Bug#750222: wheezy-pu: package unbound (NMU)
Control: tags -1 + pending On Tue, 2014-06-03 at 21:31 +0100, Adam D. Barratt wrote: > On Mon, 2014-06-02 at 19:01 +0200, Helmut Grohne wrote: > > I would like to NMU unbound to stable, because it crashes when > > validating DNSSEC on multiple threads simultaneously. The relevant > > Debian bug #691528 is fixed upstream, in unstable and I sent a > > backported patch to that bug (also attached for convenience). Is this > > patch suitable for wheezy? > > +unbound (1.4.17-3+wheezy1) stable-proposed-updates; urgency=low > + > + * Non-maintainer upload. > + * Fix crash when using DNSSEC and num-threads > 1; closes: #691528. > > 1.4.17-3+deb7u1, please. > > With that change, please go ahead. For the record, this was uploaded and I've flagged it for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#750222: wheezy-pu: package unbound (NMU)
Helmut Grohne wrote: > On Mon, Jun 02, 2014 at 04:21:03PM -0400, Robert Edmonds wrote: > > I've built test binaries from tag debian/1.4.17-3+deb7u1 and they are > > available here: > > > > http://people.debian.org/~edmonds/build/unbound/1.4.17-3+deb7u1/ > > > > If this looks good to the release team, I will be happy to upload to > > -pu, no NMU required. > > Can you explain why the actual package uploaded to wheezy-pu reverts > > "* Update IPv4 address hint for D.ROOT-SERVERS.NET"? > > The debdiff showing the reversion can be found at > > https://release.debian.org/proposed-updates/stable_diffs/unbound_1.4.17-3+deb7u1.debdiff > > Helmut This change was not reverted. The debdiff shows that the same hunk is still present. [...line 59...] unbound-1.4.17.orig/iterator/iter_hints.c -+++ unbound-1.4.17/iterator/iter_hints.c -@@ -129,7 +129,7 @@ compile_time_root_prime(int do_ip4, int - if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4"))return 0; - if(!ah(dp, "B.ROOT-SERVERS.NET.", "192.228.79.201")) return 0; - if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) return 0; -- if(!ah(dp, "D.ROOT-SERVERS.NET.", "128.8.10.90")) return 0; -+ if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) return 0; - if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) return 0; - if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) return 0; - if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) return 0; [...line 100...] +--- unbound-1.4.17.orig/iterator/iter_hints.c unbound-1.4.17/iterator/iter_hints.c +@@ -129,7 +129,7 @@ compile_time_root_prime(int do_ip4, int + if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4"))return 0; + if(!ah(dp, "B.ROOT-SERVERS.NET.", "192.228.79.201")) return 0; + if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) return 0; +- if(!ah(dp, "D.ROOT-SERVERS.NET.", "128.8.10.90")) return 0; ++ if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) return 0; + if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) return 0; + if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) return 0; + if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) return 0; [...] This package is maintained in git, in the "3.0 (quilt)" format with the "single-debian-patch" option. I guess the ordering of hunks in the debian-changes patch is not guaranteed in that case. -- Robert Edmonds edmo...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#750222: wheezy-pu: package unbound (NMU)
On Mon, Jun 02, 2014 at 04:21:03PM -0400, Robert Edmonds wrote: > I've built test binaries from tag debian/1.4.17-3+deb7u1 and they are > available here: > > http://people.debian.org/~edmonds/build/unbound/1.4.17-3+deb7u1/ > > If this looks good to the release team, I will be happy to upload to > -pu, no NMU required. Can you explain why the actual package uploaded to wheezy-pu reverts "* Update IPv4 address hint for D.ROOT-SERVERS.NET"? The debdiff showing the reversion can be found at https://release.debian.org/proposed-updates/stable_diffs/unbound_1.4.17-3+deb7u1.debdiff Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#750222: wheezy-pu: package unbound (NMU)
Control: tags -1 + confirmed On Mon, 2014-06-02 at 19:01 +0200, Helmut Grohne wrote: > I would like to NMU unbound to stable, because it crashes when > validating DNSSEC on multiple threads simultaneously. The relevant > Debian bug #691528 is fixed upstream, in unstable and I sent a > backported patch to that bug (also attached for convenience). Is this > patch suitable for wheezy? +unbound (1.4.17-3+wheezy1) stable-proposed-updates; urgency=low + + * Non-maintainer upload. + * Fix crash when using DNSSEC and num-threads > 1; closes: #691528. 1.4.17-3+deb7u1, please. With that change, please go ahead. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#750222: wheezy-pu: package unbound (NMU)
