Package: release.debian.org Severity: normal Tags: wheezy User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-CC: Robert S. Edmonds <edmo...@debian.org>
Dear release team and unbound maintainer, I would like to NMU unbound to stable, because it crashes when validating DNSSEC on multiple threads simultaneously. The relevant Debian bug #691528 is fixed upstream, in unstable and I sent a backported patch to that bug (also attached for convenience). Is this patch suitable for wheezy? Helmut
diff -Nru unbound-1.4.17/debian/changelog unbound-1.4.17/debian/changelog --- unbound-1.4.17/debian/changelog 2013-02-17 18:35:34.000000000 +0100 +++ unbound-1.4.17/debian/changelog 2014-03-11 17:36:53.000000000 +0100 @@ -1,3 +1,10 @@ +unbound (1.4.17-3+wheezy1) stable-proposed-updates; urgency=low + + * Non-maintainer upload. + * Fix crash when using DNSSEC and num-threads > 1; closes: #691528. + + -- Helmut Grohne <hel...@subdivi.de> Tue, 11 Mar 2014 17:33:23 +0100 + unbound (1.4.17-3) testing; urgency=low * Update IPv4 address hint for D.ROOT-SERVERS.NET. diff -Nru unbound-1.4.17/debian/patches/series unbound-1.4.17/debian/patches/series --- unbound-1.4.17/debian/patches/series 2013-02-17 18:54:32.000000000 +0100 +++ unbound-1.4.17/debian/patches/series 2014-03-11 17:27:03.000000000 +0100 @@ -1 +1,2 @@ debian-changes +unbound-1.4.18-openssl-threads.patch diff -Nru unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch --- unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch 1970-01-01 01:00:00.000000000 +0100 +++ unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch 2014-03-11 17:31:22.000000000 +0100 @@ -0,0 +1,109 @@ +Description: fix crash when using DNSSEC and num-threads > 1 +Bug-Debian: http://bugs.debian.org/691528 +Last-Update: 2014-03-11 +Applied-Upstream: revision 2733 + +Index: unbound-1.4.17/daemon/daemon.c +=================================================================== +--- unbound-1.4.17.orig/daemon/daemon.c 2014-03-11 17:26:28.541719650 +0100 ++++ unbound-1.4.17/daemon/daemon.c 2014-03-11 17:26:32.621688573 +0100 +@@ -203,6 +203,10 @@ + comp_meth = (void*)SSL_COMP_get_compression_methods(); + #endif + (void)SSL_library_init(); ++# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) ++ if(!ub_openssl_lock_init()) ++ fatal_exit("could not init openssl locks"); ++# endif + #ifdef HAVE_TZSET + /* init timezone info while we are not chrooted yet */ + tzset(); +@@ -555,6 +559,9 @@ + ERR_remove_state(0); + ERR_free_strings(); + RAND_cleanup(); ++# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) ++ ub_openssl_lock_delete(); ++# endif + checklock_stop(); + #ifdef USE_WINSOCK + if(WSACleanup() != 0) { +Index: unbound-1.4.17/util/net_help.c +=================================================================== +--- unbound-1.4.17.orig/util/net_help.c 2014-03-11 17:26:28.541719650 +0100 ++++ unbound-1.4.17/util/net_help.c 2014-03-11 17:26:32.621688573 +0100 +@@ -697,3 +697,54 @@ + } + return ssl; + } ++ ++/** global lock list for openssl locks */ ++static lock_basic_t *ub_openssl_locks = NULL; ++ ++/** callback that gets thread id for openssl */ ++static unsigned long ++ub_crypto_id_cb(void) ++{ ++ return (unsigned long)ub_thread_self(); ++} ++ ++static void ++ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file), ++ int ATTR_UNUSED(line)) ++{ ++ if((mode&CRYPTO_LOCK)) { ++ lock_basic_lock(&ub_openssl_locks[type]); ++ } else { ++ lock_basic_unlock(&ub_openssl_locks[type]); ++ } ++} ++ ++int ub_openssl_lock_init(void) ++{ ++#ifdef OPENSSL_THREADS ++ size_t i; ++ ub_openssl_locks = (lock_basic_t*)malloc( ++ sizeof(lock_basic_t)*CRYPTO_num_locks()); ++ if(!ub_openssl_locks) ++ return 0; ++ for(i=0; i<CRYPTO_num_locks(); i++) { ++ lock_basic_init(&ub_openssl_locks[i]); ++ } ++ CRYPTO_set_id_callback(&ub_crypto_id_cb); ++ CRYPTO_set_locking_callback(&ub_crypto_lock_cb); ++#endif /* OPENSSL_THREADS */ ++ return 1; ++} ++ ++void ub_openssl_lock_delete(void) ++{ ++#ifdef OPENSSL_THREADS ++ size_t i; ++ if(!ub_openssl_locks) ++ return; ++ for(i=0; i<CRYPTO_num_locks(); i++) { ++ lock_basic_destroy(&ub_openssl_locks[i]); ++ } ++#endif /* OPENSSL_THREADS */ ++} ++ +Index: unbound-1.4.17/util/net_help.h +=================================================================== +--- unbound-1.4.17.orig/util/net_help.h 2014-03-11 17:26:28.541719650 +0100 ++++ unbound-1.4.17/util/net_help.h 2014-03-11 17:26:32.621688573 +0100 +@@ -369,4 +369,15 @@ + */ + void* outgoing_ssl_fd(void* sslctx, int fd); + ++/** ++ * Initialize openssl locking for thread safety ++ * @return false on failure (alloc failure). ++ */ ++int ub_openssl_lock_init(void); ++ ++/** ++ * De-init the allocated openssl locks ++ */ ++void ub_openssl_lock_delete(void); ++ + #endif /* NET_HELP_H */ diff -Nru unbound-1.4.17/debian/source/options unbound-1.4.17/debian/source/options --- unbound-1.4.17/debian/source/options 2013-02-17 18:35:34.000000000 +0100 +++ unbound-1.4.17/debian/source/options 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -single-debian-patch
