[Pkg-mozext-maintainers] Bug#782772: logging into metnors.debian.net crashes iceweasel ..
Control: reassign 782772 iceweasel Control: found 782772 37.0.2-1 38.0-2 Control: tags 782772 + upstream Control: forwarded 782772 https://bugzilla.mozilla.org/show_bug.cgi?id=1165911 On Mon 2015-05-18 10:07:48 -0400, Daniel Kahn Gillmor wrote: > After upgrading to 38.0-2, with iceweasel-dbg, i get the following > backtrace during the segfault: > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7fffd94fe700 (LWP 10459)] > 0x7403bb87 in GatherEKUTelemetry (certList=...) > at > /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047 http://sources.debian.net/src/iceweasel/38.0-2/security/manager/ssl/src/SSLServerCertVerification.cpp/?hl=1024#L1047 Digging a little bit further, it looks like a bug when iceweasel's telemetry code tries to deal with an X.509v3 certificate which has no extensions. I've reported the problem uptsream at https://bugzilla.mozilla.org/show_bug.cgi?id=1165911 In the meantime, i note that the end-entity certificate offered by mentors.debian.net is provided twice in the TLS handshake (which is not advisable), and it has no X.509v3 extensions. The Debian CA (cc'ing debina-ad...@debian.org here), which issued the mentors.debian.net certificate, should probably re-issue the certificate with some v3 extensions in it, at least: * basicConstraints (CA:False) * keyUsage (digitalSignature at least, keyEncipherment if you want to support RSA key exchange on mentors.debian.net) * extendedKeyUsage (TLS www server) * subjectAltName (mentors.debian.net) These are good ideas for certificate issuance anyway, and they would also fix the iceweasel segfault. please let me know if i can help diagnose or repair this further. Regards, --dkg Processed 156 CA certificate(s). Resolving 'mentors.debian.net'... Connecting to '185.22.221.46:443'... - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `CN=mentors.debian.net', issuer `O=Debian,CN=ca.debian.org,EMAIL=debian-ad...@debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2014-04-09 14:59:15 UTC', expires `2016-04-28 14:59:15 UTC', SHA-1 fingerprint `82906f583787e47bf78594160895becae554ee89' Public Key ID: cce07f1ed3b6cc884d372d5a1062c8915f342f03 Public key's random art: +--[ RSA 2048]+ | ..E.o | | ..o ..o | | +.o.+ .| | . =.. + | | . S . | | . o . | |. = B . | | * @ + | |. = +| +-+ -BEGIN CERTIFICATE- MIID5zCCAc+gAwIBAgIBcjANBgkqhkiG9w0BAQUFADBRMQ8wDQYDVQQKEwZEZWJp YW4xFjAUBgNVBAMTDWNhLmRlYmlhbi5vcmcxJjAkBgkqhkiG9w0BCQEWF2RlYmlh bi1hZG1pbkBkZWJpYW4ub3JnMB4XDTE0MDQwOTE0NTkxNVoXDTE2MDQyODE0NTkx NVowHTEbMBkGA1UEAxMSbWVudG9ycy5kZWJpYW4ubmV0MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA0KDLpr1TgPJOfINyuzz9Gl9Goad/y3WmzfkGsrwA 6yVdPsQgXCZifESHLvAQH4FsE+EA1HH8Xn7Lj0X5o5ovrm8Z1myFo07TZ6Ib66Fy ErZFQSZHSpZyeq4OqOLDFx3yp7kZrJgpB6uc+YFq3+6rnqGUuuujGWcYak9KV0oJ R9yPG4ezS/b7eOXeoGwvBiaMzTlqQsm2vJBMjn3CnjB2nVK694BxdpoStU6rybtK v8Y/m2p3HA/LVGbUE1kzarr8m4QmpyzympzH37y5nQuwUBW5PG8r2+mBSmaOqN5m yEiuTVqCWb0me1oddqPKIJm9p3QKJby+vg6AVTmfp8SX/wIDAQABMA0GCSqGSIb3 DQEBBQUAA4ICAQAalklKXmri2Kay0m4ps2QXZbDb1fY6mxFKMHAm98CNMla2jd5V +xYCCU2szsQSltpXZPN+PbRTI/pI7KVNOw6aopgcUIj5qYt5p9haJBmVl4aYdiNW NTlK/lcOCsHNrrU0QTqIJ7cR/sh0FY1joGr6jCmDt1lRbRVliZw8kTe4mLezHuQz vt5faNoiURxtAu7LagI8P+llOrNu5X3+Ww6cXwS8konZnGLslbBlcHYSo5b7MNN9 e75E1lXMITnO9ChUIA79shA1xcF8GcFdfEJUS1z5hnWWs21Rw5Y8c6NZXpth2sHT w0qXZXP4arCMAft8O0f2YxKvUGPBX0Gbbv66RXTPw6ztCiQFKol8o3Cv61plm15j jsfq5465ab62vOYctn8iwSUyU+LML2QuG0hnUBppOwxXwxqOtwYbO026tmsii3Ia UbpvxAs7n0saKzkG8zY94E6J4hqG/5JQoaeWSaQTRwfs5jShvg7BpkDotyCz94vm iuKYNJ1HghWv8LW7UUwxR6PZA7cRUclLNpJO3tX5ZxA7UtCUjuwvBuXDNr91Itq7 7JWQDrAKtMBZeC67mvZvhYOWw9Z9FlMUZ6OXu6GrEU4CVCqGj84SfolarOgrVeji std2VPFc4HXU/YDIp7gCCM0WL1DaOF9Ba58B08mmgN7H2Qa4IvvCBKl8tw== -END CERTIFICATE- - Certificate[1] info: - subject `CN=mentors.debian.net', issuer `O=Debian,CN=ca.debian.org,EMAIL=debian-ad...@debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2014-04-09 14:59:15 UTC', expires `2016-04-28 14:59:15 UTC', SHA-1 fingerprint `82906f583787e47bf78594160895becae554ee89' -BEGIN CERTIFICATE- MIID5zCCAc+gAwIBAgIBcjANBgkqhkiG9w0BAQUFADBRMQ8wDQYDVQQKEwZEZWJp YW4xFjAUBgNVBAMTDWNhLmRlYmlhbi5vcmcxJjAkBgkqhkiG9w0BCQEWF2RlYmlh bi1hZG1pbkBkZWJpYW4ub3JnMB4XDTE0MDQwOTE0NTkxNVoXDTE2MDQyODE0NTkx NVowHTEbMBkGA1UEAxMSbWVudG9ycy5kZWJpYW4ubmV0MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA0KDLpr1TgPJOfINyuzz9Gl9Goad/y3WmzfkGsrwA 6yVdPsQgXCZifESHLvAQH4FsE+EA1HH8Xn7Lj0X5o5ovrm8Z1myFo07TZ6Ib66Fy ErZFQSZHSpZyeq4OqOLDFx3yp7kZrJgpB6uc+YFq3+6rnqGUuuujGWcYak9KV0oJ R9yPG4ezS/b7eOXeoGwvBiaMzTlqQsm2vJBMjn
[Pkg-mozext-maintainers] Bug#782772: logging into metnors.debian.net crashes iceweasel ..
On Mon 2015-05-18 00:45:34 -0400, Norbert Preining wrote: > On Sun, 17 May 2015, Paul Wise wrote: >> > it seems there is a serious problem with iceweasel crashing on >> > https sites even from Debian, like mentors.debian.org >> > (interestingly *not* https://www.debian.org/) >> > >> > I have contacted the Debian Mentors Team, and Paul Wise >> > advised me to contact both security and icewease packaging team. >> > >> > I have reproduced this with iceweasel --safe-mode, it crashes >> > (segfaults) repeatetly when accessing any >> >https://mentors.debian.org/ I think this was supposed to be https://mentors.debian.net/, not .org. >> > I guess this must be a but in Iceweasel, but follow the advise >> > of Paul to contact security, too. >> >> There is now a public bug report about this: >> >> https://bugs.debian.org/782772 > > Unfortunately, this seems to be different. I have HTTPS Everywhere > disabled, and it still crashes. > > Then I removed the package from Debian and it still crashes. > > So it seems there are more things concerned. I have also disabled > other SSL related addons, without success. Crash is 100% repeatable. I can replicate it as well with 37.0.2-1, starting from a fresh profile and in safe-mode: 0 dkg@alice:~$ iceweasel -no-remote -profile "$(mktemp -d)" -safe-mode https://mentors.debian.net/ (process:7717): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed Segmentation fault 139 dkg@alice:~$ iceweasel -version (process:7782): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed Mozilla Iceweasel 37.0.2 0 dkg@alice:~$ After upgrading to 38.0-2, with iceweasel-dbg, i get the following backtrace during the segfault: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffd94fe700 (LWP 10459)] 0x7403bb87 in GatherEKUTelemetry (certList=...) at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047 1047 /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp: No such file or directory. (gdb) bt #0 0x7403bb87 in mozilla::psm::(anonymous namespace)::AuthCertificate(mozilla::psm::CertVerifier&, mozilla::psm::TransportSecurityInfo*, CERTCertificate*, mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) (certList=...) at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047 #1 0x7403bb87 