Your message dated Mon, 12 Dec 2005 07:02:05 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#334304: fixed in cfengine2 2.1.17-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Oct 2005 00:09:33 +0000
>From [EMAIL PROTECTED] Sun Oct 16 17:09:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from cassarossa.samfundet.no [129.241.93.19] (Debian-exim)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ERIZD-00073z-00; Sun, 16 Oct 2005 17:09:27 -0700
Received: from dessverre.samfundet.no ([2001:700:300:dc0f:204:76ff:fe21:9bc2])
by cassarossa.samfundet.no with esmtp (Exim 4.50)
id 1ERIZA-0003x4-8P; Mon, 17 Oct 2005 02:09:24 +0200
Received: from sesse by dessverre.samfundet.no with local (Exim 4.54)
id 1ERIZ9-0002GE-It; Mon, 17 Oct 2005 02:09:23 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Steinar H. Gunderson" <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: cfengine2: buffer overflow somewhere with rebuild against libssl0.9.8
X-Mailer: reportbug 3.17
Date: Mon, 17 Oct 2005 02:09:23 +0200
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: cfengine2
Version: 2.1.15-1.0.1
Severity: grave
Justification: renders package unusable
Hi,
We're using cfengine2 over IPv6, and since 2.1.15-1.0.1 (which was
rebuilt against libssl 0.9.7; 2.1.15-1.0 works), we've had odd problems
with authentication. More specifically, the machine identifies itself
with the wrong IPv6 address; some nibbles are switched with 1c00:0000.
Note the following behaviour from strace of cfagent:
socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET6, sin6_port=htons(5308), inet_pton(AF_INET6,
"2001:700:300:dc0f::1919", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28)
= 0
getsockname(3, {sa_family=AF_INET6, sin6_port=htons(32770),
inet_pton(AF_INET6, "2001:700:300:dc0f:213:d4ff:fe9c:7d3d", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
At this point, getsockname() returns the correct IPv6 address. Then,
time passes, but nothing is done with fd 3, until:
getsockname(3, {sa_family=AF_INET6, sin6_port=htons(58321),
inet_pton(AF_INET6, "2001:700:300:dc0f:1c00:0:fe9c:7d3d", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
Note that the middle part of the address suddenly is mangled, and this
breaks authentication, so cfengine becomes completely useless (since
authentication fails). My guess here is that something overwrites random
memory, causing corruption to something internal to glibc.
Switching kernels (2.6.8 / 2.6.12 / 2.6.13) doesn't help, and
downgrading libc6 to the version in etch doesn't either. nscd is off.
This is broken in exactly the same way on multiple machines, although a
few seem to survive... in any case, downgrading cfengine to the version
in etch (2.1.15-1) solves the problem.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-k7
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Versions of packages cfengine2 depends on:
ii debconf 1.4.58 Debian configuration management sy
ii debianutils 2.15 Miscellaneous utilities specific t
ii libc6 2.3.5-7 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-20 Berkeley v4.2 Database Libraries [
ii libssl0.9.8 0.9.8-3 SSL shared libraries
ii perl 5.8.7-6 Larry Wall's Practical Extraction
cfengine2 recommends no packages.
-- debconf-show failed
---------------------------------------
Received: (at 334304-close) by bugs.debian.org; 12 Dec 2005 15:02:17 +0000
>From [EMAIL PROTECTED] Mon Dec 12 07:02:17 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1ElpBl-0001z5-KQ; Mon, 12 Dec 2005 07:02:05 -0800
From: Morten Werner Olsen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#334304: fixed in cfengine2 2.1.17-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 12 Dec 2005 07:02:05 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: cfengine2
Source-Version: 2.1.17-1
We believe that the bug you reported is fixed in the latest version of
cfengine2, which is due to be installed in the Debian FTP archive:
cfengine2-doc_2.1.17-1_all.deb
to pool/main/c/cfengine2/cfengine2-doc_2.1.17-1_all.deb
cfengine2_2.1.17-1.diff.gz
to pool/main/c/cfengine2/cfengine2_2.1.17-1.diff.gz
cfengine2_2.1.17-1.dsc
to pool/main/c/cfengine2/cfengine2_2.1.17-1.dsc
cfengine2_2.1.17-1_i386.deb
to pool/main/c/cfengine2/cfengine2_2.1.17-1_i386.deb
cfengine2_2.1.17.orig.tar.gz
to pool/main/c/cfengine2/cfengine2_2.1.17.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Morten Werner Olsen <[EMAIL PROTECTED]> (supplier of updated cfengine2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 4 Dec 2005 11:45:50 +0100
Source: cfengine2
Binary: cfengine2-doc cfengine2
Architecture: source i386 all
Version: 2.1.17-1
Distribution: unstable
Urgency: low
Maintainer: Andrew Stribblehill <[EMAIL PROTECTED]>
Changed-By: Morten Werner Olsen <[EMAIL PROTECTED]>
Description:
cfengine2 - Tool for configuring and maintaining network machines
cfengine2-doc - HTML and Info documentation for cfengine2
Closes: 331773 332432 334304 334391 335716
Changes:
cfengine2 (2.1.17-1) unstable; urgency=low
.
* New upstream release.
- vicf removed from package (Closes: #332432)
* Acknowledging NMU and including patches/100_fix_ipv6_buffer_overrun
(thanks to Steinar H. Gunderson). (Closes: #334304)
* Bumped Standards-Version to 3.6.2 (no changes).
* Added dependency to debconf-2.0. (Closes: #331773)
* Translations:
- Spanish (thanks to César Gómez MartÃn). (Closes: #334391)
- Swedish (thanks to Daniel Nylander). (Closes: #335716)
Files:
33a9fc55c60868afd64cadd9d25df709 813 admin optional cfengine2_2.1.17-1.dsc
11d2f537816f16824dbd3373e6f60611 3609788 admin optional
cfengine2_2.1.17.orig.tar.gz
6f885607db11b1bf06ec9cf0775e14ce 34872 admin optional
cfengine2_2.1.17-1.diff.gz
d8cc5a703db8a8a7e56922090665d44b 517716 doc extra
cfengine2-doc_2.1.17-1_all.deb
0de68ba469ef72366f3432b0224926cf 747774 admin optional
cfengine2_2.1.17-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDnZAMcByyo9pgKCIRAmBfAKCnEiLEoQGr62XoLiwGWd44zqWSfwCggb1y
JvUJqQ3isN9HvWOHQTf4Yk8=
=dax9
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
