Date: Thu, 11 Jan 2024 23:43:39 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Jessica Clarke <jrtc27@freebsd.org>, Cy Schubert <cy@FreeBSD.org>, "src-committers@freebsd.org" <src-committers@FreeBSD.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@FreeBSD.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@FreeBSD.org> Subject: Re: git: cb350ba7bf7c - main - kerberos: Fix numerous segfaults when using weak crypto Message-ID: <20240112074339.A581B23D@slippy.cwsent.com> In-Reply-To: <20240112071106.C72D8235@slippy.cwsent.com> References: <202401111331.40BDVZfn015429@gitrepo.freebsd.org> <CF222483-972B-4F25-93F6-EA3161AE2FCA@freebsd.org> <20240112071106.C72D8235@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20240112071106.C72D8235@slippy.cwsent.com>, Cy Schubert writes: > In message <CF222483-972B-4F25-93F6-EA3161AE2FCA@freebsd.org>, Jessica > Clarke w > rites: > > On 11 Jan 2024, at 13:31, Cy Schubert <cy@FreeBSD.org> wrote: > > >=20 > > > The branch main has been updated by cy: > > >=20 > > > URL: = > > https://cgit.FreeBSD.org/src/commit/?id=3Dcb350ba7bf7ca7c4cb97ed2c20ab45af= > > 60382cfb > > >=20 > > > commit cb350ba7bf7ca7c4cb97ed2c20ab45af60382cfb > > > Author: Cy Schubert <cy@FreeBSD.org> > > > AuthorDate: 2023-12-06 15:30:05 +0000 > > > Commit: Cy Schubert <cy@FreeBSD.org> > > > CommitDate: 2024-01-11 13:26:42 +0000 > > >=20 > > > kerberos: Fix numerous segfaults when using weak crypto > > >=20 > > > Weak crypto is provided by the openssl legacy provider which is > > > not load by default. Load the legacy providers as needed. > > >=20 > > > When the legacy provider is loaded into the default context the = > > default > > > provider will no longer be automatically loaded. Without the = > > default > > > provider the various kerberos applicaions and functions will = > > abort(). > > > > Hi, > > This has completely broken macOS and Linux cross-building. Please > > either fix this quickly or, if unable to, revert until such time as you > > can. Note that patches can be tested by creating a PR against the > > GitHub mirror. > > Thanks for the heads up. I see the problem and am working on a fix. I think the correct approach would be to separate the new fbsd_ossl_provider_load() and unload functions into their own library (instead of libroken). This avoids the less desirable option of including bsd.cpu.mk in secure/lib/Makefile.common, which does build but could affect future work. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240112074339.A581B23D>