Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prosody: 0.11.8 -> 0.11.9 #122868

Merged
merged 1 commit into from May 14, 2021
Merged

prosody: 0.11.8 -> 0.11.9 #122868

merged 1 commit into from May 14, 2021

Conversation

andir
Copy link
Member

@andir andir commented May 13, 2021

Motivation for this change

The prosody project has issues a new release and published security
advisory for CVE-2021-32918, CVE-2021-32920, CVE-2021-32921,
CVE-2021-32917 and CVE-2021-32919.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)

@andir andir requested a review from picnoir May 13, 2021 17:35
@ofborg ofborg bot requested review from fpletz and globin May 13, 2021 17:48
@andir andir mentioned this pull request May 13, 2021
Merged
3 tasks
ajs124
ajs124 reviewed May 14, 2021
View reviewed changes
Copy link
Member

@ajs124 ajs124 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The jitsi-meet test fails, but it already appears to do so on master. cc @mmilata @petabyteboy
@ryantm (does the jitsi maintainer team not exist as a github team?)

The prosody and prosody-mysql tests pass.

@andir
Copy link
Member Author

andir commented May 14, 2021
edited

The jitsi-meet test fails, but it already appears to do so on master. cc @mmilata @petabyteboy
@ryantm (does the jitsi maintainer team not exist as a github team?)

The prosody and prosody-mysql tests pass.

@ajs124 The jitsi meet test succeeds for me. What kind of error are you seeing?

@ajs124
Copy link
Member

ajs124 commented May 14, 2021

@andir it succeeds on another system. Yay.

