Bug#781147: unblock: resiprocate/1.9.7-5

Daniel Pocock Wed, 25 Mar 2015 01:28:19 -0700

Package: release.debian.org
User: [email protected]
UserTags: unblock



This is a proposed upload to unstable for jessie

The main reason for this unblock request:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780979

and also helps resolve:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780980


The main reason for fixing 780979 is that the assert() can lead to a
crash of the process, as described in the bug report.

These fixes come from the master branch upstream:

https://github.com/resiprocate/resiprocate/commits/master

diff -Nru resiprocate-1.9.7/debian/changelog resiprocate-1.9.7/debian/changelog
--- resiprocate-1.9.7/debian/changelog  2014-12-10 07:28:30.000000000 +0100
+++ resiprocate-1.9.7/debian/changelog  2015-03-22 20:02:23.000000000 +0100
@@ -1,3 +1,11 @@
+resiprocate (1:1.9.7-5) unstable; urgency=medium
+
+  * Make ensureWritable more tolerant. (Closes: #780979)
+  * Stop logging errors when TLS is shut down cleanly by peer.
+    (Closes: #780980)
+
+ -- Daniel Pocock <[email protected]>  Sun, 22 Mar 2015 19:30:31 +0100
+
 resiprocate (1:1.9.7-4) unstable; urgency=medium
 
   * Use SSLv23_method instead of TLSv1_method and
diff -Nru resiprocate-1.9.7/debian/patches/0003-log-tls-clean-shutdown.patch 
resiprocate-1.9.7/debian/patches/0003-log-tls-clean-shutdown.patch
--- resiprocate-1.9.7/debian/patches/0003-log-tls-clean-shutdown.patch  
1970-01-01 01:00:00.000000000 +0100
+++ resiprocate-1.9.7/debian/patches/0003-log-tls-clean-shutdown.patch  
2015-03-22 19:43:14.000000000 +0100
@@ -0,0 +1,30 @@
+diff --git a/resip/stack/ssl/TlsConnection.cxx 
b/resip/stack/ssl/TlsConnection.cxx
+index c3537aa..fb80323 100644
+--- a/resip/stack/ssl/TlsConnection.cxx
++++ b/resip/stack/ssl/TlsConnection.cxx
+@@ -445,6 +445,12 @@ TlsConnection::read(char* buf, int count )
+             return 0;
+          }
+          break;
++         case SSL_ERROR_ZERO_RETURN:
++         {
++            DebugLog( << "Got SSL_ERROR_ZERO_RETURN (TLS shutdown by peer)");
++            return -1;
++         }
++         break;
+          default:
+          {
+             handleOpenSSLErrorQueue(bytesRead, err, "SSL_read");
+@@ -532,6 +538,12 @@ TlsConnection::write( const char* buf, int count )
+             return 0;
+          }
+          break;
++         case SSL_ERROR_ZERO_RETURN:
++         {
++            DebugLog( << "Got SSL_ERROR_ZERO_RETURN (TLS shutdown by peer)");
++            return -1;
++         }
++         break;
+          default:
+          {
+             handleOpenSSLErrorQueue(ret, err, "SSL_write");
diff -Nru 
resiprocate-1.9.7/debian/patches/0004-make-ensureWritable-more-tolerant.patch 
resiprocate-1.9.7/debian/patches/0004-make-ensureWritable-more-tolerant.patch
--- 
resiprocate-1.9.7/debian/patches/0004-make-ensureWritable-more-tolerant.patch   
    1970-01-01 01:00:00.000000000 +0100
+++ 
resiprocate-1.9.7/debian/patches/0004-make-ensureWritable-more-tolerant.patch   
    2015-03-22 19:43:14.000000000 +0100
@@ -0,0 +1,55 @@
+diff --git a/resip/stack/Connection.cxx b/resip/stack/Connection.cxx
+index 567c105..1f01ecc 100644
+--- a/resip/stack/Connection.cxx
++++ b/resip/stack/Connection.cxx
+@@ -88,13 +88,35 @@ Connection::performWrite()
+ {
+    if(transportWrite())
+    {
+-      assert(mInWritable);
+-      getConnectionManager().removeFromWritable(this);
+-      mInWritable = false;
+-      return 0; // What does this transportWrite() mean?
++      // If we get here it means:
++      // a. on a previous invocation, SSL_do_handshake wanted to write
++      //         (SSL_ERROR_WANT_WRITE)
++      // b. now the handshake is complete or it wants to read
++      if(mInWritable)
++      {
++         getConnectionManager().removeFromWritable(this);
++         mInWritable = false;
++      }
++      else
++      {
++         WarningLog(<<"performWrite invoked while not in write set");
++      }
++      return 0; // Q. What does this transportWrite() mean?
++                // A. It makes the TLS handshake move along after it
++                //    was waiting in the write set.
++   }
++
++   // If the TLS handshake returned SSL_ERROR_WANT_WRITE again
++   // then we could get here without really having something to write
++   // so just return, remaining in the write set.
++   if(mOutstandingSends.empty())
++   {
++      // FIXME: this needs to be more elaborate with respect
++      // to TLS handshaking but it doesn't appear we can do that
++      // without ABI breakage.
++      return 0;
+    }
+ 
+-   assert(!mOutstandingSends.empty());
+    switch(mOutstandingSends.front()->command)
+    {
+    case SendData::CloseConnection:
+@@ -272,7 +294,8 @@ Connection::ensureWritable()
+ {
+    if(!mInWritable)
+    {
+-      assert(!mOutstandingSends.empty());
++      //assert(!mOutstandingSends.empty()); // empty during TLS handshake
++      // therefore must be careful to check mOutstandingSends later
+       getConnectionManager().addToWritable(this);
+       mInWritable = true;
+    }
diff -Nru resiprocate-1.9.7/debian/patches/series 
resiprocate-1.9.7/debian/patches/series
--- resiprocate-1.9.7/debian/patches/series     2014-12-09 11:33:48.000000000 
+0100
+++ resiprocate-1.9.7/debian/patches/series     2015-03-22 19:43:14.000000000 
+0100
@@ -1,2 +1,4 @@
 0001-use-SSLv23_method.patch
 0002-client-avoid-TLSv1_2.patch
+0003-log-tls-clean-shutdown.patch
+0004-make-ensureWritable-more-tolerant.patch

Bug#781147: unblock: resiprocate/1.9.7-5

Reply via email to