Debian Bug report logs - #499945
Segfault in asn1_get_tag_der().

version graph

Package: lynx-cur; Maintainer for lynx-cur is Atsuhito KOHDA <kohda@debian.org>; Source for lynx-cur is src:lynx-cur.

Reported by: Kurt Roeckx <kurt@roeckx.be>

Date: Tue, 23 Sep 2008 21:18:01 UTC

Severity: grave

Tags: patch

Found in version lynx-cur/2.8.7dev9-2

Fixed in versions lynx-cur/2.8.7dev10-2.1, lynx-cur/2.8.7dev9-2.1

Done: Thomas Viehmann <tv@beamnet.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Tue, 23 Sep 2008 21:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
New Bug report received and forwarded. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Tue, 23 Sep 2008 21:18:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: submit@bugs.debian.org
Subject: Segfault in asn1_get_tag_der().
Date: Tue, 23 Sep 2008 23:16:53 +0200
Package: libtasn1-3
Version: 1.4-1
Severity: grave

Hi,


When I run "lynx https://acrobat.com", I end up with a segfault.  The
backtrace looks like:
#0  asn1_get_tag_der (
    der=0x700000000000097 <Address 0x700000000000097 out of bounds>, 
    der_len=33, cls=0x7fffcc8f6b77 "h", len=0x7fffcc8f6b70, tag=0x7fffcc8f6b68)
    at decoding.c:127
#1  0x00002ab7df4db8de in _asn1_extract_tag_der (node=0x942850, 
    der=0x700000000000097 <Address 0x700000000000097 out of bounds>, 
    der_len=33, ret_len=0x7fffcc8f6cc8) at decoding.c:424
#2  0x00002ab7df4de383 in asn1_der_decoding (element=0x919fa0, 
    ider=0x700000000000097, len=33, errorDescription=0x0) at decoding.c:920
#3  0x00002ab7de88e3ff in gnutls_x509_crt_import ()
   from /usr/lib/libgnutls.so.26
#4  0x0000000000493a2c in ?? ()
#5  0x0000000000493bf4 in ?? ()
#6  0x000000000049cff1 in ?? ()
#7  0x000000000049ba7d in ?? ()
#8  0x0000000000429b07 in ?? ()
#9  0x0000000000433cbf in ?? ()
#10 0x000000000042e203 in ?? ()
#11 0x00002ab7ded371a6 in __libc_start_main () from /lib/libc.so.6
#12 0x0000000000405539 in ?? ()
#13 0x00007fffcc8f8318 in ?? ()
#14 0x000000000000001c in ?? ()
#15 0x0000000000000002 in ?? ()
#16 0x00007fffcc8f9c69 in ?? ()
#17 0x00007fffcc8f9c77 in ?? ()
#18 0x0000000000000000 in ?? ()
(gdb) frame 0
#0  asn1_get_tag_der (
    der=0x700000000000097 <Address 0x700000000000097 out of bounds>, 
    der_len=33, cls=0x7fffedcf6f77 "h", len=0x7fffedcf6f70, tag=0x7fffedcf6f68)
    at decoding.c:127
127     in decoding.c
(gdb) frame 1
#1  0x00002ab7df4db8de in _asn1_extract_tag_der (node=0x942850, 
    der=0x700000000000097 <Address 0x700000000000097 out of bounds>, 
    der_len=33, ret_len=0x7fffcc8f6cc8) at decoding.c:424
424     in decoding.c
(gdb) frame 2
#2  0x00002ab7df4de383 in asn1_der_decoding (element=0x919fa0, 
    ider=0x700000000000097, len=33, errorDescription=0x0) at decoding.c:920
920     in decoding.c
(gdb) p p
$1 = (node_asn *) 0x700000000000097
(gdb) p node
$2 = (node_asn *) 0x7fffcc8f6b68
(gdb) p *node
$3 = {
  name = 0x2adabe0e1c56 "\205ÀuÞM\205öu\204\220é­þÿÿH\211ÅH\213E(H\205À\220uóM\205ö\017\205hÿÿÿé\222þÿÿL\211ò¾\201", type = 1869048897, value = 0x0, 
  value_len = 9460992, down = 0x919fa0, right = 0x3, left = 0x21}
(gdb) p der
No symbol "der" in current context.
(gdb) p len
$4 = 33
(gdb) p counter
$5 = 0
(gdb) p len2
$6 = 9637200
(gdb) p p2->down
$7 = (struct node_asn_struct *) 0x7d204c4c554e000a
(gdb) p ris
$8 = 0
(gdb) p *p2
$10 = {name = 0x252200207b202000 <Address 0x252200207b202000 out of bounds>, 
  type = 539763315, 
  value = 0x2c756c2500202c4c <Address 0x2c756c2500202c4c out of bounds>, 
  value_len = 622985248, down = 0x7d204c4c554e000a, 
  right = 0x4e207b2020000a2c, left = 0x202c30202c4c4c55}


It's not exactly making sense to me why it wouldn't segfault earlier like
at the if "((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))" line.


running valgrind I also get:
==19443== Invalid read of size 8
==19443==    at 0x52E73D7: gnutls_x509_crt_import (in /usr/lib/libgnutls.so.26.4
.5)
==19443==    by 0x493A2B: (within /usr/bin/lynx.cur)
==19443==    by 0x493BF3: (within /usr/bin/lynx.cur)
==19443==    by 0x49CFF0: (within /usr/bin/lynx.cur)
==19443==    by 0x49BA7C: (within /usr/bin/lynx.cur)
==19443==    by 0x429B06: (within /usr/bin/lynx.cur)
==19443==    by 0x433CBE: (within /usr/bin/lynx.cur)
==19443==    by 0x42E202: (within /usr/bin/lynx.cur)
==19443==    by 0x578F1A5: (below main) (libc-start.c:222)
==19443==  Address 0x6449c00 is 0 bytes after a block of size 16 alloc'd
==19443==    at 0x4C200FC: calloc (vg_replace_malloc.c:397)
==19443==    by 0x52C7584: (within /usr/lib/libgnutls.so.26.4.5)
==19443==    by 0x52C8008: _gnutls_proc_x509_server_certificate (in /usr/lib/lib
gnutls.so.26.4.5)
==19443==    by 0x52B79FF: _gnutls_recv_server_certificate (in /usr/lib/libgnutl
s.so.26.4.5)
==19443==    by 0x52B4A27: _gnutls_handshake_client (in /usr/lib/libgnutls.so.26
.4.5)
==19443==    by 0x52B52E7: gnutls_handshake (in /usr/lib/libgnutls.so.26.4.5)
==19443==    by 0x494102: (within /usr/bin/lynx.cur)
==19443==    by 0x49CE96: (within /usr/bin/lynx.cur)
==19443==    by 0x49BA7C: (within /usr/bin/lynx.cur)
==19443==    by 0x429B06: (within /usr/bin/lynx.cur)
==19443==    by 0x433CBE: (within /usr/bin/lynx.cur)
==19443==    by 0x42E202: (within /usr/bin/lynx.cur)
==19443== 
==19443== Invalid read of size 4
==19443==    at 0x52E73DA: gnutls_x509_crt_import (in /usr/lib/libgnutls.so.26.4.5)
==19443==    by 0x493A2B: (within /usr/bin/lynx.cur)
==19443==    by 0x493BF3: (within /usr/bin/lynx.cur)
==19443==    by 0x49CFF0: (within /usr/bin/lynx.cur)
==19443==    by 0x49BA7C: (within /usr/bin/lynx.cur)
==19443==    by 0x429B06: (within /usr/bin/lynx.cur)
==19443==    by 0x433CBE: (within /usr/bin/lynx.cur)
==19443==    by 0x42E202: (within /usr/bin/lynx.cur)
==19443==    by 0x578F1A5: (below main) (libc-start.c:222)
==19443==  Address 0x6449c08 is 8 bytes after a block of size 16 alloc'd
==19443==    at 0x4C200FC: calloc (vg_replace_malloc.c:397)
==19443==    by 0x52C7584: (within /usr/lib/libgnutls.so.26.4.5)
==19443==    by 0x52C8008: _gnutls_proc_x509_server_certificate (in /usr/lib/libgnutls.so.26.4.5)
==19443==    by 0x52B79FF: _gnutls_recv_server_certificate (in /usr/lib/libgnutls.so.26.4.5)
==19443==    by 0x52B4A27: _gnutls_handshake_client (in /usr/lib/libgnutls.so.26.4.5)
==19443==    by 0x52B52E7: gnutls_handshake (in /usr/lib/libgnutls.so.26.4.5)
==19443==    by 0x494102: (within /usr/bin/lynx.cur)
==19443==    by 0x49CE96: (within /usr/bin/lynx.cur)
==19443==    by 0x49BA7C: (within /usr/bin/lynx.cur)
==19443==    by 0x429B06: (within /usr/bin/lynx.cur)
==19443==    by 0x433CBE: (within /usr/bin/lynx.cur)
==19443==    by 0x42E202: (within /usr/bin/lynx.cur)


