Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 246976 - mail-client/claws-mail-3.6.1 segfaults with new/patched >net-libs/gnutls-2.2.5
Summary: mail-client/claws-mail-3.6.1 segfaults with new/patched >net-libs/gnutls-2.2.5
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Christian Faulhammer (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2008-4989
  Show dependency tree
 
Reported: 2008-11-15 19:54 UTC by parafin
Modified: 2008-11-18 12:01 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description parafin 2008-11-15 19:54:19 UTC 
mail-client/claws-mail-3.6.1 segfaults with any current version of net-libs/gnutls but 2.2.5 while trying to use ssl. dmesg have lines like this: claws-mail[26460]: segfault at 11 ip b7f52876 sp bf8b5590 error 4 in libgnutls.so.26.11.2[b7ef2000+a9000]
This issue is related to patch for CVE-2008-4989 vuln IMHO. As I see from bug #245850 2.2.5 version of gnutls is the only one unpatched + everything worked fine before that update to gnutls.
And yeah, server i try to get mail from has self-signed certificate.

Use flags for gnutls: cxx lzo nls zlib -bindist -doc -guile
Use flags for claws-mail: crypt imap ipv6 session spell ssl xface -bogofilter -dillo -doc -gnome -gnutls -kde -ldap -nntp -pda -spamassassin -startup-notification
emerge --info:
Portage 2.2_rc14 (default/linux/x86/2008.0/desktop, gcc-4.3.2, glibc-2.8_p20080602-r0, 2.6.26.2 i686)
=================================================================
System uname: Linux-2.6.26.2-i686-Intel-R-_Pentium-R-_M_processor_1500MHz-with-glibc2.0
Timestamp of tree: Wed, 12 Nov 2008 21:30:12 +0000
distcc 3.0 i686-pc-linux-gnu [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p39
dev-lang/python:     2.5.2-r8
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r8
dev-util/cmake:      2.6.2
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.3.0-r1
sys-apps/sandbox:    1.2.18.1-r3
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1
sys-devel/binutils:  2.19
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium-m -fomit-frame-pointer -ftracer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /lib/rcscripts/addons/dm-crypt-start.sh"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=pentium-m -fomit-frame-pointer -ftracer -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FEATURES="buildpkg ccache distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://parafin/ http://mirror.yandex.ru/gentoo-distfiles/"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/local/portage/layman/alon-barlev /usr/local/portage/layman/pro-audio"
SYNC="rsync://server/gentoo-portage/"
USE="X a52 aac acpi adns alsa audiofile bash-completion berkdb bzip2 cairo caps cdparanoia cracklib crypt cscope cups curl cxx dbus djvu dri dts dvb dvd dvdread encode exif expat fam fbcon ffmpeg fftw flac fltk fontconfig foomaticdb ftp gd gdbm gif gimp glib gpm graphviz gtk gtk2 gtkhtml iconv id3tag idn imagemagick imap imlib ipv6 jack javascript jpeg ladspa lash lcms libsamplerate mad matroska mbox midi mmap mmx mmxext mng mp3 mpeg ncurses nls nocd nptl nsplugin offensive ogg opengl pam pcre pdf perl pic png ppds pulseaudio python qt3support qt4 quicktime raw readline ruby sasl sdl session slang sndfile speex spell sqlite sse sse2 ssl svg tcl tcltk tcpd theora threads tiff timidity tk truetype unicode usb videos vim-syntax vorbis wifi win32codecs x264 x86 xface xml xosd xpm xv xvid zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="intel"
Unset:  CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 parafin 2008-11-15 20:35:45 UTC 
Also last messages from claws-mail --debug:
ssl.c:315:waiting for SSL_connect thread...
ssl.c:333:SSL_connect thread returned 0
Segmentation fault
Comment 2 Didier Barvaux 2008-11-15 21:20:03 UTC 
I also encouter the problem with a self-signed certificate. Upstream discussed about this problem and seems to have found a fix. See thread http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.gnutls.devel&article=3216 on the upstream ML.
Comment 3 Didier Barvaux 2008-11-15 21:41:03 UTC 
(In reply to comment #2)
> I also encouter the problem with a self-signed certificate. Upstream discussed
> about this problem and seems to have found a fix. See thread
> http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.gnutls.devel&article=3216
> on the upstream ML.

Sorry, the thread that I mentioned resulted in the patch provided with the ebuild. So, there is still a bug intoduced by the first patch for the CVE problem and not fixed by the second one.
Comment 4 Didier Barvaux 2008-11-15 22:06:49 UTC 
Upstream commited patch http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=2de9d54256592195e6b1b04272802efa037ed1a8.  I tested the patch with the gentoo 2.4.1-r1 ebuild of gnutls, it fixes the problem for me.
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2008-11-17 15:24:53 UTC 
So this seem to be a failure in gnutls (adding net-mail team).  Also have a look at security bug 245850, which caused the whole trouble for stable users.
Comment 6 Christian Hoffmann (RETIRED) gentoo-dev 2008-11-17 16:44:02 UTC 
Ok, adding me to CC to track this bug for security reasons and adding crypto@ who maintains gnutls...

If I got this correctly, this affects both (security-)fixed versions, i.e. gnutls-2.4.1-r1 and >=gnutls-2.6.0-r1, right?

Considering that this is a regression in a stable package which at least renders claws-mail (anything else?) unusable in certain cases, we might want to increase severity.
Comment 7 parafin 2008-11-17 16:54:44 UTC 
I tried all 4 versions: 2.2.5, 2.4.1-r1, 2.6.0-r1 and 2.6.1 - only the first one worked fine with claws-mail.
Comment 8 Daniel Black (RETIRED) gentoo-dev 2008-11-18 12:01:08 UTC 
fixed - sorry for the oversight. gnutls-2.4.1-r2.ebuild and gnutls-2.6.0-r2.ebuild added for your error free claws.