On 03/23/15 11:33, Gerhard Schmidt wrote:> Hi, > > we experiencing a problem after upgrading the openssl port to openssl > 1.0.2. > > /usr/bin/vi started to crash after some seconds with segfault. > /rescue/vi works just fine. Deleting the openssl 1.0.2 package > everything works just fine again. Installing the old openssl 1.0.1_18 > package it still works just fine. > > it seams that besides vi the bash also has this problem. Anybody > experiencing the same or is this something specific to my system. > > I'm running FreeBSD 10.1 updated tonight.I am seeing runtime problems with asterisk13 (which I maintain), caused by the OpenSSL update fallout. In this case, after some analysis, I concluded the problem is the libsrtp port requiring OpenSSL from ports(for a reason), causing asterisk to link to that too, which would be correct. Asterisk also uses the security/trousers port, which links to system OpenSSL. This ensues a conflict which now results in asterisk segfaulting and stopping to work. I'm investigating what can be done about this. As a local solution I can force the trousers port to link against OpenSSL from ports, but this will not fix the general problem. As a port maintaner I ony see modifying the trousers port to depend on ports OpenSSL as a solution, is this acceptable? -- Guido Falsi <madpilot at FreeBSD.org>
On 23.03.2015 13:40, Guido Falsi wrote:> On 03/23/15 11:33, Gerhard Schmidt wrote: >> Hi, >> >> we experiencing a problem after upgrading the openssl port to openssl >> 1.0.2. >> >> /usr/bin/vi started to crash after some seconds with segfault. >> /rescue/vi works just fine. Deleting the openssl 1.0.2 package >> everything works just fine again. Installing the old openssl 1.0.1_18 >> package it still works just fine. >> >> it seams that besides vi the bash also has this problem. Anybody >> experiencing the same or is this something specific to my system. >> >> I'm running FreeBSD 10.1 updated tonight. > > I am seeing runtime problems with asterisk13 (which I maintain), caused > by the OpenSSL update fallout. > > In this case, after some analysis, I concluded the problem is the > libsrtp port requiring OpenSSL from ports(for a reason), causing > asterisk to link to that too, which would be correct. > > Asterisk also uses the security/trousers port, which links to system > OpenSSL. This ensues a conflict which now results in asterisk > segfaulting and stopping to work. > > I'm investigating what can be done about this. As a local solution I can > force the trousers port to link against OpenSSL from ports, but this > will not fix the general problem. As a port maintaner I ony see > modifying the trousers port to depend on ports OpenSSL as a solution, is > this acceptable? >Most Ports link against the port openssl if its installed and agains the system openssl if not. That should be the prefered way to handle problem. I don't know if an incompatibility between system an port openssl is a problem. I've removed the portbuild openssl from this server completely. As far as i can see the problem is with openldap-client build agains the ports openssl and used by nss_ldap or pam_ldap modul. I will do some testing when my test host is ready. Testing on an Production server is not that good :-) Regards Estartu -- ------------------------------------------------- Gerhard Schmidt | E-Mail: schmidt at ze.tum.de TU-M?nchen | Jabber: estartu at ze.tum.de WWW & Online Services | Tel: 089/289-25270 | Fax: 089/289-25257 | PGP-Publickey auf Anfrage -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20150323/9cf62237/attachment.sig>
On 03/23/15 13:40, Guido Falsi wrote:> On 03/23/15 11:33, Gerhard Schmidt wrote: >> Hi, >> >> we experiencing a problem after upgrading the openssl port to openssl >> 1.0.2. >> >> /usr/bin/vi started to crash after some seconds with segfault. >> /rescue/vi works just fine. Deleting the openssl 1.0.2 package >> everything works just fine again. Installing the old openssl 1.0.1_18 >> package it still works just fine. >> >> it seams that besides vi the bash also has this problem. Anybody >> experiencing the same or is this something specific to my system. >> >> I'm running FreeBSD 10.1 updated tonight. > > I am seeing runtime problems with asterisk13 (which I maintain), caused > by the OpenSSL update fallout. > > In this case, after some analysis, I concluded the problem is the > libsrtp port requiring OpenSSL from ports(for a reason), causing > asterisk to link to that too, which would be correct. > > Asterisk also uses the security/trousers port, which links to system > OpenSSL. This ensues a conflict which now results in asterisk > segfaulting and stopping to work. > > I'm investigating what can be done about this. As a local solution I can > force the trousers port to link against OpenSSL from ports, but this > will not fix the general problem. As a port maintaner I ony see > modifying the trousers port to depend on ports OpenSSL as a solution, is > this acceptable? >Quick followup to keep anyone interested informed(and for ML archives just in case). The only "fix" I could commit to fix the binary package was removing the SRTP option from the defaults, avoiding to pull in the libsrtp port which itself pulled in OpenSSL from ports, causing the library mix. I'm not proud of such a solution, but was unable to do anything better right away. If someone has a better solution, please send patches. So for now anyone wanting to use SRTP with asterisk will have to build his own packages. :( -- Guido Falsi <madpilot at FreeBSD.org>