I'm running libgnutls26 2.4.1-1 and lynx-cur 2.8.7dev9-2.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 10:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 10:09:02 GMT) Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Kurt Roeckx <kurt@roeckx.be>
Cc: 499945@bugs.debian.org, submit@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Wed, 24 Sep 2008 12:07:09 +0200
Kurt Roeckx <kurt@roeckx.be> writes:

> When I run "lynx https://acrobat.com", I end up with a segfault.  The
> backtrace looks like:

Thanks for the report.  I'm trying to reproduce this but I can't.  I get
a question when I invoke the program:

SSL error:no issuer was found-Continue? (y) 

what did you answer?  Answering 'y' gives me an error and then lynx
quits:

jas@mocca:~$ lynx https://acrobat.com

Looking up acrobat.com
Making HTTPS connection to acrobat.com
Verified connection to acrobat.com (subj=acrobat.com)
Certificate issued by: 
Secure 256-bit TLS1.0 (RSA_AES_256_CBC_SHA1) HTTP connection
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Unexpected network read error; connection aborted.
Can't Access `https://acrobat.com/'
Alert!: Unable to access document.

lynx: Can't access startfile 
jas@mocca:~$ 

Answering 'n' makes lynx abort as well:

jas@mocca:~$ lynx https://acrobat.com

Looking up acrobat.com
Making HTTPS connection to acrobat.com

lynx: Can't access startfile https://acrobat.com/
jas@mocca:~$ 

The server seems somewhat broken, I can't connect using 'gnutls-cli'
unless I force SSL3.0, and even then I just get a lot of Java JSP errors
back from the server, and then it shuts down the connection without
sending a TLS shutdown alert.

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 10:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 10:09:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 10:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 10:21:04 GMT) Full text and rfc822 format available.

Message #20 received at 499945@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Kurt Roeckx <kurt@roeckx.be>
Cc: 499945@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Wed, 24 Sep 2008 12:15:20 +0200
Kurt Roeckx <kurt@roeckx.be> writes:

>     der=0x700000000000097 <Address 0x700000000000097 out of bounds>, 

Btw, which platform is this?  I'm on a 32-bit machine, maybe you are on
a 64-bit machine?  That could explain why I can't reproduce it.

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 16:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 16:36:03 GMT) Full text and rfc822 format available.

Message #25 received at submit@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Simon Josefsson <simon@josefsson.org>
Cc: 499945@bugs.debian.org, submit@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Wed, 24 Sep 2008 18:34:43 +0200
On Wed, Sep 24, 2008 at 12:07:09PM +0200, Simon Josefsson wrote:
> Kurt Roeckx <kurt@roeckx.be> writes:
> 
> > When I run "lynx https://acrobat.com", I end up with a segfault.  The
> > backtrace looks like:
> 
> Thanks for the report.  I'm trying to reproduce this but I can't.  I get
> a question when I invoke the program:
> 
> SSL error:no issuer was found-Continue? (y) 
> 
> what did you answer?  Answering 'y' gives me an error and then lynx
> quits:

I answer 'y'.  And quiting wouldn't be normal behaviour either.

This is on amd64.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 16:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 16:36:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 17:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 17:06:03 GMT) Full text and rfc822 format available.

Message #35 received at submit@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Simon Josefsson <simon@josefsson.org>
Cc: 499945@bugs.debian.org, submit@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Wed, 24 Sep 2008 19:04:53 +0200
On Wed, Sep 24, 2008 at 12:07:09PM +0200, Simon Josefsson wrote:
> Kurt Roeckx <kurt@roeckx.be> writes:
> 
> > When I run "lynx https://acrobat.com", I end up with a segfault.  The
> > backtrace looks like:
> 
> The server seems somewhat broken, I can't connect using 'gnutls-cli'
> unless I force SSL3.0, and even then I just get a lot of Java JSP errors
> back from the server, and then it shuts down the connection without
> sending a TLS shutdown alert.

I can perfectly use it with openssl s_client using TLS1.0 and SSL3.  Both
produce the same output that looks like a normal http reply.  But it's
also showing an "read:errno=0" on stder for both.  I think it's still
expecting 5 bytes.

When using gnutls-cli with TLS the connection already gets dropped after
the first thing I send, even if I need to send something else before the
web server is supposed to reply.  So I think the other end atleast thinks
there is some protocol error and closes the connection.

When using gnutls-cli with SSL3 I get the same output as openssl's
s_client.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 17:06:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 17:06:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 18:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 18:09:02 GMT) Full text and rfc822 format available.

Message #45 received at 499945@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Kurt Roeckx <kurt@roeckx.be>, 499945@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Wed, 24 Sep 2008 20:05:24 +0200
On 2008-09-23 Kurt Roeckx <kurt@roeckx.be> wrote:
> Package: libtasn1-3
> Version: 1.4-1
> Severity: grave

> When I run "lynx https://acrobat.com", I end up with a segfault.  The
> backtrace looks like:
[...]
> I'm running libgnutls26 2.4.1-1 and lynx-cur 2.8.7dev9-2.

FWIW I get the same behavior Simon describes ("SSL error:no issuer was
found-Continue? (y)" followed by "Alert!: Unexpected network read
error; connection aborted.") *both* on ix86 and amd64 (the latter on
pergolesi.d.o's  unstable_amd64 chroot), using the same versions of
libgnutls26 and lynx-cur.

