Bug#603065: kipina: Segfaults at launching

2010-11-10 Thread koala 
Package: kipina
Version: 0.1.1-4
Severity: important

When launching kipina, it segfaults.

I use awesome WM, and my shell is zsh.



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (987, 'unstable'), (985, 'stable'), (983, 'stable'), (982, 
'testing'), (980, 'testing'), (98, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kipina depends on:
ii  libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii  libc6   2.11.2-7 Embedded GNU C Library: Shared lib
ii  libcairo2   1.8.10-6 The Cairo 2D vector graphics libra
ii  libfontconfig1  2.8.0-2.1generic font configuration library
ii  libglade2-0 1:2.6.4-1library to load .glade files at ru
ii  libglib2.0-02.24.2-1 The GLib library of C routines
ii  libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface 
ii  libpango1.0-0   1.28.3-1 Layout and rendering of internatio
ii  libx11-62:1.3.3-3X11 client-side library
ii  libxcursor1 1:1.1.11-1   X cursor management library
ii  libxext62:1.1.2-1X11 miscellaneous extension librar
ii  libxfixes3  1:4.0.5-1X11 miscellaneous 'fixes' extensio
ii  libxi6  2:1.3-4  X11 Input extension library
ii  libxinerama12:1.1.1-1X11 Xinerama extension library
ii  libxml2 2.7.8.dfsg-1 GNOME XML library
ii  libxrandr2  2:1.3.0-3X11 RandR extension library
ii  libxrender1 1:0.9.6-1X Rendering Extension client libra
ii  libxslt1.1  1.1.26-6 XSLT 1.0 processing library - runt

kipina recommends no packages.

kipina suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101110184724.3145.46160.report...@koala.home

Bug#603104: TPM token fails to reinitialize properly on reload

2010-11-10 Thread David Smith 
Package: opencryptoki
Version: 2.2.8+dfsg-4

The TPM token code uses some global variables to track the storage
root key, root public & private keys, and leaf public & private keys
from the TPM. These variables are not properly reinitialized during
unload and reload of the module. In the case of wpasupplicant, this
results in PKCS#11 becoming unusable and one must kill the process to
start a fresh reconfiguration.

How to reproduce, given a wpasupplicant configuration that uses
opencryptoki to use the TPM for private key:
  - Connect to the network once, ensure a normal connection is possible.
  - Kill the opencryptoki pkcsslotd process (send SIGKILL; it ignores
SIGTERM while in use).
  - Start a new opencryptoki pkcsslotd process.
  - Attempt to reconnect to the same network.

Expected behavior:
  - wpasupplicant should unload the PKCS#11 openssl engine library and
reload it for the reconnection attempt.
  - The connection should succeed.

Observed behavior:
  - wpasupplicant unloads the PKCS#11 openssl engine library and
reloads it for the reconnection attempt.
  - After wpasupplicant loads the PKCS#11 openssl engine library, it
fails to load the private key.

The failure to load the private key was debugged back to failure in
the opencryptoki TPM library to load the private root key. The private
key fails to load because the session object opencryptoki uses to load
the key into the TPM is stale, left over from the first session.

A patch for this is attached and the patch has been sent upstream. See
http://sourceforge.net/tracker/?func=detail&atid=710344&aid=3073688&group_id=128009
and https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/645576.
Author: David Smith 
Description: Reset TPM datastructures on init, not just logout.
Index: opencryptoki-2.2.8+dfsg/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
===
--- opencryptoki-2.2.8+dfsg.orig/usr/lib/pkcs11/tpm_stdll/tpm_specific.c	2010-10-28 12:56:36.0 -0700
+++ opencryptoki-2.2.8+dfsg/usr/lib/pkcs11/tpm_stdll/tpm_specific.c	2010-10-28 15:19:41.0 -0700
@@ -111,6 +111,22 @@
 CK_BYTE current_so_pin_sha[SHA1_HASH_SIZE];
 
 
+static void
+clear_internal_structures()
+{
+	hSRK = NULL_HKEY;
+	hPrivateLeafKey = NULL_HKEY;
+	hPublicLeafKey = NULL_HKEY;
+	hPrivateRootKey = NULL_HKEY;
+	hPublicRootKey = NULL_HKEY;
+
+	memset(master_key_private, 0, MK_SIZE);
+	memset(current_so_pin_sha, 0, SHA1_HASH_SIZE);
+	memset(current_user_pin_sha, 0, SHA1_HASH_SIZE);
+
+	object_mgr_purge_private_token_objects();
+}
+
 CK_RV
 token_specific_session(CK_SLOT_ID  slotid)
 {
@@ -263,7 +279,7 @@
 {
 	TSS_RESULT result;
 	TSS_HPOLICY hPolicy;
-	static TSS_BOOL get_srk_pub_key = TRUE;
+	TSS_BOOL get_srk_pub_key = TRUE;
 	UINT32 key_size;
 
 	key_size = util_get_keysize_flag(size_n * 8);
@@ -1669,19 +1685,11 @@
 {
 	if (hPrivateLeafKey != NULL_HKEY) {
 		Tspi_Key_UnloadKey(hPrivateLeafKey);
-		hPrivateLeafKey = NULL_HKEY;
 	} else if (hPublicLeafKey != NULL_HKEY) {
 		Tspi_Key_UnloadKey(hPublicLeafKey);
-		hPublicLeafKey = NULL_HKEY;
 	}
 
-	memset(master_key_private, 0, MK_SIZE);
-	memset(current_so_pin_sha, 0, SHA1_HASH_SIZE);
-	memset(current_user_pin_sha, 0, SHA1_HASH_SIZE);
-
-	/* pulled from new_host.c */
-	object_mgr_purge_private_token_objects();
-
+	clear_internal_structures();
 	return CKR_OK;
 }
 
@@ -2005,6 +2013,7 @@
 return CKR_FUNCTION_FAILED;
 }
 
+	clear_internal_structures();
 	return CKR_OK;
 }