Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 2 Oct 2010 13:34:48 GMT
From:      Pascal Stumpf <Pascal.Stumpf@cubes.de>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/151154: audio/amarok-kde4 crashes on network activity if ports openssl is installed
Message-ID:  <201010021334.o92DYmiB027827@www.freebsd.org>
Resent-Message-ID: <201010021340.o92De2Ij057530@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         151154
>Category:       ports
>Synopsis:       audio/amarok-kde4 crashes on network activity if ports openssl is installed
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 02 13:40:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Pascal Stumpf
>Release:        8-STABLE
>Organization:
>Environment:
>Description:
security/tor requires to have OpenSSL installed from ports due to renegotiation being disabled in base OpenSSL in some supported FreeBSD releases (not sure which ones, but I think 8.1 has it re-enabled). Unfortunately, this can lead to ugly and unexpected bugs in ports that link against OpenSSL libraries. As it was exposed by Amarok (https://bugs.kde.org/show_bug.cgi?id=252912), KIO libraries may run into problems when calling functions from different versions of these libraries, crashing the application. Note that this is not confined to Amarok, but may affect any other application relying on KIO and QtSsl.
>How-To-Repeat:
Install security/openssl and audio/amarok-kde4, start amarok, enable lyrics plugin, cover fetching etc., play a file and watch it crash.
>Fix:
The best solution to this would be to re-enable renegotiation in OpenSSL in all supported releases. Disabling it in the first place was more a workaround than a real ‘security fix’ anyway. Then one could safely remove the dependency of security/tor on ports OpenSSL.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010021334.o92DYmiB027827>