Have you got any special settings in ~/lynxrc?

thanks, cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Wed, 24 Sep 2008 20:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 20:09:02 GMT) Full text and rfc822 format available.

Message #50 received at 499945@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 499945@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Wed, 24 Sep 2008 22:06:41 +0200
On Wed, Sep 24, 2008 at 08:05:24PM +0200, Andreas Metzler wrote:
> On 2008-09-23 Kurt Roeckx <kurt@roeckx.be> wrote:
> > Package: libtasn1-3
> > Version: 1.4-1
> > Severity: grave
> 
> > When I run "lynx https://acrobat.com", I end up with a segfault.  The
> > backtrace looks like:
> [...]
> > I'm running libgnutls26 2.4.1-1 and lynx-cur 2.8.7dev9-2.
> 
> FWIW I get the same behavior Simon describes ("SSL error:no issuer was
> found-Continue? (y)" followed by "Alert!: Unexpected network read
> error; connection aborted.") *both* on ix86 and amd64 (the latter on
> pergolesi.d.o's  unstable_amd64 chroot), using the same versions of
> libgnutls26 and lynx-cur.
> 
> Have you got any special settings in ~/lynxrc?

No, it's the default setting.

But it seems to be related to me using MALLOC_CHECK_=2 in the
enviroment.  I thought I've set it to 0 to make sure it wasn't
related.  But trying to unset or set it to 0 now stops the segfault.

Also not that the check even with set to 3 it doesn't print any error
message.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Thu, 25 Sep 2008 08:00:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Thu, 25 Sep 2008 08:00:05 GMT) Full text and rfc822 format available.

Message #55 received at 499945@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Kurt Roeckx <kurt@roeckx.be>
Cc: 499945@bugs.debian.org, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Thu, 25 Sep 2008 09:56:58 +0200
Kurt Roeckx <kurt@roeckx.be> writes:

> On Wed, Sep 24, 2008 at 08:05:24PM +0200, Andreas Metzler wrote:
>> On 2008-09-23 Kurt Roeckx <kurt@roeckx.be> wrote:
>> > Package: libtasn1-3
>> > Version: 1.4-1
>> > Severity: grave
>> 
>> > When I run "lynx https://acrobat.com", I end up with a segfault.  The
>> > backtrace looks like:
>> [...]
>> > I'm running libgnutls26 2.4.1-1 and lynx-cur 2.8.7dev9-2.
>> 
>> FWIW I get the same behavior Simon describes ("SSL error:no issuer was
>> found-Continue? (y)" followed by "Alert!: Unexpected network read
>> error; connection aborted.") *both* on ix86 and amd64 (the latter on
>> pergolesi.d.o's  unstable_amd64 chroot), using the same versions of
>> libgnutls26 and lynx-cur.
>> 
>> Have you got any special settings in ~/lynxrc?
>
> No, it's the default setting.
>
> But it seems to be related to me using MALLOC_CHECK_=2 in the
> enviroment.  I thought I've set it to 0 to make sure it wasn't
> related.  But trying to unset or set it to 0 now stops the segfault.
>
> Also not that the check even with set to 3 it doesn't print any error
> message.

I can't reproduce this on an x86 with MALLOC_CHECK_=2, but maybe it
requires an amd64 platform.  Btw, which libc6 verison do you use?  I use
2.7-13.

Btw, openssl's way of saying that the other end disconnected improperly
appears to be to print 'read:errno=0'.  This is the same as the GnuTLS
error about a packet of unexpected length (i.e., packet size 0).

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Thu, 25 Sep 2008 17:48:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Thu, 25 Sep 2008 17:48:06 GMT) Full text and rfc822 format available.

Message #60 received at 499945@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Kurt Roeckx <kurt@roeckx.be>, 499945@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Thu, 25 Sep 2008 19:42:33 +0200
On 2008-09-24 Kurt Roeckx <kurt@roeckx.be> wrote:
> On Wed, Sep 24, 2008 at 08:05:24PM +0200, Andreas Metzler wrote:
[...]
>> Have you got any special settings in ~/lynxrc?

> No, it's the default setting.

> But it seems to be related to me using MALLOC_CHECK_=2 in the
> enviroment.  I thought I've set it to 0 to make sure it wasn't
> related.  But trying to unset or set it to 0 now stops the segfault.

> Also not that the check even with set to 3 it doesn't print any error
> message.
[...]

Running with MALLOC_CHECK_=2 indeed makes the crash reproducible on
amd64.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Thu, 25 Sep 2008 18:24:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Thu, 25 Sep 2008 18:24:05 GMT) Full text and rfc822 format available.

Message #65 received at 499945@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Simon Josefsson <simon@josefsson.org>
Cc: 499945@bugs.debian.org, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Thu, 25 Sep 2008 20:20:35 +0200
On Thu, Sep 25, 2008 at 09:56:58AM +0200, Simon Josefsson wrote:
> Kurt Roeckx <kurt@roeckx.be> writes:
> 
> > On Wed, Sep 24, 2008 at 08:05:24PM +0200, Andreas Metzler wrote:
> >> On 2008-09-23 Kurt Roeckx <kurt@roeckx.be> wrote:
> >> > Package: libtasn1-3
> >> > Version: 1.4-1
> >> > Severity: grave
> >> 
> >> > When I run "lynx https://acrobat.com", I end up with a segfault.  The
> >> > backtrace looks like:
> >> [...]
> >> > I'm running libgnutls26 2.4.1-1 and lynx-cur 2.8.7dev9-2.
> >> 
> >> FWIW I get the same behavior Simon describes ("SSL error:no issuer was
> >> found-Continue? (y)" followed by "Alert!: Unexpected network read
> >> error; connection aborted.") *both* on ix86 and amd64 (the latter on
> >> pergolesi.d.o's  unstable_amd64 chroot), using the same versions of
> >> libgnutls26 and lynx-cur.
> >> 
> >> Have you got any special settings in ~/lynxrc?
> >
> > No, it's the default setting.
> >
> > But it seems to be related to me using MALLOC_CHECK_=2 in the
> > enviroment.  I thought I've set it to 0 to make sure it wasn't
> > related.  But trying to unset or set it to 0 now stops the segfault.
> >
> > Also not that the check even with set to 3 it doesn't print any error
> > message.
> 
> I can't reproduce this on an x86 with MALLOC_CHECK_=2, but maybe it
> requires an amd64 platform.  Btw, which libc6 verison do you use?  I use
> 2.7-13.

I'm also using 2.7-13.

