From owner-freebsd-hackers@freebsd.org Fri Jul 29 10:15:14 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D6BFBA6925 for ; Fri, 29 Jul 2016 10:15:14 +0000 (UTC) (envelope-from lists@bertram-scharpf.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A753D1E62 for ; Fri, 29 Jul 2016 10:15:12 +0000 (UTC) (envelope-from lists@bertram-scharpf.de) Received: from becker.bs.l ([85.180.2.88]) by mrelayeu.kundenserver.de (mreue104) with ESMTPSA (Nemesis) id 0M8hRj-1b6TLO07FL-00wGCi for ; Fri, 29 Jul 2016 12:09:53 +0200 Received: from bsch by becker.bs.l with local (Exim 4.87 (FreeBSD)) (envelope-from ) id 1bT4jo-0001eR-6y for freebsd-hackers@freebsd.org; Fri, 29 Jul 2016 12:09:52 +0200 Date: Fri, 29 Jul 2016 12:09:52 +0200 From: Bertram Scharpf To: freebsd-hackers@freebsd.org Subject: Re: Segfault in OpenSSL even though GnuTLS demanded Message-ID: <20160729100952.GA4967@becker.bs.l> Mail-Followup-To: freebsd-hackers@freebsd.org References: <20160728180255.GA79509@becker.bs.l> <599ca93e-31ed-fcb4-75de-7d05667d928e@FreeBSD.org> <20160728205516.GA94239@becker.bs.l> <20160728213717.GA98586@becker.bs.l> <7483738d-01e7-0bb2-81e9-9c26d8ef8c9f@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <7483738d-01e7-0bb2-81e9-9c26d8ef8c9f@FreeBSD.org> User-Agent: Mutt/1.6.1 (2016-04-27) Sender: Bertram Scharpf X-Provags-ID: V03:K0:4sFu6FWq6BltJFPBzdOBbtUPWxRMA8tXa5AEEURe3JYe3cFYsX7 +Cqz+CU1FRuJvr5SA52+ivOhBscZNuKiFtxhmFrlhJVCQ7p8rPRHe0Y5NQlMbcHa4cC6i7L s5CJN/WcAN/8lkuDBIxmyxtrHlVt5TPwBMsauS9sOi9mKvxEABCFpDW7u+H0vgYsKvSzykv y9+tkkqyufjONuTumKRJw== X-UI-Out-Filterresults: notjunk:1;V01:K0:mPkCnPhLN6Q=:shOwxrC0Y5h5nSHd9FNQgU xM5DTj0EuozLW+7zYKfwjwtWTC+Q98lOxVMVjLUfwLNuo0GBggaMMkHgS/DSmNEasg/I7ZORx iIp9WszBKjtQprFk9VqM+tqCQXfqmCjUY6npsxOC36s6vsXXNVM1jrqVLMlFzu3eACIo8qEST FpwUWwQWw0bz5TKs/Xl8VFp/Ks9hMlzXBRrnAVDykU9zSP08krKrzSGMTmye3hOAdZKxO0YDN v4QRG/hlBBl4QrlMKN3T+z8lBfGYBL2jOJ8LJrFOsTLDbA83wpGIiJkfl9khe+KNgK9TSB+Rc uZIsFDHdJ53F2vhoLohCDXX5Fs3QZHURhNbXKK+ezV4rQD7JIr1S/E4jsvoSzdZ3V6/rTrv0E 4j8LtSalNq6WNvBxOS5qbSSD9nEK9ffVrNWWCILN8ALGKQMCE4MEAe3vdmoHrswhYuL2Wcyqq jKjBHT3fdMb/cIrh+X8JEc8keti/wZbLCN87x9zPB4wDBePjrxlukMcGiBTfRmQn6ah6V0qv1 vtIwcWNb9af7ivIhRZriSYKIGtHRj/6oejGdI8tLXKeUzaCL2g4T3iUBoYYdixN6nA2E2vVDo m+7wIMbqLD/GIQINcxIJqzUFCluWH4gNNC00BwOvwWpPwDIdO6yDvYLiGkvWY0EziRRNswIsn QtBc8BuRwPfvi0surPz/Regw0Ub2OwGwSth1X34lKrZ67/Ue1rOFK3k9rkr4pu2sypyQ= X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jul 2016 10:15:14 -0000 On Thursday, 28. Jul 2016, 17:56:46 -0400, Jung-uk Kim wrote: > On 07/28/16 05:37 PM, Bertram Scharpf wrote: > > On Thursday, 28. Jul 2016, 17:25:50 -0400, Jung-uk Kim wrote: > >> On 07/28/16 04:55 PM, Bertram Scharpf