[qca] [Bug 495969] New: kdeconnect dumps core due to QCA unconditionally using EVP_sha1()
Taketo Kabe
bugzilla_noreply at kde.org
Fri Nov 8 13:59:28 GMT 2024
https://bugs.kde.org/show_bug.cgi?id=495969
Bug ID: 495969
Summary: kdeconnect dumps core due to QCA unconditionally using
EVP_sha1()
Classification: Frameworks and Libraries
Product: qca
Version: 2.3.6
Platform: RedHat Enterprise Linux
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: unassigned-bugs at kde.org
Reporter: dkabe at vega.pgw.jp
CC: aacid at kde.org, bradh at frogmouth.net,
justin at karneges.com
Target Milestone: ---
Created attachment 175649
--> https://bugs.kde.org/attachment.cgi?id=175649&action=edit
Patch to use EVP_sha256() instead of EVP_sha1(), if available
SUMMARY
kdeconnect uses QCA to generate a self-signed certificate.
But it could not generate a proper X509 certificate by using EVP_sha1(),
but RHEL 9 family disables SHA-1 system-wide.
This causes X509 certificate lacking a signature,
could not write a proper PEM to ~/.config/kdeconnect/certificate.pem,
and dumps core.
STEPS TO REPRODUCE
1. pkill kdeconnectd
2. QT_LOGGING_RULES='kdeconnect.core.debug=true' /usr/libexec/kdeconnectd
OBSERVED RESULT
$ QT_LOGGING_RULES="kdeconnect.core.debug=true" /usr/libexec/kdeconnectd
kdeconnect.core: Daemon starting
kdeconnect.core: Certificate from
"/home/kabe/.config/kdeconnect/certificate.pem" is not valid
kdeconnect.core: Generating certificate
kdeconnect.core: My id: "_22bbbb44_27a2_4e53_a567_084181656731_"
kdeconnect.daemon: "KDE Connect" : "Could not store certificate file:
/home/kabe/.config/kdeconnect/certificate.pem"
kdeconnect.core: LanLinkProvider started
kdeconnect.core: Daemon started
kdeconnect.core: Broadcasting identity packet
Segmentation fault (core dumped)
EXPECTED RESULT
kdeconnectd continues to run
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: kernel-5.14.0-427.16.1.el9_4
KDE Plasma Version: plasma-workspace-common-5.27.11-1
KDE Frameworks Version: kf5-filesystem-5.115.0
Qt Version: qt5-qtbase-5.15.9
ADDITIONAL INFORMATION
The attached patch seems to fix this.
Problem is obseved on QCA 2.3.6, but git version still seems to have the
problem.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Unassigned-bugs
mailing list