Bug#750222: wheezy-pu: package unbound (NMU)
Control: tags -1 + pending On Tue, 2014-06-03 at 21:31 +0100, Adam D. Barratt wrote: > On Mon, 2014-06-02 at 19:01 +0200, Helmut Grohne wrote: > > I would like to NMU unbound to stable, because it crashes when > > validating DNSSEC on multiple threads simultaneously. The relevant > > Debian bug #691528 is fixed upstream, in unstable and I sent a > > backported patch to that bug (also attached for convenience). Is this > > patch suitable for wheezy? > > +unbound (1.4.17-3+wheezy1) stable-proposed-updates; urgency=low > + > + * Non-maintainer upload. > + * Fix crash when using DNSSEC and num-threads > 1; closes: #691528. > > 1.4.17-3+deb7u1, please. > > With that change, please go ahead. For the record, this was uploaded and I've flagged it for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#750222: wheezy-pu: package unbound (NMU)
Helmut Grohne wrote: > On Mon, Jun 02, 2014 at 04:21:03PM -0400, Robert Edmonds wrote: > > I've built test binaries from tag debian/1.4.17-3+deb7u1 and they are > > available here: > > > > http://people.debian.org/~edmonds/build/unbound/1.4.17-3+deb7u1/ > > > > If this looks good to the release team, I will be happy to upload to > > -pu, no NMU required. > > Can you explain why the actual package uploaded to wheezy-pu reverts > > "* Update IPv4 address hint for D.ROOT-SERVERS.NET"? > > The debdiff showing the reversion can be found at > > https://release.debian.org/proposed-updates/stable_diffs/unbound_1.4.17-3+deb7u1.debdiff > > Helmut This change was not reverted. The debdiff shows that the same hunk is still present. [...line 59...] unbound-1.4.17.orig/iterator/iter_hints.c -+++ unbound-1.4.17/iterator/iter_hints.c -@@ -129,7 +129,7 @@ compile_time_root_prime(int do_ip4, int - if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4"))return 0; - if(!ah(dp, "B.ROOT-SERVERS.NET.", "192.228.79.201")) return 0; - if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) return 0; -- if(!ah(dp, "D.ROOT-SERVERS.NET.", "128.8.10.90")) return 0; -+ if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) return 0; - if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) return 0; - if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) return 0; - if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) return 0; [...line 100...] +--- unbound-1.4.17.orig/iterator/iter_hints.c unbound-1.4.17/iterator/iter_hints.c +@@ -129,7 +129,7 @@ compile_time_root_prime(int do_ip4, int + if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4"))return 0; + if(!ah(dp, "B.ROOT-SERVERS.NET.", "192.228.79.201")) return 0; + if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) return 0; +- if(!ah(dp, "D.ROOT-SERVERS.NET.", "128.8.10.90")) return 0; ++ if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) return 0; + if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) return 0; + if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) return 0; + if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) return 0; [...] This package is maintained in git, in the "3.0 (quilt)" format with the "single-debian-patch" option. I guess the ordering of hunks in the debian-changes patch is not guaranteed in that case. -- Robert Edmonds edmo...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#750222: wheezy-pu: package unbound (NMU)
On Mon, Jun 02, 2014 at 04:21:03PM -0400, Robert Edmonds wrote: > I've built test binaries from tag debian/1.4.17-3+deb7u1 and they are > available here: > > http://people.debian.org/~edmonds/build/unbound/1.4.17-3+deb7u1/ > > If this looks good to the release team, I will be happy to upload to > -pu, no NMU required. Can you explain why the actual package uploaded to wheezy-pu reverts "* Update IPv4 address hint for D.ROOT-SERVERS.NET"? The debdiff showing the reversion can be found at https://release.debian.org/proposed-updates/stable_diffs/unbound_1.4.17-3+deb7u1.debdiff Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#750222: wheezy-pu: package unbound (NMU)
Control: tags -1 + confirmed On Mon, 2014-06-02 at 19:01 +0200, Helmut Grohne wrote: > I would like to NMU unbound to stable, because it crashes when > validating DNSSEC on multiple threads simultaneously. The relevant > Debian bug #691528 is fixed upstream, in unstable and I sent a > backported patch to that bug (also attached for convenience). Is this > patch suitable for wheezy? +unbound (1.4.17-3+wheezy1) stable-proposed-updates; urgency=low + + * Non-maintainer upload. + * Fix crash when using DNSSEC and num-threads > 1; closes: #691528. 1.4.17-3+deb7u1, please. With that change, please go ahead. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#750222: wheezy-pu: package unbound (NMU)
Helmut Grohne wrote: > Package: release.debian.org > Severity: normal > Tags: wheezy > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-CC: Robert S. Edmonds > > Dear release team and unbound maintainer, > > I would like to NMU unbound to stable, because it crashes when > validating DNSSEC on multiple threads simultaneously. The relevant > Debian bug #691528 is fixed upstream, in unstable and I sent a > backported patch to that bug (also attached for convenience). Is this > patch suitable for wheezy? > > Helmut Hi, This patch looks suitable for wheezy to me. I've applied it on the wheezy branch in the unbound packaging repository: http://anonscm.debian.org/gitweb/?p=users/edmonds/unbound.git;a=commitdiff;h=0442ec3f7afd3b93a19cb9ad62ff2899f8e31d82;hp=04fea5381cb9a9c257fc2cbacf091f3788439cda I've built test binaries from tag debian/1.4.17-3+deb7u1 and they are available here: http://people.debian.org/~edmonds/build/unbound/1.4.17-3+deb7u1/ If this looks good to the release team, I will be happy to upload to -pu, no NMU required. -- Robert Edmonds edmo...@debian.org signature.asc Description: Digital signature
Bug#750222: wheezy-pu: package unbound (NMU)
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-CC: Robert S. Edmonds
Dear release team and unbound maintainer,
I would like to NMU unbound to stable, because it crashes when
validating DNSSEC on multiple threads simultaneously. The relevant
Debian bug #691528 is fixed upstream, in unstable and I sent a
backported patch to that bug (also attached for convenience). Is this
patch suitable for wheezy?
