FreeBSD Bugzilla – Attachment 234526 Details for
Bug 264520
databases/db18: DEFAULT_VERSIONS=ssl settings are not reflected
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
Survey Notes
databases_db18_ssl settings are not reflected.txt (text/plain), 7.67 KB, created by
Toshimichi Masubuchi
on 2022-06-07 15:14:20 UTC
(
hide
)
Description:
Survey Notes
Filename:
MIME Type:
Creator:
Toshimichi Masubuchi
Created:
2022-06-07 15:14:20 UTC
Size:
7.67 KB
patch
obsolete
>---------------------------------------- Summary ---------------------------------------- databases/db18: DEFAULT_VERSIONS=ssl settings are not reflected ---------------------------------------- Description ---------------------------------------- Even if DEFAULT_VERSIONS=ssl is set to openssl (Use security/openssl), the OpenSSL libraries included in the base system are always used. # ldd /usr/local/lib/libdb-18.1.so | grep -E 'ssl|crypto' libssl.so.111 => /usr/lib/libssl.so.111 (0x8006ad000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x800fdc000) Attach a patch to fix this. This patch was build tested in Poudriere. - FreeBSD 12.3-RELEASE-p5 (amd64) / (1) ssl=openssl (2) ssl=base - FreeBSD 13.1-RELEASE-p0 (amd64) / (1) ssl=openssl (2) ssl=base Background ---------- I'm using www/apache24, and after switching Berkeley DB from databases/db5 to databases/db18, mod_ssl now gives me an OpenSSL version warning. ex. [Thu Apr 07 11:08:14.144782 2022] [ssl:warn] [pid 966:tid 34375102464] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1n 15 Mar 2022, version currently loaded is OpenSSL 1.1.1l-freebsd 24 Aug 2021) - may result in undefined or erroneous behavior ---------------------------------------- Before patch (ssl=openssl) ---------------------------------------- # pkg info -dbB db18 db18-18.1.40 Shared Libs provided: libdb-18.1.so libdb_stl-18.1.so libdb_cxx-18.1.so Depends on : openssl-1.1.1o_1,1 # ldd /usr/local/lib/libdb*-18.*.so /usr/local/lib/libdb-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x800680000) libssl.so.111 => /usr/lib/libssl.so.111 (0x8006ad000) <=== libcrypto.so.111 => /lib/libcrypto.so.111 (0x800fdc000) <=== libc.so.7 => /lib/libc.so.7 (0x80024e000) /usr/local/lib/libdb_cxx-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x800682000) libssl.so.111 => /usr/lib/libssl.so.111 (0x8006af000) <=== libcrypto.so.111 => /lib/libcrypto.so.111 (0x801006000) <=== libc++.so.1 => /usr/lib/libc++.so.1 (0x8012f8000) libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x800753000) libm.so.5 => /lib/libm.so.5 (0x800776000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x8007ac000) /usr/local/lib/libdb_stl-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x800682000) libssl.so.111 => /usr/lib/libssl.so.111 (0x8006af000) <=== libcrypto.so.111 => /lib/libcrypto.so.111 (0x801018000) <=== libc++.so.1 => /usr/lib/libc++.so.1 (0x80130a000) libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x800753000) libm.so.5 => /lib/libm.so.5 (0x800776000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x8007ac000) ---------------------------------------- After patch (ssl=openssl) ---------------------------------------- # pkg info -dbB db18 db18-18.1.40_1 Shared Libs required: libcrypto.so.11 <=== libssl.so.11 <=== Shared Libs provided: libdb-18.1.so libdb_stl-18.1.so libdb_cxx-18.1.so Depends on : openssl-1.1.1o_1,1 # ldd /usr/local/lib/libdb*-18.1.so /usr/local/lib/libdb-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x80067f000) libssl.so.11 => /usr/local/lib/libssl.so.11 (0x8006ac000) <=== libcrypto.so.11 => /usr/local/lib/libcrypto.so.11 (0x800fdc000) <=== libc.so.7 => /lib/libc.so.7 (0x80024e000) /usr/local/lib/libdb_cxx-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x800681000) libssl.so.11 => /usr/local/lib/libssl.so.11 (0x8006ae000) <=== libcrypto.so.11 => /usr/local/lib/libcrypto.so.11 (0x801006000) <=== libc++.so.1 => /usr/lib/libc++.so.1 (0x8012f8000) libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x800745000) libm.so.5 => /lib/libm.so.5 (0x800768000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x80079e000) /usr/local/lib/libdb_stl-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x800681000) libssl.so.11 => /usr/local/lib/libssl.so.11 (0x8006ae000) <=== libcrypto.so.11 => /usr/local/lib/libcrypto.so.11 (0x801018000) <=== libc++.so.1 => /usr/lib/libc++.so.1 (0x80130a000) libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x800745000) libm.so.5 => /lib/libm.so.5 (0x800768000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x80079e000) ---------------------------------------- After patch (ssl=base) ---------------------------------------- # pkg info -dbB db18 db18-18.1.40_1 Shared Libs provided: libdb-18.1.so libdb_stl-18.1.so libdb_cxx-18.1.so # ldd /usr/local/lib/libdb*-18.1.so /usr/local/lib/libdb-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x800680000) libssl.so.111 => /usr/lib/libssl.so.111 (0x8006ad000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x800fdc000) libc.so.7 => /lib/libc.so.7 (0x80024e000) /usr/local/lib/libdb_cxx-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x800682000) libssl.so.111 => /usr/lib/libssl.so.111 (0x8006af000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x801006000) libc++.so.1 => /usr/lib/libc++.so.1 (0x8012f8000) libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x800753000) libm.so.5 => /lib/libm.so.5 (0x800776000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x8007ac000) /usr/local/lib/libdb_stl-18.1.so: libthr.so.3 => /lib/libthr.so.3 (0x800682000) libssl.so.111 => /usr/lib/libssl.so.111 (0x8006af000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x801018000) libc++.so.1 => /usr/lib/libc++.so.1 (0x80130a000) libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x800753000) libm.so.5 => /lib/libm.so.5 (0x800776000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x8007ac000) ---------------------------------------- Environment ---------------------------------------- # uname -srpi FreeBSD 12.3-RELEASE-p5 amd64 GENERIC # grep ssl= /usr/local/etc/poudriere.d/123amd64-make.conf DEFAULT_VERSIONS=ssl=openssl # pkg info -I db18 openssl db18-18.1.40 Oracle Berkeley DB, Release 18.1 openssl-1.1.1o_1,1 TLSv1.3 capable SSL and crypto library # /usr/bin/openssl version OpenSSL 1.1.1l-freebsd 24 Aug 2021 # /usr/local/bin/openssl version OpenSSL 1.1.1o 3 May 2022 # ls -l {/lib,/usr/lib,/usr/local/lib}/lib{ssl,crypt}*.so* ls: /lib/libssl*.so*: No such file or directory -r--r--r-- 1 root wheel 53320 Jan 13 13:58 /lib/libcrypt.so.5 -r--r--r-- 1 root wheel 3063608 Mar 17 13:25 /lib/libcrypto.so.111 lrwxr-xr-x 1 root wheel 23 May 1 2019 /usr/lib/libcrypt.so@ -> ../../lib/libcrypt.so.5 lrwxr-xr-x 1 root wheel 26 May 1 2019 /usr/lib/libcrypto.so@ -> ../../lib/libcrypto.so.111 lrwxr-xr-x 1 root wheel 13 May 1 2019 /usr/lib/libssl.so@ -> libssl.so.111 -r--r--r-- 1 root wheel 659616 Jan 13 13:58 /usr/lib/libssl.so.111 lrwxr-xr-x 1 root wheel 15 May 15 21:41 /usr/local/lib/libcrypto.so@ -> libcrypto.so.11 -rw-r--r-- 1 root wheel 3064080 May 15 21:41 /usr/local/lib/libcrypto.so.11 lrwxr-xr-x 1 root wheel 12 May 15 21:41 /usr/local/lib/libssl.so@ -> libssl.so.11 -rw-r--r-- 1 root wheel 604808 May 15 21:41 /usr/local/lib/libssl.so.11 # cat /etc/libmap.conf # $FreeBSD: releng/12.3/libexec/rtld-elf/libmap.conf 338741 2018-09-18 00:25:00Z brd $ includedir /usr/local/etc/libmap.d # ls /usr/local/etc/libmap.d ls: /usr/local/etc/libmap.d: No such file or directory ---------------------------------------- Revision history ---------------------------------------- 2022-06-03 Initial
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=234526">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 264520
:
234525
| 234526 |
234670