Bug 245154 - OpenSSL: Regression in 1.1.1e (EOF detection change)
Summary: OpenSSL: Regression in 1.1.1e (EOF detection change)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Bernard Spil
URL: https://github.com/openssl/openssl/pu...
Keywords: regression
Depends on:
Blocks:
 
Reported: 2020-03-29 03:56 UTC by Kubilay Kocak
Modified: 2020-05-18 14:48 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (brnrd)
koobs: merge-quarterly?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kubilay Kocak freebsd_committer freebsd_triage 2020-03-29 03:56:46 UTC
OpenSSL 1.1.1e included a "EOF detection" change which has caused failures in many programs.

Upstream has now reverted [1] that change

This (meta) issue is to track all relevant/associated bug reports related to the issue, and requisite ports/base changes. Please create separate issues for these.

[1] https://github.com/openssl/openssl/pull/11400

CC'ing ports (brnrd) and base (jkim) OpenSSL maintainers
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2020-03-29 03:59:21 UTC
See Also: https://bugs.python.org/issue40018
Comment 2 Bernard Spil freebsd_committer freebsd_triage 2020-03-29 11:49:58 UTC
Is this so pressing that we want to force massive rebuilds for all users of DEFAULT_VERSIONS= ssl=openssl ???

Or can we wait for the 1.1.1f update in 2 days?
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2020-03-29 12:15:13 UTC
(In reply to Bernard Spil from comment #2)

Difficult question. The scope of the impact is challenging to ascertain, but its likely the reports so far are the tip of the iceberg. Google results for openssl 1.1.1e eof is a decent sample.

On one hand it requires rebuilds for ports users, on the other it fixes broken programs, services, etc. Additionally, consider the time delay to new packages being built post-resolution. 

Consider also that while unlikely 1.1.1f may introduce others issues/regressions, but I haven't checked the commit log between e and potential f.
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-03-29 16:02:07 UTC
A commit references this bug:

Author: brnrd
Date: Sun Mar 29 16:00:41 UTC 2020
New revision: 529814
URL: https://svnweb.freebsd.org/changeset/ports/529814

Log:
  security/openssl: Fix EOF bug

  See https://github.com/openssl/openssl/pull/11400

  PR:		245154
  Reported by:	koobs
  MFH:		2020Q1

Changes:
  head/security/openssl/Makefile
  head/security/openssl/files/patch-PR245154
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-03-31 14:56:30 UTC
A commit references this bug:

Author: brnrd
Date: Tue Mar 31 14:37:19 UTC 2020
New revision: 529977
URL: https://svnweb.freebsd.org/changeset/ports/529977

Log:
  security/openssl: Bug-fix update to 1.1.1f

  PR:		245154
  MFH:		2020Q1

Changes:
  head/security/openssl/Makefile
  head/security/openssl/distinfo
  head/security/openssl/files/patch-PR245154
Comment 6 Bernard Spil freebsd_committer freebsd_triage 2020-04-29 07:48:14 UTC
Fixed in 1.1.1g
Comment 7 Oclair 2020-05-18 14:48:48 UTC
Not sure why this is fixed
FreeBSD 11.3-RELEASE-p7

PHP 7.3.18 (cli) (built: May 18 2020 13:54:50) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.18, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.18, Copyright (c) 1999-2018, by Zend Technologies
Segmentation fault (core dumped)

# gdb /usr/local/bin/php php.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)...
Core was generated by `php -v'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libelf.so.2...Reading symbols from /usr/lib/debug//lib/libelf.so.2.debug...done.
done.
Loaded symbols for /lib/libelf.so.2
Reading symbols from /lib/libcrypt.so.5...Reading symbols from /usr/lib/debug//lib/libcrypt.so.5.debug...done.
done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /usr/local/lib/libargon2.so.0...done.
Loaded symbols for /usr/local/lib/libargon2.so.0
Reading symbols from /lib/libm.so.5...Reading symbols from /usr/lib/debug//lib/libm.so.5.debug...done.
done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /lib/libthr.so.3...Reading symbols from /usr/lib/debug//lib/libthr.so.3.debug...done.
done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /usr/local/lib/libxml2.so.2...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /lib/libz.so.6...Reading symbols from /usr/lib/debug//lib/libz.so.6.debug...done.
done.
Loaded symbols for /lib/libz.so.6
Reading symbols from /usr/lib/liblzma.so.5...Reading symbols from /usr/lib/debug//usr/lib/liblzma.so.5.debug...done.
done.
Loaded symbols for /usr/lib/liblzma.so.5
Reading symbols from /usr/local/lib/libpcre2-8.so.0...done.
Loaded symbols for /usr/local/lib/libpcre2-8.so.0
Reading symbols from /lib/libc.so.7...Reading symbols from /usr/lib/debug//lib/libc.so.7.debug...done.
done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/local/lib/libssl.so.11...done.
Loaded symbols for /usr/local/lib/libssl.so.11
Reading symbols from /usr/local/lib/libcrypto.so.11...done.
Loaded symbols for /usr/local/lib/libcrypto.so.11
Reading symbols from /usr/local/lib/libintl.so.8...done.
Loaded symbols for /usr/local/lib/libintl.so.8
Reading symbols from /usr/local/lib/libiconv.so.2...done.
Loaded symbols for /usr/local/lib/libiconv.so.2
Reading symbols from /usr/local/lib/libglib-2.0.so.0...done.
Loaded symbols for /usr/local/lib/libglib-2.0.so.0
Reading symbols from /usr/local/lib/libpcre.so.1...done.
Loaded symbols for /usr/local/lib/libpcre.so.1
Reading symbols from /libexec/ld-elf.so.1...Reading symbols from /usr/lib/debug//libexec/ld-elf.so.1.debug...done.
done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x00000008049a73a2 in OPENSSL_LH_doall_arg () from /usr/local/lib/libcrypto.so.11