Helmut
diff -Nru unbound-1.4.17/debian/changelog unbound-1.4.17/debian/changelog
--- unbound-1.4.17/debian/changelog 2013-02-17 18:35:34.0 +0100
+++ unbound-1.4.17/debian/changelog 2014-03-11 17:36:53.0 +0100
@@ -1,3 +1,10 @@
+unbound (1.4.17-3+wheezy1) stable-proposed-updates; urgency=low
+
+ * Non-maintainer upload.
+ * Fix crash when using DNSSEC and num-threads > 1; closes: #691528.
+
+ -- Helmut Grohne Tue, 11 Mar 2014 17:33:23 +0100
+
unbound (1.4.17-3) testing; urgency=low
* Update IPv4 address hint for D.ROOT-SERVERS.NET.
diff -Nru unbound-1.4.17/debian/patches/series
unbound-1.4.17/debian/patches/series
--- unbound-1.4.17/debian/patches/series2013-02-17 18:54:32.0
+0100
+++ unbound-1.4.17/debian/patches/series2014-03-11 17:27:03.0
+0100
@@ -1 +1,2 @@
debian-changes
+unbound-1.4.18-openssl-threads.patch
diff -Nru unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch
unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch
--- unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch
1970-01-01 01:00:00.0 +0100
+++ unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch
2014-03-11 17:31:22.0 +0100
@@ -0,0 +1,109 @@
+Description: fix crash when using DNSSEC and num-threads > 1
+Bug-Debian: http://bugs.debian.org/691528
+Last-Update: 2014-03-11
+Applied-Upstream: revision 2733
+
+Index: unbound-1.4.17/daemon/daemon.c
+===
+--- unbound-1.4.17.orig/daemon/daemon.c2014-03-11 17:26:28.541719650
+0100
unbound-1.4.17/daemon/daemon.c 2014-03-11 17:26:32.621688573 +0100
+@@ -203,6 +203,10 @@
+ comp_meth = (void*)SSL_COMP_get_compression_methods();
+ #endif
+ (void)SSL_library_init();
++# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
++ if(!ub_openssl_lock_init())
++ fatal_exit("could not init openssl locks");
++# endif
+ #ifdef HAVE_TZSET
+ /* init timezone info while we are not chrooted yet */
+ tzset();
+@@ -555,6 +559,9 @@
+ ERR_remove_state(0);
+ ERR_free_strings();
+ RAND_cleanup();
++# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
++ ub_openssl_lock_delete();
++# endif
+ checklock_stop();
+ #ifdef USE_WINSOCK
+ if(WSACleanup() != 0) {
+Index: unbound-1.4.17/util/net_help.c
+===
+--- unbound-1.4.17.orig/util/net_help.c2014-03-11 17:26:28.541719650
+0100
unbound-1.4.17/util/net_help.c 2014-03-11 17:26:32.621688573 +0100
+@@ -697,3 +697,54 @@
+ }
+ return ssl;
+ }
++
++/** global lock list for openssl locks */
++static lock_basic_t *ub_openssl_locks = NULL;
++
++/** callback that gets thread id for openssl */
++static unsigned long
++ub_crypto_id_cb(void)
++{
++ return (unsigned long)ub_thread_self();
++}
++
++static void
++ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file),
++ int ATTR_UNUSED(line))
++{
++ if((mode&CRYPTO_LOCK)) {
++ lock_basic_lock(&ub_openssl_locks[type]);
++ } else {
++ lock_basic_unlock(&ub_openssl_locks[type]);
++ }
++}
++
++int ub_openssl_lock_init(void)
++{
++#ifdef OPENSSL_THREADS
++ size_t i;
++ ub_openssl_locks = (lock_basic_t*)malloc(
++ sizeof(lock_basic_t)*CRYPTO_num_locks());
++ if(!ub_openssl_locks)
++ return 0;
++ for(i=0; i
