NetBSD Problem Report #46912

From Wolfgang.Stukenbrock@nagler-company.com  Thu Sep  6 09:40:20 2012
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 0736063B9BC
	for <gnats-bugs@gnats.NetBSD.org>; Thu,  6 Sep 2012 09:40:20 +0000 (UTC)
Message-Id: <20120906094005.B7F6F1E80A9@test-s0.nagler-company.com>
Date: Thu,  6 Sep 2012 11:40:05 +0200 (CEST)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: mysql51-client in 2012Q2 blows up libcrypto
X-Send-Pr-Version: 3.95

>Number:         46912
>Category:       pkg
>Synopsis:       mysql51-client in 2012Q2 blows up libcrypto
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 06 09:45:00 +0000 2012
>Closed-Date:    Tue Jan 08 01:34:46 +0000 2013
>Last-Modified:  Tue Jan 08 01:34:46 +0000 2013
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 5.1_STABLE
>Organization:
Dr. Nagler & Company GmbH
>Environment:


System: NetBSD test-s0 4.0 NetBSD 4.0 (NSW-WS) #0: Tue Aug 17 17:28:09 CEST 2010 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
	The mysql51-client package from 2012Q2 compiles a file named
	"extra/yassl/taocrypt/src/crypto.cpp" into the library so that
	it will belong to libmysqlclient.a, libmysqlclient.so.16.0.0,
	libmysqlclient_r.a and libmysqlclient_r.so.16.0.0.
	In this file the following overloads for routines from libcrypto
	are defined:
	char CRYPTO_lock() { return 0;}
	char CRYPTO_add_lock() { return 0;}
	char EVP_CIPHER_CTX_init() { return 0; }
	char CRYPTO_mem_ctrl() { return 0; }

	Theese four dummy functions are the only contents of this file.
	If - as in our case - libmysqlclient_r.so.16.0.0 is loaded prior
	libcrypto.so, than theese functions get overwritten resulting
	in a double free-call during engine-initialisation of libcrypto
	resulting in a SEGV.
	This e.g. happens when you try to run bacula directory deamon.
>How-To-Repeat:
	Just try to use bacula server from 2012Q2 - you will see bacula-dir
	SEGV during startup.
>Fix:
	Do not overload symbols from other libraries in mysql client libs.
	There are two ways to get to this point:
	1. comment out via patch the definitions in that file
	2. avoid compilation of that file in makefile via patch

	remark: I've found the symbols in the following libs in /usr/pkg/lib/mysql:
	  /usr/pkg/lib/mysql/libmysqlclient.a
	  /usr/pkg/lib/mysql/libmysqlclient.so.16.0.
	  /usr/pkg/lib/mysql/libmysqlclient_r.a
	  /usr/pkg/lib/mysql/libmysqlclient_r.so.16.0.0
	  /usr/pkg/lib/mysql/libmysqld.a
	It is in libmysqld.a too - so the server build seems to be affected too.

	remark: version 15.0.0 (from 5.0.51b) of the lib does not contain
	these symbols.
	It seems to be a "feature" of mysql 5.1.53 ...

>Release-Note:

>Audit-Trail:
From: "OBATA Akio" <obache@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: pkg/46912: mysql51-client in 2012Q2 blows up libcrypto
Date: Wed, 12 Sep 2012 21:45:22 +0900

 Followings may be related to this issue.

 In databases/mysql51-client/options.mk:

 CONFIGURE_ARGS+=	--with-ssl=yes

 It will result in unwanted behavior, selecting bundled yaSSL
 instead of external OpenSSL whereas buildinking it.
 Its option variable must be the location of OpenSSL
 (BUILDLINK_PREFIX.openssl, or SSLBASE)

 This change may require recursive PKGREVISION bump,
 because libraries from mysql51 will change its ABI.

 And, it means mysql51 from pkgsrc is using bundled yaSSL now,
 so re-evaluation of yaSSL related vulnerability reports may be required.

 -- 
 OBATA Akio / obache@NetBSD.org

From: "OBATA Akio" <obache@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/46912 CVS commit: pkgsrc/databases
Date: Sat, 15 Sep 2012 14:48:58 +0000

 Module Name:	pkgsrc
 Committed By:	obache
 Date:		Sat Sep 15 14:48:58 UTC 2012

 Modified Files:
 	pkgsrc/databases/mysql51-client: Makefile.common distinfo options.mk
 	pkgsrc/databases/mysql51-server: PLIST distinfo

 Log Message:
 Update mysql51 to 5.1.65.

 While here, let to use OpenSSL instead of internal yaSSL with ssl option,
 may related to PR 46912.

 Changes in MySQL 5.1.65 (2012-08-09)

 Functionality Added or Changed

 * Important Change: The YEAR(2) data type is now deprecated because it is
   problematic. Support for YEAR(2) will be removed in a future release of MySQL.
   For more information, see Section 11.3.4, "YEAR(2) Limitations and Migrating
   to YEAR(4)".

 Bugs Fixed

  * The server did not build with gcc 4.7. (Bug #14238406)

 Changes in MySQL 5.1.64 (Not released)

 Functionality Added or Changed

 * Important Change: Replication: The SHOW BINARY LOGS statement (and its
   equivalent SHOW MASTER LOGS) may now be executed by a user with the
   REPLICATION CLIENT privilege. (Formerly, the SUPER privilege was necessary to
   use either form of this statement.)


 To generate a diff of this commit:
 cvs rdiff -u -r1.25 -r1.26 pkgsrc/databases/mysql51-client/Makefile.common
 cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/mysql51-client/distinfo
 cvs rdiff -u -r1.4 -r1.5 pkgsrc/databases/mysql51-client/options.mk
 cvs rdiff -u -r1.20 -r1.21 pkgsrc/databases/mysql51-server/PLIST
 cvs rdiff -u -r1.25 -r1.26 pkgsrc/databases/mysql51-server/distinfo

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: obache@NetBSD.org
State-Changed-When: Mon, 31 Dec 2012 14:33:37 +0000
State-Changed-Why:
fixed for you?


From: Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, pkgsrc-bugs@NetBSD.org, gnats-admin@NetBSD.org,
        obache@NetBSD.org
Subject: Re: pkg/46912 (mysql51-client in 2012Q2 blows up libcrypto)
Date: Mon, 07 Jan 2013 18:03:29 +0100

 Hi,

 I've added the changes to a fresh pkgsrc-2012Q2 version.
 It compiles without problems on netbsd 5.1.2 and seems to use the 
 ssl-lib from /usr/lib.

 I've done no functional test, but I think the ssl-lib on Netbsd should 
 work. At least mysql starts and can connect to a remote server.

 I think you can close this report.

 best regards

 W. Stukenbrock

 obache@NetBSD.org wrote:

 > Synopsis: mysql51-client in 2012Q2 blows up libcrypto
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: obache@NetBSD.org
 > State-Changed-When: Mon, 31 Dec 2012 14:33:37 +0000
 > State-Changed-Why:
 > fixed for you?
 > 




State-Changed-From-To: feedback->closed
State-Changed-By: obache@NetBSD.org
State-Changed-When: Tue, 08 Jan 2013 01:34:46 +0000
State-Changed-Why:
Confirmed fixed.  Thanks!


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.