From owner-svn-src-releng@freebsd.org Wed Mar 9 09:12:56 2016 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 37655AC96B8; Wed, 9 Mar 2016 09:12:56 +0000 (UTC) (envelope-from antoine.brodin.freebsd@gmail.com) Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EF9849F5; Wed, 9 Mar 2016 09:12:55 +0000 (UTC) (envelope-from antoine.brodin.freebsd@gmail.com) Received: by mail-ig0-x233.google.com with SMTP id vf5so6884001igb.0; Wed, 09 Mar 2016 01:12:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-transfer-encoding; bh=C+E1J/LuhKTXYJSArMgrZs/QyIMqDOOvGRQr6lEy8kk=; b=Hxk95889VKlMD3Kgbdrt4oXHDOMMy/7JLngP4O+Cz24VFwAvbhuMPuCh5BqalIGYsq LgyGO07MBk88E0J2foiLpwjcBhvp+gjvwb3P38zM9Cp+ijzTLmkRIXULLaYlnZhQ7vij GJWYYQWhOMwjkbblp3ggGIBbcLHHQIgPlrkQlI30Dzg2HQNsck7GskkevFECjJ+7+4AC GdteU3CfSW7ByEsEW9XDpagoqShW5D4l7NBES/OpeCF73olH0B+Zg+AQovb7LfdZkV7c f6pILZ8yvUhrhGxsX1Hj1+B8dWQD0G6noTHdIm5d/o6mnP0NkQ9+ATByYzVbWVnfCHTq SZ/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=C+E1J/LuhKTXYJSArMgrZs/QyIMqDOOvGRQr6lEy8kk=; b=Hx6rSTkdnrUPVCaZ4ot0kNNkzf0dmuV5OXE4/52uLN4GnA43KA/rnzB///GkGr8Kwr DsnRgw5jMpHHC9XL2UlpwVKOJ6iI5FAzAX7xUrcHjAIsoiuEbXIES/2Rozq8VaFWm+xy uoOoyodLvDQ7OV+ETmuFIjz1tsYr1Kh76iJ+67oCCJM9GfxUD+DcvFShySYEFq2JL9iR BAl5gmITKzmjCtL3e6+jGsl1+nkgiuwPTmxVwrXkfB50Jrw/wTFl1Qj0wKhOK2khtozf B75zgGHDolZ6F5rwyHeaRWmLQVMv/eqtcLVxvdXNj9rrAM0Nd7fOgdQHcw9qKkNigLKJ 0+kQ== X-Gm-Message-State: AD7BkJI52VwiZBJGua7c8gYvg9V7nDDeE+R+kiphXpMUA3dhk1o2oVat4+pgVCaK1o3/RGny0NNlbZQDTpErAw== MIME-Version: 1.0 X-Received: by 10.50.111.230 with SMTP id il6mr23199009igb.66.1457514775145; Wed, 09 Mar 2016 01:12:55 -0800 (PST) Sender: antoine.brodin.freebsd@gmail.com Received: by 10.107.159.135 with HTTP; Wed, 9 Mar 2016 01:12:55 -0800 (PST) In-Reply-To: References: <201603071622.u27GMC4a082792@repo.freebsd.org> <9B6D673B7B15CCDC424E97A8@atuin.in.mat.cc> <56DEFD08.6050100@FreeBSD.org> <63FB9E5BBBF224CA12839457@ogg.in.absolight.net> <56DEFDF5.2040500@FreeBSD.org> <1E2DCDEE8775312979CE7D0B@ogg.in.absolight.net> <56DF0234.2090307@FreeBSD.org> <56DF025B.1090706@FreeBSD.org> <56DF0550.6000604@FreeBSD.org> Date: Wed, 9 Mar 2016 09:12:55 +0000 X-Google-Sender-Auth: ADisL0jqWWG5oPAoSCX5l6tc9ac Message-ID: Subject: Re: svn commit: r296465 - in releng/9.3: . crypto/openssl crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf cry... From: Antoine Brodin To: Xin LI Cc: Mathieu Arnold , Jung-Uk Kim , Bryan Drewery , Xin LI , "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , svn-src-releng@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 09:12:56 -0000 On Wed, Mar 9, 2016 at 12:47 AM, Xin LI wrote: > This may be related to the BN changes (CVE-2016-0797 and/or > CVE-2016-0702). Will reverting just that portion of r296462 (stable/9 > patch would apply on 9.3 as well) help? This would help to narrow > down the root cause. > > I can't really do any debugging right now but will take a look as soon as= I can. fetch is also having Segmentation faults on some https sites after the 9.3-RELEASE-p37 update, see for instance: http://beefy2.nyi.freebsd.org/data/93amd64-default/410591/logs/errors/waifu= 2x-converter-cpp-1.0.0.410.log http://beefy2.nyi.freebsd.org/data/93amd64-default/410591/logs/errors/narci= ssu2-1.1.log Antoine > On Tue, Mar 8, 2016 at 2:45 PM, Mathieu Arnold wrote: >> >> >> +--On 8 mars 2016 09:01:04 -0800 Bryan Drewery wr= ote: >> | On 3/8/2016 8:52 AM, Mathieu Arnold wrote: >> |> +--On 8 mars 2016 08:48:27 -0800 Bryan Drewery >> |> wrote: >> |> | On 3/8/2016 8:47 AM, Bryan Drewery wrote: >> |> |> On 3/8/2016 8:35 AM, Mathieu Arnold wrote: >> |> |>> +--On 8 mars 2016 08:29:41 -0800 Bryan Drewery >> |> |>> wrote: >> |> |>> | On 3/8/2016 8:28 AM, Mathieu Arnold wrote: >> |> |>> |> +--On 8 mars 2016 08:25:44 -0800 Bryan Drewery >> |> |>> |> wrote: >> |> |>> |> | On 3/7/2016 4:29 PM, Mathieu Arnold wrote: >> |> |>> |> |> +--On 7 mars 2016 16:22:12 +0000 Xin LI >> |> |>> |> |> wrote: >> |> |>> |> |> | Author: delphij >> |> |>> |> |> | Date: Mon Mar 7 16:22:11 2016 >> |> |>> |> |> | New Revision: 296465 >> |> |>> |> |> | URL: https://svnweb.freebsd.org/changeset/base/296465 >> |> |>> |> |> | >> |> |>> |> |> | Log: >> |> |>> |> |> | Fix multiple OpenSSL vulnerabilities. >> |> |>> |> |> | >> |> |>> |> |> | Security: FreeBSD-SA-16:12.openssl >> |> |>> |> |> | Approved by: so >> |> |>> |> |> >> |> |>> |> |> After that, poudriere bulk fails with: >> |> |>> |> |> >> |> |>> |> |> [00:00:07] =3D=3D=3D=3D>> Creating pkgng repository >> |> |>> |> |> Creating repository in /tmp/packages: 100% >> |> |>> |> |> Packing files for repository: 0%Child process pid=3D50970 >> |> |>> |> |> terminated abnormally: Segmentation fault: 11 >> |> |>> |> |> [00:00:08] =3D=3D=3D=3D>> Cleaning up >> |> |>> |> |> 9amd64-pkgng-default: removed >> |> |>> |> |> 9amd64-pkgng-default-n: removed >> |> |>> |> |> >> |> |>> |> |> pkg-static is the one doing the segfault... >> |> |>> |> |> >> |> |>> |> | >> |> |>> |> | Is QEMU involved here? >> |> |>> |> | >> |> |>> |> | Do you have PKG_REPO_FROM_HOST or PKG_REPO_SIGNING_KEY set? = (Not >> |> |>> |> | saying you should) >> |> |>> |> >> |> |>> |> No, it's a regular 9amd64 build on a 10.2 amd64 host. >> |> |>> |> >> |> |>> | >> |> |>> | Can you please rebuild pkg with debug symbols and then run your= 9.3 >> |> |>> | version against the repo in gdb? >> |> |>> >> |> |>> I could yes, but not today, tomorrow at the earliest. How do I b= uild >> |> |>> the port with debug symbols ? >> |> |>> >> |> |> >> |> |> WITH_DEBUG=3Dyes make >> |> |> >> |> | >> |> | You might need this too: DEBUG_FLAGS=3D"-g -O0" >> |> >> |> Mmmm, ok, what commands do I need to run ? >> |> >> | >> | (assuming devel/gdb installed) >> | gdb710 --args /usr/local/sbin/pkg-static repo >> |# run >> | >> |# bt full >> >> Ok, so, it's 9.3, so there's no gdb710, but: >> >> >> the command ran is: >> >> root@pkg:/tmp/foo # pkg repo . ../repo.key >> Creating repository in .: 100% >> Packing files for repository: 0%Child process pid=3D16312 terminated >> abnormally: Segmentation fault: 11 >> root@pkg:/tmp/foo # gdb /usr/local/sbin/pkg pkg.core >> GNU gdb 6.1.1 [FreeBSD] >> Copyright 2004 Free Software Foundation, Inc. >> GDB is free software, covered by the GNU General Public License, and you= are >> welcome to change it and/or distribute copies of it under certain >> conditions. >> Type "show copying" to see the conditions. >> There is absolutely no warranty for GDB. Type "show warranty" for detai= ls. >> This GDB was configured as "amd64-marcel-freebsd"... >> Core was generated by `pkg'. >> Program terminated with signal 11, Segmentation fault. >> Reading symbols from /usr/local/lib/libpkg.so.3...done. >> Loaded symbols for /usr/local/lib/libpkg.so.3 >> Reading symbols from /lib/libutil.so.9...done. >> Loaded symbols for /lib/libutil.so.9 >> Reading symbols from /usr/lib/libssl.so.6...done. >> Loaded symbols for /usr/lib/libssl.so.6 >> Reading symbols from /lib/libcrypto.so.6...done. >> Loaded symbols for /lib/libcrypto.so.6 >> Reading symbols from /lib/libm.so.5...done. >> Loaded symbols for /lib/libm.so.5 >> Reading symbols from /usr/lib/libelf.so.1...done. >> Loaded symbols for /usr/lib/libelf.so.1 >> Reading symbols from /lib/libjail.so.1...done. >> Loaded symbols for /lib/libjail.so.1 >> Reading symbols from /usr/lib/libarchive.so.5...done. >> Loaded symbols for /usr/lib/libarchive.so.5 >> Reading symbols from /lib/libz.so.6...done. >> Loaded symbols for /lib/libz.so.6 >> Reading symbols from /usr/lib/libbz2.so.4...done. >> Loaded symbols for /usr/lib/libbz2.so.4 >> Reading symbols from /usr/lib/liblzma.so.5...done. >> Loaded symbols for /usr/lib/liblzma.so.5 >> Reading symbols from /lib/libc.so.7...done. >> Loaded symbols for /lib/libc.so.7 >> Reading symbols from /lib/libbsdxml.so.4...done. >> Loaded symbols for /lib/libbsdxml.so.4 >> Reading symbols from /libexec/ld-elf.so.1...done. >> Loaded symbols for /libexec/ld-elf.so.1 >> #0 0x0000000801219438 in BN_mod_exp_mont_consttime () from >> /lib/libcrypto.so.6 >> (gdb) bt full >> #0 0x0000000801219438 in BN_mod_exp_mont_consttime () from >> /lib/libcrypto.so.6 >> No symbol table info available. >> #1 0x00000008011f735f in RSA_PKCS1_SSLeay () from /lib/libcrypto.so.6 >> No symbol table info available. >> #2 0x00000008011f82fd in RSA_PKCS1_SSLeay () from /lib/libcrypto.so.6 >> No symbol table info available. >> #3 0x00000008011d28d9 in RSA_sign () from /lib/libcrypto.so.6 >> No symbol table info available. >> #4 0x00000008008dc73b in rsa_sign (path=3D0x7fffffffe3c0 "./meta", >> rsa=3D0x802c19260, sigret=3D0x7fffffffda78, siglen=3D0x7fffffffda8c) at = rsa.c:287 >> errbuf =3D >> "./meta.txz\000\000\b\000\000\000\001\000\000\000\001\000\000\000\004\00= 0\000\000\000\000\000\000 >> =EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF= =BF=BD=EF=BF=BD=EF=BF=BD\177\000\000T\203\220\000\b\000\000\000\020\000\000= \000\000\000\000\000WU\000\000\000\000-\v=EF=BF=BD\004=EF=BF=BD@=EF=BF=BD~= =3D=EF=BF=BD=EF=BF=BDU\000\000\000\000212\000\00 >> 0\000\000filesite_archiveeo002\b\000\000\000\200o002\b\000\000\000\020\0= 00\000\000\b\000\000\000=EF=BF=BDG\220\000\b\000\000\000\000\000\000\000\b\= 000\000\000\003\000\000\000\000\000\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\= 000\000\204=EF=BF=BD=EF=BF=BD\177\000\0000=EF=BF=BD=EF=BF=BD\177\000\000"..= . >> max_len =3D 512 >> ret =3D 10591143 >> sha256 =3D 0x802c2d1f0 >> "fd24852c468ef31bd675129fd02b676ce7cffae895089292fa513784873689a6" >> #5 0x00000008008c2295 in pkg_repo_pack_db (name=3D0x800a20ec8 "meta", >> archive=3D0x7fffffffe3c0 "./meta", path=3D0x7fffffffe3c0 "./meta", >> rsa=3D0x802c19260, meta=3D0x802c68600, argv=3D0x7fffffffeb88, argc=3D1) = at >> pkg_repo_create.c:939 >> pack =3D (struct packing *) 0x802c79be0 >> sigret =3D (unsigned char *) 0x802ca4900 "" >> siglen =3D 0 >> fname =3D >> "\001\000\000\000\001\000\000\000\001\000\000\000\001\000\000\000@=EF=BF= =BD=EF=BF=BD\177\000\000\216\000\b\000\000\000=EF=BF=BD=EF=BF=BD\000\000\00= 0\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000\004\000\000\000\000\000\000\00= 0WU\000\000\000\000-\v=EF=BF=BD\004=EF=BF=BD@=EF=BF=BD~=3D=EF=BF=BD=EF=BF= =BDU\000\000\000\000212N\206cert=EF=BF=BD\177\000\000\230=EF=BF=BD=EF=BF=BD= \177\000\000p=EF=BF=BD >> =EF=BF=BD\177\000\000\000\000\000\000\000\000\000\000\004\000\000\000\00= 0\000\000\000E\030=EF=BF=BD\000\b\000\000\000\000\000\000\000=EF=BF=BD\177\= 000\000\020=EF=BF=BD\001\000\000\000\004\000\000\000\004\000\000\000\000\00= 0\000\000\004\000\000\000\220=EF=BF=BD=EF=BF=BD\177\000\000:\006\217\000\b\= 000\000\000=EF=BF=BD5002\b\000\000\00 >> 0"... >> sig =3D (struct sbuf *) 0x0 >> pub =3D (struct sbuf *) 0x0 >> #6 0x00000008008c2797 in pkg_finish_repo (output_dir=3D0x7fffffffedd1 "= .", >> password_cb=3D0x415ba0 , argv=3D0x7fffffffeb88, argc=3D1, >> filelist=3Dfalse) at pkg_repo_create.c:1038 >> repo_path =3D >> "./meta\000gesite.yaml\000\002\b\000\000\000\213Yc\000\b\000\000\0008204= \000\b", >> '\0' , >> "=EF=BF=BD\177\000\000\000\000\b\000\000\000`=EF=BF=BD=EF=BF=BD\177\000\= 000=EF=BF=BD=EF=BF=BDd\000\b\000\000\000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000= \000=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000\000\000\000\000\000\000\000\000= =EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000g{c >> \000\b\000\000\000=EF=BF=BD&@\000\000\000\000\000\177\030\232\004\000\00= 0\000\000207\2013\000\000\000\0000=EF=BF=BDd\000\b\000\000\000\001\000\000\= 000\b\000\000\000\000\000\b\000\000\0008204\000\b\000\000\000=EF=BF=BD=EF= =BF=BD=EF=BF=BD\177\000\000@=EF=BF=BD=EF=BF=BD\177\000\000\000=EF=BF=BDd\00= 0\b"... >> repo_archive =3D >> "\225\003\000\000\000\000\000\000\230\003\000\000\000\000\000\000\225\00= 3\000\000\001\000\000\000=EF=BF=BD\000\217\000\b\000\000\000\000=EF=BF=BD= =EF=BF=BD\177\000\000Z\000\217\000\001\000\000\000\200=EF=BF=BD=EF=BF=BD\17= 7\000\000@,002\b\000\000\000PKG_PLUGPKG_PLUGc\000\000\000\000\000PLUGPLUG\2 >> 00=EF=BF=BD=EF=BF=BD\177\000\000p0002\b", '\0' , >> "\234}>\002\000\000\000\000\177\000\000\000:\000\000\000:\000\000\000:\2= 37=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD\177\000\000=EF=BF=BD\005\217\000\b\0= 00\000\000@,002\b\000\000\000\t\000\000\000\n\000\000\000=DC=B1=EF=BF=BD\00= 