Bug#643336: libgcrypt11: New 1.5.0 version segfaults with NSS/PAM LDAP

Jerome Alet jerome.alet at univ-nc.nc
Wed Dec 17 00:46:33 UTC 2014

Package: libgcrypt11
Version: 1.5.0-5+deb7u2
Followup-For: Bug #643336

Dear Maintainer,

Reporting the problem from a different machine since the one
encountering the problem is not available right now. This one is similar
though (same versions).

We are in the process of moving from a LDAP server to a new one. The new
one only accepts ldaps:// connections, while the previous one only
accepted ldap:// ones

Since we've modified libnss-ldap.conf and pam-ldap.conf to point to the
new LDAP server and use ldaps:// instead of ldap, we've got segfaults
everywhere : dbus, nscd, login, and so on...

No other file was modified, excepted libnss-ldap.secret to contain the
LDAP admin password.

Of course the old and new LDAP servers differ by their content. In
particular the new one contains user groups, and some of them are very
huge : there are >3000 members in some groups, although the usernames
tested so far are in much smaller groups, like 200 members only.

These segfaults appear to be random, for example just after booting I'll
be able to do "getent passwd username" a few times which will work, and
then it will segfault and will never work again. When getent segfaults,
if nscd is active, then nscd will segfault at the very same time (or the
other way around).

Here are some logs from syslog :

Dec 17 11:14:12 kernel: [   33.292821] dbus-daemon[2807] general protection ip:b71c20ea sp:bfd4a360 error:0 in libgcrypt.so.11.7.0[b7198000+81000]
Dec 17 11:14:29 kernel: [   50.388001] nscd[3211] general protection ip:aeaab0ea sp:af5bf92c error:0 in libgcrypt.so.11.7.0[aea81000+81000]
Dec 17 11:14:31 kernel: [   52.726956] login[4215] general protection ip:b73920ea sp:bfb4149c error:0 in libgcrypt.so.11.7.0[b7368000+81000]
Dec 17 11:14:46 kernel: [   67.053518] login[4248] general protection ip:b73d00ea sp:bfc1f8cc error:0 in libgcrypt.so.11.7.0[b73a6000+81000]
Dec 17 11:14:52 kernel: [   73.002957] login[4286] general protection ip:b73020ea sp:bfd4095c error:0 in libgcrypt.so.11.7.0[b72d8000+81000]
Dec 17 11:14:54 kernel: [   75.095612] login[4310] general protection ip:b731e0ea sp:bf9cce1c error:0 in libgcrypt.so.11.7.0[b72f4000+81000]
Dec 17 11:14:59 kernel: [   80.519214] login[4312] general protection ip:b73480ea sp:bfaa89fc error:0 in libgcrypt.so.11.7.0[b731e000+81000]
Dec 17 11:17:01 kernel: [  202.333460] cron[4698] general protection ip:b720e0ea sp:bff20a9c error:0 in libgcrypt.so.11.7.0[b71e4000+81000]

Even doing "su - username" segfaults.

I won't be able to make our new LDAP server accept ldap:// connections
until the last week of December, unfortunately.

Is there anything else which could be done ?

Thanks in advance

-- System Information:
Debian Release: 7.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgcrypt11 depends on:
ii  libc6              2.13-38+deb7u6
ii  libgpg-error0      1.10-3.1
ii  multiarch-support  2.13-38+deb7u6

libgcrypt11 recommends no packages.

Versions of packages libgcrypt11 suggests:
pn  rng-tools  <none>

-- no debconf information

Jerome Alet

More information about the Pkg-gnutls-maint mailing list