This is what happened on the system where it failed. 
server: waiting for success: journalctl -b -u prosody -o cat | grep -q 'focus.server:component: External component successfully authenticated'                                                                                                                                                                                                                               
server # [   28.463583] prosody[947]: c2s3204950: Received[c2s]: <presence id='Kfrd7-39' to='jvbbrewery@internal.server/server'>                                                                                                                                                                                                                                             
server # [   28.475448] prosody[947]: auth.server:pep: get_pep_service("jvb")                                                                                                                                                                                                                                                                                                
server # [   28.477286] prosody[947]: internal.server:muc: presence update for jvbbrewery@internal.server/server from session jvb@auth.server/vbFCs6OJ                                                                                                                                                                                                                       
server # [   28.480235] prosody[947]: c2s321a290: Sending[c2s]: <presence id='Kfrd7-39' to='focus@auth.server/focus12007260632' from='jvbbrewery@internal.server/server'>                                                                                                                                                                                                    
server # [   28.483666] prosody[947]: c2s3204950: Sending[c2s]: <presence id='Kfrd7-39' to='jvb@auth.server/vbFCs6OJ' from='jvbbrewery@internal.server/server'>                                                                                                                                                                                                              
server # [   32.302932] jitsi-videobridge2-start[915]: INFO: [20] HealthChecker.run#170: Performed a successful health check in PT0.00106941S. Sticky failure: false                                                                                                                                                                                                         
server # [   32.934344] prosody[947]: c2s3204950: Received[c2s]: <presence id='Kfrd7-41' to='jvbbrewery@internal.server/server'>                                                                                                                                                                                                                                             
server # [   33.020214] prosody[947]: auth.server:pep: get_pep_service("jvb")                                                                                                                                                                                                                                                                                                
server # [   33.086560] prosody[947]: internal.server:muc: presence update for jvbbrewery@internal.server/server from session jvb@auth.server/vbFCs6OJ                                                                                                                                                                                                                       
server # [   33.150073] prosody[947]: c2s321a290: Sending[c2s]: <presence id='Kfrd7-41' to='focus@auth.server/focus12007260632' from='jvbbrewery@internal.server/server'>
server # [   33.245051] prosody[947]: c2s3204950: Sending[c2s]: <presence id='Kfrd7-41' to='jvb@auth.server/vbFCs6OJ' from='jvbbrewery@internal.server/server'>
server # [   33.288095] prosody[947]: c2s321a290: Received[c2s]: <iq id='Gic78-45' to='jvbbrewery@internal.server/server' type='get'>
server # [   33.293019] prosody[947]: internal.server:muc: focus@auth.server/focus12007260632 sent private iq stanza to jvbbrewery@internal.server/server (jvb@auth.server/vbFCs6OJ)
server # [   33.296072] prosody[947]: c2s3204950: Sending[c2s]: <iq id='anZiQGF1dGguc2VydmVyL3ZiRkNzNk9KAEdpYzc4LTQ1AEbzQkfw2b2peVJ5U/hAiUc=' to='jvb@auth.server/vbFCs6OJ' from='jvbbrewery@internal.server/focus' type='get'>
server # [   35.605315] prosody[947]: c2s3204950: Received[c2s]: <iq id='anZiQGF1dGguc2VydmVyL3ZiRkNzNk9KAEdpYzc4LTQ1AEbzQkfw2b2peVJ5U/hAiUc=' to='jvbbrewery@internal.server/focus' type='result'>
server # [   35.637601] prosody[947]: internal.server:muc: jvb@auth.server/vbFCs6OJ sent private iq stanza to jvbbrewery@internal.server/focus (focus@auth.server/focus12007260632)
server # [   35.651951] prosody[947]: c2s321a290: Sending[c2s]: <iq id='Gic78-45' to='focus@auth.server/focus12007260632' from='jvbbrewery@internal.server/server' type='result'>
server # [   40.140598] prosody[947]: c2s3204950: Received[c2s]: <presence id='Kfrd7-45' to='jvbbrewery@internal.server/server'>
server # [   40.182230] prosody[947]: auth.server:pep: get_pep_service("jvb")
server # [   40.187293] prosody[947]: internal.server:muc: presence update for jvbbrewery@internal.server/server from session jvb@auth.server/vbFCs6OJ
server # [   40.190803] prosody[947]: c2s321a290: Sending[c2s]: <presence id='Kfrd7-45' to='focus@auth.server/focus12007260632' from='jvbbrewery@internal.server/server'>
server # [   40.202175] prosody[947]: c2s3204950: Sending[c2s]: <presence id='Kfrd7-45' to='jvb@auth.server/vbFCs6OJ' from='jvbbrewery@internal.server/server'>
server # [   47.920250] jicofo-start[916]: INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart() Started o.e.j.s.ServletContextHandler@5300f14a{/,null,AVAILABLE}
server # [   65.169904] systemd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
server # [   65.171476] CPU: 0 PID: 1 Comm: systemd Not tainted 5.10.36 #1-NixOS
server # [   65.172514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014                                                                                                                                                                                                                                  
