Date: Sat, 11 Apr 2015 00:20:20 +0200 From: Pierre Guinoiseau <pierre@guinoiseau.eu> To: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>, freebsd-ports@freebsd.org Subject: Re: openssl and bash libcrypto Message-ID: <55284CA4.4040107@guinoiseau.eu> In-Reply-To: <5527769D.3060505@heuristicsystems.com.au> References: <552657AC.1020802@ish.com.au> <55271AB5.8020907@ish.com.au> <CABgom6fORDqZUg8HvHLCMuRFVtSxvEF0U0jFvBRKJUm%2BKmJ6Sw@mail.gmail.com> <55272BC5.8090805@ish.com.au> <5527769D.3060505@heuristicsystems.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mqNhaIjKxWXpte44bu1eWBF7H24DggIO8 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 4/10/2015 9:07 AM, Dewayne Geraghty wrote: >=20 >=20 > On 10/04/2015 11:47 AM, Aristedes Maniatis wrote: >> Dewayne Geraghty wrote: >>> Most likely there was a port build that required openssl port, and al= so required >>> something like libarchive or libfetch (for example), both require ope= nssl base >>> (I've found net-mgmt/net-snmp does this). Your bt reveals that the s= ymbol table >>> is confused, as expected.=20 >> Ah, that's a good help. So I can easily core dump /usr/bin/vi by tryin= g to edit any file. Forgive my ignorance of C debugging, but I'll stumble= through this: >> >> 1. I attach gdb to the application and load the core dump. >> 2. It tries to read symbols from a bunch of system libraries. >> 3. In amongst all those libraries are some located in /usr/local: >> >> /usr/local/lib/nss_ldap.so.1 >> /usr/local/lib/libldap-2.4.so.2 >> /usr/local/lib/liblber-2.4.so.2 >> /usr/local/lib/libssl.so.8 >> /usr/local/lib/libcrypto.so.8 >> >> So the whole chain of problems originates from nss_ldap. But I'm confu= sed about what I'm looking at here.. >> >> Did vi try to load some access control library when it tried to write = a file out to disk, and then that loaded nsswitch which in turn I've tied= into the nss_ldap port, and then from there it was a slippery slope to d= isaster of conflicting libraries? >> >> I'll try building nss_ldap against base openssl and see if that helps,= but can someone help explain the naming here. Why do we have /usr/local/= lib/libcrypto.so.8 but lib/libcrypto.so.7. Was this done when the openssl= port moved from 1.0.1 to 1.0.2? Isn't there usually a warning in UPDATIN= G when we need to rebuild all ports for that reason? >> >> If all ports move to only use openssl from ports, then how does my exa= mple above get fixed? Doesn't it make it all worse? >> >> >> So many questions! Thanks for all the help in understanding this. >> >> Ari >> >> > Ari, > Anything under /usr/local/ should be regarded as coming from /usr/ports= > - that is, it is *not* part of the base system. /lib and /usr/lib are > part of the base system. If your system is crashing due to /usr/bin/vi= > which is part of the base system, then something is very wrong with the= > system. I'm guessing but is it possible that you've installed 32 libs > onto a 64 base system, or the other way around? >=20 > I can't see how vi needs anything under /usr/local, as its from the > "base" system - so I guess others may need to step up to assist. > Regards, Dewayne >=20 As he said, he's using nss_ldap, which is dynamically loaded by almost everything from the ports _and_ the base system if ldap is enabled in /etc/nsswitch.conf, that's why /usr/bin/vi crashes too. I have the same problem in jails with nss_ldap installed and configured, even a simple ls -l would segfault. As a result, I have downgraded openssl to 1.0.1 and wait until a fix comes out. --=20 Pierre Guinoiseau <pierre@guinoiseau.eu> http://segmentationfau.lt/ | +PierreGuinoiseau | @peikk00 --mqNhaIjKxWXpte44bu1eWBF7H24DggIO8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJVKEyyAAoJEFBNg+ogrffPdwIP/RkB4aBu9TjarUZa9VwqwzYD AJn12jL6di2VXAJKlnLao+51w90v4WVAtLU0dm/2jfT4/sl5j7TbkvWRrRiVKbnb SHhXPom1QUpsYPnH3ze6siBECrFBKyuYt16PlUuAl/ybm/tMfWjOxNV08iqg91TB 5esuqqb/lEW+dJKE3Cjf4b1OAW02c2skUUih3SCL1oGX1Rygi2BNTgzbQHqBEI5q 3oPs68X0dSdagCgF4E5yS2+uQd59G5YgrB3CTtul84trbL9qGiU04p2yHh0emcMQ SH/cn/OkGjDSEKJt+LEJqAnmihY0V8G7DfIFJaagYrWchJNzfH4GoXRzWEIuyB8I DUiK+yEwzF8qRDLNyVkc++BDW8ZSwpH1hU5beeHhofDONCApiviXqhaYir5e9WJq qbp552E5MX6f98WVeQnLTEaKepnSIxVbnMY9dUNYCXJaHAFrpO2NWj+/zlCL+B2a SwO81CCzDr+NoE7LO6p0Euy8uWCrieuMlHdiQXWQ2o7CfdAHvWIyJ+b/FV2VnCfb SiQOyk2z6HCeJESa5RvyMqzj02n/G6Z5/kiQJB/wzrXNSaTymOnBhQS3jB5hztPL ED2iiDV9UNjPXIdMUEjCWp4aEFW3umBcL0NM6jPUMmq57rK+kMQ/iWqztm4LTmq8 fw2YMw/sRcuLg+cMa638 =Osb7 -----END PGP SIGNATURE----- --mqNhaIjKxWXpte44bu1eWBF7H24DggIO8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55284CA4.4040107>