Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

freebsd 14.0/14.1 pkg 1.21.3 exited on signal 11 (core dumped) #2304

Open
andy-lavr opened this issue Aug 9, 2024 · 0 comments
Open

freebsd 14.0/14.1 pkg 1.21.3 exited on signal 11 (core dumped) #2304

andy-lavr opened this issue Aug 9, 2024 · 0 comments

Comments

@andy-lavr
Copy link

Please sorry for long story

FreeBSD 13.3 : OpenSSL 1.1.1w
FreeBSD 14.0 : OpenSSL 3.0.12
FreeBSD 14.1 : OpenSSL 3.0.13

For some reason
Heimdal has reduced functionality in the base system, so I have to use heimdal from the ports
with RC4 cipher!
OpenSSL 3.0.x policies disabling the RC4 cipher.

To solve the problem, I changed the /etc/ssl/openssl.cnf file according to
See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276415
use and activate legacy:

$ ls -la /etc/ssl/
total 48
drwxr-xr-x   4 root wheel   512 Jun  3 21:19 .
drwxr-xr-x  30 root wheel  2560 Aug  8 18:36 ..
lrwxr-xr-x   1 root wheel    43 Apr  9 04:10 cert.pem -> ../../usr/local/share/certs/ca-root-nss.crt
drwxr-xr-x   2 root wheel  3072 Aug  7 19:38 certs
-rw-r--r--   1 root wheel 12398 Jun  3 21:19 openssl.cnf
-rw-r--r--   1 root wheel 12336 Jun  3 21:19 openssl.cnf.orig
drwxr-xr-x   2 root wheel  1536 Aug  7 19:38 untrusted
$

whereis /etc/ssl/openssl.cnf - with legacy
/etc/ssl/openssl.cnf.orig - system original

$ diff -u /etc/ssl/openssl.cnf.orig /etc/ssl/openssl.cnf
--- /etc/ssl/openssl.cnf.orig   2024-06-03 21:19:04.013735000 +0300
+++ /etc/ssl/openssl.cnf        2024-06-03 21:19:33.650025000 +0300
@@ -57,6 +57,8 @@
 # List of providers to load
 [provider_sect]
 default = default_sect
+legacy = legacy_sect
+
 # The fips section name should match the section name inside the
 # included fipsmodule.cnf.
 # fips = fips_sect
@@ -71,7 +73,10 @@
 # problems including inability to remotely access the system.
 [default_sect]
 # activate = 1
+activate = 1

+[legacy_sect]
+activate = 1

 ####################################################################
 [ ca ]
$

After these changes pkg core dumped: from /var/log/messages
kernel: pid 57421 (pkg), jid 0, uid 0: exited on signal 11 (core dumped)

$ pkg version -vRL=
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Child process pid=73836 terminated abnormally: Segmentation fault
$ pkg rquery "%n-%v - %c" pkg
pkg-1.21.3 - Package manager
Child process pid=73983 terminated abnormally: Segmentation fault
$ pkg install gdb
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        boost-libs: 1.84.0
        gdb: 14.1_2
        gmp: 6.3.0
        mpfr: 4.2.1,1
        source-highlight: 3.1.9_9

Number of packages to be installed: 5

The process will require 252 MiB more space.
29 MiB to be downloaded.

Proceed with this action? [y/N]: N
Child process pid=74060 terminated abnormally: Segmentation fault
$

ps. core dump only when use remote repository.
pkg info, pkg query.. run without problem

pkg-static run without problem, for example:

$ pkg-static rquery "%n-%v - %c" pkg
pkg-1.21.3 - Package manager
$ pkg-static version -vRL=
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
$

Now try run /usr/local/sbin/pkg with original /etc/ssl/openssl.cnf.orig:

$ OPENSSL_CONF=/etc/ssl/openssl.cnf.orig pkg version -vRL=
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
$ OPENSSL_CONF=/etc/ssl/openssl.cnf.orig pkg rquery "%n-%v - %c" pkg
pkg-1.21.3 - Package manager
$

What do you recommend, is there a way to use a file with legacy section support?
The developers of heimdal promised to fix it in version 7.8.1,
but it is not known when it will be released.

