pkg/46912: mysql51-client in 2012Q2 blows up libcrypto

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/46912: mysql51-client in 2012Q2 blows up libcrypto
From: Wolfgang.Stukenbrock%nagler-company.com@localhost
Date: Thu, 6 Sep 2012 09:45:01 +0000 (UTC)

>Number:         46912
>Category:       pkg
>Synopsis:       mysql51-client in 2012Q2 blows up libcrypto
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 06 09:45:00 +0000 2012
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 5.1_STABLE
>Organization:
Dr. Nagler & Company GmbH
>Environment:
        
        
System: NetBSD test-s0 4.0 NetBSD 4.0 (NSW-WS) #0: Tue Aug 17 17:28:09 CEST 
2010 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
        The mysql51-client package from 2012Q2 compiles a file named
        "extra/yassl/taocrypt/src/crypto.cpp" into the library so that
        it will belong to libmysqlclient.a, libmysqlclient.so.16.0.0,
        libmysqlclient_r.a and libmysqlclient_r.so.16.0.0.
        In this file the following overloads for routines from libcrypto
        are defined:
        char CRYPTO_lock() { return 0;}
        char CRYPTO_add_lock() { return 0;}
        char EVP_CIPHER_CTX_init() { return 0; }
        char CRYPTO_mem_ctrl() { return 0; }

        Theese four dummy functions are the only contents of this file.
        If - as in our case - libmysqlclient_r.so.16.0.0 is loaded prior
        libcrypto.so, than theese functions get overwritten resulting
        in a double free-call during engine-initialisation of libcrypto
        resulting in a SEGV.
        This e.g. happens when you try to run bacula directory deamon.
>How-To-Repeat:
        Just try to use bacula server from 2012Q2 - you will see bacula-dir
        SEGV during startup.
>Fix:
        Do not overload symbols from other libraries in mysql client libs.
        There are two ways to get to this point:
        1. comment out via patch the definitions in that file
        2. avoid compilation of that file in makefile via patch

        remark: I've found the symbols in the following libs in 
/usr/pkg/lib/mysql:
          /usr/pkg/lib/mysql/libmysqlclient.a
          /usr/pkg/lib/mysql/libmysqlclient.so.16.0.
          /usr/pkg/lib/mysql/libmysqlclient_r.a
          /usr/pkg/lib/mysql/libmysqlclient_r.so.16.0.0
          /usr/pkg/lib/mysql/libmysqld.a
        It is in libmysqld.a too - so the server build seems to be affected too.

        remark: version 15.0.0 (from 5.0.51b) of the lib does not contain
        these symbols.
        It seems to be a "feature" of mysql 5.1.53 ...

>Unformatted:

Prev by Date: Re: pkg/46906 (vim 7.3.646)
Next by Date: Re: pkg/46909 (please, pull up devel/sparsehash to latest stable)
Previous by Thread: pkg/46910: Please, add SGI Free Software License B to pkgsrc/licenses
Next by Thread: Re: pkg/46912: mysql51-client in 2012Q2 blows up libcrypto
Indexes:

Home | Main Index | Thread Index | Old Index