I can also perfectly reproduce this on i386 chroot:
Program received signal SIGSEGV, Segmentation fault.
asn1_get_tag_der (der=0x3000075 <Address 0x3000075 out of bounds>, der_len=17,
    cls=0xfff5bedf "÷8U.\ba6Å÷8U.\b\210xÅ÷\002", len=0xfff5bed8,
    tag=0xfff5bed4) at decoding.c:127
127     decoding.c: No such file or directory.
        in decoding.c
(gdb) bt
asn1_get_tag_der (der=0x3000075 <Address 0x3000075 out of bounds>, der_len=17,
    cls=0xfff5bedf "÷8U.\ba6Å÷8U.\b\210xÅ÷\002", len=0xfff5bed8,
    tag=0xfff5bed4) at decoding.c:127
#1  0xf7c4f5fc in _asn1_extract_tag_der (node=0x82ed6d8,
    der=0x3000075 <Address 0x3000075 out of bounds>, der_len=17,
    ret_len=0xfff5bfdc) at decoding.c:424
#2  0xf7c51c31 in asn1_der_decoding (element=0x82cc540, ider=0x3000075,
    len=17, errorDescription=0x0) at decoding.c:920
#3  0xf7e90b7c in gnutls_x509_crt_import () from /usr/lib/libgnutls.so.26
#4  0x080e0b5f in ?? ()
#5  0x082cc540 in ?? ()
#6  0x081e5608 in ?? ()
#7  0x00000000 in ?? ()


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Thu, 25 Sep 2008 19:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Thu, 25 Sep 2008 19:42:02 GMT) Full text and rfc822 format available.

Message #70 received at 499945@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 499945@bugs.debian.org, Kurt Roeckx <kurt@roeckx.be>
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Thu, 25 Sep 2008 21:37:40 +0200
Andreas Metzler <ametzler@downhill.at.eu.org> writes:

> On 2008-09-24 Kurt Roeckx <kurt@roeckx.be> wrote:
>> On Wed, Sep 24, 2008 at 08:05:24PM +0200, Andreas Metzler wrote:
> [...]
>>> Have you got any special settings in ~/lynxrc?
>
>> No, it's the default setting.
>
>> But it seems to be related to me using MALLOC_CHECK_=2 in the
>> enviroment.  I thought I've set it to 0 to make sure it wasn't
>> related.  But trying to unset or set it to 0 now stops the segfault.
>
>> Also not that the check even with set to 3 it doesn't print any error
>> message.
> [...]
>
> Running with MALLOC_CHECK_=2 indeed makes the crash reproducible on
> amd64.

Can you reproduce it using gnutls-cli?

I'm having trouble finding a amd64 machine where I can install
gnutls-bin on, but I have access to a amd64 machine where I built
libgpg-error, libgcrypt, libtasn1 and gnutls manually.  gnutls-cli seems
to work fine on it though:

jas@gcc12:~$ dpkg -l|grep -e 'libc6 '
ii  libc6                              2.3.6.ds1-13etch5                        GNU C Library: Shared libraries
jas@gcc12:~$ uname -a
Linux gcc12 2.6.18-6-vserver-amd64 #1 SMP Thu Apr 24 04:24:04 UTC 2008 x86_64 GNU/Linux
jas@gcc12:~$ MALLOC_CHECK_=2 gnutls-cli -p 443 acrobat.com 
Resolving 'acrobat.com'...
Connecting to '209.34.83.44:443'...
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'acrobat.com'.
 # valid since: Sun Jun  1 23:40:25 CEST 2008
 # expires at: Tue Jun  2 23:40:25 CEST 2009
 # fingerprint: 1F:C8:33:05:9E:C2:3A:A6:DB:9E:B2:8F:75:6E:08:24
 # Subject's DN: C=US,O=www.acrobat.com,OU=GT20733021,OU=See www.geotrust.com/resources/cps (c)08,OU=Domain Control Validated - Power Server ID(TM),CN=www.acrobat.com
 # Issuer's DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-256-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

GET /
*** Fatal error: A TLS packet with unexpected length was received.
*** Server has terminated the connection abnormally.
jas@gcc12:~$ 

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Thu, 25 Sep 2008 20:00:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Thu, 25 Sep 2008 20:00:03 GMT) Full text and rfc822 format available.

Message #75 received at 499945@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Simon Josefsson <simon@josefsson.org>
Cc: Andreas Metzler <ametzler@downhill.at.eu.org>, 499945@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Thu, 25 Sep 2008 21:58:14 +0200
On Thu, Sep 25, 2008 at 09:37:40PM +0200, Simon Josefsson wrote:
> Andreas Metzler <ametzler@downhill.at.eu.org> writes:
> 
> > On 2008-09-24 Kurt Roeckx <kurt@roeckx.be> wrote:
> >> On Wed, Sep 24, 2008 at 08:05:24PM +0200, Andreas Metzler wrote:
> > [...]
> >>> Have you got any special settings in ~/lynxrc?
> >
> >> No, it's the default setting.
> >
> >> But it seems to be related to me using MALLOC_CHECK_=2 in the
> >> enviroment.  I thought I've set it to 0 to make sure it wasn't
> >> related.  But trying to unset or set it to 0 now stops the segfault.
> >
> >> Also not that the check even with set to 3 it doesn't print any error
> >> message.
> > [...]
> >
> > Running with MALLOC_CHECK_=2 indeed makes the crash reproducible on
> > amd64.
> 
> Can you reproduce it using gnutls-cli?

No, that's not producing any errors.  valgrind also doesn't complain.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Fri, 26 Sep 2008 17:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Fri, 26 Sep 2008 17:45:03 GMT) Full text and rfc822 format available.

Message #80 received at 499945@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Kurt Roeckx <kurt@roeckx.be>, 499945@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Fri, 26 Sep 2008 19:41:46 +0200
On 2008-09-23 Kurt Roeckx <kurt@roeckx.be> wrote:
> Package: libtasn1-3
> Version: 1.4-1
> Severity: grave

> Hi,


> When I run "lynx https://acrobat.com", I end up with a segfault.  The
> backtrace looks like:

FWIW lynx+gnutls+tasn all built with -O0 gives a tiny bit of
additional info:

Program received signal SIGSEGV, Segmentation fault.
0x00007fc5fe8f0df7 in asn1_get_tag_der (
    der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
    der_len=33, cls=0x7fff07e49f07 "", len=0x7fff07e49f14, tag=0x7fff07e49f08)
    at decoding.c:127
127       *cls = der[0] & 0xE0;
(gdb) bt
#0  0x00007fc5fe8f0df7 in asn1_get_tag_der (
    der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
    der_len=33, cls=0x7fff07e49f07 "", len=0x7fff07e49f14, tag=0x7fff07e49f08)
    at decoding.c:127
#1  0x00007fc5fe8f164e in _asn1_extract_tag_der (node=0x247aba0, 
    der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
    der_len=33, ret_len=0x7fff07e49f9c) at decoding.c:424
#2  0x00007fc5fe8f22df in asn1_der_decoding (element=0x2448fd0, 
    ider=0x700000000000046, len=33, errorDescription=0x0) at decoding.c:920
#3  0x00007fc5ff566a0f in gnutls_x509_crt_import (cert=0x2448fd0, 
    data=0x2435180, format=GNUTLS_X509_FMT_DER) at x509.c:213
#4  0x0000000000494e0c in ExtractCertificate ()
#5  0x0000000000494fd4 in X509_get_issuer_name ()
#6  0x000000000049e3d1 in HTLoadHTTP ()
#7  0x000000000049ce45 in HTLoadDocument ()
#8  0x0000000000429c27 in getfile ()
#9  0x0000000000433de7 in mainloop ()
#10 0x000000000042e323 in main ()
gdb) frame 3
#3  0x00007fc5ff566a0f in gnutls_x509_crt_import (cert=0x2448fd0, 
    data=0x2435180, format=GNUTLS_X509_FMT_DER) at x509.c:213
213       result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL);
(gdb) p data
$4 = (const gnutls_datum_t *) 0x2435180
(gdb) p *data
$5 = {data = 0x700000000000046 <Address 0x700000000000046 out of bounds>, 
  size = 33}

cu andreas




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#499945; Package libtasn1-3. (Fri, 26 Sep 2008 20:30:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Fri, 26 Sep 2008 20:30:02 GMT) Full text and rfc822 format available.

Message #85 received at 499945@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 499945@bugs.debian.org
Subject: Re: Bug#499945: Segfault in asn1_get_tag_der().
Date: Fri, 26 Sep 2008 22:26:29 +0200
reassign 499945 lynx-cur 2.8.7dev9-2
thanks

On Fri, Sep 26, 2008 at 07:41:46PM +0200, Andreas Metzler wrote:
> On 2008-09-23 Kurt Roeckx <kurt@roeckx.be> wrote:
> > Package: libtasn1-3
> > Version: 1.4-1
> > Severity: grave
> 
> > Hi,
> 
> 
> > When I run "lynx https://acrobat.com", I end up with a segfault.  The
> > backtrace looks like:
> 
> FWIW lynx+gnutls+tasn all built with -O0 gives a tiny bit of
> additional info:
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007fc5fe8f0df7 in asn1_get_tag_der (
>     der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
>     der_len=33, cls=0x7fff07e49f07 "", len=0x7fff07e49f14, tag=0x7fff07e49f08)
>     at decoding.c:127
> 127       *cls = der[0] & 0xE0;
> (gdb) bt
> #0  0x00007fc5fe8f0df7 in asn1_get_tag_der (
>     der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
>     der_len=33, cls=0x7fff07e49f07 "", len=0x7fff07e49f14, tag=0x7fff07e49f08)
>     at decoding.c:127
> #1  0x00007fc5fe8f164e in _asn1_extract_tag_der (node=0x247aba0, 
>     der=0x700000000000046 <Address 0x700000000000046 out of bounds>, 
>     der_len=33, ret_len=0x7fff07e49f9c) at decoding.c:424
> #2  0x00007fc5fe8f22df in asn1_der_decoding (element=0x2448fd0, 
>     ider=0x700000000000046, len=33, errorDescription=0x0) at decoding.c:920
> #3  0x00007fc5ff566a0f in gnutls_x509_crt_import (cert=0x2448fd0, 
>     data=0x2435180, format=GNUTLS_X509_FMT_DER) at x509.c:213

The first problem I see is here:
#4  0xf7e0af92 in gnutls_x509_crt_import (cert=0x870d540, data=0x860f0a8,
    format=GNUTLS_X509_FMT_DER) at x509.c:178
    178       _data.data = data->data;
(gdb) p data
$1 = (const gnutls_datum_t *) 0x860f0a8
(gdb) p data->data
$2 = (unsigned char *) 0x61636900 <Address 0x61636900 out of bounds>

data seems to be allocated from 0x860f0a0 to 0x860f0a7.

The trace goes on like:
(gdb) up
#5  0x081f58f0 in ExtractCertificate (cert=0x860f0a8, result=0x8774000)
    at ./tidy_tls.c:31
31              if ((rc = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER)) >= 0) {
(gdb) up
#6  0x081f79ec in X509_get_issuer_name (cert=0x860f0a0) at ./tidy_tls.c:573
573             if (ExtractCertificate(&cert[1], result) < 0) {
				       ^^^^^^^^

That doesn't look normal to me.

(gdb) up
#7  0x0820f7f7 in show_cert_issuer (peer_cert=0x860f0a0)
    at ../../../WWW/Library/Implementation/HTTP.c:459
459         X509_NAME_oneline(X509_get_issuer_name(peer_cert), ssl_dn, sizeof(ssl_dn));
#8  0x082115ea in HTLoadHTTP (arg=0x8613e40 "https://acrobat.com/",
    anAnchor=0x85ce800, format_out=0x85be210, sink=0x0)
    at ../../../WWW/Library/Implementation/HTTP.c:953
953             show_cert_issuer(peer_cert);


Where peer_cert is:
    X509 *peer_cert;            /* The peer certificate */
[...]
        peer_cert = SSL_get_peer_certificate(handle);
        X509_NAME_oneline(X509_get_subject_name(peer_cert),


Which would make it a bug in lynx, so I'm reassigning it.

Changing the cert[1] into cert[0] stops the segfault, but I doubt
that's a good fix for the problem.


Kurt





Bug reassigned from package `libtasn1-3' to `lynx-cur'. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Fri, 26 Sep 2008 20:30:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#499945; Package lynx-cur. (Fri, 03 Oct 2008 21:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Viehmann <tv@beamnet.de>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Fri, 03 Oct 2008 21:42:39 GMT) Full text and rfc822 format available.

Message #92 received at 499945@bugs.debian.org (full text, mbox):

From: Thomas Viehmann <tv@beamnet.de>
To: 499945@bugs.debian.org
Subject: lynx-cur: diff for NMU version 2.8.7dev10-2.1
Date: Fri, 03 Oct 2008 23:37:46 +0200
tags 499945 + patch
thanks

Hi,

here is the lynx-cur 2.8.7dev10-2.1 NMU.

Kind regards

T.

diff -u lynx-cur-2.8.7dev10/debian/changelog lynx-cur-2.8.7dev10/debian/changelog
--- lynx-cur-2.8.7dev10/debian/changelog
+++ lynx-cur-2.8.7dev10/debian/changelog
@@ -1,3 +1,14 @@
+lynx-cur (2.8.7dev10-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
+    DN of the present certificate and not hope that it is the same as
+    taking the subject DN of the "next" certificate which
+    may or may not exist. Closes: #499945
+    This is debian/patches/patch-3.
+
+ -- Thomas Viehmann <tv@beamnet.de>  Fri, 03 Oct 2008 23:24:41 +0200
+
 lynx-cur (2.8.7dev10-2) unstable; urgency=low
 
   * Installed new (dummy) lynx-cur-wrapper.postrm because an old version,
diff -u lynx-cur-2.8.7dev10/debian/patches/00list lynx-cur-2.8.7dev10/debian/patches/00list
--- lynx-cur-2.8.7dev10/debian/patches/00list
+++ lynx-cur-2.8.7dev10/debian/patches/00list
@@ -2,0 +3 @@
+patch-3
only in patch2:
unchanged:
--- lynx-cur-2.8.7dev10.orig/debian/patches/patch-3
+++ lynx-cur-2.8.7dev10/debian/patches/patch-3
@@ -0,0 +1,97 @@
+#! /bin/sh -e
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix src/tidy_tls.c X509_get_issuer_name to actually take the
+## DP: issuer DN of the present certificate and not hope that it is
+## DP: the same as taking the subject DN of the "next" certificate
+## DP: which may or may not exist. Debian Bug #499945 has details.
+
+if [ $# -ne 1 ]; then
+    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+    exit 1
+fi
+case "$1" in
+	-patch) patch -f --no-backup-if-mismatch --dry-run -p0 < $0 && patch -f --no-backup-if-mismatch -p0 < $0;;
+	-unpatch) patch -f --no-backup-if-mismatch -R -p0 < $0;;
+	*)
+		echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+		exit 1;;
+esac
+exit 0
+
+@DPATCH@
+--- src/tidy_tls.c~
++++ src/tidy_tls.c
+@@ -1,6 +1,7 @@
+ /*
+  * $LynxId: tidy_tls.c,v 1.1 2008/04/27 22:49:52 tom Exp $
+  * Copyright 2008, Thomas E. Dickey
++ * with fix Copyright 2008 by Thomas Viehmann
+  *
+  * Required libraries:
+  *	libgnutls
+@@ -17,11 +18,16 @@
+ 
+ static int last_error = 0;
+ 
+-#define GetDnByOID(target, oid) \
++// ugly, but hey, we could just use a more sane api, too
++#define GetDnByOID(target, oid, thewhat) \
+ 		len = sizeof(target); \
+-		gnutls_x509_crt_get_dn_by_oid(xcert, oid, 0, 0, target, &len)
++                if (! thewhat) \
++		  gnutls_x509_crt_get_dn_by_oid(xcert, oid, 0, 0, target, &len); \
++                else \
++                  gnutls_x509_crt_get_issuer_dn_by_oid(xcert, oid, 0, 0, target, &len)
+ 
+-static int ExtractCertificate(const gnutls_datum_t * cert, X509_NAME * result)
++// thewhat: which DN to get 0 = subject, 1 = issuer
++static int ExtractCertificate(const gnutls_datum_t * cert, X509_NAME * result, int thewhat)
+ {
+     gnutls_x509_crt_t xcert;
+     int rc;
+@@ -30,19 +36,19 @@
+     if ((rc = gnutls_x509_crt_init(&xcert)) >= 0) {
+ 	if ((rc = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER)) >= 0) {
+ 	    GetDnByOID(result->country,
+-		       GNUTLS_OID_X520_COUNTRY_NAME);
++		       GNUTLS_OID_X520_COUNTRY_NAME, thewhat);
+ 	    GetDnByOID(result->organization,
+-		       GNUTLS_OID_X520_ORGANIZATION_NAME);
++		       GNUTLS_OID_X520_ORGANIZATION_NAME, thewhat);
+ 	    GetDnByOID(result->organizational_unit_name,
+-		       GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
++		       GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, thewhat);
+ 	    GetDnByOID(result->common_name,
+-		       GNUTLS_OID_X520_COMMON_NAME);
++		       GNUTLS_OID_X520_COMMON_NAME, thewhat);
+ 	    GetDnByOID(result->locality_name,
+-		       GNUTLS_OID_X520_LOCALITY_NAME);
++		       GNUTLS_OID_X520_LOCALITY_NAME, thewhat);
+ 	    GetDnByOID(result->state_or_province_name,
+-		       GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
++		       GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, thewhat);
+ 	    GetDnByOID(result->email,
+-		       GNUTLS_OID_PKCS9_EMAIL);
++		       GNUTLS_OID_PKCS9_EMAIL, thewhat);
+ 	    rc = 0;
+ 	}
+ 	gnutls_x509_crt_deinit(xcert);
+@@ -570,7 +576,7 @@
+     X509_NAME *result;
+ 
+     if ((result = typeCalloc(X509_NAME)) != 0) {
+-	if (ExtractCertificate(&cert[1], result) < 0) {
++	if (ExtractCertificate(cert, result, 1) < 0) {
+ 	    free(result);
+ 	    result = 0;
+ 	}
+@@ -586,7 +592,7 @@
+     X509_NAME *result;
+ 
+     if ((result = typeCalloc(X509_NAME)) != 0) {
+-	if (ExtractCertificate(&cert[0], result) < 0) {
++	if (ExtractCertificate(cert, result, 0) < 0) {
+ 	    free(result);
+ 	    result = 0;
+ 	}




Tags added: patch Request was from Thomas Viehmann <tv@beamnet.de> to control@bugs.debian.org. (Fri, 03 Oct 2008 21:43:03 GMT) Full text and rfc822 format available.

Reply sent to Thomas Viehmann <tv@beamnet.de>:
You have taken responsibility. (Fri, 03 Oct 2008 22:00:46 GMT) Full text and rfc822 format available.

Notification sent to Kurt Roeckx <kurt@roeckx.be>:
Bug acknowledged by developer. (Fri, 03 Oct 2008 22:00:47 GMT) Full text and rfc822 format available.

Message #99 received at 499945-close@bugs.debian.org (full text, mbox):

From: Thomas Viehmann <tv@beamnet.de>
To: 499945-close@bugs.debian.org
Subject: Bug#499945: fixed in lynx-cur 2.8.7dev10-2.1
Date: Fri, 03 Oct 2008 21:47:05 +0000
Source: lynx-cur
Source-Version: 2.8.7dev10-2.1

We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive:

lynx-cur-wrapper_2.8.7dev10-2.1_all.deb
  to pool/main/l/lynx-cur/lynx-cur-wrapper_2.8.7dev10-2.1_all.deb
lynx-cur_2.8.7dev10-2.1.diff.gz
  to pool/main/l/lynx-cur/lynx-cur_2.8.7dev10-2.1.diff.gz
lynx-cur_2.8.7dev10-2.1.dsc
  to pool/main/l/lynx-cur/lynx-cur_2.8.7dev10-2.1.dsc
lynx-cur_2.8.7dev10-2.1_amd64.deb
  to pool/main/l/lynx-cur/lynx-cur_2.8.7dev10-2.1_amd64.deb
lynx_2.8.7dev10-2.1_all.deb
  to pool/main/l/lynx-cur/lynx_2.8.7dev10-2.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 499945@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Viehmann <tv@beamnet.de> (supplier of updated lynx-cur package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 03 Oct 2008 23:24:41 +0200
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all amd64
Version: 2.8.7dev10-2.1
Distribution: unstable
Urgency: medium
Maintainer: Atsuhito KOHDA <kohda@debian.org>
Changed-By: Thomas Viehmann <tv@beamnet.de>
Description: 
 lynx       - Text-mode WWW Browser (transitional package)
 lynx-cur   - Text-mode WWW Browser with NLS support (development version)
 lynx-cur-wrapper - Wrapper for lynx-cur
Closes: 499945
Changes: 
 lynx-cur (2.8.7dev10-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
     DN of the present certificate and not hope that it is the same as
     taking the subject DN of the "next" certificate which
     may or may not exist. Closes: #499945
     This is debian/patches/patch-3.
Checksums-Sha1: 
 29001eef543479448aa370c5f881354a0f5fa7b8 1209 lynx-cur_2.8.7dev10-2.1.dsc
 d1ced8a5a0d62ffac70626586e39f53582a8ecf3 30441 lynx-cur_2.8.7dev10-2.1.diff.gz
 ae0390d1efac722829a6138672c687c1a7ccfa2c 16560 lynx-cur-wrapper_2.8.7dev10-2.1_all.deb
 8e915a30434b17be6a9bd88b4803f54acbab6830 13994 lynx_2.8.7dev10-2.1_all.deb
 ba5814fb6da6cbc3320eea6985d7b2b3e321788f 2082790 lynx-cur_2.8.7dev10-2.1_amd64.deb
Checksums-Sha256: 
 7c9feccf304e5151ec21f2dc8967da062a95d8d411f4d575b535e255504a9d75 1209 lynx-cur_2.8.7dev10-2.1.dsc
 6cb84cbf3b224d48ab33e4b98866d1afbe23d22bcae238a8e7d1f71d7afb760f 30441 lynx-cur_2.8.7dev10-2.1.diff.gz
 db3d715d6f0aeb3f8c70b1f11be7a0a5abbec26034ab1d40773d1cb1f4f09cd5 16560 lynx-cur-wrapper_2.8.7dev10-2.1_all.deb
 b1179f588320ab02347104606d0d92ec032adf359de5ef3490813dea463913b5 13994 lynx_2.8.7dev10-2.1_all.deb
 f71acb8cc81b840446f0e8a8a3399d1a3c9031c1537cad5571a476c7c4d1c091 2082790 lynx-cur_2.8.7dev10-2.1_amd64.deb
Files: 
 3795f08e874eda9f1cfa996b012c0961 1209 web extra lynx-cur_2.8.7dev10-2.1.dsc
 2a8cdf3cb2eac44c8ef1a9bef37ee37f 30441 web extra lynx-cur_2.8.7dev10-2.1.diff.gz
 5abc7bc121d14b0a32c6f91b19feed23 16560 web extra lynx-cur-wrapper_2.8.7dev10-2.1_all.deb
 3bd37fa2c5d2a4b74dbbe933d316cdc9 13994 web extra lynx_2.8.7dev10-2.1_all.deb
 d74fdcc536bb94f00ff3d1162711d71e 2082790 web extra lynx-cur_2.8.7dev10-2.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjmj6IACgkQriZpaaIa1PnoXQCfUhCdpYFwCJ4qQ4y2iOCncyig
774AoJN2YZgyjWsJNe4Q49+emxHXAIdl
=ug+K
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#499945; Package lynx-cur. (Mon, 13 Oct 2008 17:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Mon, 13 Oct 2008 17:42:05 GMT) Full text and rfc822 format available.

Message #104 received at 499945@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: 499945@bugs.debian.org
Cc: Thomas Viehmann <tv@beamnet.de>
Subject: Re: lynx-cur: Segfault in asn1_get_tag_der().
Date: Mon, 13 Oct 2008 19:40:52 +0200
Hi

Please upload a targeted fix for this bug to testing-proposed-updates as
the current version in unstable has a too large diff compared to the
version in testing.

Thanks already.

Cheers

Luk




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#499945; Package lynx-cur. (Mon, 13 Oct 2008 22:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Viehmann <tv@beamnet.de>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Mon, 13 Oct 2008 22:33:03 GMT) Full text and rfc822 format available.

Message #109 received at 499945@bugs.debian.org (full text, mbox):

From: Thomas Viehmann <tv@beamnet.de>
To: Luk Claes <luk@debian.org>
Cc: 499945@bugs.debian.org
Subject: Re: lynx-cur: Segfault in asn1_get_tag_der().
Date: Tue, 14 Oct 2008 00:30:50 +0200
[Message part 1 (text/plain, inline)]
Hi,

Luk Claes wrote:
> Please upload a targeted fix for this bug to testing-proposed-updates as
> the current version in unstable has a too large diff compared to the
> version in testing.
uploaded, enjoy.

Kind regards

T.
-- 
Thomas Viehmann, http://thomas.viehmann.net/
[lynx-tpu.diff (text/x-patch, inline)]
diff -u lynx-cur-2.8.7dev9/debian/changelog lynx-cur-2.8.7dev9/debian/changelog
--- lynx-cur-2.8.7dev9/debian/changelog
+++ lynx-cur-2.8.7dev9/debian/changelog
@@ -1,3 +1,15 @@
+lynx-cur (2.8.7dev9-2.1) testing; urgency=medium
+
+  * Non-maintainer upload for testing, identical to the the
+    unstable 2.8.7dev9-2.1 one.
+  * fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
+    DN of the present certificate and not hope that it is the same as
+    taking the subject DN of the "next" certificate which
+    may or may not exist. Closes: #499945
+    This is debian/patches/patch-3.
+
+ -- Thomas Viehmann <tv@beamnet.de>  Mon, 13 Oct 2008 23:24:41 +0200
+
 lynx-cur (2.8.7dev9-2) unstable; urgency=low
 
   * Andreas' efforts keep this package in Debian.  Thanks Andreas Metzler.
diff -u lynx-cur-2.8.7dev9/debian/patches/00list lynx-cur-2.8.7dev9/debian/patches/00list
--- lynx-cur-2.8.7dev9/debian/patches/00list
+++ lynx-cur-2.8.7dev9/debian/patches/00list
@@ -2,0 +3 @@
+patch-3
only in patch2:
unchanged:
--- lynx-cur-2.8.7dev9.orig/debian/patches/patch-3
+++ lynx-cur-2.8.7dev9/debian/patches/patch-3
@@ -0,0 +1,97 @@
+#! /bin/sh -e
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix src/tidy_tls.c X509_get_issuer_name to actually take the
+## DP: issuer DN of the present certificate and not hope that it is
+## DP: the same as taking the subject DN of the "next" certificate
+## DP: which may or may not exist. Debian Bug #499945 has details.
+
+if [ $# -ne 1 ]; then
+    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+    exit 1
+fi
+case "$1" in
+	-patch) patch -f --no-backup-if-mismatch --dry-run -p0 < $0 && patch -f --no-backup-if-mismatch -p0 < $0;;
+	-unpatch) patch -f --no-backup-if-mismatch -R -p0 < $0;;
+	*)
+		echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+		exit 1;;
+esac
+exit 0
+
+@DPATCH@
+--- src/tidy_tls.c~
++++ src/tidy_tls.c
+@@ -1,6 +1,7 @@
+ /*
+  * $LynxId: tidy_tls.c,v 1.1 2008/04/27 22:49:52 tom Exp $
+  * Copyright 2008, Thomas E. Dickey
++ * with fix Copyright 2008 by Thomas Viehmann
+  *
+  * Required libraries:
+  *	libgnutls
+@@ -17,11 +18,16 @@
+ 
+ static int last_error = 0;
+ 
+-#define GetDnByOID(target, oid) \
++// ugly, but hey, we could just use a more sane api, too
++#define GetDnByOID(target, oid, thewhat) \
+ 		len = sizeof(target); \
+-		gnutls_x509_crt_get_dn_by_oid(xcert, oid, 0, 0, target, &len)
++                if (! thewhat) \
++		  gnutls_x509_crt_get_dn_by_oid(xcert, oid, 0, 0, target, &len); \
++                else \
++                  gnutls_x509_crt_get_issuer_dn_by_oid(xcert, oid, 0, 0, target, &len)
+ 
+-static int ExtractCertificate(const gnutls_datum_t * cert, X509_NAME * result)
++// thewhat: which DN to get 0 = subject, 1 = issuer
++static int ExtractCertificate(const gnutls_datum_t * cert, X509_NAME * result, int thewhat)
+ {
+     gnutls_x509_crt_t xcert;
+     int rc;
+@@ -30,19 +36,19 @@
+     if ((rc = gnutls_x509_crt_init(&xcert)) >= 0) {
+ 	if ((rc = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER)) >= 0) {
+ 	    GetDnByOID(result->country,
+-		       GNUTLS_OID_X520_COUNTRY_NAME);
++		       GNUTLS_OID_X520_COUNTRY_NAME, thewhat);
+ 	    GetDnByOID(result->organization,
+-		       GNUTLS_OID_X520_ORGANIZATION_NAME);
++		       GNUTLS_OID_X520_ORGANIZATION_NAME, thewhat);
+ 	    GetDnByOID(result->organizational_unit_name,
+-		       GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
++		       GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, thewhat);
+ 	    GetDnByOID(result->common_name,
+-		       GNUTLS_OID_X520_COMMON_NAME);
++		       GNUTLS_OID_X520_COMMON_NAME, thewhat);
+ 	    GetDnByOID(result->locality_name,
+-		       GNUTLS_OID_X520_LOCALITY_NAME);
++		       GNUTLS_OID_X520_LOCALITY_NAME, thewhat);
+ 	    GetDnByOID(result->state_or_province_name,
+-		       GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
++		       GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, thewhat);
+ 	    GetDnByOID(result->email,
+-		       GNUTLS_OID_PKCS9_EMAIL);
++		       GNUTLS_OID_PKCS9_EMAIL, thewhat);
+ 	    rc = 0;
+ 	}
+ 	gnutls_x509_crt_deinit(xcert);
+@@ -570,7 +576,7 @@
+     X509_NAME *result;
+ 
+     if ((result = typeCalloc(X509_NAME)) != 0) {
+-	if (ExtractCertificate(&cert[1], result) < 0) {
++	if (ExtractCertificate(cert, result, 1) < 0) {
+ 	    free(result);
+ 	    result = 0;
+ 	}
+@@ -586,7 +592,7 @@
+     X509_NAME *result;
+ 
+     if ((result = typeCalloc(X509_NAME)) != 0) {
+-	if (ExtractCertificate(&cert[0], result) < 0) {
++	if (ExtractCertificate(cert, result, 0) < 0) {
+ 	    free(result);
+ 	    result = 0;
+ 	}

