Description of problem: Under the newest vtun package, connections are not completing. The logs show a segfault: Aug 31 03:17:54 babylon vtund[4307]: VTUN server ver 3.X 07/31/2017 (inetd) Aug 31 03:17:54 babylon vtund[s]: authentication[4307]: Session memphis-babylon[xxxxxxxxxxx:40877] opened Aug 31 03:17:54 babylon vtund[s]: memphis-babylon tun tun0[4307]: Blowfish-128-ECB encryption initialized Aug 31 03:18:21 babylon kernel: vtund[4307]: segfault at 0 ip 00007fa3857061ca sp 00007ffe7360cc40 error 4 in libcrypto.so.1.0.1e[7fa38561c000+1c0000] Version-Release number of selected component (if applicable): Version : 3.0.4 Release : 2.el7 How reproducible: Seemingly accidentally, immediately after update from 304-1 to 304-2 Steps to Reproduce: memphis-babylon { passwd changeme; encrypt yes; # some blowfish with dinner? type tun; up { ifconfig "%% 10.251.11.7 pointopoint 10.251.11.2 mtu 1450"; }; } 1. yum upgrade vtun 2. wait 3. cry Actual results: Aug 31 03:18:21 babylon kernel: vtund[4307]: segfault at 0 ip 00007fa3857061ca sp 00007ffe7360cc40 error 4 in libcrypto.so.1.0.1e[7fa38561c000+1c0000] Expected results: Additional info:
the segfault appears to occur with the first packet crossing the link -- a ping seems to provoke it on my setup.
I wonder if this is because epel7 still uses openssl 1.0, and I started building vtun with the openssl-1.1 patches everywhere... Can you try building (or running, if you have x86_64) one of the packages here: http://www.contrib.andrew.cmu.edu/~somlo/vtun/ and let me know if that helps ? Thanks, --G
Hmm. Not sure why my reply didn't get all the way through. -------- Forwarded Message -------- Subject: Re: [Bug 1487003] vtun - segfault vtun 304-2 ( error 4 in libcrypto.so.1.0.1e[ 7fa38561c000+1c0000]) Date: Thu, 31 Aug 2017 22:06:20 -0700 From: bishop <bishop.ca> To: bugzilla It performed well, so far. I'd call it a qualified win. Configure.in patching time? Why wouldn't it fail dependency checking also? [root@string ~]# rpm -qf /etc/issue centos-release-7-3.1611.el7.centos.x86_64 [root@string ~]# wget http://www.contrib.andrew.cmu.edu/~somlo/vtun/vtun-3.0.4-2.1.el7.centos.x86_64.rpm [root@string ~]# yum install vtun-3.0.4-2.1.el7.centos.x86_64.rpm [root@string ~]# cat > /etc/xinetd.d/vtun # missing; wth? [root@string ~]# pgrep -f -a -l vtun 740 vtund[c]: string-homer tun tun0 4715 vtund[c]: string-babylon tun tun1 [root@string ~]# pkill -9 -f tun1 [root@string ~]# ping 10.1.1.7 # this would segfault it PING 10.1.1.7 (10.1.1.7) 56(84) bytes of data. 64 bytes from 10.1.1.7: icmp_seq=1 ttl=64 time=161 ms 64 bytes from 10.1.1.7: icmp_seq=2 ttl=64 time=132 ms 64 bytes from 10.1.1.7: icmp_seq=3 ttl=64 time=108 ms 64 bytes from 10.1.1.7: icmp_seq=4 ttl=64 time=116 ms 64 bytes from 10.1.1.7: icmp_seq=5 ttl=64 time=112 ms 64 bytes from 10.1.1.7: icmp_seq=6 ttl=64 time=119 ms When did EPEL pull the xinetd profile? Oh; and building on a host WITH vtun installed will fail with this spec. Another time.
What's weird is that it builds for epel7 in the first place *after* the fedora-specific openssl 1.0 patches were applied to the source... Guess in the long run upstream should handle this via autoconf. In the mean time, I'll try to cut a 3.0.4-3 srpm where the patch is conditionally applied before build only on Fedora, and not on epel7!
vtun-3.0.4-4.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-62150e0ec8
vtun-3.0.4-4.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-db64f9f636
vtun-3.0.4-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bebcf948c9
vtun-3.0.4-4.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-62150e0ec8
vtun-3.0.4-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bebcf948c9
vtun-3.0.4-4.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-db64f9f636
vtun-3.0.4-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
vtun-3.0.4-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
vtun-3.0.4-4.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
just a quick follow-up: the openssl out-of-tree patch I used to build against openssl1.1 for fedora 26 and up never worked properly, and segfaulted when one attempted to use it. Instead, I'm building against compat-openssl1.0 on fedora, and will leave it to upstream to fix openssl1.1 compatibility.
vtun-3.0.4-5.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-4853fd2ed8
vtun-3.0.4-5.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-019aa5febe
vtun-3.0.4-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fd12483a2d
vtun-3.0.4-5.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-019aa5febe
vtun-3.0.4-5.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-4853fd2ed8
vtun-3.0.4-5.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
vtun-3.0.4-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
vtun-3.0.4-5.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.