openssl and bash libcrypto
kpaasial at gmail.com
Thu Apr 9 12:02:44 UTC 2015
On Thu, Apr 9, 2015 at 1:42 PM, Aristedes Maniatis <ari at ish.com.au> wrote:
> Starting in the last week or so, several different applications are exhibiting the same symptoms of broken libcrypto libraries.
> (gdb) core bash.core
> Core was generated by `bash'.
> Program terminated with signal 11, Segmentation fault.
> (gdb) bt
> #0 0x00000008029cafe5 in OPENSSL_ia32_cpuid () from /usr/local/lib/libcrypto.so.8
> #1 0x00000008033cf0b9 in OPENSSL_ia32cap_loc () from /lib/libcrypto.so.7
> #2 0x00000008032d584e in _init () from /lib/libcrypto.so.7
> #3 0x00007fffffffd7c0 in ?? ()
> #4 0x00000008006d66bf in r_debug_state () from /libexec/ld-elf.so.1
> #5 0x00000008006dad87 in _rtld_get_stack_prot () from /libexec/ld-elf.so.1
> #6 0x00000008006d7ad3 in dlopen () from /libexec/ld-elf.so.1
> #7 0x0000000800e5c436 in _nsdbtaddsrc () from /lib/libc.so.7
> #8 0x0000000800e563c9 in _nsyyparse () from /lib/libc.so.7
> #9 0x0000000800e5cab1 in nsdispatch () from /lib/libc.so.7
> #10 0x0000000800e49ebe in getpwuid () from /lib/libc.so.7
> #11 0x0000000800e49cbf in getpwnam () from /lib/libc.so.7
> Although that symptom is in bash, I've got the exact same symptoms in asterisk. The builds are done in poudriere with the make flags:
> I've tried updating to the latest 10.1-RELEASE-p6, although it is possible that that is exactly what caused the problem in the first place when the poudriere jail was updated to that release.
> The function calls mention ia32 but this box is purely 64bit.
> I've seen recent discussions about the problems that confusion between core openssl and ports openssl can cause. But I can't for the life of me figure how to avoid this problem.
> * Should bash be built with "Build static executables and/or libraries"?
> * Should I stop trying to use openssl from ports until this is fixed?
> * Why is /lib/libcrypto.so.7 calling /usr/local/lib/libcrypto.so.8 ?
> I've tried so many different combinations of settings, I don't know what to try next.
> Aristedes Maniatis
> Level 1, 30 Wilson Street Newtown 2042 Australia
> phone +61 2 9550 5001 fax +61 2 9550 4001
> GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
You could build world with WITHOUT_OPENSSL but that would also disable
some other needed pieces such as OpenSSH and you'd have to install
them from ports.
Set to not build OpenSSL. When set, it also enforces the follow‐
When set, the following options are also in effect:
WITHOUT_GSSAPI (unless WITH_GSSAPI is set explicitly)
More information about the freebsd-ports