Package: release.debian.org Severity: normal Tags: bullseye User: [email protected] Usertags: pu
Hi RMs, Quite recently a new traceroute version was released. Most importantly it fixes an excessive CPU consumption on one core (it's not multi-threaded). It's easy to trigger it, but not considered a security issue. All you have to do is to try an IPv4 mapped IPv6 address: $ traceroute ::ffff:127.0.0.1 One CPU core will go on 100% and it will not stop until you ^C or kill it. The fix is small and could be backported easily. It is tested, builds correctly and fixes this issue on Bullseye. Thanks for considering, Laszlo/GCS
diff -Nru traceroute-2.1.0/debian/changelog traceroute-2.1.0/debian/changelog --- traceroute-2.1.0/debian/changelog 2016-08-29 17:45:51.000000000 +0200 +++ traceroute-2.1.0/debian/changelog 2022-12-29 08:27:50.000000000 +0100 @@ -1,3 +1,10 @@ +traceroute (1:2.1.0-2+deb11u1) bullseye; urgency=medium + + * Backport upstream fix to interpret ipv4-mapped ipv6 addresses + (::ffff:A.B.C.D) as true ipv4. + + -- Laszlo Boszormenyi (GCS) <[email protected]> Thu, 29 Dec 2022 08:27:50 +0100 + traceroute (1:2.1.0-2) unstable; urgency=low * Update Standards-Version to 3.9.8 . diff -Nru traceroute-2.1.0/debian/patches/08-interpret_ipv4-mapped_ipv6_addresses.patch traceroute-2.1.0/debian/patches/08-interpret_ipv4-mapped_ipv6_addresses.patch --- traceroute-2.1.0/debian/patches/08-interpret_ipv4-mapped_ipv6_addresses.patch 1970-01-01 01:00:00.000000000 +0100 +++ traceroute-2.1.0/debian/patches/08-interpret_ipv4-mapped_ipv6_addresses.patch 2022-12-29 01:32:42.000000000 +0100 @@ -0,0 +1,18 @@ +--- a/traceroute/traceroute.c 2016-03-07 23:17:23.000000000 +0100 ++++ b/traceroute/traceroute.c 2022-12-27 01:28:15.000000000 +0100 +@@ -223,6 +223,15 @@ + + freeaddrinfo (res); + ++ /* No v4mapped addresses in real network, interpret it as ipv4 anyway */ ++ if (addr->sa.sa_family == AF_INET6 && ++ IN6_IS_ADDR_V4MAPPED (&addr->sin6.sin6_addr) ++ ) { ++ if (af == AF_INET6) return -1; ++ addr->sa.sa_family = AF_INET; ++ addr->sin.sin_addr.s_addr = addr->sin6.sin6_addr.s6_addr32[3]; ++ } ++ + return 0; + } + diff -Nru traceroute-2.1.0/debian/patches/series traceroute-2.1.0/debian/patches/series --- traceroute-2.1.0/debian/patches/series 2016-08-29 17:45:51.000000000 +0200 +++ traceroute-2.1.0/debian/patches/series 2022-12-29 01:34:20.000000000 +0100 @@ -5,3 +5,4 @@ 05-manpage-p.patch 06-build.patch 07-reproducible-build.patch +08-interpret_ipv4-mapped_ipv6_addresses.patch
