Date: Mon, 23 Mar 2015 14:16:33 +0100 From: Gerhard Schmidt <schmidt@ze.tum.de> To: freebsd-stable@freebsd.org Subject: Re: Problems with openssl 1.0.2 update Message-ID: <55101231.4080205@ze.tum.de> In-Reply-To: <551009BB.9020906@FreeBSD.org> References: <550FEBE6.5090804@ze.tum.de> <551009BB.9020906@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MHcu8nFsoodu8o3oNsSwdv7uR8qCS7vop Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 23.03.2015 13:40, Guido Falsi wrote: > On 03/23/15 11:33, Gerhard Schmidt wrote: >> Hi, >> >> we experiencing a problem after upgrading the openssl port to openssl= >> 1.0.2. >> >> /usr/bin/vi started to crash after some seconds with segfault. >> /rescue/vi works just fine. Deleting the openssl 1.0.2 package >> everything works just fine again. Installing the old openssl 1.0.1_18 >> package it still works just fine. >> >> it seams that besides vi the bash also has this problem. Anybody >> experiencing the same or is this something specific to my system. >> >> I'm running FreeBSD 10.1 updated tonight. >=20 > I am seeing runtime problems with asterisk13 (which I maintain), caused= > by the OpenSSL update fallout. >=20 > In this case, after some analysis, I concluded the problem is the > libsrtp port requiring OpenSSL from ports(for a reason), causing > asterisk to link to that too, which would be correct. >=20 > Asterisk also uses the security/trousers port, which links to system > OpenSSL. This ensues a conflict which now results in asterisk > segfaulting and stopping to work. >=20 > I'm investigating what can be done about this. As a local solution I ca= n > force the trousers port to link against OpenSSL from ports, but this > will not fix the general problem. As a port maintaner I ony see > modifying the trousers port to depend on ports OpenSSL as a solution, i= s > this acceptable? >=20 Most Ports link against the port openssl if its installed and agains the system openssl if not. That should be the prefered way to handle problem.= I don't know if an incompatibility between system an port openssl is a problem. I've removed the portbuild openssl from this server completely. As far as i can see the problem is with openldap-client build agains the ports openssl and used by nss_ldap or pam_ldap modul. I will do some testing when my test host is ready. Testing on an Production server is not that good :-) Regards Estartu --=20 ------------------------------------------------- Gerhard Schmidt | E-Mail: schmidt@ze.tum.de TU-M=FCnchen | Jabber: estartu@ze.tum.de WWW & Online Services | Tel: 089/289-25270 | Fax: 089/289-25257 | PGP-Publickey auf Anfrage --MHcu8nFsoodu8o3oNsSwdv7uR8qCS7vop Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVEBI2AAoJEHTSQ8xFcA2j5TAP/33IlVaBAopyU62T8slC5LAM VPU3/PUtCYsqiYZcuSjyhFGwT3O+bu7+7x9UhzgNrF18tdQrtoz8/2Vr5BVhDXMF qYWr6ZBpt3Ej9TJCasH98B5kC2rqdw8Ff1h2xY3G59H0ZoFDbrhcYFuOOQ9iqEg9 UgMce+eVLz/gDNCZISjyRS2BB8N/qC8O4+5ce4/V6HKun/xmi3YrK9ctvFUpsaxo jp+mQkWmwI+5WYjrkeBpqYTcP3+XT58vRwFLrKg+sNraUvREkUKUfiezQJxksKJo +P91/Vw8EujP/cTkRv2H5YlvyYANgC3k2oEn291esRitum4HrjSbiKWkSEEujf2S sC/ck+IAC6heMttMqQccYDi9wTugn2FJUnIESMBr/OLaEFMstOXb8SyxumT87WVM RSIiRVJft0F5X1ztliCORhRHp7nQX+40OEwFlumoo5qKzJQ4HLhrM/HOuFURuVTi 1hjq/O7CZv+VcTcxzTEx8qpf74C0MekkOfFzfL8Zrvq7jpggPPf4O8lywfgAaeaD 8dPT687EEr1Yf9++omKboL7SLZUJZz45m67gpzMAqBzB9ruc28s2Z8j20uv+G7U+ Nf/+VdPa5l/MxrxfUiwpwG0FQuW9xhKYBUcP7O2kM6ihgE4HW4VEyEEW2UN0I7JY 8LcgmnJ03kQngT84POUf =gBd2 -----END PGP SIGNATURE----- --MHcu8nFsoodu8o3oNsSwdv7uR8qCS7vop--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55101231.4080205>