Package: inspircd Version: 2.0.27-1+deb10u1 Severity: normal Tags: patch upstream
Dear Maintainer, I found a bug affecting (mostly?) local SSL connections vie GnuTLS. Sometimes the data sent by the client is seen by the server only when follwing data has been sent. See https://github.com/inspircd/inspircd/issues/1848 (Messages from SSL client are not always handled when available (inspircd v2)) The appended patch fixed the issue for me. -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.10.0-1127.8.2.vz7.151.14 (SMP w/1 CPU core) Kernel taint flags: TAINT_WARN, TAINT_CRAP, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages inspircd depends on: ii libc6 2.28-10 ii libgcc1 1:8.3.0-6 ii libgeoip1 1.6.12-1 ii libgnutls30 3.6.7-4+deb10u6 ii libldap-2.4-2 2.4.47+dfsg-3+deb10u6 ii libmariadb3 1:10.3.27-0+deb10u1 ii libpcre3 2:8.43-1+0~20200703.7+debian9~1.gbpbfc49f ii libpq5 11.10-0+deb10u1 ii libsqlite3-0 3.27.2-3+deb10u1 ii libstdc++6 8.3.0-6 ii libtre5 0.8.0-6 ii lsb-base 10.2019051400 inspircd recommends no packages. Versions of packages inspircd suggests: ii default-mysql-server 1.0.5 pn gnutls-bin <none> pn ldap-server <none> pn postgresql <none> ii sqlite3 3.27.2-3+deb10u1 -- Configuration Files: /etc/default/inspircd changed [not included] /etc/inspircd/inspircd.conf [Errno 13] Permission denied: '/etc/inspircd/inspircd.conf' /etc/inspircd/inspircd.motd [Errno 13] Permission denied: '/etc/inspircd/inspircd.motd' /etc/inspircd/inspircd.rules [Errno 13] Permission denied: '/etc/inspircd/inspircd.rules' -- no debconf information
diff -Nru inspircd-2.0.27/debian/changelog inspircd-2.0.27/debian/changelog --- inspircd-2.0.27/debian/changelog 2020-09-11 07:59:09.000000000 +0200 +++ inspircd-2.0.27/debian/changelog 2021-02-21 21:34:31.000000000 +0100 @@ -1,3 +1,10 @@ +inspircd (2.0.27-1+deb10u1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Patch gnutls module may not fully read available data + + -- Michael Kosinets <gnutls.10.h4x...@spamgourmet.com> Sun, 21 Feb 2021 21:34:31 +0100 + inspircd (2.0.27-1+deb10u1) buster-security; urgency=high * Patch denial-of-service security vulnerabilities (Closes: #960650) diff -Nru inspircd-2.0.27/debian/patches/07_gnutls_delayed_data.patch inspircd-2.0.27/debian/patches/07_gnutls_delayed_data.patch --- inspircd-2.0.27/debian/patches/07_gnutls_delayed_data.patch 1970-01-01 01:00:00.000000000 +0100 +++ inspircd-2.0.27/debian/patches/07_gnutls_delayed_data.patch 2021-02-21 21:32:13.000000000 +0100 @@ -0,0 +1,16 @@ +diff -Naur inspircd-2.0.27.orig/src/modules/extra/m_ssl_gnutls.cpp inspircd-2.0.27/src/modules/extra/m_ssl_gnutls.cpp +--- inspircd-2.0.27.orig/src/modules/extra/m_ssl_gnutls.cpp 2021-02-19 22:47:56.846343368 +0100 ++++ inspircd-2.0.27/src/modules/extra/m_ssl_gnutls.cpp 2021-02-21 21:31:08.536997908 +0100 +@@ -703,9 +703,11 @@ + if (ret > 0) + { + recvq.append(buffer, ret); ++ int mask = FD_WANT_POLL_READ; + // Schedule a read if there is still data in the GnuTLS buffer + if (gnutls_record_check_pending(session->sess) > 0) +- ServerInstance->SE->ChangeEventMask(user, FD_ADD_TRIAL_READ); ++ mask |= FD_ADD_TRIAL_READ; ++ ServerInstance->SE->ChangeEventMask(user, mask); + return 1; + } + else if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) diff -Nru inspircd-2.0.27/debian/patches/series inspircd-2.0.27/debian/patches/series --- inspircd-2.0.27/debian/patches/series 2020-09-11 07:59:09.000000000 +0200 +++ inspircd-2.0.27/debian/patches/series 2021-02-21 21:33:01.000000000 +0100 @@ -3,3 +3,4 @@ 04_reproducible_builds.diff 05_cve-2019-20917.diff 06_cve-2020-25269.diff +07_gnutls_delayed_data.patch