Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

Hi Ian, On Wed, May 06, 2015 at 08:48:53AM +0100, Ian Campbell wrote: Package: dnsmasq Followup-For: Bug #783459 Dear Maintainer, After upgrading to 2.62-3+deb7u2 on Wheezy/armel dnsmasq now fails to start with: root@yog-sothoth:~# dpkg -i dnsmasq*2.62-3+deb7u2*.deb (Reading

Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

Package: dnsmasq Followup-For: Bug #783459 Dear Maintainer, After upgrading to 2.62-3+deb7u2 on Wheezy/armel dnsmasq now fails to start with: root@yog-sothoth:~# dpkg -i dnsmasq*2.62-3+deb7u2*.deb (Reading database ... 25941 files and directories currently installed.) Preparing to

Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

On Wed, 06 May 2015 11:30:35 +0100 Ian Campbell i...@debian.org wrote: I've just noticed that running kernel on the machine is 3.2.57-3+deb7u1 which is quite out of date wrt point releases etc. Looking at the changelog there have been dozens of stable update fixes, one of which might be

Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

On Wed, 2015-05-06 at 11:34 +0200, Salvatore Bonaccorso wrote: I just tried to replicate that configuration and set up a wheezy VM up with two interfaces eth0, eth1, and set the following modifications: interface=eth1 bind-interfaces domain=example.com

Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

Hi Ian and Luca, On Wed, May 06, 2015 at 12:59:03PM +0200, Luca Olivetti wrote: On Wed, 06 May 2015 11:30:35 +0100 Ian Campbell i...@debian.org wrote: I've just noticed that running kernel on the machine is 3.2.57-3+deb7u1 which is quite out of date wrt point releases etc. Looking at the

Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

On Wed, 2015-05-06 at 16:16 +0200, Salvatore Bonaccorso wrote: Could either of you try to rebuild dnsmasq in a clean chroot and see if the problem resolves? Yes, rebuilding in a clean chroot has fixed the issue, thanks. No sign of backports in the build log (attached). Ian. That the buildd

Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

Control: clone -1 -2 Control: retitle -2 dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces Control: found -2 2.62-3+deb7u2 Cloning this as new bugreport to handle the regression introduced. On Wed, May 06, 2015 at 03:32:25PM +0100, Simon Kelley wrote:

Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

On Wed, 2015-05-06 at 16:16 +0200, Salvatore Bonaccorso wrote: Could either of you try to rebuild dnsmasq in a clean chroot and see if the problem resolves? Just kicked off sbuild --dist wheezy --arch armel --binNMU=1 dnsmasq_2.62-3+deb7u2.dsc on a local machine whose chroot _should_ be clean

Bug#783459: dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces

Salvatore. The problem occurs if the dnsmasq binary is compiled against libc headers which #define SO_REUSEPORT and then run on a kernel which doesn't support that option. I guess the security builds have picked up SO_REUSEPORT from a libc backport. The fix applied at the time was: