Bug#1007739: curl breaks stenographer autopkgtest: curl: (27) Out of memory
I can confirm this is the same bug (the test log errors at the end of
stenocurl, which passes --cacert "$CERTPATH/ca_cert.pem"). This can be
trivially reproduced by running
-- >8 --
$ openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout
"/tmp/snakeoil.key" -out "/tmp/snakeoil.crt" -subj "/CN=localhost"
Generating a RSA private key
...
writing new private key to '/tmp/snakeoil.key'
-
$ python3 -uc "
import http.server, ssl, sys, os, time, random
sys.stdin.close()
httpd, err, port = None, None, None
for i in range(1, 100):
port = random.randint(0xC000, 0x) # ephemeral range
try:
httpd = http.server.HTTPServer(('localhost', port),
http.server.SimpleHTTPRequestHandler)
break
except:
err = sys.exc_info()[1]
time.sleep(i / 100)
if not httpd:
raise err
with open('/tmp/snakeoil.port', 'w') as portf:
print(port, file=portf)
httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True,
keyfile='/tmp/snakeoil.key', certfile='/tmp/snakeoil.crt',
ssl_version=ssl.PROTOCOL_TLS)
print('{} start on {}'.format(os.getpid(), port))
httpd.serve_forever()
" &
$ read -r port < /tmp/snakeoil.port
$ curl --cacert /tmp/snakeoil.crt https://localhost:$port
curl: (27) Out of memory
$ curl --insecure https://localhost:$port 2>/dev/null | wc
127.0.0.1 - - [18/Mar/2022 15:16:46] "GET / HTTP/1.1" 200 -
66 1332570
-- >8 --
As well as any program that uses libcurl's CURLOPT_CAINFO:
-- >8 --
# SSL_CA_CERT_FILE=/tmp/snakeoil.crt zfs create -o encryption=on -o
keyformat=passphrase -o keylocation=https://localhost:$port/PASSPHRASE
testpool/testfs2
cannot create 'testpool/testfs2': Failed to connect to
https://localhost:55645/PASSPHRASE: Out of memory
-- >8 --
I've rebuilt curl 7.82.0-1+b1 with upstream commit
https://github.com/curl/curl/commit/911714d617c106ed5d553bf003e34ec94ab6a136
which fixes this (and applies cleanly), and can also confirm that it
fixes the issue at hand:
-- >8 --
$ curl --cacert /tmp/snakeoil.crt https://localhost:$port 2>/dev/null | wc
127.0.0.1 - - [18/Mar/2022 16:14:26] "GET / HTTP/1.1" 200 -
45 912530
# SSL_CA_CERT_FILE=/tmp/snakeoil.crt zfs create -o encryption=on -o
keyformat=passphrase -o keylocation=https://localhost:56107/PASSPHRASE
testpool/testfs2
$ zfs get keylocation testpool/testfs2
testpool/testfs2keylocation https://localhost:56107/PASSPHRASE local
-- >8 --
If a release with the fix isn't coming out in the near future I think
it'd be nice if a -2 package were published with that commit in as a
patch; this, clearly, breaks primarily autotests (indeed, this driver
is extracted verbatim from the ZFS test suite).
Best,
наб
signature.asc
Description: PGP signature
Bug#1007739: curl breaks stenographer autopkgtest: curl: (27) Out of memory
On Tue, 15 Mar 2022, Paul Gevers wrote: This is likely this same issue: https://github.com/curl/curl/issues/8559 Fixed in curl (after the 7.82.0 release) via this PR: https://github.com/curl/curl/pull/8560 -- / daniel.haxx.se
Bug#1007739: curl breaks stenographer autopkgtest: curl: (27) Out of memory
Source: curl, stenographer Control: found -1 curl/7.82.0-1 Control: found -1 stenographer/1.0.1-2 Severity: serious Tags: sid bookworm User: debian...@lists.debian.org Usertags: breaks needs-update Dear maintainer(s), With a recent upload of curl the autopkgtest of stenographer fails in testing when that autopkgtest is run with the binary packages of curl from unstable. It passes when run with only packages from testing. In tabular form: passfail curl from testing7.82.0-1 stenographer from testing1.0.1-2 all others from testingfrom testing I copied some of the output at the bottom of this report. Currently this regression is blocking the migration of curl to testing [1]. Due to the nature of this issue, I filed this bug report against both packages. Can you please investigate the situation and reassign the bug to the right package? More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=curl https://ci.debian.net/data/autopkgtest/testing/amd64/s/stenographer/19997617/log.gz Using interface eth0 ● stenographer.service - packet capture to disk Loaded: loaded (/lib/systemd/system/stenographer.service; disabled; vendor preset: enabled) Active: active (running) since Tue 2022-03-15 08:12:20 UTC; 15ms ago Docs: https://github.com/google/stenographer https://github.com/google/stenographer/blob/master/DESIGN.md https://github.com/google/stenographer/blob/master/INSTALL.md Main PID: 1917 (stenographer) Tasks: 6 (limit: 462652) Memory: 9.1M CPU: 7ms CGroup: /system.slice/stenographer.service └─1917 /usr/sbin/stenographer Mar 15 08:12:20 ci-074-d629a5ed systemd[1]: Started packet capture to disk. active % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 271 100 2710 0 1532 0 --:--:-- --:--:-- --:--:-- 1539 ● stenographer.service - packet capture to disk Loaded: loaded (/lib/systemd/system/stenographer.service; disabled; vendor preset: enabled) Active: active (running) since Tue 2022-03-15 08:12:20 UTC; 3min 0s ago Docs: https://github.com/google/stenographer https://github.com/google/stenographer/blob/master/DESIGN.md https://github.com/google/stenographer/blob/master/INSTALL.md Main PID: 1917 (stenographer) Tasks: 13 (limit: 462652) Memory: 22.6M CPU: 157ms CGroup: /system.slice/stenographer.service ├─1917 /usr/sbin/stenographer └─1925 /usr/sbin/stenotype --blocks=256 --seccomp=none --threads=1 --dir=/tmp/stenographer2493450690 --iface=eth0 Mar 15 08:12:20 ci-074-d629a5ed systemd[1]: Started packet capture to disk. tcp0 0 127.0.0.1:1234 0.0.0.0:* LISTEN 1917/stenographer Running stenographer query 'after 5m ago', piping to 'tcpdump ' curl: (27) Out of memory tcpdump: truncated dump file; tried to read 4 file header bytes, only got 0 autopkgtest [08:15:21]: test run-example OpenPGP_signature Description: OpenPGP digital signature
