Bug#942758: shibboleth-sp-utils: shibd segfault after CredentialResolver certificate is set

Miloslav Hula miloslav.hula at gmail.com
Mon Oct 21 07:21:07 BST 2019 

Package: shibboleth-sp-utils
Version: 3.0.4+dfsg1-1
Severity: normal

Dear Maintainer,

I upgraded to Shibboleth 3, created fresh new configuration and shibd refused to start.

When certificate for <CredentialResolver ...> does not exist, shibd runs normally. When exists, it segfaults.

I tried to create new one by "shib-keygen -h myhost.tld -y 10 -e https://myhost.tld/shibboleth" but still segfaults.

The shibboleth2.xml is pretty the same as upstream. I changed only:
- ApplicationDefaults entityID
- Sessions handlerSSL to true and cookieProps to https
- SSO entityID
- own MetadataProvider
- and CredentialResolver certificate/key path

Dmesg:
[Sat Oct 19 16:44:52 2019] shibd[6721]: segfault at 20 ip 00007fa632b6db15 sp 00007fff928b91d8 error 4 in libxml-security-c.so.20.0.2[7fa632ab4000+ea000]
[Sat Oct 19 16:44:52 2019] Code: 5b 5d 41 5c 41 5d c3 66 0f 1f 44 00 00 48 83 c4 08 45 31 e4 5b 44 89 e0 5d 41 5c 41 5d c3 0f 1f 80 00 00 00 00 48 85 f6 74 07 <48> 8b 47 20 48 89 06 48 85 d2 74 07 48 8b 47 28 48 89 02 48 85 c9


-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages shibboleth-sp-utils depends on:
ii  adduser              3.118
ii  init-system-helpers  1.56+nmu1
ii  libc6                2.28-10
ii  libfcgi0ldbl         2.4.0-10
ii  libgcc1              1:8.3.0-6
ii  liblog4shib2         2.0.0-2
ii  libsaml10            3.0.1-1
ii  libshibsp-plugins    3.0.4+dfsg1-1
ii  libshibsp8           3.0.4+dfsg1-1
ii  libstdc++6           8.3.0-6
ii  libsystemd0          241-7~deb10u1
ii  libxerces-c3.2       3.2.2+debian-1+b1
ii  libxmltooling8       3.0.4-1
ii  lsb-base             10.2019051400

Versions of packages shibboleth-sp-utils recommends:
ii  openssl  1.1.1d-1+0~20191009.15+debian10~1.gbpd6badf

shibboleth-sp-utils suggests no packages.

-- no debconf information

More information about the Pkg-shibboleth-devel mailing list