Date: Mon, 23 Mar 2015 14:42:09 +0000 From: Steven Hartland <killing@multiplay.co.uk> To: freebsd-stable@freebsd.org Subject: Re: Problems with openssl 1.0.2 update Message-ID: <55102641.8010105@multiplay.co.uk> In-Reply-To: <55102551.5000303@ze.tum.de> References: <550FEBE6.5090804@ze.tum.de> <551009BB.9020906@FreeBSD.org> <55101231.4080205@ze.tum.de> <55101FDF.3060308@heuristicsystems.com.au> <55102551.5000303@ze.tum.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23/03/2015 14:38, Gerhard Schmidt wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 23.03.2015 15:14, Dewayne Geraghty wrote:
>>
>> On 24/03/2015 12:16 AM, Gerhard Schmidt wrote:
>>> On 23.03.2015 13:40, Guido Falsi wrote:
>>>> On 03/23/15 11:33, Gerhard Schmidt wrote:
>>>>> Hi,
>>>>>
>>>>> we experiencing a problem after upgrading the openssl port to openssl
>>>>> 1.0.2.
>>>>>
>>>>> /usr/bin/vi started to crash after some seconds with segfault.
>>>>> /rescue/vi works just fine. Deleting the openssl 1.0.2 package
>>>>> everything works just fine again. Installing the old openssl 1.0.1_18
>>>>> package it still works just fine.
>>>>>
>>>>> it seams that besides vi the bash also has this problem. Anybody
>>>>> experiencing the same or is this something specific to my system.
>>>>>
>>>>> I'm running FreeBSD 10.1 updated tonight.
>>>> I am seeing runtime problems with asterisk13 (which I maintain), caused
>>>> by the OpenSSL update fallout.
>>>>
>>>> In this case, after some analysis, I concluded the problem is the
>>>> libsrtp port requiring OpenSSL from ports(for a reason), causing
>>>> asterisk to link to that too, which would be correct.
>>>>
>>>> Asterisk also uses the security/trousers port, which links to system
>>>> OpenSSL. This ensues a conflict which now results in asterisk
>>>> segfaulting and stopping to work.
>>>>
>>>> I'm investigating what can be done about this. As a local solution I can
>>>> force the trousers port to link against OpenSSL from ports, but this
>>>> will not fix the general problem. As a port maintaner I ony see
>>>> modifying the trousers port to depend on ports OpenSSL as a solution, is
>>>> this acceptable?
>>>>
>>> Most Ports link against the port openssl if its installed and agains the
>>> system openssl if not. That should be the prefered way to handle problem.
>>>
>>> I don't know if an incompatibility between system an port openssl is a
>>> problem. I've removed the portbuild openssl from this server completely.
>>>
>>> As far as i can see the problem is with openldap-client build agains the
>>> ports openssl and used by nss_ldap or pam_ldap modul. I will do some
>>> testing when my test host is ready. Testing on an Production server is
>>> not that good :-)
>>>
>>> Regards
>>> Estartu
>>>
>>>
>> I only use openssl from ports and have just completed a rebuild of 662
>> packages for server requirements and include: trousers, ldap client and
>> server, and 71 other ports built without any issues on amd64 10.1Stable
>> using clang. Not so successful on i386 but I don't believe its related
>> to openssl.
> I never had an issue building anything. Using it is the problem. Setup
> authentication via ldap (nss_ldap) and you are in hell. Bash crashes
> when you try to login. vi crashes when you try to change a file.
> Anything that uses nsswitch has some problems.
>
Does rebuilding all ports with WITH_OPENSSL_PORT=yes set in
/etc/make.conf help?
Regards
Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55102641.8010105>