Bug 999822 - p11-kit segfaults in lexer, breaks SSL in ALL PROGRAMS
Summary: p11-kit segfaults in lexer, breaks SSL in ALL PROGRAMS
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: p11-kit
Version: 19
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Stef Walter
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-22 08:24 UTC by Rudd-O DragonFear
Modified: 2013-08-26 08:32 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-26 08:04:08 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Fix for readdir brokenness (886 bytes, patch)
2013-08-25 11:26 UTC, Rudd-O DragonFear
no flags Details | Diff
New specfile (6.89 KB, text/x-rpm-spec)
2013-08-25 11:28 UTC, Rudd-O DragonFear
no flags Details


Links
System ID Private Priority Status Summary Last Updated
FreeDesktop.org 68525 0 None None None Never

Description Rudd-O DragonFear 2013-08-22 08:24:30 UTC
Description of problem:

~/Projects/Mine/RPM/tmp/SPECS α:
/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/pem/objsign-ca-bundle.pem
p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/.
Segmentation fault (core dumped)

0 <- /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/pem/objsign-ca-bundle.pem
~/Projects/Mine/RPM/tmp/SPECS α:
gdb /usr/bin/p11-kit
GNU gdb (GDB) Fedora (7.6-34.fc19)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/p11-kit...Reading symbols from /usr/bin/p11-kit...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Missing separate debuginfos, use: debuginfo-install p11-kit-0.18.5-1.fc19.i686 p11-kit-0.18.5-1.fc19.x86_64
(gdb) set args extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/pem/objsign-ca-bundle.pem
(gdb) run
Starting program: /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/pem/objsign-ca-bundle.pem
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bceeb2 in p11_lexer_next () from /lib64/libp11-kit.so.0
(gdb) bt
#0  0x00007ffff7bceeb2 in p11_lexer_next () from /lib64/libp11-kit.so.0
#1  0x00007ffff7bc0d94 in _p11_conf_parse_file () from /lib64/libp11-kit.so.0
#2  0x00007ffff7bc116a in load_configs_from_directory () from /lib64/libp11-kit.so.0
#3  0x00007ffff7bc1740 in _p11_conf_load_modules () from /lib64/libp11-kit.so.0
#4  0x00007ffff7bc385c in _p11_kit_initialize_registered_unlocked_reentrant ()
   from /lib64/libp11-kit.so.0
#5  0x00007ffff7bc3efd in p11_kit_initialize_registered () from /lib64/libp11-kit.so.0
#6  0x0000000000404439 in p11_tool_extract ()
#7  0x0000000000402ca7 in main ()


Config files:

~/Projects/Mine/RPM/tmp/SPECS α:
ls -la /usr/share/p11-kit/modules/*
-rw-r--r-- 1 root root 293 May  5 02:01 /usr/share/p11-kit/modules/gnome-keyring.module
-rw-r--r-- 1 root root 693 Jul 18 06:02 /usr/share/p11-kit/modules/p11-kit-trust.module

0 <- ls -la /usr/share/p11-kit/modules/*
~/Projects/Mine/RPM/tmp/SPECS α:
cat /usr/share/p11-kit/modules/*

# The file is installed/loaded from the default module p11-kit directory
module: gnome-keyring-pkcs11.so

# And where to store and lookup trust objects
x-trust-store: pkcs11:library-manufacturer=GNOME%20Keyring;serial=1:XDG:DEFAULT
x-trust-lookup: pkcs11:library-manufacturer=GNOME%20Keyring
# See pkcs11.conf(5) to understand this file

# This is a module config for the 'included' p11-kit trust module
module: p11-kit-trust.so

# This setting affects the order that trust policy and other information
# is looked up when going across various modules. Other trust policy modules
# need to specify the priority where they slot into things.
priority: 1

# Mark this module as a viable source of trust policy information
trust-policy: yes

# This is for drop-in compatibilty with glib-networking and gcr. Those
# projects used this non-standard attribute to denote slots to use to
# retrieve trust information.
x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module

Comment 1 Rudd-O DragonFear 2013-08-22 08:26:40 UTC
Removing the module files makes no change.

There is nothing in /etc/pkcs11/modules.

How can this very untested and immature software ship in such a way that it breaks everything across the distro?