in mozilla::psm::(anonymous namespace)::AuthCertificate(mozilla::psm::CertVerifier&, mozilla::psm::TransportSecurityInfo*, CERTCertificate*, mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) (certList=...) at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1117 #2 0x7403bb87 in mozilla::psm::(anonymous namespace)::AuthCertificate(mozilla::psm::CertVerifier&, mozilla::psm::TransportSecurityInfo*, CERTCertificate*, mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) (certVerifier=..., infoObject=0x7fffcccfdbc0, cert=, peerCertChain=..., stapledOCSPResponse=0x0, providerFlags=, time=...) at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1182 #3 0x7403be5b in mozilla::psm::(anonymous namespace)::SSLServerCertVerificationJob::Run() (this=0x7fffcc2e1920) at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1310 #4 0x72c1f799 in nsThreadPool::Run() (this=0x76b53e80) at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThreadPool.cpp:225 ---Type to continue, or q to quit--- #5 0x72c1d3a3 in nsThread::ProcessNextEvent(bool, bool*) (this=0x7fffcfff8ed0, aMayWait=, aResult=0x7fffd94fddf7) at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThread.cpp:855 #6 0x72c32829 in NS_ProcessNextEvent(nsIThread*, bool) (aThread=, aMayWait=aMayWait@entry=false) at /tmp/buildd/iceweasel-38.0/xpcom/glue/nsThreadUtils.cpp:265 #7 0x72de9f64 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) (this=0x7fffce44fbc0, aDelegate=0x7fffd4cb9fc0) at /tmp/buildd/iceweasel-38.0/ipc/glue/MessagePump.cpp:339 #8 0x72dde9d7 in MessageLoop::Run() (this=0x7fffd4cb9fc0) at /tmp/buildd/iceweasel-38.0/ipc/chromium/src/base/message_loop.cc:226 #9 0x72dde9d7 in MessageLoop::Run() (this=this@entry=0x7fffd4cb9fc0) at /tmp/buildd/iceweasel-38.0/ipc/chromium/src/base/message_loop.cc:200 #10 0x72c21aa1 in nsThread::ThreadFunc(void*) (aArg=0x7fffcfff8ed0) at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThread.cpp:356 #11 0x71aeefa8 in _pt_root (arg=0x7fffd1d6dca0) at ptthread.c:212 #12 0x77bc70a4 in start_thread (arg=0x7fffd94fe700) at pthread_create.c:309 #13 0x770eb04d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 (gdb) hth, --dkg signature.asc Description: PGP signature ___
[Pkg-mozext-maintainers] Bug#782772: logging into metnors.debian.net crashes iceweasel ..
On Sun, 17 May 2015, Paul Wise wrote: > > it seems there is a serious problem with iceweasel crashing on > > https sites even from Debian, like mentors.debian.org > > (interestingly *not* https://www.debian.org/) > > > > I have contacted the Debian Mentors Team, and Paul Wise > > advised me to contact both security and icewease packaging team. > > > > I have reproduced this with iceweasel --safe-mode, it crashes > > (segfaults) repeatetly when accessing any > > https://mentors.debian.org/ > > I guess this must be a but in Iceweasel, but follow the advise > > of Paul to contact security, too. > > There is now a public bug report about this: > > https://bugs.debian.org/782772 Unfortunately, this seems to be different. I have HTTPS Everywhere disabled, and it still crashes. Then I removed the package from Debian and it still crashes. So it seems there are more things concerned. I have also disabled other SSL related addons, without success. Crash is 100% repeatable. Norbert PREINING, Norbert http://www.preining.info JAIST, Japan TeX Live & Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13 ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers