Bug#849504: Data corruption with copy-on-write and multiple threads
Hi Niels,
On Sat, Feb 25, 2017 at 08:40:00AM +, Niels Thykier wrote:
> Ok, please go ahead with the upload.
Done today. Sorry about the delay, I was out of the country.
> The only question I have is about this bit here:
>
> > + if (s->hostname && *s->hostname)
> > +{
> > + if (!gnutls_x509_crt_check_hostname (cert, s->hostname))
> > + {
> > + debugout (s,
> > + "The certificate's owner does not match hostname '%s'\n",
> > + s->hostname);
> > + return GNUTLS_E_CERTIFICATE_ERROR;
> > + }
> > +}
>
> When is the "s->hostname" is blank / NULL ?
s->hostname may be set on the command line to override the autodetected
hostname. If that's the case, this is only a sanity check to ensure that
the client certificate matches the client's hostname as specified. The
server has other checks for ensuring these names are valid.
It should not have any security impact on the client.
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
Bug#849504: Data corruption with copy-on-write and multiple threads
Wouter Verhelst:
> On Tue, Feb 14, 2017 at 04:41:00PM +, Niels Thykier wrote:
>> Wouter Verhelst:
>>> Hi Niels,
>>>
>>> On Sun, Feb 12, 2017 at 08:52:00AM +, Niels Thykier wrote:
Any news on this bug?
>>>
>>> I'm going to release (upstream) nbd 3.15.2 later this week (probably on
>>> thursday), which contains the fix:
>>>
>>> https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.15.1...master
>>>
>>> This patch series includes:
>>>
>>> - The fix for this bug, commit a43a2d8;
>>> - Several minor documentation fixes (e.g., fixed the sorting of a listing
>>> in a
>>> man page);
>>> - A better fix for the issue of nbd-client-udeb being compiled against
>>> GnuTLS
>>> that does not break the build on kFreeBSD etc;
>>> - The ability to change the GnuTLS priority string, to follow TLS best
>>> practices and allow people to lock down the TLS configuration
>>>
>>> I would like to update nbd to that version; but if the release team
>>> prefers, I can cherry-pick a43a2d8 onto 3.15.1 and upload that instead.
>>>
>>
>> Thanks for getting back to me on this.
>>
>> On the note of the actual changes, could you please provide a (source)
>> debdiff, so I know what we are looking at?
>
> Attached.
>
> Unfortunately, there's a bit of churn because I forgot to rename
> nbd-3.15.1.tar.gz to nbd_3.15.1.orig.tar.gz, thereby causing it to be
> uploaded as a native package, with a bit of stuff that shouldn't have
> been in there. At least it didn't contain random junk like in the past,
> but a .gitignore, some autotools metadata files, as well as a few files
> that are meant to be shipped as symlinks rather than copies of files
> from elsewhere in the tree (e.g., tests/run/buffer.c) do show up in the
> debdiff.
>
> If you ignore those, what remains is the changelog entry plus the
> changes that I pointed to earlier.
>
> Thanks for looking at this,
>
Ok, please go ahead with the upload.
The only question I have is about this bit here:
> + if (s->hostname && *s->hostname)
> +{
> + if (!gnutls_x509_crt_check_hostname (cert, s->hostname))
> + {
> + debugout (s,
> + "The certificate's owner does not match hostname '%s'\n",
> + s->hostname);
> + return GNUTLS_E_CERTIFICATE_ERROR;
> + }
> +}
When is the "s->hostname" is blank / NULL ?
Thanks,
~Niels
Bug#849504: Data corruption with copy-on-write and multiple threads
On Tue, Feb 14, 2017 at 04:41:00PM +, Niels Thykier wrote: > Wouter Verhelst: > > Hi Niels, > > > > On Sun, Feb 12, 2017 at 08:52:00AM +, Niels Thykier wrote: > >> Any news on this bug? > > > > I'm going to release (upstream) nbd 3.15.2 later this week (probably on > > thursday), which contains the fix: > > > > https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.15.1...master > > > > This patch series includes: > > > > - The fix for this bug, commit a43a2d8; > > - Several minor documentation fixes (e.g., fixed the sorting of a listing > > in a > > man page); > > - A better fix for the issue of nbd-client-udeb being compiled against > > GnuTLS > > that does not break the build on kFreeBSD etc; > > - The ability to change the GnuTLS priority string, to follow TLS best > > practices and allow people to lock down the TLS configuration > > > > I would like to update nbd to that version; but if the release team > > prefers, I can cherry-pick a43a2d8 onto 3.15.1 and upload that instead. > > > > Thanks for getting back to me on this. > > On the note of the actual changes, could you please provide a (source) > debdiff, so I know what we are looking at? Attached. Unfortunately, there's a bit of churn because I forgot to rename nbd-3.15.1.tar.gz to nbd_3.15.1.orig.tar.gz, thereby causing it to be uploaded as a native package, with a bit of stuff that shouldn't have been in there. At least it didn't contain random junk like in the past, but a .gitignore, some autotools metadata files, as well as a few files that are meant to be shipped as symlinks rather than copies of files from elsewhere in the tree (e.g., tests/run/buffer.c) do show up in the debdiff. If you ignore those, what remains is the changelog entry plus the changes that I pointed to earlier. Thanks for looking at this, -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12 diff -Nru nbd-3.15.1/debian/changelog nbd-3.15.2/debian/changelog --- nbd-3.15.1/debian/changelog 2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/debian/changelog 2017-02-22 09:10:22.0 +0100 @@ -1,3 +1,12 @@ +nbd (1:3.15.2-1) unstable; urgency=medium + + * New upstream release +- Fixes data corruption with multiple threads and copyonwrite enabled; + Closes: #852288, #849504. Why did I create multiple bugs for this? + Ah well, no matter. + + -- Wouter Verhelst Wed, 22 Feb 2017 00:09:31 +0100 + nbd (1:3.15.1-2) unstable; urgency=medium * Build nbd-client a second time with GnuTLS disabled, and install diff -Nru nbd-3.15.1/.deps/libcliserv_la-cliserv.Plo nbd-3.15.2/.deps/libcliserv_la-cliserv.Plo --- nbd-3.15.1/.deps/libcliserv_la-cliserv.Plo 2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/.deps/libcliserv_la-cliserv.Plo 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -# dummy diff -Nru nbd-3.15.1/.deps/libnbdsrv_la-nbdsrv.Plo nbd-3.15.2/.deps/libnbdsrv_la-nbdsrv.Plo --- nbd-3.15.1/.deps/libnbdsrv_la-nbdsrv.Plo2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/.deps/libnbdsrv_la-nbdsrv.Plo1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -# dummy diff -Nru nbd-3.15.1/.deps/libnbdsrv_la-treefiles.Plo nbd-3.15.2/.deps/libnbdsrv_la-treefiles.Plo --- nbd-3.15.1/.deps/libnbdsrv_la-treefiles.Plo 2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/.deps/libnbdsrv_la-treefiles.Plo 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -# dummy diff -Nru nbd-3.15.1/.deps/make-integrityhuge.Po nbd-3.15.2/.deps/make-integrityhuge.Po --- nbd-3.15.1/.deps/make-integrityhuge.Po 2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/.deps/make-integrityhuge.Po 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -# dummy diff -Nru nbd-3.15.1/.deps/nbd_client-buffer.Po nbd-3.15.2/.deps/nbd_client-buffer.Po --- nbd-3.15.1/.deps/nbd_client-buffer.Po 2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/.deps/nbd_client-buffer.Po 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -# dummy diff -Nru