$ pkg -v
1.21.3
$ pkg -vv
Version                 : 1.21.3
PKG_DBDIR = "/var/db/pkg";
PKG_CACHEDIR = "/var/cache/pkg";
PORTSDIR = "/usr/ports";
INDEXDIR = "";
INDEXFILE = "INDEX-14";
HANDLE_RC_SCRIPTS = false;
DEFAULT_ALWAYS_YES = false;
ASSUME_ALWAYS_YES = false;
REPOS_DIR [
    "/etc/pkg/",
    "/usr/local/etc/pkg/repos/",
]
PLIST_KEYWORDS_DIR = "";
SYSLOG = true;
ABI = "FreeBSD:14:amd64";
ALTABI = "freebsd:14:x86:64";
DEVELOPER_MODE = false;
VULNXML_SITE = "http://vuxml.freebsd.org/freebsd/vuln.xml.xz";
FETCH_RETRY = 3;
PKG_PLUGINS_DIR = "/usr/local/lib/pkg/";
PKG_ENABLE_PLUGINS = true;
PLUGINS [
]
DEBUG_SCRIPTS = false;
PLUGINS_CONF_DIR = "/usr/local/etc/pkg/";
PERMISSIVE = false;
REPO_AUTOUPDATE = true;
NAMESERVER = "";
HTTP_USER_AGENT = "pkg/1.21.3";
EVENT_PIPE = "";
FETCH_TIMEOUT = 30;
UNSET_TIMESTAMP = false;
SSH_RESTRICT_DIR = "";
PKG_ENV {
}
PKG_SSH_ARGS = "";
DEBUG_LEVEL = 0;
ALIAS {
    all-depends = "query %dn-%dv";
    annotations = "info -A";
    build-depends = "info -qd";
    cinfo = "info -Cx";
    comment = "query -i \"%c\"";
    csearch = "search -Cx";
    desc = "query -i \"%e\"";
    download = "fetch";
    iinfo = "info -ix";
    isearch = "search -ix";
    prime-list = "query -e '%a = 0' '%n'";
    prime-origins = "query -e '%a = 0' '%o'";
    leaf = "query -e '%#r == 0' '%n-%v'";
    list = "info -ql";
    noauto = "query -e '%a == 0' '%n-%v'";
    options = "query -i \"%n - %Ok: %Ov\"";
    origin = "info -qo";
    orphans = "version -vRl?";
    provided-depends = "info -qb";
    rall-depends = "rquery %dn-%dv";
    raw = "info -R";
    rcomment = "rquery -i \"%c\"";
    rdesc = "rquery -i \"%e\"";
    required-depends = "info -qr";
    roptions = "rquery -i \"%n - %Ok: %Ov\"";
    shared-depends = "info -qB";
    show = "info -f -k";
    size = "info -sq";
    unmaintained = "query -e '%m = \"[email protected]\"' '%o (%w)'";
    runmaintained = "rquery -e '%m = \"[email protected]\"' '%o (%w)'";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPTS = true;
CASE_SENSITIVE_MATCH = false;
LOCK_WAIT = 1;
LOCK_RETRIES = 5;
SQLITE_PROFILE = false;
WORKERS_COUNT = 0;
READ_LOCK = false;
IP_VERSION = 0;
AUTOMERGE = true;
VERSION_SOURCE = "";
CONSERVATIVE_UPGRADE = true;
PKG_CREATE_VERBOSE = false;
AUTOCLEAN = false;
DOT_FILE = "";
REPOSITORIES {
}
VALID_URL_SCHEME [
    "pkg+http",
    "pkg+https",
    "https",
    "http",
    "file",
    "ssh",
    "tcp",
]
ALLOW_BASE_SHLIBS = false;
WARN_SIZE_LIMIT = 1048576;
METALOG = "";
OSVERSION = 1401000;
IGNORE_OSVERSION = false;
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";
PKG_TRIGGERS_DIR = "/usr/local/share/pkg/triggers";
PKG_TRIGGERS_ENABLE = true;
AUDIT_IGNORE_GLOB [
]
AUDIT_IGNORE_REGEX [
]
COMPRESSION_FORMAT = "";
COMPRESSION_LEVEL = -1;
ARCHIVE_SYMLINK = false;
REPO_ACCEPT_LEGACY_PKG = false;
FILES_IGNORE_GLOB [
]
FILES_IGNORE_REGEX [
]


Repositories:
  FreeBSD: {
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly",
    enabled         : yes,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }

