[libssl1_0_0 0005237]: Upgrade of OpenSSL to 1.0.1m breaks named
Mantis Bug Tracker via bug-notifications
bug-notifications at lists.opencsw.org
Thu Apr 2 19:18:10 CEST 2015
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=5237
======================================================================
Reported By: dam
Assigned To: yann
======================================================================
Project: libssl1_0_0
Issue ID: 5237
Category: packaging
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
======================================================================
Date Submitted: 2015-03-22 17:12 CET
Last Modified: 2015-04-02 19:18 CEST
======================================================================
Summary: Upgrade of OpenSSL to 1.0.1m breaks named
Description:
After the OpenSSL update to 1.0.1m BIND fails to start:
root at web [web]:/root > Mar 22 17:07:49 web named[29863]: [ID 873579
daemon.notice] starting BIND 9.9.6-P2 -u named
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] built with
'--prefix=/opt/csw' '--exec_prefix=/opt/csw' '--bindir=/opt/csw/bin'
'--sbindir=/opt/csw/sbin' '--libexecdir=/opt/csw/libexec'
'--datadir=/opt/csw/share' '--sharedstatedir=/opt/csw/share'
'--localstatedir=/var/opt/csw' '--libdir=/opt/csw/lib'
'--infodir=/opt/csw/share/info' '--includedir=/opt/csw/include'
'--mandir=/opt/csw/share/man' '--with-libtool' '--with-openssl=/opt/csw'
'--enable-threads' '--enable-largefile' '--sysconfdir=/etc/opt/csw'
'--localstatedir=/var/opt/csw/named' '--enable-rrl'
'CC=/opt/csw/bin/gcc-4.9' 'CFLAGS=-O2 -pipe -mcpu=v9 -Wa,-xarch=v8plus'
'LDFLAGS=-mcpu=v9 -Wa,-xarch=v8plus -L/opt/csw/lib'
'CPPFLAGS=-I/opt/csw/include'
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice]
----------------------------------------------------
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] BIND 9 is
maintained by Internet Systems Consortium,
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] Inc. (ISC), a
non-profit 501(c)(3) public-benefit
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] corporation.
Support and training for BIND 9 are
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] available at
https://www.isc.org/support
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice]
----------------------------------------------------
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.warning] ENGINE_by_id
failed (crypto failure)
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.crit] initializing DST:
crypto failure
Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.crit] exiting (due to
fatal error)
Mar 22 17:07:49 web svc.startd[19839]: [ID 652011 daemon.warning]
svc:/network/cswnamed:default: Method "/var/opt/csw/svc/method/svc-cswnamed
stop" failed with exit status 1.
Mar 22 17:07:49 web last message repeated 2 times
Mar 22 17:07:49 web svc.startd[19839]: [ID 748625 daemon.error]
network/cswnamed:default failed: transitioned to maintenance (see 'svcs
-xv' for details)
After downgrading to 1.0.1l it works again.
Probably a recompile of BIND is needed.
======================================================================
----------------------------------------------------------------------
(0011033) johnthurston (reporter) - 2015-04-02 19:18
https://www.opencsw.org/mantis/view.php?id=5237#c11033
----------------------------------------------------------------------
I have reproduced the results with the following packages:
root at nstest:~> pkginfo -x CSWbind CSWbindutils CSWlibssl1-0-0
CSWopenssl-utils
CSWbind bind - ISC BIND DNS main package
(sparc) 9.9.7,REV=2015.02.26
CSWbindutils bind_utils - ISC BIND DNS utilities package
(sparc) 9.9.7,REV=2015.02.26
CSWlibssl1-0-0 libssl1_0_0 - Openssl 1.0 runtime libraries
(sparc) 1.0.1m,REV=2015.03.21
CSWopenssl-utils openssl_utils - Openssl 1.0 binaries and related tools
(sparc) 1.0.1m,REV=2015.03.21
Against "unstable", there are no differences shown for bind or openssl
packages with "/opt/csw/bin/pkgutil -C"
Against "testing", openssl packages are 1.0.1l rather than m. There are no
differences shown for bind.
BIND exits with:
root at nstest:~> /opt/csw/sbin/named -g -u named
02-Apr-2015 09:13:46.168 starting BIND 9.9.7 -g -u named
02-Apr-2015 09:13:46.169 built with '--prefix=/opt/csw'
'--exec_prefix=/opt/csw' '--bindir=/opt/csw/bin' '--sbindir=/opt/csw/sbin'
'--libexecdir=/opt/csw/libexec' '--datadir=/opt/csw/share'
'--sharedstatedir=/opt/csw/share' '--localstatedir=/var/opt/csw'
'--libdir=/opt/csw/lib' '--infodir=/opt/csw/share/info'
'--includedir=/opt/csw/include' '--mandir=/opt/csw/share/man'
'--with-libtool' '--with-openssl=/opt/csw' '--enable-threads'
'--enable-largefile' '--sysconfdir=/etc/opt/csw'
'--localstatedir=/var/opt/csw/named' '--enable-rrl'
'CC=/opt/csw/bin/gcc-4.9' 'CFLAGS=-O2 -pipe -mcpu=v9 -Wa,-xarch=v8plus'
'LDFLAGS=-mcpu=v9 -Wa,-xarch=v8plus -L/opt/csw/lib'
'CPPFLAGS=-I/opt/csw/include'
02-Apr-2015 09:13:46.169
----------------------------------------------------
02-Apr-2015 09:13:46.169 BIND 9 is maintained by Internet Systems
Consortium,
02-Apr-2015 09:13:46.169 Inc. (ISC), a non-profit 501(c)(3) public-benefit
02-Apr-2015 09:13:46.169 corporation. Support and training for BIND 9 are
02-Apr-2015 09:13:46.169 available at https://www.isc.org/support
02-Apr-2015 09:13:46.169
----------------------------------------------------
02-Apr-2015 09:13:46.169 found 128 CPUs, using 128 worker threads
02-Apr-2015 09:13:46.169 using 64 UDP listeners per interface
02-Apr-2015 09:13:46.188 using up to 4096 sockets
02-Apr-2015 09:13:46.238 ENGINE_by_id failed (crypto failure)
02-Apr-2015 09:13:46.238 error:2606A074:engine routines:ENGINE_by_id:no
such engine:eng_list.c:389:id=gost
02-Apr-2015 09:13:46.240 initializing DST: crypto failure
02-Apr-2015 09:13:46.240 exiting (due to fatal error)
More information about the bug-notifications
mailing list