Package: libssl1.1 Version: 1.1.0f-3+deb9u2 Severity: important Hi,
tl;dr: please apply https://github.com/openssl/openssl/commit/819d18f6116e97845ebe453128f3c2a78e42a785 in stretch. Long version: We are running several systems with libnss-pgsql. Calling getgrent() - in this case from ruby - segafults while closing the database connection. The backtrace shows that the segfault is happening at ../crypto/err/err.c:383 while trying to run err_clear(es, i) with es = NULL. This is fixed since one year in the openssl 1.1.0 stable branch. Thread 1 "ruby2.3" received signal SIGSEGV, Segmentation fault. ERR_clear_error () at ../crypto/err/err.c:383 383 ../crypto/err/err.c: No such file or directory. (gdb) bt full #0 ERR_clear_error () at ../crypto/err/err.c:383 i = <optimized out> es = 0x0 #1 0x00007ffff537be7f in pgtls_write (conn=0x555555b81170, ptr=0x555555b86a50, len=5) at ./build/../src/interfaces/libpq/fe-secure-openssl.c:306 n = <optimized out> result_errno = 0 sebuf = " \352\377\377\377\177\000\000p9\234\367\377\177\000\000\002", '\000' <repeats 63 times>, "\002", '\000' <repeats 174 times> err = <optimized out> ecode = <optimized out> #2 0x00007ffff537715e in pqsecure_write (conn=conn@entry=0x555555b81170, ptr=ptr@entry=0x555555b86a50, len=len@entry=5) at ./build/../src/interfaces/libpq/fe-secure.c:289 No locals. #3 0x00007ffff536e886 in pqSendSome (conn=conn@entry=0x555555b81170, len=5) at ./build/../src/interfaces/libpq/fe-misc.c:855 sent = <optimized out> ptr = 0x555555b86a50 "X" remaining = 5 result = 0 #4 0x00007ffff536ea35 in pqFlush (conn=conn@entry=0x555555b81170) at ./build/../src/interfaces/libpq/fe-misc.c:972 No locals. #5 0x00007ffff536518f in closePGconn (conn=conn@entry=0x555555b81170) at ./build/../src/interfaces/libpq/fe-connect.c:3016 notify = <optimized out> pstatus = <optimized out> #6 0x00007ffff53651b6 in PQfinish (conn=0x555555b81170) at ./build/../src/interfaces/libpq/fe-connect.c:3071 No locals. #7 0x00007ffff558c164 in backend_close (type=type@entry=110 'n') at backend.c:129 No locals. #8 0x00007ffff558bb2a in cleanup () at config.c:153 No locals. #9 0x00007ffff6a05940 in __run_exit_handlers (status=0, listp=0x7ffff6d695d8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:83 atfct = <optimized out> onfct = <optimized out> cxafct = <optimized out> f = <optimized out> #10 0x00007ffff6a0599a in __GI_exit (status=<optimized out>) at exit.c:105 No locals. #11 0x00007ffff69f02e8 in __libc_start_main (main=0x5555555548d0 <main>, argc=2, argv=0x7fffffffeb88, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffeb78) at ../csu/libc-start.c:325 result = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -4861333080558588301, 93824992233760, 140737488350080, 0, 0, -1595323182457082253, -1595306961704767885}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffffffeba0, 0x7ffff7ffe170}, data = {prev = 0x0, cleanup = 0x0, canceltype = -5216}}} not_first_call = <optimized out> #12 0x000055555555494a in _start () No symbol table info available. Thanks a lot, Bernd -- Bernd Zeimetz Senior Systems Engineer Debian Developer, Palo Alto ACE conova communications GmbH Zentrale Salzburg Karolingerstraße 36a 5020 Salzburg, Austria T +43 662/22 00-313 M +43 676/830 50 313 b.zeim...@conova.com www.conova.com Gesetzliche Pflichtangaben: www.conova.com/impressum www.conova.com/datenschutz
smime.p7s
Description: S/MIME cryptographic signature