Helmut Grohne wrote: > Package: release.debian.org > Severity: normal > Tags: wheezy > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-CC: Robert S. Edmonds > > Dear release team and unbound maintainer, > > I would like to NMU unbound to stable, because it crashes when > validating DNSSEC on multiple threads simultaneously. The relevant > Debian bug #691528 is fixed upstream, in unstable and I sent a > backported patch to that bug (also attached for convenience). Is this > patch suitable for wheezy? > > Helmut Hi, This patch looks suitable for wheezy to me. I've applied it on the wheezy branch in the unbound packaging repository: http://anonscm.debian.org/gitweb/?p=users/edmonds/unbound.git;a=commitdiff;h=0442ec3f7afd3b93a19cb9ad62ff2899f8e31d82;hp=04fea5381cb9a9c257fc2cbacf091f3788439cda I've built test binaries from tag debian/1.4.17-3+deb7u1 and they are available here: http://people.debian.org/~edmonds/build/unbound/1.4.17-3+deb7u1/ If this looks good to the release team, I will be happy to upload to -pu, no NMU required. -- Robert Edmonds edmo...@debian.org signature.asc Description: Digital signature
Bug#750222: wheezy-pu: package unbound (NMU)
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu X-Debbugs-CC: Robert S. Edmonds Dear release team and unbound maintainer, I would like to NMU unbound to stable, because it crashes when validating DNSSEC on multiple threads simultaneously. The relevant Debian bug #691528 is fixed upstream, in unstable and I sent a backported patch to that bug (also attached for convenience). Is this patch suitable for wheezy? Helmut diff -Nru unbound-1.4.17/debian/changelog unbound-1.4.17/debian/changelog --- unbound-1.4.17/debian/changelog 2013-02-17 18:35:34.0 +0100 +++ unbound-1.4.17/debian/changelog 2014-03-11 17:36:53.0 +0100 @@ -1,3 +1,10 @@ +unbound (1.4.17-3+wheezy1) stable-proposed-updates; urgency=low + + * Non-maintainer upload. + * Fix crash when using DNSSEC and num-threads > 1; closes: #691528. + + -- Helmut Grohne Tue, 11 Mar 2014 17:33:23 +0100 + unbound (1.4.17-3) testing; urgency=low * Update IPv4 address hint for D.ROOT-SERVERS.NET. diff -Nru unbound-1.4.17/debian/patches/series unbound-1.4.17/debian/patches/series --- unbound-1.4.17/debian/patches/series2013-02-17 18:54:32.0 +0100 +++ unbound-1.4.17/debian/patches/series2014-03-11 17:27:03.0 +0100 @@ -1 +1,2 @@ debian-changes +unbound-1.4.18-openssl-threads.patch diff -Nru unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch --- unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch 1970-01-01 01:00:00.0 +0100 +++ unbound-1.4.17/debian/patches/unbound-1.4.18-openssl-threads.patch 2014-03-11 17:31:22.0 +0100 @@ -0,0 +1,109 @@ +Description: fix crash when using DNSSEC and num-threads > 1 +Bug-Debian: http://bugs.debian.org/691528 +Last-Update: 2014-03-11 +Applied-Upstream: revision 2733 + +Index: unbound-1.4.17/daemon/daemon.c +=== +--- unbound-1.4.17.orig/daemon/daemon.c2014-03-11 17:26:28.541719650 +0100 unbound-1.4.17/daemon/daemon.c 2014-03-11 17:26:32.621688573 +0100 +@@ -203,6 +203,10 @@ + comp_meth = (void*)SSL_COMP_get_compression_methods(); + #endif + (void)SSL_library_init(); ++# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) ++ if(!ub_openssl_lock_init()) ++ fatal_exit("could not init openssl locks"); ++# endif + #ifdef HAVE_TZSET + /* init timezone info while we are not chrooted yet */ + tzset(); +@@ -555,6 +559,9 @@ + ERR_remove_state(0); + ERR_free_strings(); + RAND_cleanup(); ++# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) ++ ub_openssl_lock_delete(); ++# endif + checklock_stop(); + #ifdef USE_WINSOCK + if(WSACleanup() != 0) { +Index: unbound-1.4.17/util/net_help.c +=== +--- unbound-1.4.17.orig/util/net_help.c2014-03-11 17:26:28.541719650 +0100 unbound-1.4.17/util/net_help.c 2014-03-11 17:26:32.621688573 +0100 +@@ -697,3 +697,54 @@ + } + return ssl; + } ++ ++/** global lock list for openssl locks */ ++static lock_basic_t *ub_openssl_locks = NULL; ++ ++/** callback that gets thread id for openssl */ ++static unsigned long ++ub_crypto_id_cb(void) ++{ ++ return (unsigned long)ub_thread_self(); ++} ++ ++static void ++ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file), ++ int ATTR_UNUSED(line)) ++{ ++ if((mode&CRYPTO_LOCK)) { ++ lock_basic_lock(&ub_openssl_locks[type]); ++ } else { ++ lock_basic_unlock(&ub_openssl_locks[type]); ++ } ++} ++ ++int ub_openssl_lock_init(void) ++{ ++#ifdef OPENSSL_THREADS ++ size_t i; ++ ub_openssl_locks = (lock_basic_t*)malloc( ++ sizeof(lock_basic_t)*CRYPTO_num_locks()); ++ if(!ub_openssl_locks) ++ return 0; ++ for(i=0; i