From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Oct 2 13:40:02 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A60F7106566B for ; Sat, 2 Oct 2010 13:40:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 686A98FC27 for ; Sat, 2 Oct 2010 13:40:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o92De2T9057531 for ; Sat, 2 Oct 2010 13:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o92De2Ij057530; Sat, 2 Oct 2010 13:40:02 GMT (envelope-from gnats) Resent-Date: Sat, 2 Oct 2010 13:40:02 GMT Resent-Message-Id: <201010021340.o92De2Ij057530@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Pascal Stumpf Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 89581106564A for ; Sat, 2 Oct 2010 13:34:49 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 782E58FC08 for ; Sat, 2 Oct 2010 13:34:49 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o92DYm3E027851 for ; Sat, 2 Oct 2010 13:34:48 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o92DYmiB027827; Sat, 2 Oct 2010 13:34:48 GMT (envelope-from nobody) Message-Id: <201010021334.o92DYmiB027827@www.freebsd.org> Date: Sat, 2 Oct 2010 13:34:48 GMT From: Pascal Stumpf To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/151154: audio/amarok-kde4 crashes on network activity if ports openssl is installed X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Oct 2010 13:40:02 -0000 >Number: 151154 >Category: ports >Synopsis: audio/amarok-kde4 crashes on network activity if ports openssl is installed >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 02 13:40:02 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Pascal Stumpf >Release: 8-STABLE >Organization: >Environment: >Description: security/tor requires to have OpenSSL installed from ports due to renegotiation being disabled in base OpenSSL in some supported FreeBSD releases (not sure which ones, but I think 8.1 has it re-enabled). Unfortunately, this can lead to ugly and unexpected bugs in ports that link against OpenSSL libraries. As it was exposed by Amarok (https://bugs.kde.org/show_bug.cgi?id=252912), KIO libraries may run into problems when calling functions from different versions of these libraries, crashing the application. Note that this is not confined to Amarok, but may affect any other application relying on KIO and QtSsl. >How-To-Repeat: Install security/openssl and audio/amarok-kde4, start amarok, enable lyrics plugin, cover fetching etc., play a file and watch it crash. >Fix: The best solution to this would be to re-enable renegotiation in OpenSSL in all supported releases. Disabling it in the first place was more a workaround than a real ‘security fix’ anyway. Then one could safely remove the dependency of security/tor on ports OpenSSL. >Release-Note: >Audit-Trail: >Unformatted: