Date: Mon, 11 Oct 2010 02:32:59 GMT From: Jeffrey Walton <noloader@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/151379: libcryptopp.so/libcrypto++.so and Shared Objects Message-ID: <201010110232.o9B2Wx2o065441@www.freebsd.org> Resent-Message-ID: <201010110240.o9B2e0g4070522@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 151379 >Category: misc >Synopsis: libcryptopp.so/libcrypto++.so and Shared Objects >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Oct 11 02:40:00 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Jeffrey Walton >Release: None. >Organization: None >Environment: None >Description: Package: Crypto++ Crypto++ received a few GNU Linux based bug reports [1, 2], and Wei Dai vetted out a crash due to global object destruction in a shared object (the bug was not present in a static library). The crash fix was sufficient to support shared objects, and the commit occurred at revision 496 [3]. Please ensure the distribution is using revision 496 or higher of Crypto++. Crypto++ version 5.6.1 includes revision 496, while Crypto 5.6.0 does not include the revision. In addition to the shared object bug fix committed at revision 496, the 492 commit included a SHA-2 bug fix on x64 with GCC optimizations enabled [4]. A stress test was written while trying to duplicate the shared object issue, and it might make a good test case for the distribution's build bot. The program creates 96 threads which perform dynamic loads/unloads (with lots of overlap) to ensure proper cleanup on library unload. The stress test, released under GPLv3, is available at http://www.cryptopp.com/wiki/Linux#Note_for_Distribution_Packagers. The Crypto++ library can be downloaded directly from http://www.cryptopp.com in ZIP format. The 5.6.1 ZIP includes shared object support (but the ZIP will get stale over time since the ZIP file is frozen). Crypto++ can also be fetched from SourceForge, which is always up to date. Issue "svn checkout https://cryptopp.svn.sourceforge.net/svnroot/cryptopp/trunk/c5 cryptopp". Jeffrey Walton, Friend of the Crypto++ Library [1] Errors with multiple loading cryptopp as shared lib on Linux, http://groups.google.com/group/cryptopp-users/browse_thread/thread/68fbc22e8c6e2f48 [2] RTLD_GLOBAL and libcryptopp.so crash, http://groups.google.com/group/cryptopp-users/browse_thread/thread/7eae009a4e02e726 [3] http://cryptopp.svn.sourceforge.net/viewvc/cryptopp?view=revision&revision=496 [4] http://cryptopp.svn.sourceforge.net/viewvc/cryptopp?view=revision&revision=492 >How-To-Repeat: See Errors with multiple loading cryptopp as shared lib on Linux, http://groups.google.com/group/cryptopp-users/browse_thread/thread/68fbc22e8c6e2f48 >Fix: Update to Crypto 5.6.1. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010110232.o9B2Wx2o065441>