From owner-freebsd-stable@FreeBSD.ORG Mon Mar 23 14:38:13 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D68AF391 for ; Mon, 23 Mar 2015 14:38:13 +0000 (UTC) Received: from io.ze.tum.de (w3projmail.ze.tum.de [129.187.39.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 729356A4 for ; Mon, 23 Mar 2015 14:38:12 +0000 (UTC) Received: from etustar.ze.tum.de (etustar.ze.tum.de [IPv6:2001:4ca0:2e03::16:1]) (authenticated bits=0) by io.ze.tum.de (8.14.5/8.14.5) with ESMTP id t2NEc9q9070432; Mon, 23 Mar 2015 15:38:09 +0100 (CET) (envelope-from estartu@ze.tum.de) Message-ID: <55102551.5000303@ze.tum.de> Date: Mon, 23 Mar 2015 15:38:09 +0100 From: Gerhard Schmidt User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Dewayne Geraghty , freebsd-stable@freebsd.org Subject: Re: Problems with openssl 1.0.2 update References: <550FEBE6.5090804@ze.tum.de> <551009BB.9020906@FreeBSD.org> <55101231.4080205@ze.tum.de> <55101FDF.3060308@heuristicsystems.com.au> In-Reply-To: <55101FDF.3060308@heuristicsystems.com.au> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2015 14:38:14 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 23.03.2015 15:14, Dewayne Geraghty wrote: > > > On 24/03/2015 12:16 AM, Gerhard Schmidt wrote: >> On 23.03.2015 13:40, Guido Falsi wrote: >>> On 03/23/15 11:33, Gerhard Schmidt wrote: >>>> Hi, >>>> >>>> we experiencing a problem after upgrading the openssl port to openssl >>>> 1.0.2. >>>> >>>> /usr/bin/vi started to crash after some seconds with segfault. >>>> /rescue/vi works just fine. Deleting the openssl 1.0.2 package >>>> everything works just fine again. Installing the old openssl 1.0.1_18 >>>> package it still works just fine. >>>> >>>> it seams that besides vi the bash also has this problem. Anybody >>>> experiencing the same or is this something specific to my system. >>>> >>>> I'm running FreeBSD 10.1 updated tonight. >>> I am seeing runtime problems with asterisk13 (which I maintain), caused >>> by the OpenSSL update fallout. >>> >>> In this case, after some analysis, I concluded the problem is the >>> libsrtp port requiring OpenSSL from ports(for a reason), causing >>> asterisk to link to that too, which would be correct. >>> >>> Asterisk also uses the security/trousers port, which links to system >>> OpenSSL. This ensues a conflict which now results in asterisk >>> segfaulting and stopping to work. >>> >>> I'm investigating what can be done about this. As a local solution I can >>> force the trousers port to link against OpenSSL from ports, but this >>> will not fix the general problem. As a port maintaner I ony see >>> modifying the trousers port to depend on ports OpenSSL as a solution, is >>> this acceptable? >>> >> Most Ports link against the port openssl if its installed and agains the >> system openssl if not. That should be the prefered way to handle problem. >> >> I don't know if an incompatibility between system an port openssl is a >> problem. I've removed the portbuild openssl from this server completely. >> >> As far as i can see the problem is with openldap-client build agains the >> ports openssl and used by nss_ldap or pam_ldap modul. I will do some >> testing when my test host is ready. Testing on an Production server is >> not that good :-) >> >> Regards >> Estartu >> >> > I only use openssl from ports and have just completed a rebuild of 662 > packages for server requirements and include: trousers, ldap client and > server, and 71 other ports built without any issues on amd64 10.1Stable > using clang. Not so successful on i386 but I don't believe its related > to openssl. I never had an issue building anything. Using it is the problem. Setup authentication via ldap (nss_ldap) and you are in hell. Bash crashes when you try to login. vi crashes when you try to change a file. Anything that uses nsswitch has some problems. Regards Estartu -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVECVNAAoJEHTSQ8xFcA2jj6MP/ifZj6q3sK96ak6KQQezM466 kRC/YuCJymzSv30HbAu2P5i2Qmkaqz/72BCVZ+YhS1n4FBw9TxHrnCI77jO94y9P 55pfvSvYzKk6sLkWEOsbqWjPLQcrTUpfHjWHC3d0uvlzVNnyiYoHGBscWMpIvpoG Jz+yV8NsJEU5Zm4YSRzOd9VM2xaLi+dBSdSmOvWTp77Oa7Rd4vYrDypcPmA2RXa7 cfTU4OBj3XdYgKF0D4E3I0xcqhvlBAgB806oVeWS7xsI3T7X3ZABBWxPf6ErPDOr a3hSjl3ZyRMku+4wSvqclWQ1GCrUh33oP5UELD81nPnci7RCxIGoUo3OiZTXvzy+ Oh12eTmEpZrpYo0QALV8Z2oxhlzWm91/iIYnfx9wr6Hk9EHYyNWlckwndfFGVcC0 bJ6KmnX3CbcxKN6RPYG38bNFJ5X9v2gqsqJFKy98KHhBlJ3O49OBzHLzFsaN7r24 TbUzwPrK3qIntMgQF5Y8uD7a1mkjpcG0H/3iwB4QZnWS9WMiynIQqTow6EeIEBgj 0TMHFWkbPetn9h9kxbF+XWf10ARVr0kH9OrTZ+2iO2B+uQb65gC5qRno/WWHBmCp MSuez+SPv3JIu7ArX9nzpEtG1wQd+r3uiGjX2YB2/kw+a+cX3/B1kWk1R1R1F5Qv /ImcsZjxeR3aNKcDsz9F =TQFs -----END PGP SIGNATURE-----