor <d...@fifthhorseman.net>

We believe that the bug you reported is fixed in the latest version of
wireguard-linux-compat, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 959...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <d...@fifthhorseman.net> (supplier of updated 
wireguard-linux-compat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 May 2020 13:33:05 -0400
Source: wireguard-linux-compat
Architecture: source
Version: 1.0.20200429-2
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Changed-By: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Closes: 956869 959157
Changes:
 wireguard-linux-compat (1.0.20200429-2) unstable; urgency=medium
 .
   * handle backport of ip6_dst_lookup_flow to linux 4.19.118 (Closes: #959157)
   * add dependency on bc (Closes: #956869)
Checksums-Sha1:
 91f7851fbdf39b5ecd922634057939d959bdbf6e 1547 
wireguard-linux-compat_1.0.20200429-2.dsc
 050f7feb33a9f93834a1207cc6836b2d40f852a9 13196 
wireguard-linux-compat_1.0.20200429-2.debian.tar.xz
 ed36835b87eabbde610b294a1068febb6860c445 6673 
wireguard-linux-compat_1.0.20200429-2_amd64.buildinfo
Checksums-Sha256:
 c9873de0aa5add64a0641cb378b7c04b93eb377b46d807175d72feb4740bfa6c 1547 
wireguard-linux-compat_1.0.20200429-2.dsc
 2205c6a0af370899f8b29982d2ac64b5967122929918e25eaab9bc3af57d1eae 13196 
wireguard-linux-compat_1.0.20200429-2.debian.tar.xz
 d95f3a415d93abd830f54d025b8e20a4d079b3cae16e35c061e442a669d3c820 6673 
wireguard-linux-compat_1.0.20200429-2_amd64.buildinfo
Files:
 317722512471d36490d84cdce73bf375 1547 net optional 
wireguard-linux-compat_1.0.20200429-2.dsc
 0371b43b4cc6e00c6ccb1a4152fd3f36 13196 net optional 
wireguard-linux-compat_1.0.20200429-2.debian.tar.xz
 0eb7b9593e10e03539576adcb5c98019 6673 net optional 
wireguard-linux-compat_1.0.20200429-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCXqxd/gAKCRDEDyVUMvKB
D8PQAPwPidp8FctvChMQ3JKsDL4PDoO/yY0P16FelI/za1PWXAEA8JB4BhOdBsxn
L0KzkoIqKIvR5uhdp3NIEDyrhM1n5gE=
=XCwS
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to