From owner-freebsd-ports@FreeBSD.ORG Fri Apr 10 00:35:18 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 31C0C930 for ; Fri, 10 Apr 2015 00:35:18 +0000 (UTC) Received: from mail14.tpgi.com.au (mail14.tpgi.com.au [203.12.160.182]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.tpg.com.au", Issuer "RapidSSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B038161B for ; Fri, 10 Apr 2015 00:35:16 +0000 (UTC) X-TPG-Junk-Status: Message not scanned X-TPG-Antivirus: Passed X-TPG-Abuse: host=[202.161.115.54]; ip=202.161.115.54; date=Fri, 10 Apr 2015 10:35:05 +1000 Received: from fish.ish.com.au (202-161-115-54.static.tpgi.com.au [202.161.115.54] (may be forged)) by mail14.tpgi.com.au (envelope-from ari@ish.com.au) (8.14.3/8.14.3) with ESMTP id t3A0Z3gL013076 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 10 Apr 2015 10:35:05 +1000 Received: from ip-211.ish.com.au ([203.29.62.211]:37745 helo=ish.com.au) by fish.ish.com.au with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1YgMuT-00009O-1g for freebsd-ports@freebsd.org; Fri, 10 Apr 2015 10:35:01 +1000 Received: from [203.29.62.136] (HELO ip-136.ish.com.au) by ish.com.au (CommuniGate Pro SMTP 6.1.2) with ESMTPS id 18042258 for freebsd-ports@freebsd.org; Fri, 10 Apr 2015 10:35:01 +1000 Subject: Re: openssl and bash libcrypto To: FreeBSD Mailing List references: <552657AC.1020802@ish.com.au> From: Aristedes Maniatis x-enigmail-draft-status: N1110 message-id: <55271AB5.8020907@ish.com.au> Date: Fri, 10 Apr 2015 10:35:01 +1000 user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0 mime-version: 1.0 in-reply-to: <552657AC.1020802@ish.com.au> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2015 00:35:18 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/04/2015 8:42pm, Aristedes Maniatis wrote: > Starting in the last week or so, several different applications are exhibiting the same symptoms of broken libcrypto libraries. Thanks everyone for your ideas. Before I start hacking away at the system to remove openssl from the base, can anyone help clarify what I'm seeing in the backtrace? > #0 0x00000008029cafe5 in OPENSSL_ia32_cpuid () from /usr/local/lib/libcrypto.so.8 > #1 0x00000008033cf0b9 in OPENSSL_ia32cap_loc () from /lib/libcrypto.so.7 Am I right in assuming /lib/libcrypto.so.7 is installed by openssl in the base OS? And /usr/local/lib/libcrypto.so.8 from openssl in ports? How do they get to call each other like this? My base system is from freebsd-update binary installs, not compiled by me. The poudriere jail is also updated to the latest 10.1 patch. /lib/libcrypto.so.7 is from 2 April which is roughly when all this started happening. But if that file was broken in the latest FreeBSD updates, everyone running FreeBSD would be complaining right now. So there has to be something unusual about my systems (I've reproduced this on two different installations) or the way I build openssl from ports. I can reproduce the problem in /usr/bin/vi from the base system. Again, the bt looks like this: #0 0x0000000802ffcfe5 in OPENSSL_ia32_cpuid () from /usr/local/lib/libcrypto.so.8 [New LWP 101914] (gdb) bt #0 0x0000000802ffcfe5 in OPENSSL_ia32_cpuid () from /usr/local/lib/libcrypto.so.8 #1 0x0000000803a010b9 in OPENSSL_ia32cap_loc () from /lib/libcrypto.so.7 #2 0x000000080390784e in _init () from /lib/libcrypto.so.7 #3 0x00007fffffffcf00 in ?? () #4 0x00000008006656bf in r_debug_state () from /libexec/ld-elf.so.1 #5 0x0000000800669d87 in _rtld_get_stack_prot () from /libexec/ld-elf.so.1 #6 0x0000000800666ad3 in dlopen () from /libexec/ld-elf.so.1 #7 0x0000000800dfa436 in _nsdbtaddsrc () from /lib/libc.so.7 #8 0x0000000800df43c9 in _nsyyparse () from /lib/libc.so.7 #9 0x0000000800dfaab1 in nsdispatch () from /lib/libc.so.7 #10 0x0000000800de7ebe in getpwuid () from /lib/libc.so.7 #11 0x0000000800de7cbf in getpwnam () from /lib/libc.so.7 Maybe what I really need to do now is recompile everything against base openssl and remove the openssl port from my system completely. Or do people have better ideas? Thanks Ari - -- - --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlUnGrUACgkQ72p9Lj5JECo1NgCeP6NSHvJas88SEA4jc9zsbvdf G9YAmwQqqsuATUCYkiR36WXLIL565fhH =6VrH -----END PGP SIGNATURE-----