0\b\000\000\000@0002\b\000\000\000p=EF=BF=BD=EF=BF=BD\177\000\000... >> rsa =3D (struct rsa_key *) 0x802c19260 >> meta =3D (struct pkg_repo_meta *) 0x802c68600 >> st =3D {st_dev =3D 4294959664, st_ino =3D 32767, st_mode =3D 259= 38, >> st_nlink =3D 14234, st_uid =3D 2842729777, st_gid =3D 274432, st_rdev = =3D 0, >> st_atim =3D {tv_sec =3D 1457476951, tv_nsec =3D 6}, st_mtim =3D {tv_sec = =3D >> 34370333240, tv_nsec =3D 0}, st_ctim =3D {tv_sec =3D -735515279473687776= 6, >> tv_nsec =3D 34370335206}, st_size =3D 34370335206, st_blocks =3D 145= 7476951, >> st_blksize =3D 10, st_flags =3D 0, st_gen =3D 10596828, st_lspare =3D 8, >> st_birthtim =3D {tv_sec =3D 34370335951, tv_nsec =3D 1457476951}} >> ret =3D 0 >> nfile =3D 1 >> files_to_pack =3D 4 >> legacy =3D false >> #7 0x0000000000415eea in exec_repo (argc=3D2, argv=3D0x7fffffffeb80) at >> repo.c:155 >> ret =3D 0 >> ch =3D -1 >> filelist =3D false >> output_dir =3D 0x7fffffffedd1 "." >> meta_file =3D 0x0 >> legacy =3D false >> longopts =3D {{name =3D 0x429c1f "list-files", has_arg =3D 0, fl= ag =3D 0x0, >> val =3D 108}, {name =3D 0x429c2a "output-dir", has_arg =3D 1, flag =3D 0= x0, val =3D >> 111}, {name =3D 0x429c35 "quiet", has_arg =3D 0, flag =3D 0x0, val =3D 1= 13}, {name >> =3D 0x429c3b "meta-file", has_arg =3D 1, flag =3D 0x0, >> val =3D 109}, {name =3D 0x429c45 "legacy", has_arg =3D 0, flag =3D 0= x0, val =3D >> 76}, {name =3D 0x0, has_arg =3D 0, flag =3D 0x0, val =3D 0}} >> #8 0x0000000000412b9e in main (argc=3D3, argv=3D0x7fffffffeb78) at main= .c:852 >> i =3D 21 >> command =3D (struct commands *) 0x630f40 >> ambiguous =3D 0 >> chroot_path =3D 0x0 >> rootdir =3D 0x0 >> jid =3D 0 >> jail_str =3D 0x0 >> len =3D 4 >> ch =3D -1 '=EF=BF=BD' >> debug =3D 0 >> version =3D 0 >> ret =3D 0 >> plugins_enabled =3D true >> plugin_found =3D false >> show_commands =3D false >> activation_test =3D false >> init_flags =3D 0 >> c =3D (struct plugcmd *) 0x246 >> conffile =3D 0x0 >> reposdir =3D 0x0 >> save_argv =3D (char **) 0x7fffffffeb78 >> j =3D 8 >> longopts =3D {{name =3D 0x4276f7 "debug", has_arg =3D 0, flag = =3D 0x0, val >> =3D 100}, {name =3D 0x4276fd "jail", has_arg =3D 1, flag =3D 0x0, val = =3D 106}, {name >> =3D 0x427702 "chroot", has_arg =3D 1, flag =3D 0x0, val =3D 99}, {name = =3D 0x426a33 >> "config", has_arg =3D 1, flag =3D 0x0, val =3D 67}, { >> name =3D 0x427709 "repo-conf-dir", has_arg =3D 1, flag =3D 0x0, val = =3D 82}, >> {name =3D 0x427717 "rootdir", has_arg =3D 1, flag =3D 0x0, val =3D 114},= {name =3D >> 0x42771f "list", has_arg =3D 0, flag =3D 0x0, val =3D 108}, {name =3D 0x= 426f45 >> "version", has_arg =3D 0, flag =3D 0x0, val =3D 118}, { >> name =3D 0x427724 "option", has_arg =3D 1, flag =3D 0x0, val =3D 111= }, {name =3D >> 0x42772b "only-ipv4", has_arg =3D 0, flag =3D 0x0, val =3D 52}, {name = =3D 0x427735 >> "only-ipv6", has_arg =3D 0, flag =3D 0x0, val =3D 54}, {name =3D 0x0, ha= s_arg =3D 0, >> flag =3D 0x0, val =3D 0}} >> __func__ =3D "main" >> >> >> >> >> -- >> Mathieu Arnold > > > > -- > Xin LI https://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die >