Anonymous | Login | 2024-04-26 16:26 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005237 | [libssl1_0_0] packaging | major | always | 2015-03-22 17:12 | 2015-06-03 10:38 | ||
Reporter | dam | View Status | public | ||||
Assigned To | jh | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0005237: Upgrade of OpenSSL to 1.0.1m breaks named | ||||||
Description |
After the OpenSSL update to 1.0.1m BIND fails to start: root@web [web]:/root > Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] starting BIND 9.9.6-P2 -u named Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] built with '--prefix=/opt/csw' '--exec_prefix=/opt/csw' '--bindir=/opt/csw/bin' '--sbindir=/opt/csw/sbin' '--libexecdir=/opt/csw/libexec' '--datadir=/opt/csw/share' '--sharedstatedir=/opt/csw/share' '--localstatedir=/var/opt/csw' '--libdir=/opt/csw/lib' '--infodir=/opt/csw/share/info' '--includedir=/opt/csw/include' '--mandir=/opt/csw/share/man' '--with-libtool' '--with-openssl=/opt/csw' '--enable-threads' '--enable-largefile' '--sysconfdir=/etc/opt/csw' '--localstatedir=/var/opt/csw/named' '--enable-rrl' 'CC=/opt/csw/bin/gcc-4.9' 'CFLAGS=-O2 -pipe -mcpu=v9 -Wa,-xarch=v8plus' 'LDFLAGS=-mcpu=v9 -Wa,-xarch=v8plus -L/opt/csw/lib' 'CPPFLAGS=-I/opt/csw/include' Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] ---------------------------------------------------- Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] BIND 9 is maintained by Internet Systems Consortium, Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] Inc. (ISC), a non-profit 501(c)(3) public-benefit Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] corporation. Support and training for BIND 9 are Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] available at https://www.isc.org/support [^] Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.notice] ---------------------------------------------------- Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.warning] ENGINE_by_id failed (crypto failure) Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.crit] initializing DST: crypto failure Mar 22 17:07:49 web named[29863]: [ID 873579 daemon.crit] exiting (due to fatal error) Mar 22 17:07:49 web svc.startd[19839]: [ID 652011 daemon.warning] svc:/network/cswnamed:default: Method "/var/opt/csw/svc/method/svc-cswnamed stop" failed with exit status 1. Mar 22 17:07:49 web last message repeated 2 times Mar 22 17:07:49 web svc.startd[19839]: [ID 748625 daemon.error] network/cswnamed:default failed: transitioned to maintenance (see 'svcs -xv' for details) After downgrading to 1.0.1l it works again. Probably a recompile of BIND is needed. |
||||||
Additional Information | |||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0011028) bonivart (developer) 2015-03-23 10:37 |
That's not the latest release of BIND, 9.9.7 is in unstable and it works for me. Can you please verify if you have the same problem with that version? |
(0011029) dam (administrator) 2015-03-24 11:34 |
I just retried, same issue: root@web [web]:/root > Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.notice] starting BIND 9.9.7 -u named Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.notice] built with '--prefix=/opt/csw' '--exec_prefix=/opt/csw' '--bindir=/opt/csw/bin' '--sbindir=/opt/csw/sbin' '--libexecdir=/opt/csw/libexec' '--datadir=/opt/csw/share' '--sharedstatedir=/opt/csw/share' '--localstatedir=/var/opt/csw' '--libdir=/opt/csw/lib' '--infodir=/opt/csw/share/info' '--includedir=/opt/csw/include' '--mandir=/opt/csw/share/man' '--with-libtool' '--with-openssl=/opt/csw' '--enable-threads' '--enable-largefile' '--sysconfdir=/etc/opt/csw' '--localstatedir=/var/opt/csw/named' '--enable-rrl' 'CC=/opt/csw/bin/gcc-4.9' 'CFLAGS=-O2 -pipe -mcpu=v9 -Wa,-xarch=v8plus' 'LDFLAGS=-mcpu=v9 -Wa,-xarch=v8plus -L/opt/csw/lib' 'CPPFLAGS=-I/opt/csw/include' Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.notice] ---------------------------------------------------- Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.notice] BIND 9 is maintained by Internet Systems Consortium, Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.notice] Inc. (ISC), a non-profit 501(c)(3) public-benefit Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.notice] corporation. Support and training for BIND 9 are Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.notice] available at https://www.isc.org/support [^] Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.notice] ---------------------------------------------------- Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.warning] ENGINE_by_id failed (crypto failure) Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.crit] initializing DST: crypto failure Mar 24 11:33:07 web named[17738]: [ID 873579 daemon.crit] exiting (due to fatal error) Mar 24 11:33:08 web svc.startd[19839]: [ID 652011 daemon.warning] svc:/network/cswnamed:default: Method "/var/opt/csw/svc/method/svc-cswnamed stop" failed with exit status 1. Mar 24 11:33:08 web last message repeated 2 times Mar 24 11:33:08 web svc.startd[19839]: [ID 748625 daemon.error] network/cswnamed:default failed: transitioned to maintenance (see 'svcs -xv' for details) root@web [web]:/root > pkginfo -x CSWbind CSWlibbind CSWlibssl1-0-0 CSWbind bind - ISC BIND DNS main package (sparc) 9.9.7,REV=2015.02.26 CSWlibbind libbind - ISC BIND DNS library package (sparc) 9.9.7,REV=2015.02.26 CSWlibssl1-0-0 libssl1_0_0 - Openssl 1.0 runtime libraries (sparc) 1.0.1m,REV=2015.03.21 |
(0011030) dam (administrator) 2015-03-24 11:37 |
BIND 9.9.7 works fine after downgrading just OpenSSL to 1.0.1l |
(0011031) yann (developer) 2015-04-02 13:48 |
As this bug is more likely caused by openssl, I am moving this bug to libssl1_0_0. A security update shouldn't break any software. Could you tell me if this bug happens only on sparc 5.11 |
(0011032) bonivart (developer) 2015-04-02 16:33 |
I have installed a new Solaris 10 Sparc server and it fails there too. On i386 it works. I re-spun the Bind packages after hearing about the problem and it didn't help. Glad you're taking a look at it, tell me if you need me to test anything for you. |
(0011033) johnthurston (reporter) 2015-04-02 19:18 edited on: 2015-04-02 19:20 |
I have reproduced the results with the following packages on Solaris SPARC 10: root@nstest:~> pkginfo -x CSWbind CSWbindutils CSWlibssl1-0-0 CSWopenssl-utils CSWbind bind - ISC BIND DNS main package (sparc) 9.9.7,REV=2015.02.26 CSWbindutils bind_utils - ISC BIND DNS utilities package (sparc) 9.9.7,REV=2015.02.26 CSWlibssl1-0-0 libssl1_0_0 - Openssl 1.0 runtime libraries (sparc) 1.0.1m,REV=2015.03.21 CSWopenssl-utils openssl_utils - Openssl 1.0 binaries and related tools (sparc) 1.0.1m,REV=2015.03.21 "uname -a" on my system returns: SunOS nstest 5.10 Generic_150400-17 sun4v sparc sun4v Against "unstable", there are no differences shown for bind or openssl packages with "/opt/csw/bin/pkgutil -C" Against "testing", openssl packages are 1.0.1l rather than m. There are no differences shown for bind. BIND exits with: root@nstest:~> /opt/csw/sbin/named -g -u named 02-Apr-2015 09:13:46.168 starting BIND 9.9.7 -g -u named 02-Apr-2015 09:13:46.169 built with '--prefix=/opt/csw' '--exec_prefix=/opt/csw' '--bindir=/opt/csw/bin' '--sbindir=/opt/csw/sbin' '--libexecdir=/opt/csw/libexec' '--datadir=/opt/csw/share' '--sharedstatedir=/opt/csw/share' '--localstatedir=/var/opt/csw' '--libdir=/opt/csw/lib' '--infodir=/opt/csw/share/info' '--includedir=/opt/csw/include' '--mandir=/opt/csw/share/man' '--with-libtool' '--with-openssl=/opt/csw' '--enable-threads' '--enable-largefile' '--sysconfdir=/etc/opt/csw' '--localstatedir=/var/opt/csw/named' '--enable-rrl' 'CC=/opt/csw/bin/gcc-4.9' 'CFLAGS=-O2 -pipe -mcpu=v9 -Wa,-xarch=v8plus' 'LDFLAGS=-mcpu=v9 -Wa,-xarch=v8plus -L/opt/csw/lib' 'CPPFLAGS=-I/opt/csw/include' 02-Apr-2015 09:13:46.169 ---------------------------------------------------- 02-Apr-2015 09:13:46.169 BIND 9 is maintained by Internet Systems Consortium, 02-Apr-2015 09:13:46.169 Inc. (ISC), a non-profit 501(c)(3) public-benefit 02-Apr-2015 09:13:46.169 corporation. Support and training for BIND 9 are 02-Apr-2015 09:13:46.169 available at https://www.isc.org/support [^] 02-Apr-2015 09:13:46.169 ---------------------------------------------------- 02-Apr-2015 09:13:46.169 found 128 CPUs, using 128 worker threads 02-Apr-2015 09:13:46.169 using 64 UDP listeners per interface 02-Apr-2015 09:13:46.188 using up to 4096 sockets 02-Apr-2015 09:13:46.238 ENGINE_by_id failed (crypto failure) 02-Apr-2015 09:13:46.238 error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:389:id=gost 02-Apr-2015 09:13:46.240 initializing DST: crypto failure 02-Apr-2015 09:13:46.240 exiting (due to fatal error) |
(0011035) jh (developer) 2015-06-03 10:36 edited on: 2015-06-03 10:37 |
all problems seems to be fixed now with libssl1_0_0-1.0.1m,REV=2015.06.02 |
Copyright © 2000 - 2008 Mantis Group |