From owner-freebsd-stable@FreeBSD.ORG Mon Mar 23 14:42:18 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 152DF63C for ; Mon, 23 Mar 2015 14:42:18 +0000 (UTC) Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9793B7D7 for ; Mon, 23 Mar 2015 14:42:17 +0000 (UTC) Received: by wibgn9 with SMTP id gn9so64870575wib.1 for ; Mon, 23 Mar 2015 07:42:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=lNQ6b8SHQKvdPRvhEqgBwkh7voEe8MveyK+0TdKz3ps=; b=lt+9ucN5udd1jgy0mV2G6VELNaGP8yC3lYejP5PeeM83zaaM3xC8a1Yxns9GN6z+Th FA7yVVoFSr+ndJFWhexyitfgfdKEPvCjFndf0t/SNQ1oSrClkBQXuIELZieoMbJVPI6f CLOh/FBIlNgYTECKMQfchopzs5+DudoQfj9c49spkgyqUpwwDdWDZIW+HfCXqgThUY+y TuiF3nfOlg4m5NmBFOGzOChH9M6htHLLdk7/0KtVAeC+I33Di3PVFRZ1h88BjayUlmGg 0fmK09ogsu+1N+PF+wgGPCsqcUqWuOYo9FgpeQWjYnNe3YTqCyy5W3U6R1WwruTXvjl+ kk0g== X-Gm-Message-State: ALoCoQmbEN3S+9hZtety0tLv6oG4RDXUfu4M51zHsxxqnpELlR3EoqBEdXQmaUHpLCBMdL0ephCX X-Received: by 10.180.108.13 with SMTP id hg13mr19753785wib.7.1427121735250; Mon, 23 Mar 2015 07:42:15 -0700 (PDT) Received: from [10.10.1.68] (82-69-141-170.dsl.in-addr.zen.co.uk. [82.69.141.170]) by mx.google.com with ESMTPSA id vq9sm1713559wjc.6.2015.03.23.07.42.13 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Mar 2015 07:42:14 -0700 (PDT) Message-ID: <55102641.8010105@multiplay.co.uk> Date: Mon, 23 Mar 2015 14:42:09 +0000 From: Steven Hartland User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: Problems with openssl 1.0.2 update References: <550FEBE6.5090804@ze.tum.de> <551009BB.9020906@FreeBSD.org> <55101231.4080205@ze.tum.de> <55101FDF.3060308@heuristicsystems.com.au> <55102551.5000303@ze.tum.de> In-Reply-To: <55102551.5000303@ze.tum.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2015 14:42:18 -0000 On 23/03/2015 14:38, Gerhard Schmidt wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 23.03.2015 15:14, Dewayne Geraghty wrote: >> >> On 24/03/2015 12:16 AM, Gerhard Schmidt wrote: >>> On 23.03.2015 13:40, Guido Falsi wrote: >>>> On 03/23/15 11:33, Gerhard Schmidt wrote: >>>>> Hi, >>>>> >>>>> we experiencing a problem after upgrading the openssl port to openssl >>>>> 1.0.2. >>>>> >>>>> /usr/bin/vi started to crash after some seconds with segfault. >>>>> /rescue/vi works just fine. Deleting the openssl 1.0.2 package >>>>> everything works just fine again. Installing the old openssl 1.0.1_18 >>>>> package it still works just fine. >>>>> >>>>> it seams that besides vi the bash also has this problem. Anybody >>>>> experiencing the same or is this something specific to my system. >>>>> >>>>> I'm running FreeBSD 10.1 updated tonight. >>>> I am seeing runtime problems with asterisk13 (which I maintain), caused >>>> by the OpenSSL update fallout. >>>> >>>> In this case, after some analysis, I concluded the problem is the >>>> libsrtp port requiring OpenSSL from ports(for a reason), causing >>>> asterisk to link to that too, which would be correct. >>>> >>>> Asterisk also uses the security/trousers port, which links to system >>>> OpenSSL. This ensues a conflict which now results in asterisk >>>> segfaulting and stopping to work. >>>> >>>> I'm investigating what can be done about this. As a local solution I can >>>> force the trousers port to link against OpenSSL from ports, but this >>>> will not fix the general problem. As a port maintaner I ony see >>>> modifying the trousers port to depend on ports OpenSSL as a solution, is >>>> this acceptable? >>>> >>> Most Ports link against the port openssl if its installed and agains the >>> system openssl if not. That should be the prefered way to handle problem. >>> >>> I don't know if an incompatibility between system an port openssl is a >>> problem. I've removed the portbuild openssl from this server completely. >>> >>> As far as i can see the problem is with openldap-client build agains the >>> ports openssl and used by nss_ldap or pam_ldap modul. I will do some >>> testing when my test host is ready. Testing on an Production server is >>> not that good :-) >>> >>> Regards >>> Estartu >>> >>> >> I only use openssl from ports and have just completed a rebuild of 662 >> packages for server requirements and include: trousers, ldap client and >> server, and 71 other ports built without any issues on amd64 10.1Stable >> using clang. Not so successful on i386 but I don't believe its related >> to openssl. > I never had an issue building anything. Using it is the problem. Setup > authentication via ldap (nss_ldap) and you are in hell. Bash crashes > when you try to login. vi crashes when you try to change a file. > Anything that uses nsswitch has some problems. > Does rebuilding all ports with WITH_OPENSSL_PORT=yes set in /etc/make.conf help? Regards Steve