Alexey, the answer to your question appears to be "yes".
A direct technical summary is as follows:
* We see the problem in /usr/libexec/postfix/smtp when SSL/TLS is attempted, it segfaults
* ldd shows that it links to libcrypto.so.10 and libmysqlclient.so.16
libmysqlclient.so.16 => /usr/lib64/libmysqlclient.so.16 (0x00007f586b3b2000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f586a91e000)
* libmysqlclient embeds YaSSL, which provides four dummy functions:
- CRYPTO_add_lock
- CRYPTO_lock
- CRYPTO_mem_ctrl
- EVP_CIPHER_CTX_init
* These functions are not used internally by libmysqlclient, nor are they “hidden” in any way
* Those symbols are also exported by libcrypto, which actually implements them properly. Software like Postfix (and PHP, amongst others) expect to use libcrypto's functions
* The symbols from libmysqlclient are “winning” over those from libcrypto
* When Postfix tries to use SSL/TLS, it hits those broken functions and then segfaults
We then looked further into the packaging to see what could be done.
* /usr/lib64/libmysqlclient.so.16 is provided by the package Percona-Server-shared-compat
* Percona-Server-shared-compat is built directly from Mysql-shared-compat, thus the bug is upstream
* The bug appears to have since been fixed in MySQL
* Percona is built with a specific version of Mysql-shared-compat that has the buggy libmysqlclient
Therefore, we believe the correct approach to fix Percona is to target a version of Mysql-shared-compat that doesn't contain the buggy libmysqlclient.so.16 library.
----
We hope this information is useful, we'd be happy to answer further questions if it's helpful.
Hi there,
We've been following this issue at our company and believe we have a firm grasp on the problem here, so I'd like to make two notes.
1. This bug *appears* to be related to #1002164, I'm not sure if they should be linked in any way.
2. Our description is of the problem is published here, we believe it's accurate: www.anchor. com.au/ blog/2012/ 09/why- does-percona- cause-ssl- issues- in-postfix/
http://
Alexey, the answer to your question appears to be "yes".
A direct technical summary is as follows:
* We see the problem in /usr/libexec/ postfix/ smtp when SSL/TLS is attempted, it segfaults so.16 .so.16 => /usr/lib64/ libmysqlclient. so.16 (0x00007f586b3b 2000) libcrypto. so.10 (0x00007f586a91 e000)
* ldd shows that it links to libcrypto.so.10 and libmysqlclient.
libmysqlclient
libcrypto.so.10 => /usr/lib64/
* libmysqlclient embeds YaSSL, which provides four dummy functions:
- CRYPTO_add_lock
- CRYPTO_lock
- CRYPTO_mem_ctrl
- EVP_CIPHER_CTX_init
* These functions are not used internally by libmysqlclient, nor are they “hidden” in any way
* Those symbols are also exported by libcrypto, which actually implements them properly. Software like Postfix (and PHP, amongst others) expect to use libcrypto's functions
* The symbols from libmysqlclient are “winning” over those from libcrypto
* When Postfix tries to use SSL/TLS, it hits those broken functions and then segfaults
We then looked further into the packaging to see what could be done.
* /usr/lib64/ libmysqlclient. so.16 is provided by the package Percona- Server- shared- compat Server- shared- compat is built directly from Mysql-shared- compat, thus the bug is upstream
* Percona-
* The bug appears to have since been fixed in MySQL
* Percona is built with a specific version of Mysql-shared-compat that has the buggy libmysqlclient
Therefore, we believe the correct approach to fix Percona is to target a version of Mysql-shared-compat that doesn't contain the buggy libmysqlclient. so.16 library.
----
We hope this information is useful, we'd be happy to answer further questions if it's helpful.
System details:
-- Server- shared- 55-5.5. 27-rel28. 1.296.rhel6. x86_64 Server- server- 55-5.5. 27-rel28. 1.296.rhel6. x86_64 Server- shared- compat- 5.5.27- rel28.1. 296.rhel6. x86_64 Server- client- 55-5.5. 27-rel28. 1.296.rhel6. x86_64
root@lily:~# rpm -qa | grep Percona
Percona-
Percona-
Percona-
Percona-
--
root@lily:~# cat /etc/redhat-release
CentOS release 6.3 (Final)
-- 279.5.1. el6.x86_ 64 #1 SMP Tue Aug 14 23:54:45 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
root@lily:~# uname -a
Linux lily.example.com 2.6.32-
----
The problem has also be observed on a CentOS 5 server:
-- Server- client- 55-5.5. 27-rel28. 1.296.rhel5 XtraDB- Cluster- devel-5. 5.27-23. 6.356.rhel5 Server- shared- compat- 5.5.27- rel28.1. 296.rhel5 Server- shared- 55-5.5. 27-rel28. 1.296.rhel5 Server- server- 55-5.5. 27-rel28. 1.296.rhel5
root@rock:~# rpm -qa | grep Percona
Percona-
Percona-
Percona-
Percona-
Percona-
--
root@rock:~# cat /etc/redhat-release
CentOS release 5.8 (Final)
--
root@rock:~# uname -a
Linux rock.example.com 2.6.18-308.13.1.el5 #1 SMP Tue Aug 21 17:10:18 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux