Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Mar 2016 05:31:11 -0800
From:      Jeremy Chadwick <jdc@koitsu.org>
To:        freebsd-stable@freebsd.org
Cc:        cgreen@sentex.net, mike@sentex.net
Subject:   Re: svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man
Message-ID:  <20160309133111.GA1035@icarus.home.lan>

next in thread | raw e-mail | index | archive | help
(Please keep me CC'd as I'm not subscribed to -stable)

r296462 is either not ABI-compatible, or if it truly is, it breaks
internal behavioural compatibility with libcrypto/libssl in some way.
Building the below programs (fetchmail + postfix) from ports directly
(i.e. source) **does not** fix the problem.

Hope the gdb in fetchmail helps narrow down where the problem is.  Don't
ask me for "bt full" output, as it's pointless since none of the system
libs are built with -g/-g3/-ggdb.

I have no problems with SSH (unlike Mike), but that means very little
given configuration differences and setups.

Rolling back to r296461 (i.e. svn up -r296461) rectifies the problem
fully.

If jkim@ et al need a box running r296462 w/ full root to troubleshoot
this, let me know and I can set one up.  Might take a day or two though.

$ fetchmail -a -v
fetchmail: removing stale lockfile
fetchmail: 6.3.26 querying mambo.koitsu.org (protocol IMAP) at Wed  9 Mar 04:55:16 2016: poll started
Trying to connect to 104.238.183.73/993...connected.
fetchmail: Server certificate:
fetchmail: Issuer Organisation: koitsu.org
fetchmail: Issuer CommonName: mambo.koitsu.org
fetchmail: Subject CommonName: mambo.koitsu.org
fetchmail: mambo.koitsu.org key fingerprint: F4:35:18:75:88:92:BF:1C:82:14:9E:17:EC:7E:3D:1C
fetchmail: mambo.koitsu.org fingerprints match.
fetchmail: Server certificate:
fetchmail: Issuer Organisation: koitsu.org
fetchmail: Issuer CommonName: mambo.koitsu.org
fetchmail: Subject CommonName: mambo.koitsu.org
Segmentation fault: 11 (core dumped)

$ gdb /usr/local/bin/fetchmail fetchmail.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)...
Core was generated by `fetchmail'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libintl.so.8...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libintl.so.8
Reading symbols from /usr/lib/libopie.so.7...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libopie.so.7
Reading symbols from /lib/libcrypt.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /lib/libkvm.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libkvm.so.5
Reading symbols from /usr/lib/libcom_err.so.5...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcom_err.so.5
Reading symbols from /usr/lib/libssl.so.6...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /usr/lib/libgssapi.so.10...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgssapi.so.10
Reading symbols from /usr/lib/libheimntlm.so.10...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libheimntlm.so.10
Reading symbols from /usr/lib/libkrb5.so.10...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libkrb5.so.10
Reading symbols from /usr/lib/libhx509.so.10...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libhx509.so.10
Reading symbols from /usr/lib/libasn1.so.10...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libasn1.so.10
Reading symbols from /usr/lib/libroken.so.10...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libroken.so.10
Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/local/lib/libiconv.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libiconv.so.2
Reading symbols from /lib/libmd.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libmd.so.5
Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x0000000801616774 in BN_mod_exp_mont_consttime () from /lib/libcrypto.so.6
(gdb) bt
#0  0x0000000801616774 in BN_mod_exp_mont_consttime () from /lib/libcrypto.so.6
#1  0x00000008015f79f7 in DH_OpenSSL () from /lib/libcrypto.so.6
#2  0x00000008012c8d25 in ssl3_send_client_key_exchange () from /usr/lib/libssl.so.6
#3  0x00000008012cc0ab in ssl3_connect () from /usr/lib/libssl.so.6
#4  0x00000008012c7d04 in ssl23_connect () from /usr/lib/libssl.so.6
#5  0x00000000004052bf in ?? ()
#6  0x000000000040e360 in ?? ()
#7  0x000000000040813d in ?? ()
#8  0x000000000040a69a in ?? ()
#9  0x0000000000404e01 in ?? ()
#10 0x000000080065c000 in ?? ()
#11 0x0000000000000000 in ?? ()
(gdb) q

Also tried to send mail to myself locally, as postfix's smtp(8) links to
libcrypt/libssl/libcrypto.  Bzzt, nope:

pid 5046 (smtp), uid 125: exited on signal 11

Mar  9 04:49:38 icarus postfix/master[802]: daemon started -- version 3.1.0, configuration /usr/local/etc/postfix
Mar  9 04:54:38 icarus postfix/pickup[5043]: 1835D1AF150: uid=1000 from=<jdc>
Mar  9 04:54:38 icarus postfix/cleanup[5044]: 1835D1AF150: message-id=<20160309125438.GA5033@icarus.home.lan>
Mar  9 04:54:38 icarus postfix/qmgr[804]: 1835D1AF150: from=<jdc@icarus.home.lan>, size=631, nrcpt=1 (queue active)
Mar  9 04:54:38 icarus postfix/qmgr[804]: warning: private/smtp socket: malformed response
Mar  9 04:54:38 icarus postfix/qmgr[804]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description
Mar  9 04:54:38 icarus postfix/master[802]: warning: process /usr/local/libexec/postfix/smtp pid 5046 killed by signal 11
Mar  9 04:54:38 icarus postfix/master[802]: warning: /usr/local/libexec/postfix/smtp: bad command startup -- throttling
Mar  9 04:54:38 icarus postfix/error[5048]: 1835D1AF150: to=<jdc@koitsu.org>, relay=none, delay=0.5, delays=0.05/0.44/0/0.01, dsn=4.3.0, status=deferred (unknown mail transport error)

-- 
| Jeremy Chadwick                                   jdc@koitsu.org |
| UNIX Systems Administrator                http://jdc.koitsu.org/ |
| Making life hard for others since 1977.             PGP 4BD6C0CB |




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160309133111.GA1035>