Date: Fri, 29 Jul 2016 20:00:54 +0300 From: Kimmo Paasiala <kpaasial@gmail.com> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Segfault in OpenSSL even though GnuTLS demanded Message-ID: <CA%2B7WWScxvZ-2L-Wf0QXSFb9qTr0sUAx6-oncBhjqrgaLxB-zWw@mail.gmail.com> In-Reply-To: <20160729100952.GA4967@becker.bs.l> References: <20160728180255.GA79509@becker.bs.l> <599ca93e-31ed-fcb4-75de-7d05667d928e@FreeBSD.org> <20160728205516.GA94239@becker.bs.l> <b88fc3be-c10a-70b1-c985-f560ad86ecc0@FreeBSD.org> <20160728213717.GA98586@becker.bs.l> <7483738d-01e7-0bb2-81e9-9c26d8ef8c9f@FreeBSD.org> <20160729100952.GA4967@becker.bs.l>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 29, 2016 at 1:09 PM, Bertram Scharpf <lists@bertram-scharpf.de> wrote: > On Thursday, 28. Jul 2016, 17:56:46 -0400, Jung-uk Kim wrote: >> On 07/28/16 05:37 PM, Bertram Scharpf wrote: >> > On Thursday, 28. Jul 2016, 17:25:50 -0400, Jung-uk Kim wrote: >> >> On 07/28/16 04:55 PM, Bertram Scharpf wrote: >> >>> On Thursday, 28. Jul 2016, 15:37:00 -0400, Jung-uk Kim wrote: >> >>>> On 07/28/16 02:02 PM, Bertram Scharpf wrote: >> >>>>> >> >>>>> Program received signal SIGSEGV, Segmentation fault. >> >>>>> [Switching to Thread 29403080 (LWP 101275/mcabber)] >> >>>>> 0x285c1245 in OPENSSL_ia32_cpuid () from /usr/local/lib/libcrypto.so.8 >> >>>> >> >>>> Try "ldd /usr/local/lib/libloudmouth-1.so.0.1.0". It looks like a >> >>>> Kerberos issue. >> >>> >> >>> No errors. They do all exist. I double-checked it: >> >>> >> >>> $ ldd /usr/local/lib/libloudmouth-1.so.0.1.0 | perl -lne '/=>\s*(\S+)/ and not -e $1 and print $1' >> >> >> >> I guess you misunderstood. I didn't mean you have a missing library. I >> >> believe it links *two* libcrypto.so's, i.e., one from base and one from >> >> ports. >> > >> > Indeed: >> > >> > # ldd /usr/local/lib/libloudmouth-1.so.0.1.0 | grep libcrypto >> > libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x28d00000) >> > libcrypto.so.7 => /lib/libcrypto.so.7 (0x2925b000) >> > >> > So, how could I resolve this? >> You may ask its maintainer (gnome@FreeBSD.org) to add USES+=gssapi and >> add an option to select GSS-API from ports. Another solution may be >> removing all packages depending on /usr/local/lib/libcrypto.8 and >> rebuilding them with base OpenSSL. > > I cannot remove _all_ packages that depend on OpenSSL. > > # pkg info -qr openssl-1.0.2_14 | wc -l > 38 > > > The first thing I do not understand is why it is so > important for so many packages to pull in the package. > > # openssl version > OpenSSL 1.0.1t-freebsd 3 May 2016 > # /usr/local/bin/openssl version > WARNING: can't open config file: /usr/local/openssl/openssl.cnf > OpenSSL 1.0.2h 3 May 2016 > > > The second thing I do not understand is why GSS-API should > help. I searched for USES+=gssapi and did find only four > projects that really have it. None of them is installed > here. > > $ rbfind /usr/ports 'prune if name == "work" ; name == "Makefile" and grep /\bUSES.*gssapi/' > > Many ports have GSSAPI disabled here and they do not > segfault because of an OpenSSL conflict. Example: > > # grep -h 'SET.*GSS' /var/db/ports/databases_postgresql95-*/options > OPTIONS_FILE_UNSET+=GSSAPI > OPTIONS_FILE_UNSET+=GSSAPI > > > The third thing I do not understand is why there is an > OpenSSL conflict at all. I definitely told loudmouth to use > GnuTLS. > > # grep SSL\\\|TLS /var/db/ports/net-im_loudmouth/options > _FILE_COMPLETE_OPTIONS_LIST=DOCS GNUTLS OPENSSL > OPTIONS_FILE_SET+=GNUTLS > OPTIONS_FILE_UNSET+=OPENSSL > > # cd net-im/loudmouth > # make run-depends-list build-depends-list | grep ssl\\\|tls > /usr/ports/security/gnutls > /usr/ports/security/gnutls > > > This appears to be a real port bug to me. > > Bertram > > > -- > Bertram Scharpf > Stuttgart, Deutschland/Germany > http://www.bertram-scharpf.de It's not exactly a port bug, it's a consequence of how dynamic linking works. If you link against the base system GSSAPI you will pull in the base system OpenSSL as well and that can't be avoided regardless of which version of OpenSSL your port links against. The situation is exactly the same with for example ftp/curl, see this discussion from last year: https://lists.freebsd.org/pipermail/freebsd-ports/2015-April/098651.html -Kimmo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWScxvZ-2L-Wf0QXSFb9qTr0sUAx6-oncBhjqrgaLxB-zWw>