Control: clone -1 -2 Control: retitle -2 dnsmasq: Wheezy regression caused by CVE-2015-3294/2.62-3+deb7u2 w/ bind-interfaces Control: found -2 2.62-3+deb7u2
Cloning this as new bugreport to handle the regression introduced. On Wed, May 06, 2015 at 03:32:25PM +0100, Simon Kelley wrote: > Salvatore. > > The problem occurs if the dnsmasq binary is compiled against libc > headers which #define SO_REUSEPORT and then run on a kernel which > doesn't support that option. I guess the security builds have picked up > SO_REUSEPORT from a libc backport. > > The fix applied at the time was: > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=56a1142f033234e3ee3b6361e9a1bcdbe606f816 > > > Cheers, > > Simon. > > > > On 06/05/15 15:16, Salvatore Bonaccorso wrote: > > Hi Ian and Luca, > > > > On Wed, May 06, 2015 at 12:59:03PM +0200, Luca Olivetti wrote: > >> On Wed, 06 May 2015 11:30:35 +0100 Ian Campbell <[email protected]> wrote: > >> > >> > >>> I've just noticed that running kernel on the machine is 3.2.57-3+deb7u1 > >>> which is quite out of date wrt point releases etc. Looking at the > >>> changelog there have been dozens of stable update fixes, one of which > >>> might be relevant here. > >>> > >>> I'll reboot when I get home and see if perhaps that fixes the issue. > >> > >> I have the same problem, but my machine uses 3.2.68: > >> > >> > >> #uname > >> -ahttp://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=56a1142f033234e3ee3b6361e9a1bcdbe606f816 > >> Linux lacie 3.2.0-4-kirkwood #1 Debian 3.2.68-1+deb7u1 armv5tel GNU/Linux > >> > >> > >> I had to comment the "bind-interfaces" line from /etc/dnsmasq.conf in > >> order to make it start. > > > > Thanks to both for feedback. Might it be a problem with the armel > > build? If you look at the build log (which I have uploaded to [1]) on > > the armel chroot to build the package on the buildd there installed > > linux-libc-dev which is not from stable but from backports, and indeed > > for linux >= 3.9. Thus the armel build will have (dhcp.c): > > > > [...] > > int rc = setsockopt(fd, 1, 15, &oneopt, sizeof(oneopt)); > > > > if (rc == -1) > > die(dcgettext (((void *)0), "failed to set SO_REUSE{ADDR|PORT} on DHCP > > socket: %s", __LC_MESSAGES), ((void *)0), 2); > > } > > [...] > > > > Could either of you try to rebuild dnsmasq in a clean chroot and see > > if the problem resolves? That the buildd have 3.14.13-2~bpo70+1 > > installed is odd and should not be. > > > > [1] > > https://people.debian.org/~carnil/tmp/dnsmasq/dnsmasq_2.62-3+deb7u2_armel-20150505-1143.gz > > [2] https://lwn.net/Articles/542629/ > > > > Regards, > > Salvatore > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

