Your message dated Thu, 19 Apr 2012 18:32:52 +0000
with message-id <[email protected]>
and subject line Bug#666405: fixed in openssl 1.0.1a-1
has caused the Debian Bug report #666405,
regarding openssl: dovecot (imap-login) segfault on libcrypto.so.1.0.0 (1.0.1-2)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
666405: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666405
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssl
Version: 1.0.1-2
Severity: important
When some imap client use SSL or TLS connection to connect my dovecot imap
server,
the daemon imap-login segfault.
To workaround the problem, I have downgrade libssl to wheezy version (1.0.0h-1).
Below the backtrace with version 1.0.1-2
Without symbols:
#0 0x00007fe2b98b8431 in RC4 () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#1 0x000000000000012d in ?? ()
#2 0x00000000000000df in ?? ()
#3 0x0000000001ff16a0 in ?? ()
#4 0x00007fe2b991e9c9 in ?? () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#5 0x00007fe2b9c26b8f in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
#6 0x00007fe2b9c1de18 in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
#7 0x00007fe2b9c1e144 in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
#8 0x00007fe2ba0ef0cf in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
#9 0x00007fe2ba0ef1c8 in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
#10 0x00007fe2b9ea4488 in io_loop_call_io () from
/usr/lib/dovecot/libdovecot.so.0
#11 0x00007fe2b9ea5517 in io_loop_handler_run () from
/usr/lib/dovecot/libdovecot.so.0
#12 0x00007fe2b9ea4418 in io_loop_run () from /usr/lib/dovecot/libdovecot.so.0
#13 0x00007fe2b9e92623 in master_service_run () from
/usr/lib/dovecot/libdovecot.so.0
#14 0x00007fe2ba0e8022 in main () from /usr/lib/dovecot/libdovecot-login.so.0
#15 0x00007fe2b92a6ead in __libc_start_main () from
/lib/x86_64-linux-gnu/libc.so.6
#16 0x0000000000402349 in ?? ()
#17 0x00007fffce1fdf48 in ?? ()
#18 0x000000000000001c in ?? ()
#19 0x0000000000000002 in ?? ()
#20 0x00007fffce1ffeba in ?? ()
#21 0x00007fffce1ffecd in ?? ()
#22 0x0000000000000000 in ?? ()
With symbols (ie: libssl1.0.0-dbg:amd64)
#0 RC4 () at rc4-x86_64.s:343
warning: Source file is more recent than executable.
343 movl (%rdi,%rax,4),%edx
(gdb) bt
#0 RC4 () at rc4-x86_64.s:343
#1 0x000000000000012d in ?? ()
#2 0x00000000000000df in ?? ()
#3 0x00000000020b5660 in ?? ()
#4 0x00007fc075f6a9c9 in rc4_hmac_md5_cipher (ctx=<optimized out>,
out=0x20aae98
".\324\300\377Ǽ|#\242\300\233\025T\341\002}\237\242\240\273G\260\257\214z\321\001HKȫRA\257HC0\"0\257N*1C/,$\252-N1&%&1\261\"/0C*'C\246-\"!/&C*\nb%
SO\261\067\303\060,17^'*\260\063/\":C7+\261&\"'^1&%\246\061&-
&0C\267+1&\"'^1\246%0C.6/7\252\"33&-'C\266-0&/& 7\303 +*/'1&\255C-\".&03\242
&C6*'3\257\066\060C/*07\316&;7&-'&\247C*R[-/&\265&/^RC ,\255"..., in=<optimized
out>, len=0) at e_rc4_hmac_md5.c:163
#5 0x00007fc076272b8f in tls1_enc (s=0x209c120, send=1) at t1_enc.c:828
#6 0x00007fc076269e18 in do_ssl3_write (s=0x209c120, type=23,
buf=0x209cf34 "2 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS
ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND
UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CON"..., len=285,
create_empty_fragment=0) at s3_pkt.c:808
#7 0x00007fc07626a144 in ssl3_write_bytes (s=0x209c120, type=23,
buf_=0x209cf34, len=<optimized out>) at s3_pkt.c:605
#8 0x00007fc07673b0cf in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
#9 0x00007fc07673b1c8 in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
#10 0x00007fc0764f0488 in io_loop_call_io () from
/usr/lib/dovecot/libdovecot.so.0
#11 0x00007fc0764f1517 in io_loop_handler_run () from
/usr/lib/dovecot/libdovecot.so.0
#12 0x00007fc0764f0418 in io_loop_run () from /usr/lib/dovecot/libdovecot.so.0
#13 0x00007fc0764de623 in master_service_run () from
/usr/lib/dovecot/libdovecot.so.0
#14 0x00007fc076734022 in main () from /usr/lib/dovecot/libdovecot-login.so.0
#15 0x00007fc0758f2ead in __libc_start_main () from
/lib/x86_64-linux-gnu/libc.so.6
#16 0x0000000000402349 in ?? ()
#17 0x00007fffbca25e78 in ?? ()
#18 0x000000000000001c in ?? ()
#19 0x0000000000000002 in ?? ()
#20 0x00007fffbca27eb9 in ?? ()
#21 0x00007fffbca27ecc in ?? ()
#22 0x0000000000000000 in ?? ()
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8@euro, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.13-27
ii libssl1.0.0 1.0.1-2
ii zlib1g 1:1.2.6.dfsg-2
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20120212
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 1.0.1a-1
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:
libcrypto1.0.0-udeb_1.0.1a-1_amd64.udeb
to main/o/openssl/libcrypto1.0.0-udeb_1.0.1a-1_amd64.udeb
libssl-dev_1.0.1a-1_amd64.deb
to main/o/openssl/libssl-dev_1.0.1a-1_amd64.deb
libssl-doc_1.0.1a-1_all.deb
to main/o/openssl/libssl-doc_1.0.1a-1_all.deb
libssl1.0.0-dbg_1.0.1a-1_amd64.deb
to main/o/openssl/libssl1.0.0-dbg_1.0.1a-1_amd64.deb
libssl1.0.0_1.0.1a-1_amd64.deb
to main/o/openssl/libssl1.0.0_1.0.1a-1_amd64.deb
openssl_1.0.1a-1.debian.tar.gz
to main/o/openssl/openssl_1.0.1a-1.debian.tar.gz
openssl_1.0.1a-1.dsc
to main/o/openssl/openssl_1.0.1a-1.dsc
openssl_1.0.1a-1_amd64.deb
to main/o/openssl/openssl_1.0.1a-1_amd64.deb
openssl_1.0.1a.orig.tar.gz
to main/o/openssl/openssl_1.0.1a.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Apr 2012 19:54:12 +0200
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc
libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.1a-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl-doc - SSL development documentation documentation
libssl1.0.0 - SSL shared libraries
libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 666405
Changes:
openssl (1.0.1a-1) unstable; urgency=high
.
* New upstream version
- Fixes CVE-2012-2110
- Fix crash in rc4_hmac_md5 (Closes: #666405)
- Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is
supported
- Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch,
applied upstream.
Checksums-Sha1:
124d81bdd9625afd18a727ecc0b5882626124d31 2200 openssl_1.0.1a-1.dsc
b7c4608c36fa84bfcce39baba5afacd65184be5b 4456456 openssl_1.0.1a.orig.tar.gz
