ports/151154: audio/amarok-kde4 crashes on network activity if ports openssl is installed
Pascal Stumpf
Pascal.Stumpf at cubes.de
Sat Oct 2 13:40:02 UTC 2010
>Number: 151154
>Category: ports
>Synopsis: audio/amarok-kde4 crashes on network activity if ports openssl is installed
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Oct 02 13:40:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Pascal Stumpf
>Release: 8-STABLE
>Organization:
>Environment:
>Description:
security/tor requires to have OpenSSL installed from ports due to renegotiation being disabled in base OpenSSL in some supported FreeBSD releases (not sure which ones, but I think 8.1 has it re-enabled). Unfortunately, this can lead to ugly and unexpected bugs in ports that link against OpenSSL libraries. As it was exposed by Amarok (https://bugs.kde.org/show_bug.cgi?id=252912), KIO libraries may run into problems when calling functions from different versions of these libraries, crashing the application. Note that this is not confined to Amarok, but may affect any other application relying on KIO and QtSsl.
>How-To-Repeat:
Install security/openssl and audio/amarok-kde4, start amarok, enable lyrics plugin, cover fetching etc., play a file and watch it crash.
>Fix:
The best solution to this would be to re-enable renegotiation in OpenSSL in all supported releases. Disabling it in the first place was more a workaround than a real ‘security fix’ anyway. Then one could safely remove the dependency of security/tor on ports OpenSSL.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list