server # [   65.174329] Call Trace:                                
server # [   65.174738]  dump_stack+0x6b/0x83                                            
server # [   65.175274]  dump_header+0x4a/0x1ed                                          
server # [   65.175840]  out_of_memory.cold+0xa/0x7e                                     
server # [   65.176508]  __alloc_pages_slowpath.constprop.0+0xbd1/0xca0                  
server # [   65.177399]  __alloc_pages_nodemask+0x308/0x340                              
server # [   65.178125]  pagecache_get_page+0x18a/0x320                                                                                                                               
server # [   65.178800]  filemap_fault+0x4de/0x800
server # [   65.179406]  ? filemap_map_pages+0x1f3/0x3f0                                   
server # [   65.180093]  __do_fault+0x37/0x90
server # [   65.180631]  handle_mm_fault+0x1114/0x16c0
server # [   65.181292]  do_user_addr_fault+0x1bb/0x3f0
server # [   65.181962]  ? _copy_to_user+0x2d/0x40
server # [   65.182575]  exc_page_fault+0x5d/0x120
server # [   65.183179]  ? asm_exc_page_fault+0x8/0x30
server # [   65.183839]  asm_exc_page_fault+0x1e/0x30
server # [   65.184487] RIP: 0033:0x7fd066281751
server # [   65.185064] Code: 84 00 00 00 00 00 0f 1f 00 31 c0 c5 f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 89 f9 48 89 fa c5 f9 ef c0 83 e1 3f 83 f9 20 77 1f <c5> fd 74 0f c5 fd d7 c1 85 c0 0f 85 df 00 00 00 48 83 c7 20 83 e1
server # [   65.188015] RSP: 002b:00007ffdb689e2e8 EFLAGS: 00010283
server # [   65.188850] RAX: 00007fd066693dc0 RBX: 00005593a4fa2950 RCX: 0000000000000005
server # [   65.189981] RDX: 00005593a3207a45 RSI: 00007ffdb689e310 RDI: 00005593a3207a45
server # [   65.191113] RBP: 00005593a3207a45 R08: 0000000000000000 R09: 76ae2e31e5d22c0a
server # [   65.192244] R10: 640e4ce0c6f8ee9d R11: 0000000000000286 R12: 00007ffdb689e310
server # [   65.193376] R13: 00000000000010c8 R14: 0000000000000000 R15: 00007ffdb689e3f0
server # [   65.194529] Mem-Info:
server # [   65.194902] active_anon:102 inactive_anon:72918 isolated_anon:0
server # [   65.194902]  active_file:162 inactive_file:151 isolated_file:0
server # [   65.194902]  unevictable:0 dirty:0 writeback:0
server # [   65.194902]  slab_reclaimable:3730 slab_unreclaimable:4048
server # [   65.194902]  mapped:202 shmem:1124 pagetables:523 bounce:0
server # [   65.194902]  free:1095 free_pcp:85 free_cma:0
server # [   65.199861] Node 0 active_anon:408kB inactive_anon:291672kB active_file:648kB inactive_file:604kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:808kB dirty:0kB writeback:0kB shmem:4496kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:2496kB all_unreclaimable? no
server # [   65.204181] Node 0 DMA free:1408kB min:104kB low:128kB high:152kB reserved_highatomic:0KB active_anon:0kB inactive_anon:14352kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:24kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
server # [   65.208404] lowmem_reserve[]: 0 326 326 326 326
server # [   65.209123] Node 0 DMA32 free:2972kB min:4304kB low:4868kB high:5432kB reserved_highatomic:0KB active_anon:408kB inactive_anon:277320kB active_file:648kB inactive_file:604kB unevictable:0kB writepending:0kB present:376684kB managed:348136kB mlocked:0kB pagetables:2068kB bounce:0kB free_pcp:340kB local_pcp:340kB free_cma:0kB
server # [   65.213615] lowmem_reserve[]: 0 0 0 0 0
server # [   65.214233] Node 0 DMA: 2*4kB (UM) 1*8kB (M) 1*16kB (M) 1*32kB (M) 3*64kB (M) 1*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 1408kB
server # [   65.216372] Node 0 DMA32: 182*4kB (UME) 101*8kB (UME) 47*16kB (UME) 10*32kB (UME) 6*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2992kB
server # [   65.218577] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
server # [   65.219978] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
server # [   65.221343] 1445 total pagecache pages
server # [   65.221968] 0 pages in swap cache
server # [   65.222526] Swap cache stats: add 0, delete 0, find 0/0
server # [   65.223380] Free swap  = 0kB
server # [   65.223847] Total swap = 0kB
server # [   65.224319] 98169 pages RAM
server # [   65.224796] 0 pages HighMem/MovableOnly
server # [   65.225440] 7158 pages reserved
server # [   65.225949] 0 pages cma reserved
server # [   65.226494] Tasks state (memory values in pages):
server # [   65.227254] [  pid  ]   uid  tgid total_vm      rss pgtables_bytes swapents oom_score_adj name
server # [   65.228644] [    458]     0   458     5979      216    73728        0          -250 systemd-journal
server # [   65.230099] [    471]     0   471     5460      234    69632        0         -1000 systemd-udevd
server # [   65.231527] [    577]     0   577     2288      115    53248        0             0 systemd-logind
server # [   65.232966] [    635]     4   635     1630      106    53248        0          -900 dbus-daemon
server # [   65.234383] [    752] 64015   752   233178       93   151552        0             0 nscd
server # [   65.235678] [    768]     0   768      797       98    40960        0             0 dhcpcd
server # [   65.236999] [    854]     0   854    55630       11    49152        0             0 agetty
server # [   65.238317] [    860]     0   860    56163      203    57344        0             0 sh
server # [   65.239586] [    889]    60   889     5880      479    81920        0             0 nginx
server # [   65.240893] [    900] 64943   900    55881      121    61440        0             0 jicofo-start
server # [   65.242295] [    901] 63351   901    55880       99    61440        0             0 jitsi-videobrid
server # [   65.243752] [    915] 63351   915  1398083    35624   655360        0             0 java

@andir andir merged commit 04d29e6 into NixOS:master May 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajs124 ajs124 ajs124 left review comments

@lukegb lukegb lukegb approved these changes

@picnoir picnoir Awaiting requested review from picnoir

@fpletz fpletz Awaiting requested review from fpletz

@globin globin Awaiting requested review from globin

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@andir @ajs124 @lukegb