Comment 2 Rudd-O DragonFear 2013-08-22 08:30:52 UTC
Downgrading to the version shipping in the base distro repos rather than the upgrades gives me a different error:

p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/.
p11-kit: couldn't read config file: /etc/pkcs11/modules/.
p11-kit: couldn't initialize registered modules: Internal error
p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/.
p11-kit: couldn't read config file: /etc/pkcs11/modules/.
p11-kit: couldn't initialize registered modules: Internal error
p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/.
p11-kit: couldn't read config file: /etc/pkcs11/modules/.
p11-kit: couldn't initialize registered modules: Internal error
p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/.
p11-kit: couldn't read config file: /etc/pkcs11/modules/.
p11-kit: couldn't initialize registered modules: Internal error
p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/.
p11-kit: couldn't read config file: /etc/pkcs11/modules/.
p11-kit: couldn't initialize registered modules: Internal error

Comment 3 Rudd-O DragonFear 2013-08-22 08:31:38 UTC
Just in case you were wondering why you haven't received any ABRT reports about this grave bug:

ABRT ITSELF IS BROKEN because of this.

Comment 4 Kai Engert (:kaie) (inactive account) 2013-08-22 10:32:35 UTC
It's strange that p11-kit attempts to load a file of filename '.' (dot).
The code appears to check for the type, and skips directories.

Please run
  find /etc/pkcs11/modules/

Does it show anything in addition to /etc/pkcs11/modules/ ?


I cannot think of a reason why it would happen, but it sounds like the code attempts to process the directory entry '.' as a file. Maybe the code to distinguish a file and a directory fails?


Can you find a way to reinstall the latest p11-kit and also please install the debuginfo package for p11-kit?

Can you try to set breakpoings and step through?

(gdb) break load_configs_from_directory
(gdb) r

Once there, set another breakpoint on the following line:
  if (!is_dir && !load_config_from_file (path, dp->d_name, configs, flags)) {
which is 429 in the latest package.

(gdb) break 429
(gdb) c

Each time you stop there, please 
(gdb) print is_dir
(gdb) print dp->d_name
(gdb) print path

What output do you get?

Comment 5 Kai Engert (:kaie) (inactive account) 2013-08-22 10:34:42 UTC
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff7bceeb2 in p11_lexer_next () from /lib64/libp11-kit.so.0
> (gdb) bt
> #0  0x00007ffff7bceeb2 in p11_lexer_next () from /lib64/libp11-kit.so.0
> #1  0x00007ffff7bc0d94 in _p11_conf_parse_file () from /lib64/libp11-kit.so.0
> #2  0x00007ffff7bc116a in load_configs_from_directory () from /lib64/libp11-kit.so.0


This stack is unexpected.

load_configs_from_directory doesn't call _p11_conf_parse_file directly, we should see another stack entry in between.

Comment 6 Rudd-O DragonFear 2013-08-24 06:06:53 UTC
find /etc/pkcs11/modules/
/etc/pkcs11/modules/

Comment 7 Rudd-O DragonFear 2013-08-25 10:39:47 UTC
This program is totally retarded.  Look at the file name parameter in frame 2:

gdb /usr/bin/p11-kit
GNU gdb (GDB) Fedora (7.6-34.fc19)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/p11-kit...Reading symbols from /usr/lib/debug/usr/bin/p11-kit.debug...done.
done.
(gdb) set args extract --format=openssl-bundle --filter=certificates --overwrite /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
(gdb) run
Starting program: /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bceeb2 in p11_lexer_next (lexer=lexer@entry=0x7fffffffdbf0, failed=failed@entry=0x7fffffffdbdf)
    at lexer.c:113
113                     if (strncmp (lexer->at, "-----BEGIN ", 11) == 0) {
(gdb) info locals
colon = <optimized out>
value = <optimized out>
line = <optimized out>
end = <optimized out>
pos = <optimized out>
part = <optimized out>
__func__ = "p11_lexer_next"
__PRETTY_FUNCTION__ = "p11_lexer_next"
(gdb) f 1
#1  0x00007ffff7bc0d94 in _p11_conf_parse_file (filename=filename@entry=0x61d290 "/etc/pkcs11/modules/.", 
    flags=flags@entry=1) at conf.c:136
136             while (p11_lexer_next (&lexer, &failed)) {
(gdb) info locals
map = 0x637bc0
data = 0xffffffffffffffff
lexer = {filename = 0x61d4a0 "/etc/pkcs11/modules/.", 
  at = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, remaining = 2, complained = 0, 
  tok_type = 0, tok = {section = {name = 0x0}, field = {name = 0x0, value = 0x0}, pem = {begin = 0x0, 
      length = 0}}}
failed = false
length = 2
mmap = 0x61d3f0
error = <optimized out>
__PRETTY_FUNCTION__ = "_p11_conf_parse_file"
__func__ = "_p11_conf_parse_file"


Re-tar-ded.