nbd-3.15.1/.deps/nbd_client-crypto-gnutls.Po nbd-3.15.2/.deps/nbd_client-crypto-gnutls.Po --- nbd-3.15.1/.deps/nbd_client-crypto-gnutls.Po2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/.deps/nbd_client-crypto-gnutls.Po1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -# dummy diff -Nru nbd-3.15.1/.deps/nbd_client-nbd-client.Po nbd-3.15.2/.deps/nbd_client-nbd-client.Po --- nbd-3.15.1/.deps/nbd_client-nbd-client.Po 2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/.deps/nbd_client-nbd-client.Po 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -# dummy diff -Nru nbd-3.15.1/.deps/nbd_server-nbd-server.Po nbd-3.15.2/.deps/nbd_server-nbd-server.Po --- nbd-3.15.1/.deps/nbd_server-nbd-server.Po 2016-12-20 20:36:11.0 +0100 +++ nbd-3.15.2/.deps/nbd_server-nbd-server.Po 197
Bug#849504: Data corruption with copy-on-write and multiple threads
On Tue, Feb 14, 2017 at 04:41:00PM +, Niels Thykier wrote: > Wouter Verhelst: > > Hi Niels, > > > > On Sun, Feb 12, 2017 at 08:52:00AM +, Niels Thykier wrote: > >> Any news on this bug? > > > > I'm going to release (upstream) nbd 3.15.2 later this week (probably on > > thursday), which contains the fix: > > > > https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.15.1...master > > > > This patch series includes: > > > > - The fix for this bug, commit a43a2d8; > > - Several minor documentation fixes (e.g., fixed the sorting of a listing > > in a > > man page); > > - A better fix for the issue of nbd-client-udeb being compiled against > > GnuTLS > > that does not break the build on kFreeBSD etc; > > - The ability to change the GnuTLS priority string, to follow TLS best > > practices and allow people to lock down the TLS configuration > > > > I would like to update nbd to that version; but if the release team > > prefers, I can cherry-pick a43a2d8 onto 3.15.1 and upload that instead. > > > > Thanks for getting back to me on this. > > On the note of the actual changes, could you please provide a (source) > debdiff, so I know what we are looking at? Will do. This will probably be for the weekend. -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12
Bug#849504: Data corruption with copy-on-write and multiple threads
Wouter Verhelst: > Hi Niels, > > On Sun, Feb 12, 2017 at 08:52:00AM +, Niels Thykier wrote: >> Any news on this bug? > > I'm going to release (upstream) nbd 3.15.2 later this week (probably on > thursday), which contains the fix: > > https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.15.1...master > > This patch series includes: > > - The fix for this bug, commit a43a2d8; > - Several minor documentation fixes (e.g., fixed the sorting of a listing in a > man page); > - A better fix for the issue of nbd-client-udeb being compiled against GnuTLS > that does not break the build on kFreeBSD etc; > - The ability to change the GnuTLS priority string, to follow TLS best > practices and allow people to lock down the TLS configuration > > I would like to update nbd to that version; but if the release team > prefers, I can cherry-pick a43a2d8 onto 3.15.1 and upload that instead. > Thanks for getting back to me on this. On the note of the actual changes, could you please provide a (source) debdiff, so I know what we are looking at? Thanks, ~Niels
Bug#849504: Data corruption with copy-on-write and multiple threads
Hi Niels, On Sun, Feb 12, 2017 at 08:52:00AM +, Niels Thykier wrote: > Any news on this bug? I'm going to release (upstream) nbd 3.15.2 later this week (probably on thursday), which contains the fix: https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.15.1...master This patch series includes: - The fix for this bug, commit a43a2d8; - Several minor documentation fixes (e.g., fixed the sorting of a listing in a man page); - A better fix for the issue of nbd-client-udeb being compiled against GnuTLS that does not break the build on kFreeBSD etc; - The ability to change the GnuTLS priority string, to follow TLS best practices and allow people to lock down the TLS configuration I would like to update nbd to that version; but if the release team prefers, I can cherry-pick a43a2d8 onto 3.15.1 and upload that instead. -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12
