Your message dated Tue, 15 Feb 2011 00:47:25 +0000
with message-id <[email protected]>
and subject line Bug#607379: fixed in squid3 3.1.10-1
has caused the Debian Bug report #607379,
regarding squid3: TCP DNS lookups don't work when IPv6 is disabled on the system
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
607379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607379
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: squid3
Version: 3.1.6-1.2
Severity: normal
Tags: patch upstream
Sometimes Squid needs to use TCP for a DNS lookup when the DNS exchanges are
large (an example is stat.canal-plus.com). When this happens, and if neither
udp_outgoing_address (not a typo) nor udp_incoming_address are specified in the
configuration file, Squid always binds the TCP socket to an IPv6 address.
Consequently, if IPv6 is disabled in the kernel, Squid crashes miserably with
this log message:
FATAL: Could not create a DNS socket
Debugging output indicates:
comm_openex: Attempt open socket for: [::]
comm_open: socket failure: (97) Address family not supported by protocol
The result is that some sites whose domains need TCP to be resolved (for
example stat.canal-plus.com) are not accessible through Squid running on a
system with IPv6 disabled.
Recompiling the package with --disable-ipv6 does not fix the problem.
In src/dns_internal.cc, lines 740 to 743, Squid uses the udp_outgoing_address
configuration option or, if it doesn't exist, udp_incoming_address. If neither
exist, Squid uses an "unspecified address".
This address is then passed to IpAddress::GetAddrInfo(), which, if it is called
on an unspecified address, returns an AF_INET6 sockaddr (see
src/ip/IpAddress.cc - lines 608, 878 and 910). This is because
IpAddress::IsIPv6() always returns true for an unspecified address.
Consequently, comm_open(), called in src/dns_internal.cc:749, gets an AF_INET6
address, and as a result, fails miserably because IPv6 is not supported on the
system.
As a workaround, one can force Squid to bind to an IPv4 address by supplying a
value in the udp_outgoing_address configuration option:
udp_outgoing_address 0.0.0.0
For a long-term solution, see the attached patch, which makes
IpAddress::IsIPv6() always return false if IPv6 is not supported on the system.
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.36.2-zyklos (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages squid3 depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libcomerr2 1.41.12-2 common error description library
ii libdb4.8 4.8.30-3 Berkeley v4.8 Database Libraries [
ii libexpat1 2.0.1-7 XML parsing C library - runtime li
ii libgcc1 1:4.4.5-10 GCC support library
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libsasl2-2 2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii libstdc++6 4.4.5-10 The GNU Standard C++ Library v3
ii libxml2 2.7.8.dfsg-1 GNOME XML library
ii logrotate 3.7.8-6 Log rotation utility
ii lsb-base 3.2-26 Linux Standard Base 3.2 init scrip
ii netbase 4.44 Basic TCP/IP networking system
ii squid3-common 3.1.6-1.2 A full featured Web Proxy cache (H
squid3 recommends no packages.
Versions of packages squid3 suggests:
pn resolvconf <none> (no description available)
ii smbclient 2:3.5.6~dfsg-3 command-line SMB/CIFS clients for
pn squid-cgi <none> (no description available)
pn squidclient <none> (no description available)
-- Configuration Files:
/etc/squid3/squid.conf changed [not included]
-- no debconf information
--- src/ip/IpAddress.cc 2010-08-01 16:01:37.000000000 +0200
+++ src/ip/IpAddress.cc 2010-12-17 15:35:15.000000000 +0100
@@ -194,7 +194,7 @@
bool IpAddress::IsIPv6() const
{
- return IsAnyAddr() || IsNoAddr() || !IN6_IS_ADDR_V4MAPPED(
&m_SocketAddr.sin6_addr );
+ return Ip::EnableIpv6 && (IsAnyAddr() || IsNoAddr() ||
!IN6_IS_ADDR_V4MAPPED( &m_SocketAddr.sin6_addr ));
}
bool IpAddress::IsAnyAddr() const
--- End Message ---
--- Begin Message ---
Source: squid3
Source-Version: 3.1.10-1
We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive:
squid-cgi_3.1.10-1_i386.deb
to main/s/squid3/squid-cgi_3.1.10-1_i386.deb
squid3-common_3.1.10-1_all.deb
to main/s/squid3/squid3-common_3.1.10-1_all.deb
squid3-dbg_3.1.10-1_i386.deb
to main/s/squid3/squid3-dbg_3.1.10-1_i386.deb
squid3_3.1.10-1.diff.gz
to main/s/squid3/squid3_3.1.10-1.diff.gz
squid3_3.1.10-1.dsc
to main/s/squid3/squid3_3.1.10-1.dsc
squid3_3.1.10-1_i386.deb
to main/s/squid3/squid3_3.1.10-1_i386.deb
squid3_3.1.10.orig.tar.gz
to main/s/squid3/squid3_3.1.10.orig.tar.gz
squidclient_3.1.10-1_i386.deb
to main/s/squid3/squidclient_3.1.10-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luigi Gangitano <[email protected]> (supplier of updated squid3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 21 Jan 2011 18:43:56 +0100
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all i386
Version: 3.1.10-1
Distribution: unstable
Urgency: low
Maintainer: Luigi Gangitano <[email protected]>
Changed-By: Luigi Gangitano <[email protected]>
Description:
squid-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI
squid3 - A full featured Web Proxy cache (HTTP proxy)
squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files
squid3-dbg - A full featured Web Proxy cache (HTTP proxy) - Debug symbols
squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 594713 597687 605088 607379 609881
Changes:
squid3 (3.1.10-1) unstable; urgency=low
.
