Comment 9 for bug 1028240

Barney Desmond (barneydesmond) wrote :

Hi there,

We've been following this issue at our company and believe we have a firm grasp on the problem here, so I'd like to make two notes.

1. This bug *appears* to be related to #1002164, I'm not sure if they should be linked in any way.

2. Our description is of the problem is published here, we believe it's accurate:

Alexey, the answer to your question appears to be "yes".

A direct technical summary is as follows:

 * We see the problem in /usr/libexec/postfix/smtp when SSL/TLS is attempted, it segfaults
 * ldd shows that it links to and => /usr/lib64/ (0x00007f586b3b2000) => /usr/lib64/ (0x00007f586a91e000)
 * libmysqlclient embeds YaSSL, which provides four dummy functions:
    - CRYPTO_add_lock
    - CRYPTO_lock
    - CRYPTO_mem_ctrl
    - EVP_CIPHER_CTX_init
 * These functions are not used internally by libmysqlclient, nor are they “hidden” in any way
 * Those symbols are also exported by libcrypto, which actually implements them properly. Software like Postfix (and PHP, amongst others) expect to use libcrypto's functions
 * The symbols from libmysqlclient are “winning” over those from libcrypto
 * When Postfix tries to use SSL/TLS, it hits those broken functions and then segfaults

We then looked further into the packaging to see what could be done.

 * /usr/lib64/ is provided by the package Percona-Server-shared-compat
 * Percona-Server-shared-compat is built directly from Mysql-shared-compat, thus the bug is upstream
 * The bug appears to have since been fixed in MySQL
 * Percona is built with a specific version of Mysql-shared-compat that has the buggy libmysqlclient

Therefore, we believe the correct approach to fix Percona is to target a version of Mysql-shared-compat that doesn't contain the buggy library.


We hope this information is useful, we'd be happy to answer further questions if it's helpful.

System details:

root@lily:~# rpm -qa | grep Percona

root@lily:~# cat /etc/redhat-release
CentOS release 6.3 (Final)

root@lily:~# uname -a
Linux 2.6.32-279.5.1.el6.x86_64 #1 SMP Tue Aug 14 23:54:45 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

The problem has also be observed on a CentOS 5 server:

root@rock:~# rpm -qa | grep Percona

root@rock:~# cat /etc/redhat-release
CentOS release 5.8 (Final)

root@rock:~# uname -a
Linux 2.6.18-308.13.1.el5 #1 SMP Tue Aug 21 17:10:18 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux