Report information
The Basics
Id:
45117
Status:
resolved
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
PGNetwork Dev <pgnet.dev@gmail.com>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.9.11, 9.9.11-S1, 9.10.6, 9.10.6-S1, 9.11.2, 9.12.0
Version Found:
9.11.1
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Infrastructure
Area:
bug
Dates
Created:Thu, 20 Apr 2017 09:13:20 -0400
Updated:Fri, 28 Jul 2017 23:30:49 -0400
Closed:Fri, 21 Apr 2017 21:57:21 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Thu, 20 Apr 2017 09:13:20 -0400 PGNetwork Dev <pgnet.dev@gmail.com> - Ticket created
Subject: 9.11.1 - bind 9.11.1, linking with 'supported' OpenSSL fails at use of deprecated/undef'd v10x api symbol, ERR_load_crypto_strings
Date: Thu, 20 Apr 2017 13:13:14 +0000
To: bind-bugs@isc.org
From: "PGNd" <pgnet.dev@gmail.com>

Bug Report from www.isc.org: Name: PGNd Email: pgnet.dev@gmail.com Software Version: 9.11.1 OS: openSUSE Leap 42.2 Subject:bind 9.11.1, linking with 'supported' OpenSSL fails at use of deprecated/undef'd v10x api symbol, ERR_load_crypto_strings Bug Detail =========== Upgrading from bind 9.10.3-P5 -> 9.11.1 release on linux64, cat CHANGES ../dns/.libs/libdns.so: undefined reference to `ERR_load_crypto_strings' collect2: error: ld returned 1 exit status --- 9.10.0 released --- ... 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] ... --- 9.11.0 released --- Building, as always, with openssl v10x, all's well: bind -V BIND 9.11.1 <id:e3dc2e7> running on Linux x86_64 4.10.10-2.ga78ebd0-default #1 SMP PREEMPT Wed Apr 12 11:18:29 UTC 2017 (a78ebd0) ... compiled by GCC 6.3.1 20170331 [gcc-6-branch revision 246609] compiled with OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017 linked to OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017 ... OTOH, Building, similarly, with openssl v110x FAILs still, at ... Makefile:465: recipe for target 'sample-gai' failed make[2]: *** [sample-gai] Error 1 ... libtool: link: /usr/bin/gcc-6 -O3 -Wall -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0 -grecord-gcc-switches -march=native -mtune=native -I/usr/include -I/usr/local/lmdb/include -I/usr/include/libxml2 -fPIC -Wl,-rpath -Wl,/usr/local/openssl11/lib64 -Wl,-rpath -Wl,/usr/local/lmdb/lib64 -Wl,-rpath -Wl,/usr/local/lib64 -o .libs/resolve .libs/resolve.o -L/usr/local/openssl11/lib64 -L/usr/local/lmdb/lib64 -L/usr/local/lib64 ../irs/.libs/libirs.so -L/usr/lib -L/usr/local/lmdb/lib -L/lib64 ../dns/.libs/libdns.so -L/usr/local/openssl11/lib ../isccfg/.libs/libisccfg.so /usr/local/src/bind-9.11.1/lib/dns/.libs/libdns.so /usr/local/src/bind-9.11.1/lib/isc/.libs/libisc.so ../isc/.libs/libisc.so -lssl -lcrypto -lcap -ljson-c -lpthread /usr/local/lib64/libGeoIP.so -llmdb /usr/lib64/libxml2.so -lz -llzma -lm -ldl -Wl,-rpath -Wl,/usr/local/bind-9.11.1/lib64 ../dns/.libs/libdns.so: undefined reference to `ERR_load_crypto_strings' collect2: error: ld returned 1 exit status Makefile:457: recipe for target 'resolve' failed make[2]: *** [resolve] Error 1 ../dns/.libs/libdns.so: undefined reference to `ERR_load_crypto_strings' collect2: error: ld returned 1 exit status Makefile:473: recipe for target 'sample-request' failed make[2]: *** [sample-request] Error 1 libtool: link: /usr/bin/gcc-6 -O3 -Wall -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0 -grecord-gcc-switches -march=native -mtune=native -I/usr/include -I/usr/local/lmdb/include -I/usr/include/libxml2 -fPIC -Wl,-rpath -Wl,/usr/local/openssl11/lib64 -Wl,-rpath -Wl,/usr/local/lmdb/lib64 -Wl,-rpath -Wl,/usr/local/lib64 -o .libs/sample-async .libs/sample-async.o -L/usr/local/openssl11/lib64 -L/usr/local/lmdb/lib64 -L/usr/local/lib64 ../dns/.libs/libdns.so -L/usr/local/openssl11/lib -L/usr/lib -L/usr/local/lmdb/lib -L/lib64 ../isccfg/.libs/libisccfg.so /usr/local/src/bind-9.11.1/lib/dns/.libs/libdns.so /usr/local/src/bind-9.11.1/lib/isc/.libs/libisc.so ../isc/.libs/libisc.so -lssl -lcrypto -lcap -ljson-c -lpthread /usr/local/lib64/libGeoIP.so -llmdb /usr/lib64/libxml2.so -lz -llzma -lm -ldl -Wl,-rpath -Wl,/usr/local/bind-9.11.1/lib64 ../dns/.libs/libdns.so: undefined reference to `ERR_load_crypto_strings' collect2: error: ld returned 1 exit status Makefile:461: recipe for target 'sample-async' failed make[2]: *** [sample-async] Error 1 make[2]: Leaving directory '/usr/local/src/bind-9.11.1/lib/samples' Makefile:78: recipe for target 'subdirs' failed make[1]: *** [subdirs] Error 1 make[1]: Leaving directory '/usr/local/src/bind-9.11.1/lib' Makefile:83: recipe for target 'subdirs' failed make: *** [subdirs] Error 1 'ERR_load_crypto_strings' is an openssl10x symbol, deprecated in 11x. it appears in bind sources, cd bind-9.11.1 grep -rln ERR_load_crypto_strings . ./lib/dns/openssl_link.c --- This email was received through isc.org Bug Submission Form
  Thu, 20 Apr 2017 10:44:20 -0400 Mark Andrews <marka@isc.org> - Correspondence added