Comment 8 Rudd-O DragonFear 2013-08-25 10:40:48 UTC
Of course, if I remove the empty directory, it DOES NOT MATTER, still retarded:

/usr/bin/update-ca-trust 
p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/.
/usr/bin/update-ca-trust: line 14: 14681 Segmentation fault      (core dumped) /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite $DEST/openssl/ca-bundle.trust.crt
p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/.
/usr/bin/update-ca-trust: line 15: 15011 Segmentation fault      (core dumped) /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem
p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/.
/usr/bin/update-ca-trust: line 16: 15013 Segmentation fault      (core dumped) /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose email $DEST/pem/email-ca-bundle.pem
p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/.
/usr/bin/update-ca-trust: line 17: 15016 Segmentation fault      (core dumped) /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing $DEST/pem/objsign-ca-bundle.pem
p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/.
/usr/bin/update-ca-trust: line 18: 15019 Segmentation fault      (core dumped) /usr/bin/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts

Comment 9 Rudd-O DragonFear 2013-08-25 10:44:30 UTC
Not even the F20 src RPM rebuilt in my system works.  It doesn't even build:

---------------------------------

Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.l6IPs9
+ umask 022
+ cd /home/rudd-o/Projects/Mine/RPM/tmp/BUILD
+ cd p11-kit-0.19.3
+ make check
Making check in build
make[1]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build'
Making check in certs
make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build/certs'
make[2]: Nothing to be done for `check'.
make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build/certs'
make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build'
make[2]: Nothing to be done for `check-am'.
make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build'
make[1]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build'
Making check in common
make[1]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common'
Making check in .
make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common'
make[2]: Nothing to be done for `check-am'.
make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common'
Making check in tests
make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common/tests'
make  check-TESTS
make[3]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common/tests'
1..1
ok 1 /test/success
PASS: test-tests
1..2
ok 1 /compat/strndup
ok 2 /compat/getauxval
PASS: test-compat
1..2
ok 1 /hash/murmur3
ok 2 /hash/murmur3-incr
PASS: test-hash
1..14
ok 1 /dict/create
ok 2 /dict/set-get
ok 3 /dict/set-get-remove
ok 4 /dict/remove-destroys
ok 5 /dict/set-clear
ok 6 /dict/set-destroys
ok 7 /dict/clear-destroys
ok 8 /dict/free-null
ok 9 /dict/free-destroys
ok 10 /dict/iterate
ok 11 /dict/iterate-remove
ok 12 /dict/add-check-lots-and-collisions
ok 13 /dict/count
ok 14 /dict/ulongptr
PASS: test-dict
1..8
ok 1 /array/create
ok 2 /array/add
ok 3 /array/add-remove
ok 4 /array/remove-destroys
ok 5 /array/remove-and-count
ok 6 /array/free-null
ok 7 /array/free-destroys
ok 8 /array/clear-destroys
PASS: test-array
1..11
ok 1 /constants/types
ok 2 /constants/classes
ok 3 /constants/trusts
ok 4 /constants/certs
ok 5 /constants/keys
ok 6 /constants/asserts
ok 7 /constants/categories
ok 8 /constants/mechanisms
ok 9 /constants/users
ok 10 /constants/states
ok 11 /constants/returns
PASS: test-constants
1..27
ok 1 /attrs/equal
ok 2 /attrs/hash
ok 3 /attrs/to-string
ok 4 /attrs/terminator
ok 5 /attrs/count
ok 6 /attrs/build-one
ok 7 /attrs/build-two
ok 8 /attrs/build-invalid
ok 9 /attrs/buildn-one
ok 10 /attrs/buildn-two
ok 11 /attrs/build-add
ok 12 /attrs/build-null
ok 13 /attrs/dup
ok 14 /attrs/take
ok 15 /attrs/merge-replace
ok 16 /attrs/merge-augment
ok 17 /attrs/merge-empty
ok 18 /attrs/free-null
ok 19 /attrs/match
ok 20 /attrs/matchn
ok 21 /attrs/find
ok 22 /attrs/findn
ok 23 /attrs/find-bool
ok 24 /attrs/find-ulong
ok 25 /attrs/find-value
ok 26 /attrs/find-valid
ok 27 /attrs/remove
PASS: test-attrs
1..6
ok 1 /buffer/init-uninit
ok 2 /buffer/init-for-data
ok 3 /buffer/append
ok 4 /buffer/null
ok 5 /buffer/add
ok 6 /buffer/steal
PASS: test-buffer
1..5
ok 1 /url/decode-success
ok 2 /url/decode-skip
ok 3 /url/decode-failure
ok 4 /url/encode
ok 5 /url/encode-verbatim
PASS: test-url
1..7
ok 1 /path/base
ok 2 /path/build
ok 3 /path/expand
ok 4 /path/absolute
ok 5 /path/parent
ok 6 /path/prefix
ok 7 /path/canon
PASS: test-path
1..6
ok 1 /lexer/basic
ok 2 /lexer/corners
ok 3 /lexer/following
ok 4 /lexer/bad-pem
ok 5 /lexer/bad-section
ok 6 /lexer/bad-value
PASS: test-lexer
1..1
p11-kit: Details: value: No such file or directory
ok 1 /message/with-err
PASS: test-message
===================
All 12 tests passed
===================
make[3]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common/tests'
make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common/tests'
make[1]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common'
Making check in p11-kit
make[1]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit'
Making check in .
make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit'
make[2]: Nothing to be done for `check-am'.
make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit'
Making check in tests
make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests'
make  check-TESTS
make[3]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests'
1..2
ok 1 /progname/test_progname_default
ok 2 /progname/test_progname_set
PASS: test-progname
1..1
ok 1 /util/space-strlen
PASS: test-util
1..16
ok 1 /conf/test_parse_conf_1
ok 2 /conf/test_parse_ignore_missing
p11-kit: couldn't open config file: /home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests/files/non-existant.conf: No such file or directory
ok 3 /conf/test_parse_fail_missing
ok 4 /conf/test_merge_defaults
ok 5 /conf/test_load_globals_merge
ok 6 /conf/test_load_globals_no_user
ok 7 /conf/test_load_globals_system_sets_only
ok 8 /conf/test_load_globals_user_sets_only
p11-kit: invalid mode for 'user-config': bad
ok 9 /conf/test_load_globals_system_sets_invalid
p11-kit: invalid mode for 'user-config': bad
ok 10 /conf/test_load_globals_user_sets_invalid
p11-kit: invalid config filename, will be ignored in the future: /home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests/files/user-modules/.
/bin/sh: line 5: 30137 Segmentation fault      (core dumped) ${dir}$tst
FAIL: test-conf
1..40
ok 1 /uri/test_uri_parse
ok 2 /uri/test_uri_parse_bad_scheme
ok 3 /uri/test_uri_parse_with_label
ok 4 /uri/test_uri_parse_with_label_and_klass
ok 5 /uri/test_uri_parse_with_id
ok 6 /uri/test_uri_parse_with_bad_string_encoding
ok 7 /uri/test_uri_parse_with_bad_hex_encoding
ok 8 /uri/test_uri_parse_with_token
ok 9 /uri/test_uri_parse_with_token_bad_encoding
ok 10 /uri/test_uri_parse_with_bad_syntax
ok 11 /uri/test_uri_parse_with_spaces
ok 12 /uri/test_uri_parse_with_library
ok 13 /uri/test_uri_parse_with_library_bad_encoding
ok 14 /uri/test_uri_build_empty
ok 15 /uri/test_uri_build_with_token_info
ok 16 /uri/test_uri_build_with_token_null_info
ok 17 /uri/test_uri_build_with_token_empty_info
ok 18 /uri/test_uri_build_with_attributes
ok 19 /uri/test_uri_parse_private_key
ok 20 /uri/test_uri_parse_secret_key
ok 21 /uri/test_uri_parse_library_version
ok 22 /uri/test_uri_parse_parse_unknown_object_type
ok 23 /uri/test_uri_parse_unrecognized
ok 24 /uri/test_uri_parse_too_long_is_unrecognized
ok 25 /uri/test_uri_build_object_type_cert
ok 26 /uri/test_uri_build_object_type_private
ok 27 /uri/test_uri_build_object_type_public
ok 28 /uri/test_uri_build_object_type_secret
ok 29 /uri/test_uri_build_with_library
ok 30 /uri/test_uri_build_library_version
ok 31 /uri/test_uri_get_set_unrecognized
ok 32 /uri/test_uri_match_token
ok 33 /uri/test_uri_match_module
ok 34 /uri/test_uri_match_version
ok 35 /uri/test_uri_match_attributes
ok 36 /uri/test_uri_get_set_attribute
ok 37 /uri/test_uri_get_set_attributes
ok 38 /uri/test_uri_pin_source
ok 39 /uri/test_uri_free_null
ok 40 /uri/test_uri_message
PASS: test-uri
1..8
ok 1 /pin/test_pin_register_unregister
ok 2 /pin/test_pin_read
ok 3 /pin/test_pin_read_no_match
ok 4 /pin/test_pin_register_duplicate
