Bug#551155: marked as done (libssl0.9.8: New Segmentation Fault after installing starttls when signing into emacs-jabber in Lenny)

Tue, 29 Jun 2010 10:57:30 -0700 

Your message dated Tue, 29 Jun 2010 20:15:04 +0300
with message-id <87vd91yd47....@bubble.risko.hu>
and subject line starttls removed from Debian
has caused the Debian Bug report #551155,
regarding libssl0.9.8:  New Segmentation Fault after installing starttls when 
signing into  emacs-jabber in Lenny
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
551155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551155
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libssl0.9.8
Version: 0.9.8g-15+lenny5
Severity: grave
Justification: renders package unusable

*** Please type your report below this line ***

Intro
=====

I've been using Emacs and Emacs-Jabber for a while now, quite
flawlessly and wonderfully.  However, since I've installed the
starttls package (to use Gnus with GMail), emacs-jabber has been
unable to connect with ``jabber-connect`` or ``jabber-connect-all``, 
as it segfaults with the following message:

[12268.905313] starttls[12313]: segfault at 1a0 ip b7f4a804 sp
bf8a0ec0 error 4 in libssl.so.0.9.8[b7f2e000+43000]
[12268.905313] starttls[12313]: segfault at 1a0 ip b7f4a804 sp
bf8a0ec0 error 4 in libssl.so.0.9.8[b7f46000+43000]

Workaround
==========
Removing starttls allows emacs-jabber to work again, so starttls is segfaulting libssl0.9.8. starttls shouldn't be trying to cause libssl 
to segfault, but at the same time, libssl shouldn't segfault (it
should instead fail with some sort of warning, right?), so it seems 
like both packages are at fault to some degree.

This issue is marked as grave because it breaks both libssl and
unrelated software: you can use either Emacs-Jabber or Gnus with
Gmail, but never both.  Perhaps someone can find a configuration
workaround that allows emacs-jabber to avoid using starttls so libssl 
doesn't crash?

I'm unsure of the security implications of segfaulting libssl.
Emacs-jabber won't connect at all with starttls installed, so we're 
not opening up a user's jabber account.  However, I'm unsure what
someone could actually do with a segfaulted libssl.

Reproducing the Problem
=======================

#. Install emacs, emacs-jabber.
#. Configure both.  My emacs-jabber specific ``~/.emacs`` settings
 include::

  (custom-set-variables
    '(jabber-account-list (quote (("u...@clanthac0.com"))))
   '(jabber-show-offline-contacts nil)
  )
#. Make sure you can connect to all of your favorite jabber servers 
 without segfault.  From within Emacs::

  M-x jabber-connect-all

#. Configure .gnus to use Gmail (check the Emacs-Wiki for
 instruction).  My ``~/.gnus`` settings include::

  (setq gnus-select-method
               '(nnimap "gmail"
                        (nnimap-address "imap.gmail.com")
                        (nnimap-server-port 993)
                        (nnimap-stream ssl)))

  (setq message-send-mail-function 'smtpmail-send-it
        smtpmail-starttls-credentials '(("smtp.gmail.com" 587
"nick.m.d...@gmail.com" nil))
        smtpmail-auth-credentials '(("smtp.gmail.com" 587
"nick.m.d...@gmail.com" nil))
        smtpmail-default-smtp-server "smtp.gmail.com"
        smtpmail-smtp-server "smtp.gmail.com"
        smtpmail-smtp-service 587
  )
      #. Install starttls.
#. Play around with Gnus and make sure Gmail works.  From within
 Emacs::

  M-x gnus
#. Attempt to connect to jabber again, via ``M-x jabber-connect-all``. 
#. Verify that it segfaults with an error message when you attempt
 from a virtual terminal.

Versions
========

emacs-jabber 0.7.91-2
starttls 0.10-3

Thanks,
Nick

-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl0.9.8 depends on:
ii  debconf [debconf-2.0]  1.5.24            Debian configuration
management sy
ii  libc6                  2.7-18            GNU C Library: Shared
libraries
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime 

libssl0.9.8 recommends no packages.

libssl0.9.8 suggests no packages.

-- debconf information:
libssl0.9.8/restart-failed:
* libssl0.9.8/restart-services: tor ntp postfix spamassassin

--- End Message ---
--- Begin Message --- 
Version: 0.10-3+rm

Starttls has been removed from Debian, please see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587264

Therefore I close these bugs now.

Thanks,
Gergely

--- End Message ---

Reply via email to