Bug 1442824

Summary: Upgrade of GnuTLS seems to break svn
Product: Red Hat Enterprise Linux 6 Reporter: Brian Hinz <bphinz>
Component: gnutlsAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED ERRATA QA Contact: Stefan Dordevic <sdordevi>
Severity: high Docs Contact:
Priority: high    
Version: 6.9CC: bphinz, cww, jkurik, jorton, mmezynsk, mthacker, nmavrogi, sdordevi, szidek
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: gnutls-2.12.23-22.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-19 05:11:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1374441, 1461138, 1507541, 1516695    

Description Brian Hinz 2017-04-17 16:57:28 UTC 
Description of problem:

After upgrading from EL6.8 to 6.9, subversion client segfaults on all operations (backend server transport is https).  The following appears in the output of dmesg:

svn[4298]: segfault at 0 ip 00007fca8724ef78 sp 00007fffea738f10 error 4 in libgnutls.so.26.22.6[7fca8720d000+a9000]

After running 'yum downgrade gnutls gnutls-devel gnutls-utils' svn client works again

Version-Release number of selected component (if applicable):
subversion-1.6.11-15.el6_7
gnutls-2.12.23-21

How reproducible:
100%

Steps to Reproduce:
1. svn ls https://my.svn.server/my_repo


Actual results:
Segmentation fault

Expected results:
Repository contents listed

Additional info:
Downgrading gnutls to 2.8.5 allows subversion to work again
Comment 2 Joe Orton 2017-04-18 08:57:07 UTC 
Brian, can you please open a support ticket for this? 

I can't immediately reproduce.

$ svn ls https://svn.apache.org/repos/asf/httpd/httpd/trunk/
$ rpm -q subversion gnutls neon
subversion-1.6.11-15.el6_7.x86_64
gnutls-2.12.23-21.el6.x86_64
neon-0.29.3-3.el6_4.x86_64

Can you capture a backtrace?

$ sudo debuginfo-install subversion neon gnutls
$ gdb svn ls ...
(gdb) run
...
(gdb) bt
Comment 3 Brian Hinz 2017-04-18 16:39:34 UTC 
I will get the backtrace exported and uploaded ASAP (maybe today but probably won't be until tomorrow).  Until then, the backtrace indicates that the problem is in gnutls_privkey_get_pk_algorithm at gnutls_privkey.c:88.

Additionally, I did some poking around and realized that so far all of my affected users are using ssl-pkcs11-provider in their ~/.subversion/servers file (ie: PKI certificate resides on a smartcard device).  I have not yet located one of our users that has PKCS12 to confirm whether or not the problem is specific to PKCS11.
Comment 4 Joe Orton 2017-04-18 17:31:13 UTC 
Thanks, that's helpful.

Running the neon test suite against RHEL6 and running the PKCS#11 tests, gnutls also segfaults as follows:

#0  gnutls_privkey_get_pk_algorithm (key=0x0, bits=0x0) at gnutls_privkey.c:88
#1  0x00000039dfc35bf1 in sign_tls_hash (session=0xfd8ab0, hash_algo=GNUTLS_DIG_SHA256, cert=0xfd1930, 
    pkey=<value optimized out>, hash_concat=0x7ffde2170250, signature=0x7ffde2170370) at gnutls_sig.c:248
#2  0x00000039dfc3608a in _gnutls_handshake_sign_cert_vrfy12 (session=0xfd8ab0, cert=0xfd1930, pkey=0x0, 
    signature=0x7ffde2170370) at gnutls_sig.c:646
#3  _gnutls_handshake_sign_cert_vrfy (session=0xfd8ab0, cert=0xfd1930, pkey=0x0, signature=0x7ffde2170370) at gnutls_sig.c:680
#4  0x00000039dfc328bc in _gnutls_gen_cert_client_cert_vrfy (session=0xfd8ab0, data=0x7ffde21703e8) at auth_cert.c:1548
#5  0x00000039dfc24417 in _gnutls_send_client_certificate_verify (session=0xfd8ab0, again=<value optimized out>)
    at gnutls_kx.c:331
#6  0x00000039dfc20cf5 in _gnutls_handshake_client (session=0xfd8ab0) at gnutls_handshake.c:2843
#7  0x00000039dfc21bb8 in gnutls_handshake (session=0xfd8ab0) at gnutls_handshake.c:2678
#8  0x00007f348b1bb531 in ne_sock_connect_ssl (sock=0xfd79a0, ctx=0xf7c310, userdata=<value optimized out>) at ne_socket.c:1794
#9  0x00007f348b1c75df in ne__negotiate_ssl (sess=0xf75940) at ne_gnutls.c:923
Comment 5 Brian Hinz 2017-04-18 17:36:55 UTC 
Yeah, that backtrace looks identical so I won't bother attaching mine.  I'll ask our local RH support to open a ticket.
Comment 11 Nikos Mavrogiannopoulos 2017-04-21 06:08:24 UTC 
Hi Brian,
 Would you like to check whether the patch at:
https://people.redhat.com/nmavrogi/redhat/

resolves the issue?
Comment 13 Brian Hinz 2017-04-24 15:33:21 UTC 
Hi Nikos,

I was unable to get the patched RPMs on Friday and am getting them imported and will test today.

Thanks,
-brian
Comment 14 Nikos Mavrogiannopoulos 2017-04-24 16:02:04 UTC 
Thank you. If that works for you, please make sure you create a support ticket referencing this bug.
Comment 15 Brian Hinz 2017-04-24 18:21:53 UTC 
Nikos,

Thanks for the fast turn around.  Those RPMs do indeed seem to resolve the issue.  I did ask our local RH support personnel to create a support ticket.

Thanks,
-brian
Comment 28 errata-xmlrpc 2018-06-19 05:11:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1868