Someone decided to disable all backwards compatibility when they built OpenSSL 1.1.0. Unfortunately when we test built against OpenSS1 1.1.0 we did a default build which doesn't do this. Anyway the fix is simple. diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index 7f74489937..88e7921d46 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -204,9 +204,9 @@ dst__openssl_init(const char *engine) { goto cleanup_mutexalloc; CRYPTO_set_locking_callback(lock_callback); CRYPTO_set_id_callback(id_callback); -#endif ERR_load_crypto_strings(); +#endif rm = mem_alloc(sizeof(RAND_METHOD) FILELINE); if (rm == NULL) {
Thu, 20 Apr 2017 10:44:21 -0400 The RT System itself - Status changed from 'new' to 'open'
Thu, 20 Apr 2017 10:45:25 -0400 Mark Andrews <marka@isc.org> - Queue changed from #6 to #7
  Thu, 20 Apr 2017 13:23:46 -0400 PGNetwork Dev <pgnet.dev@gmail.com> - Correspondence added
Subject: Re: [ISC-Bugs #45117] 9.11.1 - bind 9.11.1, linking with 'supported' OpenSSL fails at use of deprecated/undef'd v10x api symbol, ERR_load_crypto_strings
Date: Thu, 20 Apr 2017 10:23:40 -0700
To: bind9-bugs@isc.org
From: "PGNet Dev" <pgnet.dev@gmail.com>

On 4/20/17 7:44 AM, Mark Andrews via RT wrote: > Someone decided to disable all backwards compatibility when they built OpenSSL 1.1.0. Yep, as our in-development, production stack is only 'forward-looking' w.r.t. Openssl. > Unfortunately when we test built against OpenSS1 1.1.0 we did a default build which > doesn't do this. Anyway the fix is simple. If that's all it was, seems to do the trick: named -V BIND 9.11.1 <id:e3dc2e7> running on Linux x86_64 4.10.10-2.ga78ebd0-default #1 SMP PREEMPT Wed ... compiled by GCC 6.3.1 20170331 [gcc-6-branch revision 246609] compiled with OpenSSL version: OpenSSL 1.1.0e 16 Feb 2017 linked to OpenSSL version: OpenSSL 1.1.0e 16 Feb 2017 ... thanks!
Fri, 21 Apr 2017 21:57:21 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'open' to 'resolved'
Fri, 21 Apr 2017 21:57:39 -0400 Evan Hunt <Evan_Hunt@isc.org> - Version Fixed 9.12.0, 9.11.2, 9.10.6, 9.10.6-S1, 9.9.11, 9.9.11-S1 added
Fri, 05 May 2017 07:16:30 -0400 Stephen Morris <stephen@isc.org> - Priority P2 Normal added
Fri, 05 May 2017 07:16:30 -0400 Stephen Morris <stephen@isc.org> - Severity S2 Normal added
Fri, 05 May 2017 07:16:30 -0400 Stephen Morris <stephen@isc.org> - Area bug added
Fri, 05 May 2017 07:16:30 -0400 Stephen Morris <stephen@isc.org> - Version Found 9.11.1 added
Fri, 05 May 2017 07:16:30 -0400 Stephen Morris <stephen@isc.org> - Component BIND Infrastructure added
Mon, 26 Jun 2017 20:13:10 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #7 to bind9-public
Fri, 28 Jul 2017 23:30:30 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.12.0, 9.11.2, 9.10.6, 9.10.6-S1, 9.9.11, 9.9.11-S1 changed to 9.9.11, 9.9.11-S1, 9.10.6, 9.10.6-S1, 9.11.2, 9.12.0