Bug#865311:

2017-06-26 Thread Jon Kåre Hellan 
C programs which start a jvm using jni also segfault. This smells like 
fundamentally the same issue.
I added a "me too" to debian bug 865746 (collectd), with links to info 
about the issue at Ubuntu - including
a test program to reproduce. See 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865746#15 and #16.

Bug#865311: SIGSEGV in jsvc / LibreOffice after kernel update

2017-06-22 Thread Charles Leclerc 
2017-06-22 14:01 GMT+02:00 Ben Hutchings :
> I have candidate fixes for this regression which are available at:
> https://people.debian.org/~benh/packages/CVE-2017-1000364/
> [...]
> I have tested these using Charles Leclerc's sample jsvc service and my
> own stack clash test program, but would appreciate other testing
> results.
>

I've installed the 3.16.43-2+deb8u2 version on our jessie integration
server and it looks good, the jsvc services started properly. I'll let
the new kernel running and keep an eye on it.

Charles

Bug#865311: jsvc: SIGSEV in child process when starting jsvc

2017-06-22 Thread Jan Korbel 
Thanks for hint. It's working again.

cat /etc/default/unifi

JSVC_EXTRA_OPTS=-Xss1280k

-- jc

On Thu, 22 Jun 2017 07:30:55 +
André Schild  wrote:

> Adding these options to JSVC prevents it from crashing:
> -Xss1280k
> 
> André

Bug#865311: jsvc: SIGSEV in child process when starting jsvc

2017-06-22 Thread André Schild 
On Wed, 21 Jun 2017 09:47:38 +0200 Charles Leclerc  
wrote:
> 2017-06-21 3:10 GMT+02:00 Ben Hutchings :
> >
> > Control: tag -1 confirmed
> > Control: fixed -1 4.11.6-1
> >
> > On Tue, 20 Jun 2017 15:12:25 +0200 Charles Leclerc 
> >  wrote:
> > > Package: jsvc
> > > Version: 1.0.15-6+deb8u1
> > > Severity: important
> > >
> > > When trying to start a very simple java daemon on jessie jsvc
> > > through systemd we obtain this error message:
> > >
> > >  Service killed by signal 11
> > >
> > > Then we need to SIGKILL the parent process.
> > [...]
> > > I've installed a fresh VM to try to reproduce this bug on a new machine :
> > >
> > > - installed jessie with ssh and standard utilities
> > > - installed openjdk-8-jre from backports
> > > - installed jsvc
> > > - Created this java file:
> > [...]
> > > - compiled with:
> > >  $ javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java
> > > - and tried to run with:
> > >  $ /usr/bin/jsvc -nodetach -outfile '&2' -errfile '&2' -pidfile 
> > > /tmp/jsvc.pid -cp /usr/share/java/commons-daemon-1.0.15.jar -java-home 
> > > /usr/lib/jvm/java-8-openjdk-

Adding these options to JSVC prevents it from crashing:
-Xss1280k

André

Bug#865311: jsvc: SIGSEV in child process when starting jsvc

2017-06-21 Thread Charles Leclerc 
2017-06-21 3:10 GMT+02:00 Ben Hutchings :
>
> Control: tag -1 confirmed
> Control: fixed -1 4.11.6-1
>
> On Tue, 20 Jun 2017 15:12:25 +0200 Charles Leclerc 
>  wrote:
> > Package: jsvc
> > Version: 1.0.15-6+deb8u1
> > Severity: important
> >
> > When trying to start a very simple java daemon on jessie jsvc
> > through systemd we obtain this error message:
> >
> >  Service killed by signal 11
> >
> > Then we need to SIGKILL the parent process.
> [...]
> > I've installed a fresh VM to try to reproduce this bug on a new machine :
> >
> > - installed jessie with ssh and standard utilities
> > - installed openjdk-8-jre from backports
> > - installed jsvc
> > - Created this java file:
> [...]
> > - compiled with:
> >  $ javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java
> > - and tried to run with:
> >  $ /usr/bin/jsvc -nodetach -outfile '&2' -errfile '&2' -pidfile 
> > /tmp/jsvc.pid -cp /usr/share/java/commons-daemon-1.0.15.jar -java-home 
> > /usr/lib/jvm/java-8-openjdk-amd64 Run
> >  Service killed by signal 11
> [...]
>
> Thanks, this makes it pretty easy to reproduce.  I did have to add
> ':$PWD' to the end of the -cp argument though.

Indeed.

>
> The kernel version in unstable has a later version of the fix and that
> *doesn't* cause jsvc to crash.  So we should probably switch to that
> version soon.

I'll wait for that thanks !

> Ben.
>
> --
> Ben Hutchings
> The most exhausting thing in life is being insincere. - Anne Morrow
> Lindberg
>

Charles

Bug#865311: jsvc: SIGSEV in child process when starting jsvc

2017-06-20 Thread Ben Hutchings 
Control: tag -1 confirmed
Control: fixed -1 4.11.6-1

On Tue, 20 Jun 2017 15:12:25 +0200 Charles Leclerc  
wrote:
> Package: jsvc
> Version: 1.0.15-6+deb8u1
> Severity: important
> 
> When trying to start a very simple java daemon on jessie jsvc
> through systemd we obtain this error message:
> 
>  Service killed by signal 11
> 
> Then we need to SIGKILL the parent process.
[...]
> I've installed a fresh VM to try to reproduce this bug on a new machine :
> 
> - installed jessie with ssh and standard utilities
> - installed openjdk-8-jre from backports
> - installed jsvc
> - Created this java file:
[...]
> - compiled with:
>  $ javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java
> - and tried to run with:
>  $ /usr/bin/jsvc -nodetach -outfile '&2' -errfile '&2' -pidfile /tmp/jsvc.pid 
> -cp /usr/share/java/commons-daemon-1.0.15.jar -java-home 
> /usr/lib/jvm/java-8-openjdk-amd64 Run
>  Service killed by signal 11
[...]

Thanks, this makes it pretty easy to reproduce.  I did have to add
':$PWD' to the end of the -cp argument though.

The kernel version in unstable has a later version of the fix and that
*doesn't* cause jsvc to crash.  So we should probably switch to that
version soon.

Ben.

-- 
Ben Hutchings
The most exhausting thing in life is being insincere. - Anne Morrow
Lindberg



signature.asc
Description: This is a digitally signed message part

Bug#865311: #865311: security update for CVE-2017-1000364 breaks UniFi Controller

2017-06-20 Thread Markus Koschany 
reassign 865311 src:linux
retitle 865311 security update for CVE-2017-1000364 breaks UniFi Controller
thanks

Am 20.06.2017 um 22:30 schrieb Charles Leclerc:
> Downgrading linux-image-3.16.0-4-amd64 to 3.16.43-2 defenitely fixes the
> problem.

Ok, then I am going to reassign this bug report to src:linux because
this looks like a kernel regression.

Summary:


Security update for CVE-2017-1000364 breaks the UniFi controller and
leads to segmentation faults when using the jsvc package.

Regards,

Markus






signature.asc
Description: OpenPGP digital signature

Bug#865311: #865311: security update for CVE-2017-1000364 breaks UniFi Controller

2017-06-20 Thread Markus Koschany 
reassign -1 src:linux
retitle -1 security update for CVE-2017-1000364 breaks UniFi Controller
thanks

Am 20.06.2017 um 22:30 schrieb Charles Leclerc:
> Downgrading linux-image-3.16.0-4-amd64 to 3.16.43-2 defenitely fixes the
> problem.

Ok, then I am going to reassign this bug report to src:linux because
this looks like a kernel regression.

Summary:


Security update for CVE-2017-1000364 breaks the UniFi controller and
leads to segmentation faults when using the jsvc package.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#865311:

2017-06-20 Thread Martin Burmester 
Hello,

this is widely discussed in the ubiquity Forum [1] because it breakes the UniFi 
Controller.

Consensus seems to be that the kernel upgrade with the fix for CVE-2017-1000364 
caused the issue.

Strech seems to be affected as well.

