Package: libgnutls-deb0-28
Version: 3.3.8-3
Severity: grave
Justification: breaks related softwares (minbif, ircd-ratbox)
Control: affects -1 = minbif ircd-ratbox
Coin,
I had to update all my certificates because our CA is going to expire
soon. I then restarted all services with the new CA and server
certificates and it worked for all services but minbif and ircd-ratbox
(probably the only ones using gnutls). minbif fork for each connecting
user and the new process crash ; see the strace and gdb trace
attached. I was not able yet to get a core for ircd-ratbox but the
strace is similar.
Reverting the certificates (which are still valid until the end of the
month) did not help. Downgrading gnutls to 3.3.8-2 (before the rusage
patch) did not help either.
I find two things disturbing. First, fd 3 is used to read the public
key, closed, but then read again which fails and the abort is done
shortly afterwards. Second, rnd_func() fails like if there was no
entropy available, but /proc/sys/kernel/random/entropy_avail proves it
wrong (the machine has a hardware generator with rngd).
As for the timing, i uploaded ircd-ratbox on 2014-07-29 which worked
perfectly on the testing suite at that time (after a gnutls 3 patch).
Tell me if you need anything tested and thanks for your help.
Regards.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgnutls-deb0-28 depends on:
ii libc6 2.19-12
ii libgmp10 2:6.0.0+dfsg-4
ii libhogweed22.7.1-3
ii libnettle4 2.7.1-3
ii libp11-kit00.20.7-1
ii libtasn1-6 4.1-1
ii multiarch-support 2.19-12
ii zlib1g 1:1.2.8.dfsg-1
--
Marc Dequènes (Duck)
#0 0x7f9727650107 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
resultvar = 0
pid = 28099
selftid = 28099
#1 0x7f97276514e8 in __GI_abort () at abort.c:89
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x1631eb0, sa_sigaction =
0x1631eb0}, sa_mask = {__val = {140733327892112, 140733327890224,
140287214206471, 1, 0, 0, 140287177530664, 23280608, 140733327890224, 23290456,
140287214232357, 4294966954, 0, 23264720, 0, 0}}, sa_flags = 0, sa_restorer =
0x161a220}
sigs = {__val = {32, 0 repeats 15 times}}
#2 0x7f9728009199 in rnd_func (_ctx=0x0, length=264, data=0x7fff08045740
) at pk.c:62
No locals.
#3 0x7f97238cd346 in nettle_mpz_random_size (x=0x7fff08045910, ctx=0x0,
random=0x7f9728009169 rnd_func, bits=2112) at bignum-random.c:44
length = 264
data = 0x7fff08045740
#4 0x7f97238cd3d1 in nettle_mpz_random (x=0x7fff08045910, ctx=0x0,
random=0x7f9728009169 rnd_func, n=0x7fff08045a48) at bignum-random.c:81
No locals.
#5 0x7f97238d024a in _nettle_rsa_blind (pub=0x7fff08045a40,
random_ctx=0x0, random=0x7f9728009169 rnd_func, c=0x7fff08045a30,
ri=0x7fff08045980) at rsa-blind.c:50
r = {{_mp_alloc = 1, _mp_size = 0, _mp_d = 0x161a400}}
#6 0x7f97238cedbd in nettle_rsa_pkcs1_sign_tr (pub=0x7fff08045a40,
key=0x7fff08045a70, random_ctx=0x0, random=0x7f9728009169 rnd_func,
length=51, digest_info=0x1638500 010\r\006\t`\206H\001e\003\004\002\001\005,
s=0x7fff08045a30) at rsa-pkcs1-sign-tr.c:47
ri = {{_mp_alloc = 1, _mp_size = 0, _mp_d = 0x161a310}}
#7 0x7f972800a997 in _wrap_nettle_pk_sign (algo=GNUTLS_PK_RSA,
signature=0x7fff08045bf0, vdata=0x7fff08045b80, pk_params=0x1644680) at pk.c:566
priv = {size = 256, d = {{_mp_alloc = 33, _mp_size = 32, _mp_d =
0x1639180}}, p = {{_mp_alloc = 17, _mp_size = 16, _mp_d = 0x1639320}}, q =
{{_mp_alloc = 17, _mp_size = 16, _mp_d = 0x1638a10}}, a = {{_mp_alloc = 16,
_mp_size = 16, _mp_d = 0x16398d0}}, b = {{_mp_alloc = 16, _mp_size = 16, _mp_d
= 0x1639960}}, c = {{_mp_alloc = 17, _mp_size = 16, _mp_d = 0x1638aa0}}}
pub = {size = 256, n = {{_mp_alloc = 33, _mp_size = 32, _mp_d =
0x1639070}}, e = {{_mp_alloc = 1, _mp_size = 1, _mp_d = 0x1616800}}}
s = {{_mp_alloc = 32, _mp_size = 32, _mp_d = 0x1639e40}}
ret = 134502912
hash_len = 32767
me = 0x7f9723d44e5a
#8 0x7f9727f4176c in gnutls_privkey_sign_raw_data (key=0x1645860, flags=0,
data=0x7fff08045b80, signature=0x7fff08045bf0) at gnutls_privkey.c:909
No locals.
#9 0x7f9727f4147c in gnutls_privkey_sign_data (signer=0x1645860,
hash=GNUTLS_DIG_SHA256, flags=0, data=0x7fff08045be0, signature=0x7fff08045bf0)
at gnutls_privkey.c:788
ret = 0
digest = {data = 0x1638500
010\r\006\t`\206H\001e\003\004\002\001\005, size = 51}
me = 0x7f972824b360 hash_algorithms+96
#10 0x7f9727f2d4ad in _gnutls_check_key_cert_match (res=0x16350e0) at
gnutls_cert.c:936
test = {data =