Opened 13 months ago
Closed 13 months ago
#67150 closed defect (fixed)
subversion @1.14.2_0: Segmentation fault on sasl-configured repo
| Reported by: | hadrabap (Petr Hadraba) | Owned by: | neverpanic (Clemens Lang) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.8.1 |
| Keywords: | Cc: | larryv (Lawrence Velázquez), neverpanic (Clemens Lang) | |
| Port: | cyrus-sasl2 |
Description (last modified by hadrabap (Petr Hadraba))
Hello,
I'm facing strange issue while performing various operations against SASL-configured Subversion repository.
localhost:consul-poc petr$ svn up Updating '.': zsh: segmentation fault svn up
Based on the trace-back it looks like it is related to cryptographic stuff:
0 libcrypto.3.dylib 0x00000001091dfe89 EVP_DecryptUpdate + 32 1 libdigestmd5.3.so 0x0000000109989535 dec_rc4 + 49 2 libdigestmd5.3.so 0x000000010998cf93 digestmd5_decode_packet + 212 3 libdigestmd5.3.so 0x000000010999058b _plug_decode + 295 4 libdigestmd5.3.so 0x000000010998c524 digestmd5_decode + 51 5 libsasl2.3.dylib 0x0000000108c491d6 sasl_decode + 100 6 libsvn_ra_svn-1.0.dylib 0x0000000108c22574 sasl_read_cb + 124 7 libsvn_ra_svn-1.0.dylib 0x0000000108c2b649 svn_ra_svn__stream_read + 17 8 libsvn_ra_svn-1.0.dylib 0x0000000108c2b314 readbuf_input + 98 9 libsvn_ra_svn-1.0.dylib 0x0000000108c2b286 readbuf_fill + 138 10 libsvn_ra_svn-1.0.dylib 0x0000000108c26a1f readbuf_getchar_skip_whitespace + 46 11 libsvn_ra_svn-1.0.dylib 0x0000000108c269cc svn_ra_svn__read_item + 50 12 libsvn_ra_svn-1.0.dylib 0x0000000108c279ac svn_ra_svn__read_tuple + 104 13 libsvn_ra_svn-1.0.dylib 0x0000000108c2809b svn_ra_svn__read_cmd_response + 124 14 libsvn_ra_svn-1.0.dylib 0x0000000108c209f5 open_session + 1759 15 libsvn_ra_svn-1.0.dylib 0x0000000108c1c35c ra_svn_open + 524 16 libsvn_ra-1.0.dylib 0x000000010893bb14 svn_ra_open5 + 488 17 libsvn_client-1.0.dylib 0x0000000108853cd1 svn_client__open_ra_session_internal + 838 18 libsvn_client-1.0.dylib 0x000000010885da05 reuse_ra_session + 139 19 libsvn_client-1.0.dylib 0x000000010885d383 update_internal + 1241 20 libsvn_client-1.0.dylib 0x000000010885ce31 svn_client__update_internal + 761 21 libsvn_client-1.0.dylib 0x000000010885d80b svn_client_update4 + 285 22 svn 0x00000001087b55fe svn_cl__update + 309 23 svn 0x00000001087b4b0c sub_main + 7281 24 svn 0x00000001087b2e3b main + 95 25 libdyld.dylib 0x00007fff6857fcc9 start + 1
Remote server configuration:
bash-4.4$ cat svnserve.conf | grep -v '^#' | grep -v '^$' [general] anon-access = none password-db = passwd authz-db = authz realm = XXX [sasl] use-sasl = true min-encryption = 128 max-encryption = 256
Attachments (1)
Change History (9)
Changed 13 months ago by hadrabap (Petr Hadraba)
| Attachment: | svn_2023-03-27-105228_Petrs-MacBook-Pro-16.crash added |
|---|
comment:1 Changed 13 months ago by hadrabap (Petr Hadraba)
| Description: | modified (diff) |
|---|
comment:2 Changed 13 months ago by ryandesign (Ryan Carsten Schmidt)
| Cc: | larryv neverpanic added |
|---|---|
| Port: | openssl3 added |
| Summary: | subversion 1.14.2_0: Segmentation fault on sasl-configured repo → subversion @1.14.2_0: Segmentation fault on sasl-configured repo |
comment:3 follow-up: 4 Changed 13 months ago by neverpanic (Clemens Lang)
Does this problem vanish if the provider of libdigestmd5.3.so is recompiled? Does the problem still occur if openssl is installed with the +legacy variant?
comment:4 follow-up: 5 Changed 13 months ago by ryandesign (Ryan Carsten Schmidt)
Replying to neverpanic:
Does this problem vanish if the provider of libdigestmd5.3.so is recompiled?
In other words, try:
sudo port -ns upgrade --force cyrus-sasl2
Does the problem still occur if openssl is installed with the +legacy variant?
That would be:
sudo port upgrade --enforce-variants openssl3 +legacy
comment:5 Changed 13 months ago by hadrabap (Petr Hadraba)
Hello and thanks for suggestions.
I already tried re-compile from source subversion, apr and apr-utils with no luck.
Now, I tried your suggestions with the following results:
sudo port -ns upgrade --force cyrus-sasl2
This didn't help.
sudo port upgrade --enforce-variants openssl3 +legacy
But this DID the trick!
Yes, +legacy variant solved the issue!
localhost:consul-poc petr$ svn up Updating '.': At revision 5185. localhost:consul-poc petr$
So, thank you very much for your help! Excellent! I really appreciate it!
comment:6 Changed 13 months ago by neverpanic (Clemens Lang)
| Port: | cyrus-sasl2 added; subversion openssl3 removed |
|---|
Hm, that sounds like cyrus-sasl2 should create a new OpenSSL libctx and load the legacy provider into it before attempting to use RC4.
Upstream seems to have at least fixed the crash already, and there are a few pointers to use of the legacy provider in https://github.com/cyrusimap/cyrus-sasl/issues/751. Overall, RC4 is on the way out, and you should talk to whoever runs the server you are updating from to make sure they offer something more modern than RC4.
We should probably backport at least https://github.com/cyrusimap/cyrus-sasl/commit/887dbc0435056ec58ee48c4d803f110ade1e4c39 from cyrus-sasl2 upstream.
comment:7 Changed 13 months ago by neverpanic (Clemens Lang)
comment:8 Changed 13 months ago by neverpanic (Clemens Lang)
| Owner: | set to neverpanic |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
See #67149 for another openssl3-related crash just reported in another port. Maybe the recent openssl 3.1.0 update or the even more recent security update are not as backward-compatible as we thought.