$  lldb -- /usr/ports/ports-mgmt/pkg/work/stage/usr/local/sbin/pkg -d version -vRL=
(lldb) target create "/usr/ports/ports-mgmt/pkg/work/stage/usr/local/sbin/pkg"
Current executable set to '/usr/ports/ports-mgmt/pkg/work/stage/usr/local/sbin/pkg' (x86_64).
(lldb) settings set -- target.run-args  "-d" "version" "-vRL="
(lldb) run
Process 75683 launched: '/usr/ports/ports-mgmt/pkg/work/stage/usr/local/sbin/pkg' (x86_64)
DBG(1)[75683]> pkg initialized
Updating FreeBSD repository catalogue...
DBG(1)[75683]> PkgRepo: verifying update for FreeBSD
DBG(1)[75683]> Pkgrepo, begin update of '/var/db/pkg/repos/FreeBSD/db'
DBG(1)[75683]> Request to fetch pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/meta.conf
DBG(1)[75683]> curl_open
DBG(1)[75683]> Fetch: fetcher used: pkg+https
DBG(1)[75683]> curl> fetching https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/meta.conf

DBG(1)[75683]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pkgmir.geo.freebsd.org in the .netrc file; using defaults
* Host pkgmir.geo.freebsd.org:443 was resolved.
* IPv6: 2a02:80:0:3ffd::50:2, 2604:1380:4091:a001::50:2
* IPv4: 147.28.184.43, 85.30.190.140
*   Trying 147.28.184.43:443...
* Connected to pkgmir.geo.freebsd.org (147.28.184.43) port 443
* ALPN: curl offers http/1.1
*  CAfile: none
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=pkg.freebsd.org
*  start date: Jul 31 20:21:16 2024 GMT
*  expire date: Oct 29 20:21:15 2024 GMT
*  subjectAltName: host "pkgmir.geo.freebsd.org" matched cert's "pkgmir.geo.freebsd.org"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> GET /FreeBSD:14:amd64/quarterly/meta.conf HTTP/1.1
Host: pkgmir.geo.freebsd.org
User-Agent: pkg/1.21.3
Accept: */*
If-Modified-Since: Tue, 06 Aug 2024 13:04:23 GMT

* Request completely sent off
* old SSL session ID is stale, removing
< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Fri, 09 Aug 2024 15:43:05 GMT
< Last-Modified: Tue, 02 Apr 2024 20:59:28 GMT
< Connection: keep-alive
< ETag: "660c71b0-b2"
< Expires: Fri, 09 Aug 2024 15:43:05 GMT
< Cache-Control: max-age=0
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
<
* Connection #0 to host pkgmir.geo.freebsd.org left intact
DBG(1)[75683]> Request to fetch pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/data.pkg
DBG(1)[75683]> curl_open
DBG(1)[75683]> Fetch: fetcher used: pkg+https
DBG(1)[75683]> curl> fetching https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/data.pkg

DBG(1)[75683]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pkgmir.geo.freebsd.org in the .netrc file; using defaults
* Found bundle for host: 0xe42e5825690 [serially]
* Re-using existing connection with host pkgmir.geo.freebsd.org
> GET /FreeBSD:14:amd64/quarterly/data.pkg HTTP/1.1
Host: pkgmir.geo.freebsd.org
User-Agent: pkg/1.21.3
Accept: */*
If-Modified-Since: Tue, 06 Aug 2024 13:04:23 GMT

* Request completely sent off
< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Fri, 09 Aug 2024 15:43:05 GMT
< Last-Modified: Tue, 06 Aug 2024 13:04:23 GMT
< Connection: keep-alive
< ETag: "66b21f57-702648"
< Expires: Fri, 09 Aug 2024 15:43:05 GMT
< Cache-Control: max-age=0
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
<
* Connection #0 to host pkgmir.geo.freebsd.org left intact
FreeBSD repository is up to date.
All repositories are up to date.
Process 75683 stopped
* thread #1, name = 'pkg', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0)
    frame #0: 0x000000082a65183a libthr.so.3`___lldb_unnamed_symbol656 + 26
libthr.so.3`___lldb_unnamed_symbol656:
->  0x82a65183a <+26>: movq   (%rdi), %r14
    0x82a65183d <+29>: cmpq   $0x2, %r14
    0x82a651841 <+33>: jb     0x82a651852    ; <+50>
    0x82a651843 <+35>: movabsq $-0x7fffffffffffffff, %rax ; imm = 0x8000000000000001
(lldb)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andy-lavr