Cheers,
Martin

[1] 
https://community.ubnt.com/t5/UniFi-Wireless/Unifi-Controller-on-Debian-9/td-p/1967180

Bug#865311: jsvc: SIGSEV in child process when starting jsvc

2017-06-20 Thread Charles Leclerc 
Package: jsvc
Version: 1.0.15-6+deb8u1
Severity: important

When trying to start a very simple java daemon on jessie jsvc through systemd 
we obtain this error message:

 Service killed by signal 11

Then we need to SIGKILL the parent process.

The problem appeared on our servers after the last apt upgrade which installed 
the following packages (the servers were rebooted after the upgrade):

Upgrade: python-acme:amd64 (0.10.2-1~bpo8+1, 0.10.2-1~bpo8+2), 
libgnutls-openssl27:amd64 (3.3.8-6+deb8u5, 3.3.8-6+deb8u6), 
multiarch-support:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), 
linux-image-3.16.0-4-amd64:amd64 (3.16.43-2, 3.16.43-2+deb8u1), 
exim4-base:amd64 (4.84.2-2+deb8u3, 4.84.2-2+deb8u4), libgnutls-deb0-28:amd64 
(3.3.8-6+deb8u5, 3.3.8-6+deb8u6), libc-dev-bin:amd64 (2.19-18+deb8u9, 
2.19-18+deb8u10), libc-bin:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), libc6:amd64 
(2.19-18+deb8u9, 2.19-18+deb8u10), exim4-daemon-light:amd64 (4.84.2-2+deb8u3, 
4.84.2-2+deb8u4), exim4-config:amd64 (4.84.2-2+deb8u3, 4.84.2-2+deb8u4), 
libzzip-0-13:amd64 (0.13.62-3, 0.13.62-3+deb8u1), linux-libc-dev:amd64 
(3.16.43-2, 3.16.43-2+deb8u1), libffi-dev:amd64 (3.1-2+b2, 3.1-2+deb8u1), 
locales:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), locales-all:amd64 
(2.19-18+deb8u9, 2.19-18+deb8u10), libc6-dev:amd64 (2.19-18+deb8u9, 
2.19-18+deb8u10), libgcrypt20:amd64 (1.6.3-2+deb8u2, 1.6.3-2+deb8u3), 
libffi6:amd64 (3.1-2+b2,
  3.1-2+deb8u1)

I've installed a fresh VM to try to reproduce this bug on a new machine :

- installed jessie with ssh and standard utilities
- installed openjdk-8-jre from backports
- installed jsvc
- Created this java file:

-
import org.apache.commons.daemon.Daemon;
import org.apache.commons.daemon.DaemonContext;
import org.apache.commons.daemon.DaemonInitException;

public class Run implements Daemon {

private class Runner extends Thread {
public void run() {
synchronized(this) {
try {
wait();
} catch (Exception e) {}
}
}
}

Runner r = new Runner();

@Override
public void init(DaemonContext context) throws DaemonInitException, 
Exception {}


@Override
public void start() throws Exception {
r.start();
}

@Override
public void stop() throws Exception {
synchronized(r) {
r.notify();
}
}

@Override
public void destroy() {}
}


Which basically starts and wait for termination

- compiled with:
 $ javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java
- and tried to run with:
 $ /usr/bin/jsvc -nodetach -outfile '&2' -errfile '&2' -pidfile /tmp/jsvc.pid 
-cp /usr/share/java/commons-daemon-1.0.15.jar -java-home 
/usr/lib/jvm/java-8-openjdk-amd64 Run
 Service killed by signal 11
 
I would upgrade to stretch but it's not yet supported on our OVH vps.

Thanks for your help !

-- System Information:
Debian Release: 8.8
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages jsvc depends on:
ii  libc6   2.19-18+deb8u10
ii  libcommons-daemon-java  1.0.15-6+deb8u1

Versions of packages jsvc recommends:
ii  openjdk-8-jre-headless [java2-runtime-headless]  8u131-b11-1~bpo8+1

jsvc suggests no packages.

-- no debconf information