Bug#616366: marked as done (libgmime-2.4-2: segmentation fault at gmime-gpg-context.c:1448)

Debian Bug Tracking System Mon, 14 Mar 2011 14:36:18 -0700

Your message dated Mon, 14 Mar 2011 21:32:28 +0000
with message-id <[email protected]>
and subject line Bug#616366: fixed in gmime2.4 2.4.23-1
has caused the Debian Bug report #616366,
regarding libgmime-2.4-2: segmentation fault at gmime-gpg-context.c:1448
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
616366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616366
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libgmime-2.4-2
Version: 2.4.14-1+nmu1
Severity: normal

Normally GMime works great.

However, I have a PGP/MIME encrypted+signed message that when i feed
it through gmime, i get a segmentation fault.

Here is the backtrace (i rebuilt libgmime with
DEB_BUILD_OPTIONS=nostrip to get it):

(gdb) bt
#0  __strlen_sse2 () at ../sysdeps/i386/i686/multiarch/strlen.S:99
#1  0xb7f82ecb in gpg_ctx_op_step (gpg=<value optimized out>, err=<value 
optimized out>) at gmime-gpg-context.c:1448
#2  0xb7f8450c in gpg_decrypt (context=0x807b400, istream=0x80b4230, 
ostream=0x80b4290, err=0xbffff42c) at gmime-gpg-context.c:1890
#3  0xb7f780e2 in g_mime_cipher_context_decrypt (ctx=0x807b400, 
istream=0x80b4230, ostream=0x80b4290, err=0xbffff42c) at 
gmime-cipher-context.c:342
#4  0xb7f8c50d in g_mime_multipart_encrypted_decrypt (mpe=0x80b3610, 
ctx=0x807b400, err=0xbffff42c) at gmime-multipart-encrypted.c:405
#5  0x08053de4 in reply_part ()
#6  0x0805850f in show_message_body ()
#7  0x08053644 in notmuch_reply_format_default ()
#8  0x08052c81 in notmuch_reply_command ()
#9  0x0804efce in main ()
(gdb) 

The message in question is signed with a key that has since expired
(it was not expired at the time the signature was made) -- i don't
know whether that's relevant or not.  Also, another message made
within hours that is also PGP/MIME encrypted+signed (using the same
keys) does not cause this fault.

Because the message is encrypted to my secret key, i'm afraid i can't
share it to allow this to be easily replicated.

However, i'm happy to provide any additional info about the message
that you think would be useful.

If i manually decrypt the message, gpg's status output looks like this:

0 dkg@pip:~/tmp$ gpg --decrypt --no-tty --status-fd 2 2>&1 > /dev/null  < 
bad.msg
[GNUPG:] ENC_TO C61BD3EC21484CFF 1 0
[GNUPG:] USERID_HINT C61BD3EC21484CFF Daniel Kahn Gillmor 
<[email protected]>
[GNUPG:] NEED_PASSPHRASE C61BD3EC21484CFF CCD2ED94D21739E9 1 0
[GNUPG:] GOOD_PASSPHRASE
[GNUPG:] ENC_TO 6C4607A577A37458 16 0
[GNUPG:] KEYEXPIRED 1275505354
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1275505354
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: encrypted with 1024-bit ELG-E key, ID 77A37458, created 2004-01-23
      "Jamie McClelland <[email protected]>"
[GNUPG:] NO_SECKEY 6C4607A577A37458
gpg: encrypted with 4096-bit RSA key, ID 21484CFF, created 2007-06-02
      "Daniel Kahn Gillmor <[email protected]>"
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] PLAINTEXT 74 1235778304 mutt-liberace-1000-18750-173
gpg: Signature made Fri 27 Feb 2009 06:45:04 PM EST using DSA key ID 76CC057D
[GNUPG:] KEYEXPIRED 1275505354
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1275505354
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1275505354
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] SIG_ID 6/A60nJx3RFzGwmrnRuao9uo8Gg 2009-02-27 1235778304
[GNUPG:] KEYEXPIRED 1275505354
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1275505354
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: please do a --check-trustdb
[GNUPG:] EXPKEYSIG 9EAF376276CC057D Jamie McClelland <[email protected]>
gpg: Good signature from "Jamie McClelland <[email protected]>" [expired]
gpg:                 aka "Jamie McClelland <[email protected]>" [expired]
[GNUPG:] VALIDSIG 4322A68D5010CF2F22188A179EAF376276CC057D 2009-02-27 
1235778304 0 4 0 17 2 01 4322A68D5010CF2F22188A179EAF376276CC057D
gpg: Note: This key has expired!
Primary key fingerprint: 4322 A68D 5010 CF2F 2218  8A17 9EAF 3762 76CC 057D
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION
0 dkg@pip:~/tmp$  

