Problems with openssl 1.0.2 update
Gerhard Schmidt
estartu at ze.tum.de
Mon Mar 23 14:38:14 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 23.03.2015 15:14, Dewayne Geraghty wrote:
>
>
> On 24/03/2015 12:16 AM, Gerhard Schmidt wrote:
>> On 23.03.2015 13:40, Guido Falsi wrote:
>>> On 03/23/15 11:33, Gerhard Schmidt wrote:
>>>> Hi,
>>>>
>>>> we experiencing a problem after upgrading the openssl port to openssl
>>>> 1.0.2.
>>>>
>>>> /usr/bin/vi started to crash after some seconds with segfault.
>>>> /rescue/vi works just fine. Deleting the openssl 1.0.2 package
>>>> everything works just fine again. Installing the old openssl 1.0.1_18
>>>> package it still works just fine.
>>>>
>>>> it seams that besides vi the bash also has this problem. Anybody
>>>> experiencing the same or is this something specific to my system.
>>>>
>>>> I'm running FreeBSD 10.1 updated tonight.
>>> I am seeing runtime problems with asterisk13 (which I maintain), caused
>>> by the OpenSSL update fallout.
>>>
>>> In this case, after some analysis, I concluded the problem is the
>>> libsrtp port requiring OpenSSL from ports(for a reason), causing
>>> asterisk to link to that too, which would be correct.
>>>
>>> Asterisk also uses the security/trousers port, which links to system
>>> OpenSSL. This ensues a conflict which now results in asterisk
>>> segfaulting and stopping to work.
>>>
>>> I'm investigating what can be done about this. As a local solution I can
>>> force the trousers port to link against OpenSSL from ports, but this
>>> will not fix the general problem. As a port maintaner I ony see
>>> modifying the trousers port to depend on ports OpenSSL as a solution, is
>>> this acceptable?
>>>
>> Most Ports link against the port openssl if its installed and agains the
>> system openssl if not. That should be the prefered way to handle problem.
>>
>> I don't know if an incompatibility between system an port openssl is a
>> problem. I've removed the portbuild openssl from this server completely.
>>
>> As far as i can see the problem is with openldap-client build agains the
>> ports openssl and used by nss_ldap or pam_ldap modul. I will do some
>> testing when my test host is ready. Testing on an Production server is
>> not that good :-)
>>
>> Regards
>> Estartu
>>
>>
> I only use openssl from ports and have just completed a rebuild of 662
> packages for server requirements and include: trousers, ldap client and
> server, and 71 other ports built without any issues on amd64 10.1Stable
> using clang. Not so successful on i386 but I don't believe its related
> to openssl.
I never had an issue building anything. Using it is the problem. Setup
authentication via ldap (nss_ldap) and you are in hell. Bash crashes
when you try to login. vi crashes when you try to change a file.
Anything that uses nsswitch has some problems.
Regards
Estartu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVECVNAAoJEHTSQ8xFcA2jj6MP/ifZj6q3sK96ak6KQQezM466
kRC/YuCJymzSv30HbAu2P5i2Qmkaqz/72BCVZ+YhS1n4FBw9TxHrnCI77jO94y9P
55pfvSvYzKk6sLkWEOsbqWjPLQcrTUpfHjWHC3d0uvlzVNnyiYoHGBscWMpIvpoG
Jz+yV8NsJEU5Zm4YSRzOd9VM2xaLi+dBSdSmOvWTp77Oa7Rd4vYrDypcPmA2RXa7
cfTU4OBj3XdYgKF0D4E3I0xcqhvlBAgB806oVeWS7xsI3T7X3ZABBWxPf6ErPDOr
a3hSjl3ZyRMku+4wSvqclWQ1GCrUh33oP5UELD81nPnci7RCxIGoUo3OiZTXvzy+
Oh12eTmEpZrpYo0QALV8Z2oxhlzWm91/iIYnfx9wr6Hk9EHYyNWlckwndfFGVcC0
bJ6KmnX3CbcxKN6RPYG38bNFJ5X9v2gqsqJFKy98KHhBlJ3O49OBzHLzFsaN7r24
TbUzwPrK3qIntMgQF5Y8uD7a1mkjpcG0H/3iwB4QZnWS9WMiynIQqTow6EeIEBgj
0TMHFWkbPetn9h9kxbF+XWf10ARVr0kH9OrTZ+2iO2B+uQb65gC5qRno/WWHBmCp
MSuez+SPv3JIu7ArX9nzpEtG1wQd+r3uiGjX2YB2/kw+a+cX3/B1kWk1R1R1F5Qv
/ImcsZjxeR3aNKcDsz9F
=TQFs
-----END PGP SIGNATURE-----
More information about the freebsd-stable
mailing list