Bug#849504: Data corruption with copy-on-write and multiple threads
On Sun, 29 Jan 2017 15:41:48 +0100 Wouter Verhelst wrote: > Hi, > > On Sun, Jan 29, 2017 at 12:59:35PM +, Jonathan Wiltshire wrote: > > Hi, > > > > On Wed, Dec 28, 2016 at 12:33:51AM +0100, Wouter Verhelst wrote: > > > We should not release Debian with this bug present; however, I don't > > > want to fix this right now, or 1:3.15.1-1 will miss the freeze cutoff. > > > I'll upload a package as soon as that version migrates to testing. > > > > nbd 1:3.15.1-1 and then 1:3.15.1-2 migrated on 2016-12-31, so that should > > leave the way clear to fixing this. > > Yes; a fix has been committed upstream. I was waiting for the reporter > to help check it, but haven't gotten any response so far. > > I'm currently swamped with helping organize FOSDEM (which is next > weekend), but I'll do those tests myself after that if it hasn't > happened yet, and then do the upload. > > [...] > Hey Wouter, :) Any news on this bug? Thanks, ~Niels
Bug#849504: Data corruption with copy-on-write and multiple threads
Hi, On Sun, Jan 29, 2017 at 12:59:35PM +, Jonathan Wiltshire wrote: > Hi, > > On Wed, Dec 28, 2016 at 12:33:51AM +0100, Wouter Verhelst wrote: > > We should not release Debian with this bug present; however, I don't > > want to fix this right now, or 1:3.15.1-1 will miss the freeze cutoff. > > I'll upload a package as soon as that version migrates to testing. > > nbd 1:3.15.1-1 and then 1:3.15.1-2 migrated on 2016-12-31, so that should > leave the way clear to fixing this. Yes; a fix has been committed upstream. I was waiting for the reporter to help check it, but haven't gotten any response so far. I'm currently swamped with helping organize FOSDEM (which is next weekend), but I'll do those tests myself after that if it hasn't happened yet, and then do the upload. (I'm also an idiot, in that I filed this bug again, but ah well, I'll just merge them before uploading) -- < ron> I mean, the main *practical* problem with C++, is there's like a dozen people in the world who think they really understand all of its rules, and pretty much all of them are just lying to themselves too. -- #debian-devel, OFTC, 2016-02-12
Bug#849504: Data corruption with copy-on-write and multiple threads
Hi, On Wed, Dec 28, 2016 at 12:33:51AM +0100, Wouter Verhelst wrote: > We should not release Debian with this bug present; however, I don't > want to fix this right now, or 1:3.15.1-1 will miss the freeze cutoff. > I'll upload a package as soon as that version migrates to testing. nbd 1:3.15.1-1 and then 1:3.15.1-2 migrated on 2016-12-31, so that should leave the way clear to fixing this. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#849504: Data corruption with copy-on-write and multiple threads
Package: nbd-server Version: 1:3.12-1 Severity: serious Forwarded: https://github.com/NetworkBlockDevice/nbd/issues/43 A bug was reported upstream in nbd upstream when combining copy-on-write and multiple threads. The latter was a new feature for nbd 3.12, and the bug was always present since that implementation of multiple threads, so filing this bug on the version that introduced it into Debian. We should not release Debian with this bug present; however, I don't want to fix this right now, or 1:3.15.1-1 will miss the freeze cutoff. I'll upload a package as soon as that version migrates to testing. -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unreleased'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, m68k, arm64 Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nbd-server depends on: ii adduser3.115 ii debconf [debconf-2.0] 1.5.59 ii libc6 2.24-8 ii libglib2.0-0 2.50.2-2 ii libgnutls303.5.7-3 ii ucf3.0036 nbd-server recommends no packages. nbd-server suggests no packages. -- debconf information excluded