Thanks for maintaining gmime in debian,

  --dkg

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.37-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgmime-2.4-2 depends on:
ii  libc6                   2.11.2-11        Embedded GNU C Library: Shared lib
ii  libglib2.0-0            2.28.1-1+b1      The GLib library of C routines
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

libgmime-2.4-2 recommends no packages.

libgmime-2.4-2 suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: gmime2.4
Source-Version: 2.4.23-1

We believe that the bug you reported is fixed in the latest version of
gmime2.4, which is due to be installed in the Debian FTP archive:

gmime2.4_2.4.23-1.diff.gz
  to main/g/gmime2.4/gmime2.4_2.4.23-1.diff.gz
gmime2.4_2.4.23-1.dsc
  to main/g/gmime2.4/gmime2.4_2.4.23-1.dsc
gmime2.4_2.4.23.orig.tar.gz
  to main/g/gmime2.4/gmime2.4_2.4.23.orig.tar.gz
libgmime-2.4-2_2.4.23-1_i386.deb
  to main/g/gmime2.4/libgmime-2.4-2_2.4.23-1_i386.deb
libgmime-2.4-dev_2.4.23-1_i386.deb
  to main/g/gmime2.4/libgmime-2.4-dev_2.4.23-1_i386.deb
libgmime-2.4-doc_2.4.23-1_all.deb
  to main/g/gmime2.4/libgmime-2.4-doc_2.4.23-1_all.deb
libgmime2.4-cil-dev_2.4.23-1_all.deb
  to main/g/gmime2.4/libgmime2.4-cil-dev_2.4.23-1_all.deb
libgmime2.4-cil_2.4.23-1_all.deb
  to main/g/gmime2.4/libgmime2.4-cil_2.4.23-1_all.deb
monodoc-gmime2.4-manual_2.4.23-1_all.deb
  to main/g/gmime2.4/monodoc-gmime2.4-manual_2.4.23-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mirco Bauer <[email protected]> (supplier of updated gmime2.4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 14 Mar 2011 20:26:34 +0100
Source: gmime2.4
Binary: libgmime-2.4-dev libgmime-2.4-doc libgmime-2.4-2 libgmime2.4-cil 
libgmime2.4-cil-dev monodoc-gmime2.4-manual
Architecture: source i386 all
Version: 2.4.23-1
Distribution: unstable
Urgency: low
Maintainer: Mirco Bauer <[email protected]>
Changed-By: Mirco Bauer <[email protected]>
Description: 
 libgmime-2.4-2 - MIME message parser and creator library - runtime
 libgmime-2.4-dev - MIME message parser and creator library - development files
 libgmime-2.4-doc - MIME message parser and creator library - documentation
 libgmime2.4-cil - CLI binding for the GMime library
 libgmime2.4-cil-dev - CLI binding for the GMime library
 monodoc-gmime2.4-manual - compiled XML documentation for GMime
Closes: 573877 616366 617400
Changes: 
 gmime2.4 (2.4.23-1) unstable; urgency=low
 .
   * New upstream (bugfix) release (Closes: #617400)
     + No new API interfaces
     + Fixes segmentation fault in gpg_ctx_op_step (Closes: #616366)
     + As of gmime 2.4.15 includes the buffer overflow fix CVE-2010-0409
       (Obsoletes NMU by Michael Gilbert <[email protected]>,
        Closes: #573877)
Checksums-Sha1: 
 3d9fb39fa9f6b33afa2fb31bb37ab9a6c18e3546 1764 gmime2.4_2.4.23-1.dsc
 f6f8e13735751f2760dded0e7e9325dea0175346 1115530 gmime2.4_2.4.23.orig.tar.gz
 ccfcf9944bd9da5849af36199742c5b6f39857c0 5654 gmime2.4_2.4.23-1.diff.gz
 df3f8cb7b36185aa80b8a67e8b3d78dc0ee942a3 274388 
libgmime-2.4-dev_2.4.23-1_i386.deb
 0480493c1722d7b8a88ecceb44caf4e797145bd1 218210 
libgmime-2.4-doc_2.4.23-1_all.deb
 c1ce0386b99dbca0f40117f329177d26993a6433 217912 
libgmime-2.4-2_2.4.23-1_i386.deb
 0d6a9e043ce59cc15a2017f41f5975b58c544385 111802 
libgmime2.4-cil_2.4.23-1_all.deb
 87137dc9a1c99dec354d9d9855eb96e7f3afac31 76410 
libgmime2.4-cil-dev_2.4.23-1_all.deb
 6c204ce72b5efbda8986477c8338f3a843602d08 133554 
monodoc-gmime2.4-manual_2.4.23-1_all.deb
Checksums-Sha256: 
 548801d0c193f0e91492388d9668b5f10e5ca2fe79cbaa66bf9e201a1f71c3f6 1764 
gmime2.4_2.4.23-1.dsc
 1cac0404f929b15440a0a49420c5e2be9abb2ad7371e2cef1869d86007760ce3 1115530 
gmime2.4_2.4.23.orig.tar.gz
 5a879f92f03531986e6ee4e47b4b10cb50695cc80d543fcb994d68a44822bf10 5654 
gmime2.4_2.4.23-1.diff.gz
 3c0eda875c5b7d66e64bb7df9898a793e76a591bd8ae1f869e5d06f69486fa75 274388 
libgmime-2.4-dev_2.4.23-1_i386.deb
 8bf25e42da978cd5e5ab219717a881d53bca001183a779c913db6e988b523fee 218210 
libgmime-2.4-doc_2.4.23-1_all.deb
 a19d56d0220c6f2bc05dae4435c90c128dd4ffe9df426e20e14dd190b14d3654 217912 
libgmime-2.4-2_2.4.23-1_i386.deb
 e94fa81c94dab5c90f372d89a42cd30ff68b47d685fc74c7a85b25c62e32ca27 111802 
libgmime2.4-cil_2.4.23-1_all.deb
 06799ab36c091987814da041e349cf57cf2961f28c7431463b0a641c992acfcb 76410 
libgmime2.4-cil-dev_2.4.23-1_all.deb
 1912ec38403829487ed60ff1a95e990828937ac68d54c830872197f19544e09c 133554 
monodoc-gmime2.4-manual_2.4.23-1_all.deb
Files: 
 3e4f4cf38580701d61397cffcc154def 1764 libs optional gmime2.4_2.4.23-1.dsc
 e87b33de73cf8c0d4a33faaa24038a29 1115530 libs optional 
gmime2.4_2.4.23.orig.tar.gz
 555e94ba115def1b9fe5c01039886bb4 5654 libs optional gmime2.4_2.4.23-1.diff.gz
 a6f7dae389c64692f2728aa403d753fa 274388 libdevel optional 
libgmime-2.4-dev_2.4.23-1_i386.deb
 8e1cef1b549052e4606ab66bcd6ce61c 218210 doc optional 
libgmime-2.4-doc_2.4.23-1_all.deb
 261311f41ffc64d35097c880faad390e 217912 libs optional 
libgmime-2.4-2_2.4.23-1_i386.deb
 bf64f8e3b7ecee6552e89e50457f6507 111802 cli-mono optional 
libgmime2.4-cil_2.4.23-1_all.deb
 9b6b22d18929af64c319fed6740c7052 76410 cli-mono optional 
libgmime2.4-cil-dev_2.4.23-1_all.deb
 05fde4cdcc1691fc1c93b38af430aea8 133554 doc optional 
monodoc-gmime2.4-manual_2.4.23-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iJwEAQECAAYFAk1+epcACgkQcJWf5zskR2FK4QP+IvABBMsImFb6keheIDj1Z3hR
qXNGbxvzai4wtzdutw3cHlXONQOXp1iSQjxwfPhKSMrUfJSl3mt+r2haZqd9N2Qv
3M4e8FxaOLdJbVfKRlefyS/Z2aetsS30wcEJ0iY31dFY68U9ySywaEsWdAJDHD01
UfzC1p8wH4NwdHmCci8=
=scas
-----END PGP SIGNATURE-----

--- End Message ---

Bug#616366: marked as done (libgmime-2.4-2: segmentation fault at gmime-gpg-context.c:1448)

Reply via email to