Reply sent to Thomas Viehmann <tv@beamnet.de>:
You have taken responsibility. (Mon, 13 Oct 2008 23:00:11 GMT) Full text and rfc822 format available.

Notification sent to Kurt Roeckx <kurt@roeckx.be>:
Bug acknowledged by developer. (Mon, 13 Oct 2008 23:00:12 GMT) Full text and rfc822 format available.

Message #114 received at 499945-close@bugs.debian.org (full text, mbox):

From: Thomas Viehmann <tv@beamnet.de>
To: 499945-close@bugs.debian.org
Subject: Bug#499945: fixed in lynx-cur 2.8.7dev9-2.1
Date: Mon, 13 Oct 2008 22:32:13 +0000
Source: lynx-cur
Source-Version: 2.8.7dev9-2.1

We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive:

lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
  to pool/main/l/lynx-cur/lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
lynx-cur_2.8.7dev9-2.1.diff.gz
  to pool/main/l/lynx-cur/lynx-cur_2.8.7dev9-2.1.diff.gz
lynx-cur_2.8.7dev9-2.1.dsc
  to pool/main/l/lynx-cur/lynx-cur_2.8.7dev9-2.1.dsc
lynx-cur_2.8.7dev9-2.1_amd64.deb
  to pool/main/l/lynx-cur/lynx-cur_2.8.7dev9-2.1_amd64.deb
lynx_2.8.7dev9-2.1_all.deb
  to pool/main/l/lynx-cur/lynx_2.8.7dev9-2.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 499945@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Viehmann <tv@beamnet.de> (supplier of updated lynx-cur package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 13 Oct 2008 23:24:41 +0200
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all amd64
Version: 2.8.7dev9-2.1
Distribution: testing
Urgency: medium
Maintainer: Atsuhito KOHDA <kohda@debian.org>
Changed-By: Thomas Viehmann <tv@beamnet.de>
Description: 
 lynx       - Text-mode WWW Browser (transitional package)
 lynx-cur   - Text-mode WWW Browser with NLS support (development version)
 lynx-cur-wrapper - Wrapper for lynx-cur
Closes: 499945
Changes: 
 lynx-cur (2.8.7dev9-2.1) testing; urgency=medium
 .
   * Non-maintainer upload for testing, identical to the the
     unstable 2.8.7dev9-2.1 one.
   * fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
     DN of the present certificate and not hope that it is the same as
     taking the subject DN of the "next" certificate which
     may or may not exist. Closes: #499945
     This is debian/patches/patch-3.
Checksums-Sha1: 
 9a12a932f0fdbf1dd933742cc16f04e76ff4f3f3 1202 lynx-cur_2.8.7dev9-2.1.dsc
 a816d2f6ea89720a7df4da9fd64984eec4a0646f 29958 lynx-cur_2.8.7dev9-2.1.diff.gz
 18a832089f09cb5b087c2e889531c7d7ac05beef 16274 lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
 830a0097d75d1d87349a1a633a3dd3b5654f0f1f 13796 lynx_2.8.7dev9-2.1_all.deb
 f3dc78007f358a57e04f51a330cdbd9ef383b823 2080540 lynx-cur_2.8.7dev9-2.1_amd64.deb
Checksums-Sha256: 
 08bd00223990284d8cd2ebe978b2fc8c667b9911364b14997dab56f3e337ddb9 1202 lynx-cur_2.8.7dev9-2.1.dsc
 f0ecbddfa7330e73d6910772c0bc81ff15b3fcf47af7e00bae596edee9540a9d 29958 lynx-cur_2.8.7dev9-2.1.diff.gz
 1e211b0631eb76814b2ba56026e3fc9b998094b60c85cb84d16628eb94d5e1c5 16274 lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
 5ee573683de3d4d4d81348203bdba25609e24332c254bdea2679ed122c3834c7 13796 lynx_2.8.7dev9-2.1_all.deb
 93c3cf475258796d75338637f9906d51dbb9f9d71a12c94f02479c274719df3f 2080540 lynx-cur_2.8.7dev9-2.1_amd64.deb
Files: 
 0ecd4f4cf3bedebd34f88d33efb52c68 1202 web extra lynx-cur_2.8.7dev9-2.1.dsc
 266df63e134b14c07f912e2023acbf7e 29958 web extra lynx-cur_2.8.7dev9-2.1.diff.gz
 5aa3f250031a9011150a9a621b6329b3 16274 web extra lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
 78704d733fb186da27f3e66b940aa335 13796 web extra lynx_2.8.7dev9-2.1_all.deb
 556f411a62b9d8d20e283086796707ca 2080540 web extra lynx-cur_2.8.7dev9-2.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjzy1gACgkQriZpaaIa1PmZXwCgxiXaqDNmFvX2RpIscYQZXLr6
etAAn3OsMW7mtfj/ANxu1FvFlYoa0VDA
=myfg
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 30 Nov 2008 08:03:38 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 16:57:21 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.