wrote: > >>> On Thursday, 28. Jul 2016, 15:37:00 -0400, Jung-uk Kim wrote: > >>>> On 07/28/16 02:02 PM, Bertram Scharpf wrote: > >>>>> > >>>>> Program received signal SIGSEGV, Segmentation fault. > >>>>> [Switching to Thread 29403080 (LWP 101275/mcabber)] > >>>>> 0x285c1245 in OPENSSL_ia32_cpuid () from /usr/local/lib/libcrypto.so.8 > >>>> > >>>> Try "ldd /usr/local/lib/libloudmouth-1.so.0.1.0". It looks like a > >>>> Kerberos issue. > >>> > >>> No errors. They do all exist. I double-checked it: > >>> > >>> $ ldd /usr/local/lib/libloudmouth-1.so.0.1.0 | perl -lne '/=>\s*(\S+)/ and not -e $1 and print $1' > >> > >> I guess you misunderstood. I didn't mean you have a missing library. I > >> believe it links *two* libcrypto.so's, i.e., one from base and one from > >> ports. > > > > Indeed: > > > > # ldd /usr/local/lib/libloudmouth-1.so.0.1.0 | grep libcrypto > > libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x28d00000) > > libcrypto.so.7 => /lib/libcrypto.so.7 (0x2925b000) > > > > So, how could I resolve this? > You may ask its maintainer (gnome@FreeBSD.org) to add USES+=gssapi and > add an option to select GSS-API from ports. Another solution may be > removing all packages depending on /usr/local/lib/libcrypto.8 and > rebuilding them with base OpenSSL. I cannot remove _all_ packages that depend on OpenSSL. # pkg info -qr openssl-1.0.2_14 | wc -l 38 The first thing I do not understand is why it is so important for so many packages to pull in the package. # openssl version OpenSSL 1.0.1t-freebsd 3 May 2016 # /usr/local/bin/openssl version WARNING: can't open config file: /usr/local/openssl/openssl.cnf OpenSSL 1.0.2h 3 May 2016 The second thing I do not understand is why GSS-API should help. I searched for USES+=gssapi and did find only four projects that really have it. None of them is installed here. $ rbfind /usr/ports 'prune if name == "work" ; name == "Makefile" and grep /\bUSES.*gssapi/' Many ports have GSSAPI disabled here and they do not segfault because of an OpenSSL conflict. Example: # grep -h 'SET.*GSS' /var/db/ports/databases_postgresql95-*/options OPTIONS_FILE_UNSET+=GSSAPI OPTIONS_FILE_UNSET+=GSSAPI The third thing I do not understand is why there is an OpenSSL conflict at all. I definitely told loudmouth to use GnuTLS. # grep SSL\\\|TLS /var/db/ports/net-im_loudmouth/options _FILE_COMPLETE_OPTIONS_LIST=DOCS GNUTLS OPENSSL OPTIONS_FILE_SET+=GNUTLS OPTIONS_FILE_UNSET+=OPENSSL # cd net-im/loudmouth # make run-depends-list build-depends-list | grep ssl\\\|tls /usr/ports/security/gnutls /usr/ports/security/gnutls This appears to be a real port bug to me. Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de