[Pkg-openssl-devel] Bug#551155: libssl0.9.8: New Segmentation Fault after installing starttls when signing into emacs-jabber in Lenny
Nick Daly
nick.m.daly at gmail.com
Fri Oct 16 04:30:40 UTC 2009
Package: libssl0.9.8
Version: 0.9.8g-15+lenny5
Severity: grave
Justification: renders package unusable
*** Please type your report below this line ***
Intro
=====
I've been using Emacs and Emacs-Jabber for a while now, quite
flawlessly and wonderfully. However, since I've installed the
starttls package (to use Gnus with GMail), emacs-jabber has been
unable to connect with ``jabber-connect`` or
``jabber-connect-all``,
as it segfaults with the following message:
[12268.905313] starttls[12313]: segfault at 1a0 ip b7f4a804 sp
bf8a0ec0 error 4 in libssl.so.0.9.8[b7f2e000+43000]
[12268.905313] starttls[12313]: segfault at 1a0 ip b7f4a804 sp
bf8a0ec0 error 4 in libssl.so.0.9.8[b7f46000+43000]
Workaround
==========
Removing starttls allows emacs-jabber to work again, so starttls
is
segfaulting libssl0.9.8. starttls shouldn't be trying to cause
libssl
to segfault, but at the same time, libssl shouldn't segfault (it
should instead fail with some sort of warning, right?), so it
seems
like both packages are at fault to some degree.
This issue is marked as grave because it breaks both libssl and
unrelated software: you can use either Emacs-Jabber or Gnus with
Gmail, but never both. Perhaps someone can find a configuration
workaround that allows emacs-jabber to avoid using starttls so
libssl
doesn't crash?
I'm unsure of the security implications of segfaulting libssl.
Emacs-jabber won't connect at all with starttls installed, so
we're
not opening up a user's jabber account. However, I'm unsure what
someone could actually do with a segfaulted libssl.
Reproducing the Problem
=======================
#. Install emacs, emacs-jabber.
#. Configure both. My emacs-jabber specific ``~/.emacs`` settings
include::
(custom-set-variables
'(jabber-account-list (quote (("user at clanthac0.com"))))
'(jabber-show-offline-contacts nil)
)
#. Make sure you can connect to all of your favorite jabber
servers
without segfault. From within Emacs::
M-x jabber-connect-all
#. Configure .gnus to use Gmail (check the Emacs-Wiki for
instruction). My ``~/.gnus`` settings include::
(setq gnus-select-method
'(nnimap "gmail"
(nnimap-address "imap.gmail.com")
(nnimap-server-port 993)
(nnimap-stream ssl)))
(setq message-send-mail-function 'smtpmail-send-it
smtpmail-starttls-credentials '(("smtp.gmail.com" 587
"nick.m.daly at gmail.com" nil))
smtpmail-auth-credentials '(("smtp.gmail.com" 587
"nick.m.daly at gmail.com" nil))
smtpmail-default-smtp-server "smtp.gmail.com"
smtpmail-smtp-server "smtp.gmail.com"
smtpmail-smtp-service 587
)
#. Install starttls.
#. Play around with Gnus and make sure Gmail works. From within
Emacs::
M-x gnus
#. Attempt to connect to jabber again, via ``M-x
jabber-connect-all``.
#. Verify that it segfaults with an error message when you attempt
from a virtual terminal.
Versions
========
emacs-jabber 0.7.91-2
starttls 0.10-3
Thanks,
Nick
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl0.9.8 depends on:
ii debconf [debconf-2.0] 1.5.24 Debian configuration
management sy
ii libc6 2.7-18 GNU C Library: Shared
libraries
ii zlib1g 1:1.2.3.3.dfsg-12 compression library -
runtime
libssl0.9.8 recommends no packages.
libssl0.9.8 suggests no packages.
-- debconf information:
libssl0.9.8/restart-failed:
* libssl0.9.8/restart-services: tor ntp postfix spamassassin
More information about the Pkg-openssl-devel
mailing list