Segfault in OpenSSL even though GnuTLS demanded

Bertram Scharpf lists at bertram-scharpf.de
Fri Jul 29 10:15:14 UTC 2016 

On Thursday, 28. Jul 2016, 17:56:46 -0400, Jung-uk Kim wrote:
> On 07/28/16 05:37 PM, Bertram Scharpf wrote:
> > On Thursday, 28. Jul 2016, 17:25:50 -0400, Jung-uk Kim wrote:
> >> On 07/28/16 04:55 PM, Bertram Scharpf wrote:
> >>> On Thursday, 28. Jul 2016, 15:37:00 -0400, Jung-uk Kim wrote:
> >>>> On 07/28/16 02:02 PM, Bertram Scharpf wrote:
> >>>>>
> >>>>>   Program received signal SIGSEGV, Segmentation fault.
> >>>>>   [Switching to Thread 29403080 (LWP 101275/mcabber)]
> >>>>>   0x285c1245 in OPENSSL_ia32_cpuid () from /usr/local/lib/libcrypto.so.8
> >>>>
> >>>> Try "ldd /usr/local/lib/libloudmouth-1.so.0.1.0".  It looks like a
> >>>> Kerberos issue.
> >>>
> >>> No errors. They do all exist. I double-checked it:
> >>>
> >>>   $ ldd /usr/local/lib/libloudmouth-1.so.0.1.0 | perl -lne '/=>\s*(\S+)/ and not -e $1 and print $1'
> >>
> >> I guess you misunderstood.  I didn't mean you have a missing library.  I
> >> believe it links *two* libcrypto.so's, i.e., one from base and one from
> >> ports.
> > 
> > Indeed:
> > 
> >   # ldd /usr/local/lib/libloudmouth-1.so.0.1.0 | grep libcrypto
> >         libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x28d00000)
> >         libcrypto.so.7 => /lib/libcrypto.so.7 (0x2925b000)
> > 
> > So, how could I resolve this?
> You may ask its maintainer (gnome at FreeBSD.org) to add USES+=gssapi and
> add an option to select GSS-API from ports.  Another solution may be
> removing all packages depending on /usr/local/lib/libcrypto.8 and
> rebuilding them with base OpenSSL.

I cannot remove _all_ packages that depend on OpenSSL.

  # pkg info -qr openssl-1.0.2_14 | wc -l
	38


The first thing I do not understand is why it is so
important for so many packages to pull in the package.

  # openssl version
  OpenSSL 1.0.1t-freebsd  3 May 2016
  # /usr/local/bin/openssl version
  WARNING: can't open config file: /usr/local/openssl/openssl.cnf
  OpenSSL 1.0.2h  3 May 2016


The second thing I do not understand is why GSS-API should
help. I searched for USES+=gssapi and did find only four
projects that really have it. None of them is installed
here.

  $ rbfind /usr/ports 'prune if name == "work" ; name == "Makefile" and grep /\bUSES.*gssapi/'

Many ports have GSSAPI disabled here and they do not
segfault because of an OpenSSL conflict. Example:

  # grep -h 'SET.*GSS' /var/db/ports/databases_postgresql95-*/options
  OPTIONS_FILE_UNSET+=GSSAPI
  OPTIONS_FILE_UNSET+=GSSAPI


The third thing I do not understand is why there is an
OpenSSL conflict at all. I definitely told loudmouth to use
GnuTLS.

  # grep SSL\\\|TLS /var/db/ports/net-im_loudmouth/options
  _FILE_COMPLETE_OPTIONS_LIST=DOCS GNUTLS OPENSSL
  OPTIONS_FILE_SET+=GNUTLS
  OPTIONS_FILE_UNSET+=OPENSSL

  # cd net-im/loudmouth
  # make run-depends-list build-depends-list | grep ssl\\\|tls
  /usr/ports/security/gnutls
  /usr/ports/security/gnutls


This appears to be a real port bug to me.

Bertram


-- 
Bertram Scharpf
Stuttgart, Deutschland/Germany
http://www.bertram-scharpf.de

More information about the freebsd-hackers mailing list