Package: firejail-profiles
Version: 0.9.70-1
Severity: normal
Dear Maintainer,
Debian have patched the current transmission to fit OpenSSL 3.0, but in
order
to use the legacy RC4 algorithm, ossl-modules/legacy.so should be able
to load
at runtime, otherwise Debian-patched transmission programs will be
terminated
with SIGSEGV when trying to set up an EVP_CIPHER_CTX for RC4, as in the
attached backtrace. (against a /usr/local/bin/transmission-daemon built from
Debian-patched source with the same config, but with debug symbols retained)
This dependency has rendered the current Debian-patched transmission
programs
cannot run inside firejail with shipped profiles. To walk this issue around,
"private-lib <multiarch triplet>/ossl-modules,legacy.so" should be added
into
the (included) profile snippet of the transmission program.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.17.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=zh_CN.utf8, LC_CTYPE=zh_CN.utf8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages firejail-profiles depends on:
ii firejail 0.9.70-1
firejail-profiles recommends no packages.
firejail-profiles suggests no packages.
-- no debconf information
#0 0x0000563113cb4c0f in tr_rc4_set_key (h=0x0, key=key@entry=0x7f5ee6068170 "D\333O\357m\020F\260\213\r\216\320u\310\330Vs\273>\272", key_length=key_length@entry=20) at crypto-utils-openssl.c:255
255 if (!check_result(EVP_CIPHER_CTX_set_key_length(handle->cipher_ctx, key_length)))
[Current thread is 1 (Thread 0x7f5ee606a640 (LWP 55))]
#1 0x0000563113cdad31 in initRC4 (crypto=crypto@entry=0x7f5ee38f69b0, setme=setme@entry=0x7f5ee38f69b8, key=<optimized out>) at crypto.c:106
#2 0x0000563113cdb040 in tr_cryptoEncryptInit (crypto=0x7f5ee38f69b0) at crypto.c:140
#3 0x0000563113cdbaba in readYb (inbuf=0x7f5ee376dba0, handshake=0x7f5ee3699190) at handshake.c:460
#4 canRead (io=<optimized out>, arg=0x7f5ee3699190, piece=<optimized out>) at handshake.c:1060
#5 0x0000563113cc5c5b in canReadWrapper (io=0x7f5ee38f65f0) at peer-io.c:211
#6 0x0000563113ced542 in UTP_ProcessIncoming (conn=conn@entry=0x7f5ee376d050, packet=packet@entry=0x7f5ee6068a50 "\001", len=len@entry=363, syn=syn@entry=false) at utp.cpp:2158
#7 0x0000563113cee380 in UTP_IsIncomingUTP (incoming_proc=incoming_proc@entry=0x563113ca78e0 <incoming>, send_to_proc=send_to_proc@entry=0x563113ca7a30 <tr_utpSendTo>, send_to_userdata=send_to_userdata@entry=0x563114b0ac00, buffer=buffer@entry=0x7f5ee6068a50 "\001",
len=len@entry=363, to=<optimized out>, tolen=16) at utp.cpp:2587
#8 0x0000563113ca7aba in tr_utpPacket (buf=buf@entry=0x7f5ee6068a50 "\001", buflen=buflen@entry=363, from=from@entry=0x7f5ee60689d0, fromlen=16, ss=ss@entry=0x563114b0ac00) at tr-utp.c:181
#9 0x0000563113ca71f5 in event_callback (s=<optimized out>, type=<optimized out>, sv=0x563114b0ac00) at tr-udp.c:285
#10 0x00007f5ee7d25428 in ?? () from /usr/lib/x86_64-linux-gnu/libevent-2.1.so.7
#11 0x00007f5ee7d25b77 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.1.so.7
#12 0x0000563113ca84d8 in libeventThreadFunc (veh=0x563114b0b170) at trevent.c:263
#13 0x0000563113c96d38 in ThreadFunc (_t=0x563114af5570) at platform.c:104
#14 0x00007f5ee762ad80 in start_thread (arg=0x7f5ee606a640) at pthread_create.c:481
#15 0x00007f5ee754476f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
