openssl and bash libcrypto

Kimmo Paasiala kpaasial at gmail.com
Thu Apr 9 12:02:44 UTC 2015 

On Thu, Apr 9, 2015 at 1:42 PM, Aristedes Maniatis <ari at ish.com.au> wrote:
> Starting in the last week or so, several different applications are exhibiting the same symptoms of broken libcrypto libraries.
>
> (gdb) core bash.core
> Core was generated by `bash'.
> Program terminated with signal 11, Segmentation fault.
>
> (gdb) bt
> #0  0x00000008029cafe5 in OPENSSL_ia32_cpuid () from /usr/local/lib/libcrypto.so.8
> #1  0x00000008033cf0b9 in OPENSSL_ia32cap_loc () from /lib/libcrypto.so.7
> #2  0x00000008032d584e in _init () from /lib/libcrypto.so.7
> #3  0x00007fffffffd7c0 in ?? ()
> #4  0x00000008006d66bf in r_debug_state () from /libexec/ld-elf.so.1
> #5  0x00000008006dad87 in _rtld_get_stack_prot () from /libexec/ld-elf.so.1
> #6  0x00000008006d7ad3 in dlopen () from /libexec/ld-elf.so.1
> #7  0x0000000800e5c436 in _nsdbtaddsrc () from /lib/libc.so.7
> #8  0x0000000800e563c9 in _nsyyparse () from /lib/libc.so.7
> #9  0x0000000800e5cab1 in nsdispatch () from /lib/libc.so.7
> #10 0x0000000800e49ebe in getpwuid () from /lib/libc.so.7
> #11 0x0000000800e49cbf in getpwnam () from /lib/libc.so.7
>
>
> Although that symptom is in bash, I've got the exact same symptoms in asterisk. The builds are done in poudriere with the make flags:
>
> WITH_OPENSSL_PORT=yes
>
>
> I've tried updating to the latest 10.1-RELEASE-p6, although it is possible that that is exactly what caused the problem in the first place when the poudriere jail was updated to that release.
>
> The function calls mention ia32 but this box is purely 64bit.
>
>
> I've seen recent discussions about the problems that confusion between core openssl and ports openssl can cause. But I can't for the life of me figure how to avoid this problem.
>
> * Should bash be built with "Build static executables and/or libraries"?
> * Should I stop trying to use openssl from ports until this is fixed?
> * Why is /lib/libcrypto.so.7 calling /usr/local/lib/libcrypto.so.8 ?
>
> I've tried so many different combinations of settings, I don't know what to try next.
>
> Thanks
> Ari
>
>
> --
> -------------------------->
> Aristedes Maniatis
> ish
> http://www.ish.com.au
> Level 1, 30 Wilson Street Newtown 2042 Australia
> phone +61 2 9550 5001   fax +61 2 9550 4001
> GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
>

You could build world with WITHOUT_OPENSSL but that would also disable
some other needed pieces such as OpenSSH and you'd have to install
them from ports.

WITHOUT_OPENSSL
             Set to not build OpenSSL.  When set, it also enforces the follow‐
             ing options:

             WITHOUT_KERBEROS
             WITHOUT_KERBEROS_SUPPORT
             WITHOUT_OPENSSH

             When set, the following options are also in effect:

             WITHOUT_GSSAPI (unless WITH_GSSAPI is set explicitly)

More information about the freebsd-ports mailing list