Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi! The prosody package (an XMPP server) currently in jessie suffers from a bug in handling CNAME DNS records. Appears that it doesn't cache them properly. This regularly breaks server-to-server communications either returning errors to the sender or dropping the messages (which is much worse). You can find the corresponding bugreports in [1] and [2]. This bug is already fixed in unstable and testing, but I'd like to apply the fix to jessie as well. I'm attaching the diff between 0.9.7-2 currently in stable and the prospective 0.9.7-2+deb8u1. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787070 [2] https://code.google.com/p/lxmppd/issues/detail?id=487 -- System Information: Debian Release: 8.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -Nru prosody-0.9.7/debian/changelog prosody-0.9.7/debian/changelog --- prosody-0.9.7/debian/changelog 2015-03-28 18:20:59.000000000 +0300 +++ prosody-0.9.7/debian/changelog 2015-06-08 09:03:24.000000000 +0300 @@ -1,3 +1,10 @@ +prosody (0.9.7-2+deb8u1) jessie; urgency=medium + + * Apply upstream patch which fixes CNAME DNS record resolution + (closes: #787070) + + -- Sergei Golovan <sgolo...@debian.org> Mon, 08 Jun 2015 09:02:50 +0300 + prosody (0.9.7-2) unstable; urgency=high * Apply upstream patch to validate UTF-8 strings before calling libidn diff -Nru prosody-0.9.7/debian/patches/0007-Fix-CNAME-DNS-lookup.patch prosody-0.9.7/debian/patches/0007-Fix-CNAME-DNS-lookup.patch --- prosody-0.9.7/debian/patches/0007-Fix-CNAME-DNS-lookup.patch 1970-01-01 03:00:00.000000000 +0300 +++ prosody-0.9.7/debian/patches/0007-Fix-CNAME-DNS-lookup.patch 2015-06-08 09:03:24.000000000 +0300 @@ -0,0 +1,53 @@ +Author: Upstream +Description: Patch fixes DNS lookup for CNAME records. +Bug: https://code.google.com/p/lxmppd/issues/detail?id=487 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787070 +Last-Modified: Tue, 02 Jun 2015 17:55:08 +0300 + +--- a/net/dns.lua ++++ b/net/dns.lua +@@ -694,15 +694,20 @@ + end + + +-function resolver:peek (qname, qtype, qclass) -- - - - - - - - - - - - peek ++function resolver:peek (qname, qtype, qclass, n) -- - - - - - - - - - - - peek + qname, qtype, qclass = standardize(qname, qtype, qclass); + local rrs = get(self.cache, qclass, qtype, qname); +- if not rrs then return nil; end ++ if not rrs then ++ if n then if n <= 0 then return end else n = 3 end ++ rrs = get(self.cache, qclass, "CNAME", qname); ++ if not (rrs and rrs[1]) then return end ++ return self:peek(rrs[1].cname, qtype, qclass, n - 1); ++ end + if prune(rrs, socket.gettime()) and qtype == '*' or not next(rrs) then + set(self.cache, qclass, qtype, qname, nil); + return nil; + end +- if self.unsorted[rrs] then table.sort (rrs, comp_mx); end ++ if self.unsorted[rrs] then table.sort (rrs, comp_mx); self.unsorted[rrs] = nil; end + return rrs; + end + +--- a/plugins/mod_s2s/s2sout.lib.lua ++++ b/plugins/mod_s2s/s2sout.lib.lua +@@ -169,18 +169,6 @@ + handle4 = adns.lookup(function (reply, err) + handle4 = nil; + +- -- COMPAT: This is a compromise for all you CNAME-(ab)users :) +- if not (reply and reply[#reply] and reply[#reply].a) then +- local count = max_dns_depth; +- reply = dns.peek(connect_host, "CNAME", "IN"); +- while count > 0 and reply and reply[#reply] and not reply[#reply].a and reply[#reply].cname do +- log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[#reply].cname), count); +- reply = dns.peek(reply[#reply].cname, "A", "IN") or dns.peek(reply[#reply].cname, "CNAME", "IN"); +- count = count - 1; +- end +- end +- -- end of CNAME resolving +- + if reply and reply[#reply] and reply[#reply].a then + for _, ip in ipairs(reply) do + log("debug", "DNS reply for %s gives us %s", connect_host, ip.a); diff -Nru prosody-0.9.7/debian/patches/series prosody-0.9.7/debian/patches/series --- prosody-0.9.7/debian/patches/series 2015-03-28 18:20:59.000000000 +0300 +++ prosody-0.9.7/debian/patches/series 2015-06-08 09:03:24.000000000 +0300 @@ -3,3 +3,4 @@ 0003-dpkg-buildflags.patch 0004-fix-package.path-of-ejabberd2prosody.patch 0005-Validate-UTF-8-strings-before-calling-libidn.patch +0007-Fix-CNAME-DNS-lookup.patch
