Bug#788710: libgnutls-deb0-28: makes wget fail in libgnutls-deb0 (segfault...) on some https websites
Vincent Lefevre
vincent at vinc17.net
Sun Jun 14 13:15:29 UTC 2015
Package: libgnutls-deb0-28
Version: 3.3.15-6
Severity: grave
Justification: renders package unusable
After upgrading libgnutls-deb0-28 from 3.3.14-2 to 3.3.15-6:
$ wget https://www.vinc17.net/
--2015-06-14 15:03:50-- https://www.vinc17.net/
Resolving www.vinc17.net (www.vinc17.net)... 92.243.22.117, 2001:4b98:dc0:45:216:3eff:fe9b:eb2f
Connecting to www.vinc17.net (www.vinc17.net)|92.243.22.117|:443... connected.
zsh: segmentation fault (core dumped) wget https://www.vinc17.net/
$ dpkg -s wget
Package: wget
Status: install ok installed
Priority: important
Section: web
Installed-Size: 2291
Maintainer: Noël Köthe <noel at debian.org>
Architecture: amd64
Multi-Arch: foreign
Version: 1.16.3-2
Depends: libc6 (>= 2.17), libgnutls-deb0-28 (>= 3.3.0), libidn11 (>= 1.13), libnettle4, libpcre3 (>= 1:8.35), libpsl0 (>= 0.4.0), libuuid1 (>= 2.16), zlib1g (>= 1:1.1.4)
[...]
The backtrace:
Program received signal SIGSEGV, Segmentation fault.
__memcpy_sse2_unaligned ()
at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
36 ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S: No such file or directory.
(gdb) bt full
#0 __memcpy_sse2_unaligned ()
at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
No locals.
#1 0x00007ffff74d933f in memcpy (__len=1439561376, __src=0x7fffffffc40c,
__dest=0x555555ce0a50) at /usr/include/x86_64-linux-gnu/bits/string3.h:51
No locals.
#2 x86_sha1_update (ctx=0x555555ce0a30, length=<optimized out>,
data=0x555555cecd2f "*\206H\206\367\r\001\001\005\021\001")
at sha-x86-ssse3.c:130
octx = {h0 = 2671104319, h1 = 3280907310, h2 = 4225808692,
h3 = 558006877, h4 = 1792278221, Nl = 32512, Nh = 4125831290,
data = {1920234085, 779383669, 7171939, 0, 0, 0, 0, 0, 0,
2846943859, 1073741827, 0, 1439616880, 21845, 260, 15},
num = 1439561376}
res = 0
t2 = <optimized out>
i = <optimized out>
#3 0x00007ffff74d9239 in wrap_x86_hash_update (_ctx=<optimized out>,
text=<optimized out>, textsize=<optimized out>) at sha-x86-ssse3.c:66
ctx = <optimized out>
#4 0x00007ffff74682ce in _gnutls_hash (handle=0x7fffffffc4e0,
handle=0x7fffffffc4e0, textlen=<optimized out>, text=<optimized out>)
at ./gnutls_hash_int.h:113
textlen = <optimized out>
text = <optimized out>
#5 _pkcs1_rsa_verify_sig (me=me at entry=0x7ffff7732240 <hash_algorithms>,
text=text at entry=0x7fffffffc790, prehash=prehash at entry=0x0,
signature=0x7fffffffc7a0, params=<optimized out>) at gnutls_pubkey.c:1838
ret = <optimized out>
md = '\000' <repeats 63 times>
cmp = <optimized out>
digest_size = 20
d = {data = 0x7fffffffc520 "", size = 4148557461}
di = {data = 0x0, size = 0}
hd = {e = 0x7ffff7732240 <hash_algorithms>,
hash = 0x7ffff74d9220 <wrap_x86_hash_update>,
output = 0x7ffff74d93d0 <wrap_x86_hash_output>,
deinit = 0x7ffff74d9240 <wrap_x86_hash_deinit>, key = 0x0,
keysize = 0, handle = 0x555555ce0a30}
#6 0x00007ffff746ab65 in pubkey_verify_data (pk=GNUTLS_PK_RSA,
me=me at entry=0x7ffff7732240 <hash_algorithms>,
data=data at entry=0x7fffffffc790, signature=signature at entry=0x7fffffffc7a0,
issuer_params=issuer_params at entry=0x7fffffffc680) at gnutls_pubkey.c:1979
No locals.
#7 0x00007ffff74a20dd in _gnutls_x509_verify_data (
me=0x7ffff7732240 <hash_algorithms>, data=data at entry=0x7fffffffc790,
signature=signature at entry=0x7fffffffc7a0,
issuer=issuer at entry=0x555555989c90) at verify.c:1228
issuer_params = {params = {0x555555cdf860, 0x555555cdf880,
0x0 <repeats 14 times>}, params_nr = 2, flags = 0,
algo = GNUTLS_PK_UNKNOWN}
ret = <optimized out>
#8 0x00007ffff74a2e4c in verify_crt (cert=0x555555cd5dd0,
trusted_cas=trusted_cas at entry=0x555555cd2dc0, tcas_size=tcas_size at entry=4,
flags=flags at entry=33554432, output=output at entry=0x7fffffffc930,
_issuer=_issuer at entry=0x7fffffffc938, now=1434287289,
max_path=0x7fffffffc934, end_cert=false, nc=0x555555cdf820, func=0x0)
at verify.c:764
cert_signed_data = {
data = 0x555555cec9a0 "0\202\003\213\240\003\002\001\002\002\020Z\266\035\254\036M\242\006\024\307U==\251\262\334\060\r\006\t*\206H\206\367\r\001\001\005\005", size = 911}
cert_signature = {
data = 0x555555cecd40 "\031S\277\003=\233\342kZ\375\272I\037O\354\341Ƃ9<\322\003\004\017\253{>\202\251\205\020\037\364\336\062\257X?\377p\363\060\035\227-L\232\342\354\f>\024-/\230H\235\256\026j\254-B\252\265d\244p\273\353s\224{FL\347z\024v[L\035\204\241 t\037.K\\p\210ܽ\367\031=\355Y\r\342?&✬\244<\225\034\370\276\214\003\256\360\345\234M\274ǛX", size = 256}
issuer = 0x555555989c90
issuer_version = <optimized out>
hash_algo = <optimized out>
result = false
me = <optimized out>
out = 0
usage = 198
sigalg = 1
ret = 1
#9 0x00007ffff74a3b12 in _gnutls_verify_crt_status (
certificate_list=certificate_list at entry=0x7fffffffca10,
clist_size=clist_size at entry=2, trusted_cas=0x555555cd2dc0, tcas_size=4,
flags=flags at entry=33554432, func=func at entry=0x0) at verify.c:947
i = <optimized out>
ret = <optimized out>
status = 0
output = 0
now = 1434287289
issuer = 0x555555989c90
max_path = 4095
nc = 0x555555cdf820
#10 0x00007ffff74aec81 in gnutls_x509_trust_list_verify_crt2 (
list=<optimized out>, cert_list=<optimized out>, cert_list_size=2,
data=<optimized out>, elements=<optimized out>, flags=33554432,
voutput=0x7fffffffcbc8, func=0x0) at verify-high.c:919
ret = <optimized out>
i = <optimized out>
hash = <optimized out>
sorted = {0x555555cd4740, 0x555555cd5dd0, 0x0, 0x0, 0x2,
0x7fffffffcbc8, 0x2000000, 0x7ffff7de9e07 <_dl_fixup+247>,
0x555500000001, 0x0, 0x100000000, 0x7ffff741ce08, 0x0, 0x2000000,
0x7fffffffcb60, 0x7ffff7df0325 <_dl_runtime_resolve+53>}
hostname = <optimized out>
purpose = <optimized out>
#11 0x00007ffff7462e5c in _gnutls_x509_cert_verify_peers (session=0x0,
data=0x7fffffffc40c, elements=1439561376, status=0x7fffffffcbc8)
at gnutls_x509.c:296
resp = {data = 0x555555ce8420 "0\202\001\323\n\001", size = 471}
issuer = 0x555555cd5dd0
ocsp_status = 0
verify_flags = 33554432
#12 0x000055555558f440 in ?? ()
No symbol table info available.
#13 0x0000555555574ef6 in ?? ()
No symbol table info available.
#14 0x00005555555795c7 in ?? ()
No symbol table info available.
#15 0x00005555555841ac in ?? ()
No symbol table info available.
#16 0x0000555555560b5f in ?? ()
No symbol table info available.
#17 0x00007ffff69cdb45 in __libc_start_main (main=0x55555555f7b0, argc=2,
argv=0x7fffffffd788, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffd778) at libc-start.c:287
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -8736878936487083644,
93824992284658, 140737488344960, 0, 0, 8736878935640916356,
8736899559678165380}, mask_was_saved = 0}}, priv = {pad = {
0x0, 0x0, 0x7fffffffd7a0, 0x7ffff7ffe1a8}, data = {prev = 0x0,
cleanup = 0x0, canceltype = -10336}}}
not_first_call = <optimized out>
#18 0x000055555556101b in ?? ()
And with another website:
$ wget https://www.mozilla.org/
--2015-06-14 15:13:30-- https://www.mozilla.org/
Resolving www.mozilla.org (www.mozilla.org)... 63.245.217.105, 2620:101:8008:5::2:1
Connecting to www.mozilla.org (www.mozilla.org)|63.245.217.105|:443... connected.
GnuTLS: A TLS fatal alert has been received.
GnuTLS: received alert [80]: Internal error
Unable to establish SSL connection.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libgnutls-deb0-28 depends on:
ii libc6 2.19-18
ii libgmp10 2:6.0.0+dfsg-6
ii libhogweed4 3.1.1-3
ii libnettle6 3.1.1-3
ii libp11-kit0 0.23.1-2
ii libtasn1-6 4.5-2
ii zlib1g 1:1.2.8.dfsg-2+b1
libgnutls-deb0-28 recommends no packages.
Versions of packages libgnutls-deb0-28 suggests:
ii gnutls-bin 3.3.15-6
-- no debconf information
More information about the Pkg-gnutls-maint
mailing list