374aa432383e9e88ad427663ba3e9939000c319b 88586 openssl_1.0.1a-1.debian.tar.gz
f8fabfa363980b5bba177fe12412f213bac1ed40 1198312 libssl-doc_1.0.1a-1_all.deb
81b3bf0be236db8dec26ee0bb395d13499fe1a36 695518 openssl_1.0.1a-1_amd64.deb
025bcfa3b063f829dbf598691ca53730284f0bf1 1209788 libssl1.0.0_1.0.1a-1_amd64.deb
9d9e35830e65a863cbde3804bdc5af4f0b6a3f19 771370
libcrypto1.0.0-udeb_1.0.1a-1_amd64.udeb
d7f91fbc87997bf66f649812c5fcf04861e87d67 1694892 libssl-dev_1.0.1a-1_amd64.deb
efe1adc959251f9d13821eb3290cfcfe716aa081 2306164
libssl1.0.0-dbg_1.0.1a-1_amd64.deb
Checksums-Sha256:
69383ef41f7614de21b1364d8bc51aac3b718f9e5c7f1ac73dc962d8dc52f1db 2200
openssl_1.0.1a-1.dsc
d3487e09d891c772cf946273a3bb0ca47479e7941be6d822274320e7cfcc361b 4456456
openssl_1.0.1a.orig.tar.gz
21537151f6a90cae56cb25819c745ae2cae636dd61c5a9b30c968a967171c4f6 88586
openssl_1.0.1a-1.debian.tar.gz
1cd8a69e51012df512382bb1674db68bcf5ecf27ebb99d59fd57d6533b318bd0 1198312
libssl-doc_1.0.1a-1_all.deb
9bbe8c3b348d01875133d22924323404d4fe982fd6745dffcbd3829d7b9e8183 695518
openssl_1.0.1a-1_amd64.deb
d0e61cdca3addd32fba2bdb740884c84c0e7d278eb1201d3cda1a11d4f2ebcdb 1209788
libssl1.0.0_1.0.1a-1_amd64.deb
4fa0bfd737bccc6abcebadea30c3b12e790370e7d5942ff338d3c2974b133e29 771370
libcrypto1.0.0-udeb_1.0.1a-1_amd64.udeb
22231bfdd8ccd232f8b32d3046b9d4006a73d0ede60d075c2b06b2e4bb2b6a58 1694892
libssl-dev_1.0.1a-1_amd64.deb
f28bb54cadc9e680e9e533d9f6524f5bc60ca7e9db350f39ba72362452e24e18 2306164
libssl1.0.0-dbg_1.0.1a-1_amd64.deb
Files:
b1de1ce0b3d71f035cd3a782c7ee0474 2200 utils optional openssl_1.0.1a-1.dsc
a0104320c0997cd33e18b8ea798609d1 4456456 utils optional
openssl_1.0.1a.orig.tar.gz
4c567ead11ad8f8aac53690689206999 88586 utils optional
openssl_1.0.1a-1.debian.tar.gz
182284630e0424459716b493a8f67d34 1198312 doc optional
libssl-doc_1.0.1a-1_all.deb
69ef44666bbff3c0571fe363d104ac09 695518 utils optional
openssl_1.0.1a-1_amd64.deb
61b1bab0cfd1694a6e971bb847e6e4e6 1209788 libs important
libssl1.0.0_1.0.1a-1_amd64.deb
99e0ffc4c4fd508cbcfc2b9c1e83a9ee 771370 debian-installer optional
libcrypto1.0.0-udeb_1.0.1a-1_amd64.udeb
8acfde46308b1daca08173f04a6b4b5e 1694892 libdevel optional
libssl-dev_1.0.1a-1_amd64.deb
5a3d20892dfaf5f049c8137248c434cf 2306164 debug extra
libssl1.0.0-dbg_1.0.1a-1_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJPkFdcAAoJEGpMZM6DE7XwUvAQAIeGgva6kpmgPvn9SmQPkZjy
b6i/gFCkklhpTamTRAHcdasIbkRtkyVorRX60Qmr9duSrTojq7ha3XaujvLt2cPB
o0PWeENouP5r3ra4Q67dez9/gS+gaDlKiGo2T4u1TGV8NTG7eXJyHBoNjgy00Ha5
3Ji3VN2GjMxhKJF+vFd7UvJUHV4eka522wOPxhPbhSypcszVXYshSoEBGvwnigPv
A8UJHWtHZTgN/qB9jGZ/HN1ZXS5X+Xpow6Kvsd4E+JOv0veAKm7yGht7iiujNdSM
2rXqBq5y0f1Y+YlD5vjZyRmx7byjZ1SUAH7yzZ5hYO/Zq6niDMN2WpZmpHixgu3j
nNgZn0ykwK0js98wcu5F6Y8zBjsxeHAKSeKVZliiZAy3mlNQQGfmGUKuAVqV+HJy
FGEVDHpaGgGkSfYtxKuax0B6EkveJPdg8kF28UNO3n3GcFthuKmIbYoQir5k1Y9A
renufKvA9SKzr2n+4Mku+ntqGr7+k526z6CfZB35nHL1dpnG3oo4qIlJLpSgMyDO
N+P/UgcHj8OHur1SMc7Hq64Soh/84UM2CtMwpxENpmBoHxzr5B/wnOUqdWeJOf5n
RrLitVR0xkv25mW0tuXl+hfmt0QZStE8s2VWdquiaGt/D13kCAwxfC5BQ5xzrQCA
Y8If3Of74dQuUJJTczWF
=n/2o
-----END PGP SIGNATURE-----
--- End Message ---