ok 5 /pin/test_pin_register_fallback
ok 6 /pin/test_pin_file
ok 7 /pin/test_pin_file_large
ok 8 /pin/test_pin_ref_unref
PASS: test-pin
1..7
ok 1 /init/test_recursive_initialization
ok 2 /init/test_threaded_initialization
ok 3 /init/test_mutexes
ok 4 /init/test_load_and_initialize
ok 5 /init/test_fork_initialization
ok 6 /init/test_initalize_fail
ok 7 /init/test_finalize_fail
PASS: test-init
1..10
/bin/sh: line 5: 30155 Segmentation fault      (core dumped) ${dir}$tst
FAIL: test-modules
1..9
/bin/sh: line 5: 30163 Segmentation fault      (core dumped) ${dir}$tst
FAIL: test-deprecated
1..43
/bin/sh: line 5: 30169 Segmentation fault      (core dumped) ${dir}$tst
FAIL: test-proxy
1..27
/bin/sh: line 5: 30177 Segmentation fault      (core dumped) ${dir}$tst
FAIL: test-iter
1..3
ok 1 /virtual/test_initialize
ok 2 /virtual/test_fall_through
ok 3 /virtual/test_get_function_list
PASS: test-virtual
1..44
ok 1 /managed/test_initialize_finalize
ok 2 /managed/test_initialize_fail
ok 3 /managed/test_separate_close_all_sessions
ok 4 /managed/test_get_info
ok 5 /managed/test_get_slot_list
ok 6 /managed/test_get_slot_info
ok 7 /managed/test_get_token_info
ok 8 /managed/test_get_mechanism_list
ok 9 /managed/test_get_mechanism_info
ok 10 /managed/test_init_token
ok 11 /managed/test_wait_for_slot_event
ok 12 /managed/test_open_close_session
ok 13 /managed/test_close_all_sessions
ok 14 /managed/test_get_function_status
ok 15 /managed/test_cancel_function
ok 16 /managed/test_get_session_info
ok 17 /managed/test_init_pin
ok 18 /managed/test_set_pin
ok 19 /managed/test_operation_state
ok 20 /managed/test_login_logout
ok 21 /managed/test_get_attribute_value
ok 22 /managed/test_set_attribute_value
ok 23 /managed/test_create_object
ok 24 /managed/test_copy_object
ok 25 /managed/test_destroy_object
ok 26 /managed/test_get_object_size
ok 27 /managed/test_find_objects
ok 28 /managed/test_encrypt
ok 29 /managed/test_decrypt
ok 30 /managed/test_digest
ok 31 /managed/test_sign
ok 32 /managed/test_sign_recover
ok 33 /managed/test_verify
ok 34 /managed/test_verify_recover
ok 35 /managed/test_digest_encrypt
ok 36 /managed/test_decrypt_digest
ok 37 /managed/test_sign_encrypt
ok 38 /managed/test_decrypt_verify
ok 39 /managed/test_generate_key
ok 40 /managed/test_generate_key_pair
ok 41 /managed/test_wrap_key
ok 42 /managed/test_unwrap_key
ok 43 /managed/test_derive_key
ok 44 /managed/test_random
PASS: test-managed
1..41
ok 1 /log/test_get_info
ok 2 /log/test_get_slot_list
ok 3 /log/test_get_slot_info
ok 4 /log/test_get_token_info
ok 5 /log/test_get_mechanism_list
ok 6 /log/test_get_mechanism_info
ok 7 /log/test_init_token
ok 8 /log/test_wait_for_slot_event
ok 9 /log/test_open_close_session
ok 10 /log/test_close_all_sessions
ok 11 /log/test_get_function_status
ok 12 /log/test_cancel_function
ok 13 /log/test_get_session_info
ok 14 /log/test_init_pin
ok 15 /log/test_set_pin
ok 16 /log/test_operation_state
ok 17 /log/test_login_logout
ok 18 /log/test_get_attribute_value
ok 19 /log/test_set_attribute_value
ok 20 /log/test_create_object
ok 21 /log/test_copy_object
ok 22 /log/test_destroy_object
ok 23 /log/test_get_object_size
ok 24 /log/test_find_objects
ok 25 /log/test_encrypt
ok 26 /log/test_decrypt
ok 27 /log/test_digest
ok 28 /log/test_sign
ok 29 /log/test_sign_recover
ok 30 /log/test_verify
ok 31 /log/test_verify_recover
ok 32 /log/test_digest_encrypt
ok 33 /log/test_decrypt_digest
ok 34 /log/test_sign_encrypt
ok 35 /log/test_decrypt_verify
ok 36 /log/test_generate_key
ok 37 /log/test_generate_key_pair
ok 38 /log/test_wrap_key
ok 39 /log/test_unwrap_key
ok 40 /log/test_derive_key
ok 41 /log/test_random
PASS: test-log
============================================================================
5 of 13 tests failed
Please report to https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue
============================================================================
make[3]: *** [check-TESTS] Error 1
make[3]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests'
make[2]: *** [check-am] Error 2
make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit'
make: *** [check-recursive] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.l6IPs9 (%check)


RPM build errors:
    user mockbuild does not exist - using root
    group mockbuild does not exist - using root
    user mockbuild does not exist - using root
    group mockbuild does not exist - using root
    user mockbuild does not exist - using root
    group mockbuild does not exist - using root
    Bad exit status from /var/tmp/rpm-tmp.l6IPs9 (%check)

------------------------------

I guess it won't run on any file system other than ext4?

Comment 10 Rudd-O DragonFear 2013-08-25 10:47:27 UTC
Upstreamed: https://bugs.freedesktop.org/show_bug.cgi?id=68525

Comment 11 Kai Engert (:kaie) (inactive account) 2013-08-25 10:48:33 UTC
> #1  0x00007ffff7bc0d94 in _p11_conf_parse_file 
> (filename=filename@entry=0x61d290 "/etc/pkcs11/modules/.", 
>    flags=flags@entry=1) at conf.c:136


As I said, on your system the code attempts to interpret the directory
  "/etc/pkcs11/modules/."
as a file.

That indicates something went wrong on your system when scanning for files. 

Can you please do the second half of comment 4?

I don't think we have a general problem. I think something is messed up on your particular system, and we need to find out what and why.

Comment 12 Rudd-O DragonFear 2013-08-25 11:13:26 UTC
~/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3 α:
uname -r
3.10.7-200.fc19.x86_64

Comment 13 Rudd-O DragonFear 2013-08-25 11:15:21 UTC
My system is fine, I traced everything that you requested in upstream ( https://bugs.freedesktop.org/show_bug.cgi?id=68525 ) .

The problem is simply that readdir() is not returning valid d_type values for directory entries like ".", and this is both true for tmpfs and for ZFS at least.  That code is an optimization to avoid stat() which should be removed until the cause for the regression in readdir() is tracked down.

Comment 14 Rudd-O DragonFear 2013-08-25 11:17:07 UTC
Look, here is the problem:

 Currently, only some file systems (among them: Btrfs, ext2, ext3, and
       ext4) have full support for returning the file type in d_type.  All
       applications must properly handle a return of DT_UNKNOWN.


Straight from the readdir() man page.

In the process of optimizing the program to avoid some stat calls, the authors made it broken in every system that is not running these file systems.

PLEASE, can you disable the HAVE_STRUCT_DIRENT_D_TYPE define during the build?

Comment 15 Rudd-O DragonFear 2013-08-25 11:20:15 UTC
(For the record, the returned value from d_type is 15 as opposed to what ext* returns, which is 4.  This readdir optimization of providing d_type is only valid for a few file systems, the majority including tmpfs do not support it.)

Comment 16 Rudd-O DragonFear 2013-08-25 11:25:59 UTC
Patch about to be attached.  With the proper Patch: and %patch after %prep, this fixes the issue.

Comment 17 Rudd-O DragonFear 2013-08-25 11:26:59 UTC
Created attachment 790054 [details]
Fix for readdir brokenness

This makes the program pass all tests in file systems not ext4

Comment 18 Rudd-O DragonFear 2013-08-25 11:28:27 UTC
Created attachment 790055 [details]
New specfile

There ya go.

Comment 19 Rudd-O DragonFear 2013-08-25 11:30:39 UTC
After installing the updated rebuilt program, curl finally works:

/home/rudd-o 

Comment 20 Rudd-O DragonFear 2013-08-25 11:31:40 UTC
/home/rudd-o ():
bash -x /usr/bin/update-ca-trust 
+ DEST=/etc/pki/ca-trust/extracted
+ /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
p11-kit: the CKA_X_CRITICAL attribute is not valid for the object
p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit
+ /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
p11-kit: the CKA_X_CRITICAL attribute is not valid for the object
p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit
+ /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose email /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
p11-kit: the CKA_X_CRITICAL attribute is not valid for the object
p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit
+ /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
p11-kit: the CKA_X_CRITICAL attribute is not valid for the object
p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit
+ /usr/bin/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth /etc/pki/ca-trust/extracted/java/cacerts
p11-kit: the CKA_X_CRITICAL attribute is not valid for the object
p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit

0 <- bash -x /usr/bin/update-ca-trust 
/home/rudd-o ():
ls -la /etc/pki/ca-trust/extracted/java/cacerts
-r--r--r-- 1 root root 162,541 Aug 25 04:29 /etc/pki/ca-trust/extracted/java/cacerts

0 <- ls -la /etc/pki/ca-trust/extracted/java/cacerts
/home/rudd-o ():
curl https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>


I also see that your bugzilla still truncates anything after a nonascii character.  When are you guys going to fix that?

Comment 21 Stef Walter 2013-08-26 07:05:42 UTC
(In reply to Rudd-O DragonFear from comment #1)
> Removing the module files makes no change.
> 
> There is nothing in /etc/pkcs11/modules.

/usr/share/p11-kit/modules is probably where you want to look.

> How can this very untested and immature software ship in such a way that it
> breaks everything across the distro?

Please ask your distro if they meant to ship the unstable p11-kit version instead of the stable branch. The release announcements for the 0.19.x contain appropriate warnings that 0.19.x is unstable and for testing.

But thanks for testing :)

Comment 22 Stef Walter 2013-08-26 07:07:09 UTC
(In reply to Stef Walter from comment #21)
> Please ask your distro if they meant to ship the unstable p11-kit version
> instead of the stable branch. The release announcements for the 0.19.x
> contain appropriate warnings that 0.19.x is unstable and for testing.
> 
> But thanks for testing :)

Oops, above comment was meant for this bug: https://bugs.freedesktop.org/show_bug.cgi?id=68525

Sorry.

Comment 23 Stef Walter 2013-08-26 07:21:30 UTC
(In reply to Rudd-O DragonFear from comment #14)
> Look, here is the problem:
> 
>  Currently, only some file systems (among them: Btrfs, ext2, ext3, and
>        ext4) have full support for returning the file type in d_type.  All
>        applications must properly handle a return of DT_UNKNOWN.
> 
> 
> Straight from the readdir() man page.
> 
> In the process of optimizing the program to avoid some stat calls, the
> authors made it broken in every system that is not running these file
> systems.

Not true. We handle DT_UNKNOWN correctly here, falling back to stat() if it is set.

Why is ZFS returning garbage in the d_type field instead of DT_UNKNOWN? Could you provide instructions for how you use ZFS on Linux so I can reproduce here?

Comment 24 Stef Walter 2013-08-26 07:51:22 UTC
Verified that tmpfs does not have this problem:

# uname -a
Linux stef.thewalter.lan 3.10.4-300.fc19.x86_64 #1 SMP Tue Jul 30 11:29:05 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# mount -t tmpfs tmpfs /etc/pkcs11
# mount | grep /etc/pkcs11tmpfs on /etc/pkcs11 type tmpfs (rw,relatime,seclabel)
# mkdir /etc/pkcs11/modules
# cp /usr/share/p11-kit/modules/p11-kit-trust.module /etc/pkcs11/modules/
# /usr/bin/p11-kit --verbose extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/objsign-ca-bundle.pem
(p11-kit:6371) p11_library_init_impl: initializing library
(p11-kit:6371) p11_kit_modules_load: in
(p11-kit:6371) _p11_conf_parse_file: reading config file: /etc/pkcs11/pkcs11.conf
(p11-kit:6371) _p11_conf_parse_file: config file does not exist
(p11-kit:6371) _p11_conf_parse_file: reading config file: /root/.config/pkcs11/pkcs11.conf
(p11-kit:6371) _p11_conf_parse_file: config file does not exist
(p11-kit:6371) load_configs_from_directory: loading module configs in: /root/.config/pkcs11/modules
(p11-kit:6371) load_configs_from_directory: module configs do not exist
(p11-kit:6371) load_configs_from_directory: loading module configs in: /etc/pkcs11/modules
(p11-kit:6371) _p11_conf_parse_file: reading config file: /etc/pkcs11/modules/p11-kit-trust.module
(p11-kit:6371) _p11_conf_parse_file: config value: module: p11-kit-trust.so
...

Comment 25 Stef Walter 2013-08-26 07:57:36 UTC
Verified that btrfs does not have this problem:

# dd if=/dev/zero of=/data/dsk1 bs=1M count=500
500+0 records in
500+0 records out
524288000 bytes (524 MB) copied, 2,83437 s, 185 MB/s
# losetup /dev/loop1 /data/dsk1
# mkfs.btrfs /dev/loop1

WARNING! - Btrfs v0.20-rc1 IS EXPERIMENTAL
WARNING! - see http://btrfs.wiki.kernel.org before using

SMALL VOLUME: forcing mixed metadata/data groups
Created a data/metadata chunk of size 8388608
fs created label (null) on /dev/loop1
	nodesize 4096 leafsize 4096 sectorsize 4096 size 500.00MB
Btrfs v0.20-rc1
# mount -t btrfs /dev/loop1 /etc/pkcs11
# mount | grep /etc/pkcs11
/dev/loop1 on /etc/pkcs11 type btrfs (rw,relatime,seclabel,space_cache)
# mkdir /etc/pkcs11/modules
# cp /usr/share/p11-kit/modules/p11-kit-trust.module /etc/pkcs11/modules/
# /usr/bin/p11-kit --verbose extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/objsign-ca-bundle.pem 
(p11-kit:6880) p11_library_init_impl: initializing library
(p11-kit:6880) p11_kit_modules_load: in
(p11-kit:6880) _p11_conf_parse_file: reading config file: /etc/pkcs11/pkcs11.conf
(p11-kit:6880) _p11_conf_parse_file: config file does not exist
(p11-kit:6880) _p11_conf_parse_file: reading config file: /root/.config/pkcs11/pkcs11.conf
(p11-kit:6880) _p11_conf_parse_file: config file does not exist
(p11-kit:6880) load_configs_from_directory: loading module configs in: /root/.config/pkcs11/modules
(p11-kit:6880) load_configs_from_directory: module configs do not exist
(p11-kit:6880) load_configs_from_directory: loading module configs in: /etc/pkcs11/modules
(p11-kit:6880) _p11_conf_parse_file: reading config file: /etc/pkcs11/modules/p11-kit-trust.module
(p11-kit:6880) _p11_conf_parse_file: config value: module: p11-kit-trust.so
...

Comment 26 Stef Walter 2013-08-26 08:04:08 UTC
Looking at your instructions for using ZFS on Fedora:

http://rudd-o.com/linux-and-free-software/installing-fedora-on-top-of-zfs

It appears you are using a patched linux kernel, along with a patched boot loader.

I was unable to follow those instructions on Fedora 19, due to the (awkward) new disk partitioner.

However the fact remains that this is not a problem in Fedora, and likely something broken by the ZFS kernel patches. 

You are welcome to continue to discuss this at the p11-kit upstream bug report, to see if we can find where the bug lies, and how to make your heavily customized system work.

If you are in fact using a *stock* Fedora kernel, and can reproduce this on a system on which you have installed only Fedora provided RPMs ... then please reopen.

Comment 27 Rudd-O DragonFear 2013-08-26 08:24:46 UTC
I am in fact using a stock Fedora kernel, with zero patches, just a few extra kernel modules.

Comment 28 Stef Walter 2013-08-26 08:32:44 UTC
Fair enough, but ZFS in the kernel is hardly stock Fedora, and therefore this doesn't seem like a Fedora bug to me.


Note You need to log in before you can comment on or make changes to this bug.