openssl and bash libcrypto
pierre at guinoiseau.eu
Fri Apr 10 22:26:43 UTC 2015
On 4/10/2015 9:07 AM, Dewayne Geraghty wrote:
> On 10/04/2015 11:47 AM, Aristedes Maniatis wrote:
>> Dewayne Geraghty wrote:
>>> Most likely there was a port build that required openssl port, and also required
>>> something like libarchive or libfetch (for example), both require openssl base
>>> (I've found net-mgmt/net-snmp does this). Your bt reveals that the symbol table
>>> is confused, as expected.
>> Ah, that's a good help. So I can easily core dump /usr/bin/vi by trying to edit any file. Forgive my ignorance of C debugging, but I'll stumble through this:
>> 1. I attach gdb to the application and load the core dump.
>> 2. It tries to read symbols from a bunch of system libraries.
>> 3. In amongst all those libraries are some located in /usr/local:
>> So the whole chain of problems originates from nss_ldap. But I'm confused about what I'm looking at here..
>> Did vi try to load some access control library when it tried to write a file out to disk, and then that loaded nsswitch which in turn I've tied into the nss_ldap port, and then from there it was a slippery slope to disaster of conflicting libraries?
>> I'll try building nss_ldap against base openssl and see if that helps, but can someone help explain the naming here. Why do we have /usr/local/lib/libcrypto.so.8 but lib/libcrypto.so.7. Was this done when the openssl port moved from 1.0.1 to 1.0.2? Isn't there usually a warning in UPDATING when we need to rebuild all ports for that reason?
>> If all ports move to only use openssl from ports, then how does my example above get fixed? Doesn't it make it all worse?
>> So many questions! Thanks for all the help in understanding this.
> Anything under /usr/local/ should be regarded as coming from /usr/ports
> - that is, it is *not* part of the base system. /lib and /usr/lib are
> part of the base system. If your system is crashing due to /usr/bin/vi
> which is part of the base system, then something is very wrong with the
> system. I'm guessing but is it possible that you've installed 32 libs
> onto a 64 base system, or the other way around?
> I can't see how vi needs anything under /usr/local, as its from the
> "base" system - so I guess others may need to step up to assist.
> Regards, Dewayne
As he said, he's using nss_ldap, which is dynamically loaded by almost
everything from the ports _and_ the base system if ldap is enabled in
/etc/nsswitch.conf, that's why /usr/bin/vi crashes too. I have the same
problem in jails with nss_ldap installed and configured, even a simple
ls -l would segfault. As a result, I have downgraded openssl to 1.0.1
and wait until a fix comes out.
Pierre Guinoiseau <pierre at guinoiseau.eu>
http://segmentationfau.lt/ | +PierreGuinoiseau | @peikk00
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 834 bytes
Desc: OpenPGP digital signature
More information about the freebsd-ports