Bug 191532 - dns/unbound with libevent crashes on FreeBSD 10.0+
Summary: dns/unbound with libevent crashes on FreeBSD 10.0+
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Sergey Matveychuk
URL:
Keywords: patch-ready
Depends on:
Blocks:
 
Reported: 2014-07-01 15:59 UTC by Mark Felder
Modified: 2014-12-01 15:08 UTC (History)
3 users (show)

See Also:


Attachments
mark as BROKEN (467 bytes, patch)
2014-07-01 15:59 UTC, Mark Felder
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Felder freebsd_committer 2014-07-01 15:59:23 UTC
Created attachment 144319 [details]
mark as BROKEN

unbound crashes on FreeBSD 10.0+ due to bad interaction with Capsicum framework

Log entry looks like this:

Jul  1 08:44:16 yourservername unbound: [1892:1] fatal error: event_dispatch returned error -1, errno is Capabilities insufficient

It was briefly discussed here: 

http://comments.gmane.org/gmane.network.dns.unbound.user/2968


I suggest we mark it BROKEN on 10.0+ until this is corrected so users do not run into their production DNS resolvers unexpectedly crashing.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2014-07-04 00:22:50 UTC
Over to maintainer.
Comment 2 Sergey Matveychuk freebsd_committer 2014-08-07 12:37:40 UTC
A patch for FreeBSD is comming soon.
Comment 3 Matthew Seaman freebsd_committer 2014-10-16 07:59:56 UTC
Is there any update on this?  I'm running into the 'fatal error: event_dispatch returned error -1, errno is Capabilities insufficient' problem at the moment, and it is now two months since the last update.  The port really should be marked as broken on 10.x+ until this is resolved.
Comment 4 Mark Felder freebsd_committer 2014-10-16 13:07:45 UTC
I received a patch from mjg which fixed it, but of course the fix was in the kernel.

I'm going to just commit this change to the unbound port so at least people are aware. Perhaps additional awareness will get the train moving. :-)

Thanks for the poke
Comment 5 commit-hook freebsd_committer 2014-10-16 13:20:41 UTC
A commit references this bug:

Author: feld
Date: Thu Oct 16 13:19:40 UTC 2014
New revision: 371006
URL: https://svnweb.freebsd.org/changeset/ports/371006

Log:
  Mark unbound BROKEN for FreeBSD 10.0+ if built with libevent

  There is a known issue that causes random crashes due to poor
  interaction with Capsicum.

  PR:		191532

Changes:
  head/dns/unbound/Makefile
Comment 6 Mark Felder freebsd_committer 2014-10-16 13:22:46 UTC
sem, the port has been marked BROKEN to protect users. When a fix has reached a RELEASE please update the port to adjust the BROKEN parameter.

Thanks!
Comment 7 commit-hook freebsd_committer 2014-10-16 13:52:45 UTC
A commit references this bug:

Author: feld
Date: Thu Oct 16 13:52:42 UTC 2014
New revision: 371007
URL: https://svnweb.freebsd.org/changeset/ports/371007

Log:
  Correct last patch. There is only one libevent now.

  Pointyhat -> feld

  PR:		191532

Changes:
  head/dns/unbound/Makefile
Comment 8 Vick Khera 2014-10-24 12:31:13 UTC
So if I have a kernel without Capiscum installed, I will not trip this error? I think so because I never see this error.
Comment 9 Mark Felder freebsd_committer 2014-11-04 14:12:59 UTC
(In reply to Vick Khera from comment #8)
> So if I have a kernel without Capiscum installed, I will not trip this
> error? I think so because I never see this error.

That would be correct. You need the capabilities framework to run into this.
Comment 10 Renato Botelho freebsd_committer 2014-11-18 16:15:27 UTC
(In reply to Mark Felder from comment #4)
> I received a patch from mjg which fixed it, but of course the fix was in the
> kernel.

Is this patch available somewhere?
Comment 11 Renato Botelho freebsd_committer 2014-11-18 16:54:52 UTC
According mjg, this is fixed for some time in stable/10 (r273137) and on releng/10.1. IMO the BROKEN state should be removed from unbound port.
Comment 12 Mark Felder freebsd_committer 2014-11-18 17:16:27 UTC
(In reply to Renato Botelho from comment #11)
> According mjg, this is fixed for some time in stable/10 (r273137) and on
> releng/10.1. IMO the BROKEN state should be removed from unbound port.

Yes, it should be removed. I'd like to know if we support a way to permit building the package on 10.0 but have it BROKEN for *installing* on 10.0. I don't like the idea of forcing people to run a separate 10.1 poudriere repository just for dns/unbound with LIBEVENT. I'm sure lots of people will have mixed 10.0 and 10.1 servers for some time.
Comment 13 Renato Botelho freebsd_committer 2014-11-18 17:20:58 UTC
Since LIBEVENT option is off by default, I don't see a problem to build package on 10.0.
Comment 14 Mark Felder freebsd_committer 2014-11-21 14:26:23 UTC
That's not quite what I meant. This is what I was trying to communicate:

You can't expect every enduser is going to be building from ports and will build this package on 10.1-RELEASE.

At my previous job we had our own poudriere servers so we could distribute packages with the custom options we needed. And like the official FreeBSD repositories, we build against the oldest supported version for that release.

The problem I want to avoid is breaking the user's ability to have a 10.0-RELEASE package repository and being unable to build unbound with LIBEVENT which they intend to install on a 10.1-RELEASE server. Requiring them to setup another poudriere package repository just for unbound with LIBEVENT is ridiculous and something I hope we can prevent as we have been communicating to users that poudriere is a first class citizen and they should follow our methodology when building packages for their fleet of servers.
Comment 15 commit-hook freebsd_committer 2014-12-01 15:05:25 UTC
A commit references this bug:

Author: feld
Date: Mon Dec  1 15:05:06 UTC 2014
New revision: 373710
URL: https://svnweb.freebsd.org/changeset/ports/373710

Log:
  Remove BROKEN for LIBEVENT and 10.0+ and replace with an appropriate
  warning in the pkg-message

  PR:		191532

Changes:
  head/dns/unbound/Makefile
  head/dns/unbound/files/pkg-message.in
Comment 16 Mark Felder freebsd_committer 2014-12-01 15:08:07 UTC
I've replaced the BROKEN with a warning in pkg-message. This should be sufficient to inform users of the dangers without preventing them from running the package on an unaffected system which we do not have the capability to detect.