Bug 1366967

Summary: Tor broken after openssl update
Product: [Fedora] Fedora Reporter: Paul DeStefano <prd-fedora>
Component: torAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: misc, pfrields, pwouters, s
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-02 18:08:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul DeStefano 2016-08-15 07:26:25 UTC 
Description of problem:
Tor is broken after weekly system update.  Complains about wrong openssl version.

Version-Release number of selected component (if applicable):
openssl-1.0.2h-3.fc24.x86_64
openssl-libs-1.0.2h-3.fc24.x86_64
openssl-libs-1.0.2h-3.fc24.i686
tor-0.2.7.6-6.fc24.x86_64


How reproducible:
Well, so far, I cannot start tor since the upgrade.

Steps to Reproduce:
1. dnf upgrade
2. start tor

Actual results:
Aug 14 22:26:11 <hostname> systemd[1]: Starting Anonymizing overlay network for TCP...
Aug 14 22:26:12 <hostname> tor[1656]: Aug 14 22:26:12.270 [notice] Tor v0.2.7.6 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h-fips and Zlib 1.2.8.
Aug 14 22:26:12 <hostname> tor[1656]: Aug 14 22:26:12.270 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warni
Aug 14 22:26:12 <hostname> tor[1656]: Aug 14 22:26:12.292 [notice] Read configuration file "/usr/share/tor/defaults-torrc".
Aug 14 22:26:12 <hostname> tor[1656]: Aug 14 22:26:12.298 [notice] Read configuration file "/etc/tor/torrc".
Aug 14 22:26:12 <hostname> tor[1656]: Configuration was valid
Aug 14 22:26:12 <hostname> tor[1687]: Aug 14 22:26:12.494 [notice] Tor v0.2.7.6 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h-fips and Zlib 1.2.8.
Aug 14 22:26:12 <hostname> tor[1687]: Aug 14 22:26:12.495 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warni
Aug 14 22:26:12 <hostname> tor[1687]: Aug 14 22:26:12.495 [notice] Read configuration file "/usr/share/tor/defaults-torrc".
Aug 14 22:26:12 <hostname> tor[1687]: Aug 14 22:26:12.495 [notice] Read configuration file "/etc/tor/torrc".
Aug 14 22:26:12 <hostname> tor[1687]: Aug 14 22:26:12.498 [notice] Opening OR listener on 192.168.20.110:9001
Aug 14 22:26:12 <hostname> Tor[1687]: OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 1000206
Aug 14 22:26:12 <hostname> Tor[1687]: Tor v0.2.7.6 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h-fips and Zlib 1.2.8.
Aug 14 22:26:12 <hostname> Tor[1687]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Comment 1 Paul DeStefano 2016-08-19 08:16:17 UTC 
Perhaps I should have increased the severity of this bug.  I'm curious what maintainers are thinking.  Should I wait for a fix in tor?  Wait for a fix in openssl?  Any estimate on the time frame?

I was going to just wait for a fix, but now I have a new reason I want to restore this service, so I'm just asking.
Comment 2 Jamie Nguyen 2016-08-22 06:03:25 UTC 
I think this is the problem, not the version of OpenSSL:

https://bugzilla.redhat.com/show_bug.cgi?id=1357395
Comment 3 Paul DeStefano 2016-08-22 07:47:09 UTC 
Thank you!  I desperately needed that information.

This is very upsetting.

1) I have not been notified of any SELinux alerts.
2) Tor was working one week ago, before system update, a full month after bug 1357395 was reported.

Nevertheless, I now see AVCs in the journal if I search for them, manually.  Something is terribly wrong that I didn't get sealerts for these and they still don't show up in SEAlert GUI, but I guess that's a separate issue.
Comment 4 Michael S. 2016-10-02 18:08:48 UTC 
So, I am closing this bug as duplicate, please reopen if it was not the case.

*** This bug has been marked as a duplicate of bug 1357395 ***