From owner-freebsd-stable@FreeBSD.ORG Mon Mar 23 14:32:50 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 796B4DE8 for ; Mon, 23 Mar 2015 14:32:50 +0000 (UTC) Received: from hermes.heuristicsystems.com.au (hermes.heuristicsystems.com.au [203.41.22.115]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "hermes.heuristicsystems.com.au", Issuer "Heuristic Systems Type 4 Host CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DD73D64A for ; Mon, 23 Mar 2015 14:32:49 +0000 (UTC) Received: from [10.0.5.3] (ewsw01.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id t2NEEwnr086490 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 24 Mar 2015 01:15:07 +1100 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Message-ID: <55101FDF.3060308@heuristicsystems.com.au> Date: Tue, 24 Mar 2015 01:14:55 +1100 From: Dewayne Geraghty User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Gerhard Schmidt , freebsd-stable@freebsd.org Subject: Re: Problems with openssl 1.0.2 update References: <550FEBE6.5090804@ze.tum.de> <551009BB.9020906@FreeBSD.org> <55101231.4080205@ze.tum.de> In-Reply-To: <55101231.4080205@ze.tum.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2015 14:32:50 -0000 On 24/03/2015 12:16 AM, Gerhard Schmidt wrote: > On 23.03.2015 13:40, Guido Falsi wrote: >> On 03/23/15 11:33, Gerhard Schmidt wrote: >>> Hi, >>> >>> we experiencing a problem after upgrading the openssl port to openssl >>> 1.0.2. >>> >>> /usr/bin/vi started to crash after some seconds with segfault. >>> /rescue/vi works just fine. Deleting the openssl 1.0.2 package >>> everything works just fine again. Installing the old openssl 1.0.1_18 >>> package it still works just fine. >>> >>> it seams that besides vi the bash also has this problem. Anybody >>> experiencing the same or is this something specific to my system. >>> >>> I'm running FreeBSD 10.1 updated tonight. >> I am seeing runtime problems with asterisk13 (which I maintain), caused >> by the OpenSSL update fallout. >> >> In this case, after some analysis, I concluded the problem is the >> libsrtp port requiring OpenSSL from ports(for a reason), causing >> asterisk to link to that too, which would be correct. >> >> Asterisk also uses the security/trousers port, which links to system >> OpenSSL. This ensues a conflict which now results in asterisk >> segfaulting and stopping to work. >> >> I'm investigating what can be done about this. As a local solution I can >> force the trousers port to link against OpenSSL from ports, but this >> will not fix the general problem. As a port maintaner I ony see >> modifying the trousers port to depend on ports OpenSSL as a solution, is >> this acceptable? >> > Most Ports link against the port openssl if its installed and agains the > system openssl if not. That should be the prefered way to handle problem. > > I don't know if an incompatibility between system an port openssl is a > problem. I've removed the portbuild openssl from this server completely. > > As far as i can see the problem is with openldap-client build agains the > ports openssl and used by nss_ldap or pam_ldap modul. I will do some > testing when my test host is ready. Testing on an Production server is > not that good :-) > > Regards > Estartu > > I only use openssl from ports and have just completed a rebuild of 662 packages for server requirements and include: trousers, ldap client and server, and 71 other ports built without any issues on amd64 10.1Stable using clang. Not so successful on i386 but I don't believe its related to openssl. My 2c. Regards, Dewayne PS Of the ports I use, only ports-mgmt/pkg and sysutils/monit link against base openssl as they don't provide an option. :(