* New upstream release (Closes: #609881)
- Removed patches integrated upstream
+ 16-CVE-2010-3072
+ 17-CVE-2010-2951
- Fixes TCP DNS lookups failure on IPv6-disabled systems (Closes: #607379)
- Fixes HTTPS not working if IPv6 is disabled (Closes: #594713)
.
* debian/rules
- Enable ZPH feature (Closes: #597687)
.
* debian/squid3.ufw.profile
- Added UFW profile, thanks to Alessio Treglia (Closes: #605088)
.
* debian/control
- Added versioned dependency on squid-langpack
Checksums-Sha1:
7ee818cfcfd7f9603d5bd406e5a98338fccb1391 1265 squid3_3.1.10-1.dsc
2aec08938510e4161c07e8523eed04f8a51d8bc9 3348337 squid3_3.1.10.orig.tar.gz
f294cedebe24e3564ad6d52d27ecb56b4bcfc94a 18637 squid3_3.1.10-1.diff.gz
474368bef785077381666b54198f755f53b6af62 195330 squid3-common_3.1.10-1_all.deb
99efb0ba51e32c81692fe4e8b596756bce70b287 1478492 squid3_3.1.10-1_i386.deb
ed68761a5ce934f980b65055f3eb64902dd38ac0 5617520 squid3-dbg_3.1.10-1_i386.deb
2103ce411c18efcb3ea8a4fc41d6bfd643c3b9b1 107446 squidclient_3.1.10-1_i386.deb
319de54f03a239995767885e8e0821cee9c0dba4 109524 squid-cgi_3.1.10-1_i386.deb
Checksums-Sha256:
ba45ec743a64f340c2a631d2f45a9f21aaba65854527e400cd3e1bef36e43740 1265
squid3_3.1.10-1.dsc
f069b206e64d5f8b193436d6360aeb4874a70d6697fb0152126b158fccb4852e 3348337
squid3_3.1.10.orig.tar.gz
633922985dfe82141f8a70891b9d20bb7a1912fb2508dd249882a5c1b9c2a6d9 18637
squid3_3.1.10-1.diff.gz
fbdf5147c02b66c8869f3db9dff1162f75562c6b9007b7bee1976027762922ac 195330
squid3-common_3.1.10-1_all.deb
3885d82a9fa339dfedc04ff2fb11c29b6dc8f5fb5e7368a07a23d3c0e30d31cc 1478492
squid3_3.1.10-1_i386.deb
44d782b3758ae973ae218dc952410ff71fb935368caf836a092ae334f31f5b3b 5617520
squid3-dbg_3.1.10-1_i386.deb
812120084d8a7c2f94b7debbefc7d66c5082d92a4c545740b69998efb8d48dd5 107446
squidclient_3.1.10-1_i386.deb
d6b0c31f23f07e77c778b6a940802f528bebe42836b01c3f66436addb35ac159 109524
squid-cgi_3.1.10-1_i386.deb
Files:
86a9da58588acb341bb8c04796803a40 1265 web optional squid3_3.1.10-1.dsc
0a233d8966a563a795065ccb654caa4f 3348337 web optional squid3_3.1.10.orig.tar.gz
a8f0cf0d3da63c558552e5c417d7fee2 18637 web optional squid3_3.1.10-1.diff.gz
a633bb11b850dd2bcfb93b1fd55100ed 195330 web optional
squid3-common_3.1.10-1_all.deb
b7aa9cd1c63a33ec5cbcf19d775c70b3 1478492 web optional squid3_3.1.10-1_i386.deb
c614ca293ee4a5e61683d732b1644acc 5617520 debug extra
squid3-dbg_3.1.10-1_i386.deb
aa7384893ba9aba5e4ef0c683a713728 107446 web optional
squidclient_3.1.10-1_i386.deb
d376723f778ecd33a1e64f24e5a2e58c 109524 web optional
squid-cgi_3.1.10-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
iEYEARECAAYFAk1ZywIACgkQ8ZumGJJMDCYDTwCfWSowy7vuZ6v8TlRyPmUROLn8
UCgAn0L3dg84auQIyg4/ffx/PA33ulgU
=g8Ky
-----END PGP SIGNATURE-----
--- End Message ---
