Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1

Victor Seva Wed, 07 Sep 2016 02:52:25 -0700

2016-09-07 9:30 GMT+02:00 Adam D. Barratt <[email protected]>:
> Thanks for caring about fixing this in jessie.
>
> In order to okay an upload, however, we'd need to see a source debdiff for
> the proposed package, built and tested on a jessie system.


Sure.

Before:
dpkg -l | grep kamailio
ii  kamailio                       4.2.0-2+deb8u1              amd64
     very fast and configurable SIP proxy
ii  kamailio-tls-modules:amd64     4.2.0-2+deb8u1              amd64
     contains the TLS kamailio transport module

root@debian-jessie-plain:/etc/kamailio# systemctl status kamailio -l
● kamailio.service - LSB: Start the Kamailio SIP proxy server
   Loaded: loaded (/etc/init.d/kamailio)
   Active: active (exited) since Wed 2016-09-07 11:36:47 CEST; 44s ago
  Process: 16399 ExecStop=/etc/init.d/kamailio stop (code=exited,
status=0/SUCCESS)
  Process: 16410 ExecStart=/etc/init.d/kamailio start (code=exited,
status=0/SUCCESS)

Sep 07 11:36:47 debian-jessie-plain kamailio[16410]: udp: localhost:5060
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
rr [rr_mod.c:160]: mod_init(): outbound module not available
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
usrloc [hslot.c:53]: ul_init_locks(): locks array size 1024
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
tls [tls_mod.c:346]: mod_init(): With ECDH-Support!
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: INFO:
tls [tls_mod.c:349]: mod_init(): With Diffie Hellman
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]: : tls
[tls_init.c:515]: init_tls_h(): ERROR: tls: init_tls_h: installed
openssl library version is too different from the library the ser tls
module was compiled with: installed "OpenSSL 1.0.1t  3 May 2016"
(0x1000114f), compiled "OpenSSL 1.0.1k 8 Jan 2015" (0x100010bf).
                                                                Please
make sure a compatible version is used (tls_force_run in ser.cfg will
override this check)
Sep 07 11:36:47 debian-jessie-plain /usr/sbin/kamailio[16426]:
CRITICAL: <core> [main.c:2521]: main(): could not initialize tls,
exiting...
Sep 07 11:36:47 debian-jessie-plain kamailio[16410]: already running ... failed!
Sep 07 11:36:47 debian-jessie-plain kamailio[16410]: .

$ dpkg -l | grep openssl
ii  libgnutls-openssl27:amd64      3.3.8-6+deb8u3              amd64
     GNU TLS library - OpenSSL wrapper
ii  openssl                        1.0.1k-3+deb8u5             amd64
     Secure Sockets Layer toolkit - cryptographic utility


After:
$ dpkg -l | grep kamailio
ii  kamailio                       4.2.0-2+deb8u2              amd64
     very fast and configurable SIP proxy
ii  kamailio-tls-modules:amd64     4.2.0-2+deb8u2              amd64
     contains the TLS kamailio transport module

$ systemctl status kamailio -l
● kamailio.service - LSB: Start the Kamailio SIP proxy server
   Loaded: loaded (/etc/init.d/kamailio)
   Active: active (running) since Wed 2016-09-07 11:45:11 CEST; 7s ago
   CGroup: /system.slice/kamailio.service

Installing previous openssl version has no effect, so fix works properly

diff -Nru kamailio-4.2.0/debian/changelog kamailio-4.2.0/debian/changelog
--- kamailio-4.2.0/debian/changelog     2016-03-21 00:24:40.000000000 +0100
+++ kamailio-4.2.0/debian/changelog     2016-09-07 10:00:32.000000000 +0200
@@ -1,3 +1,12 @@
+kamailio (4.2.0-2+deb8u2) stable-proposed-updates; urgency=medium
+
+  * use my DD account \o/
+  * add upstream fix for:
+    proper check of libssl versions used for compilation
+    and available on system (Closes: #833973)
+
+ -- Victor Seva <[email protected]>  Wed, 07 Sep 2016 10:00:32 +0200
+
 kamailio (4.2.0-2+deb8u1) jessie-security; urgency=medium
 
   * CVE-2016-2385
diff -Nru kamailio-4.2.0/debian/control kamailio-4.2.0/debian/control
--- kamailio-4.2.0/debian/control       2015-01-28 20:48:03.000000000 +0100
+++ kamailio-4.2.0/debian/control       2016-09-07 10:00:32.000000000 +0200
@@ -2,7 +2,7 @@
 Section: net
 Priority: optional
 Maintainer: Debian VoIP Team <[email protected]>
-Uploaders: Victor Seva <[email protected]>,
+Uploaders: Victor Seva <[email protected]>,
            Tzafrir Cohen <[email protected]>
 Build-Depends: bison,
                debhelper (>= 9),
diff -Nru kamailio-4.2.0/debian/patches/fix_tls.patch 
kamailio-4.2.0/debian/patches/fix_tls.patch
--- kamailio-4.2.0/debian/patches/fix_tls.patch 1970-01-01 01:00:00.000000000 
+0100
+++ kamailio-4.2.0/debian/patches/fix_tls.patch 2016-09-07 10:00:32.000000000 
+0200
@@ -0,0 +1,34 @@
+From 0a5f99b28d01d79cf2675df6d2a6220167e2476e Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <[email protected]>
+Date: Tue, 7 Jun 2016 15:21:06 +0200
+Subject: [PATCH] tls: proper check of libssl versions used for compilation and
+ available on system
+
+- shift out the last 12bits, being the patch version and status (see man
+  SSLeay)
+- reported by Victor Seva, GH #662
+
+(cherry picked from commit c38b4c7345a6806f48a0cdb07841e10bc962e1bf)
+(cherry picked from commit 253909bf673c0a59e7adf578bb5df73eb157d0f2)
+(cherry picked from commit 5632abc108bf8ed8157a77806ea80b962db3fa4f)
+---
+ modules/tls/tls_init.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
+index a381be1..7bfc10f 100644
+--- a/modules/tls/tls_init.c
++++ b/modules/tls/tls_init.c
+@@ -543,8 +543,10 @@ int init_tls_h(void)
+ #endif
+       ssl_version=SSLeay();
+       /* check if version have the same major minor and fix level
+-       * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not) */
+-      if ((ssl_version>>8)!=(OPENSSL_VERSION_NUMBER>>8)){
++       * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
++       * - values is represented as 0xMMNNFFPPS: major minor fix patch status
++       *   0x00090705f == 0.9.7e release */
++      if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){
+               LOG(L_CRIT, "ERROR: tls: init_tls_h: installed openssl library "
+                               "version is too different from the library the 
ser tls module "
+                               "was compiled with: installed \"%s\" (0x%08lx), 
compiled "
diff -Nru kamailio-4.2.0/debian/patches/series 
kamailio-4.2.0/debian/patches/series
--- kamailio-4.2.0/debian/patches/series        2016-03-21 00:23:37.000000000 
+0100
+++ kamailio-4.2.0/debian/patches/series        2016-09-07 10:00:32.000000000 
+0200
@@ -6,3 +6,4 @@
 default_ctl.patch
 fix-mips.patch
 CVE-2016-2385.patch
+fix_tls.patch

kamailio_4.2.0-2+deb8u2_amd64.build.bz2
Description: BZip2 compressed data

Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1

Reply via email to