freebsd 14.0/14.1 pkg 1.21.3 exited on signal 11 (core dumped)

Please sorry for long story

FreeBSD 13.3 : OpenSSL 1.1.1w
FreeBSD 14.0 : OpenSSL 3.0.12
FreeBSD 14.1 : OpenSSL 3.0.13

For some reason
Heimdal has reduced functionality in the base system, so I have to use heimdal from the ports
with RC4 cipher!
OpenSSL 3.0.x policies disabling the RC4 cipher.

To solve the problem, I changed the /etc/ssl/openssl.cnf file according to
See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276415
use and activate legacy:

```
$ ls -la /etc/ssl/
total 48
drwxr-xr-x   4 root wheel   512 Jun  3 21:19 .
drwxr-xr-x  30 root wheel  2560 Aug  8 18:36 ..
lrwxr-xr-x   1 root wheel    43 Apr  9 04:10 cert.pem -> ../../usr/local/share/certs/ca-root-nss.crt
drwxr-xr-x   2 root wheel  3072 Aug  7 19:38 certs
-rw-r--r--   1 root wheel 12398 Jun  3 21:19 openssl.cnf
-rw-r--r--   1 root wheel 12336 Jun  3 21:19 openssl.cnf.orig
drwxr-xr-x   2 root wheel  1536 Aug  7 19:38 untrusted
$
```
whereis /etc/ssl/openssl.cnf - with legacy
/etc/ssl/openssl.cnf.orig - system original

```
$ diff -u /etc/ssl/openssl.cnf.orig /etc/ssl/openssl.cnf
--- /etc/ssl/openssl.cnf.orig   2024-06-03 21:19:04.013735000 +0300
+++ /etc/ssl/openssl.cnf        2024-06-03 21:19:33.650025000 +0300
@@ -57,6 +57,8 @@
 # List of providers to load
 [provider_sect]
 default = default_sect
+legacy = legacy_sect
+
 # The fips section name should match the section name inside the
 # included fipsmodule.cnf.
 # fips = fips_sect
@@ -71,7 +73,10 @@
 # problems including inability to remotely access the system.
 [default_sect]
 # activate = 1
+activate = 1

+[legacy_sect]
+activate = 1

 ####################################################################
 [ ca ]
$

```
After these changes pkg core dumped: from /var/log/messages
kernel: pid 57421 (pkg), jid 0, uid 0: exited on signal 11 (core dumped)

```
$ pkg version -vRL=
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Child process pid=73836 terminated abnormally: Segmentation fault
$ pkg rquery "%n-%v - %c" pkg
pkg-1.21.3 - Package manager
Child process pid=73983 terminated abnormally: Segmentation fault
$ pkg install gdb
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        boost-libs: 1.84.0
        gdb: 14.1_2
        gmp: 6.3.0
        mpfr: 4.2.1,1
        source-highlight: 3.1.9_9

Number of packages to be installed: 5

The process will require 252 MiB more space.
29 MiB to be downloaded.

Proceed with this action? [y/N]: N
Child process pid=74060 terminated abnormally: Segmentation fault
$
```
ps. core dump only when use remote repository.
pkg info, pkg query.. run without problem

pkg-static run without problem, for example:
```
$ pkg-static rquery "%n-%v - %c" pkg
pkg-1.21.3 - Package manager
$ pkg-static version -vRL=
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
$
```
Now try run /usr/local/sbin/pkg with original /etc/ssl/openssl.cnf.orig:
```
$ OPENSSL_CONF=/etc/ssl/openssl.cnf.orig pkg version -vRL=
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
$ OPENSSL_CONF=/etc/ssl/openssl.cnf.orig pkg rquery "%n-%v - %c" pkg
pkg-1.21.3 - Package manager
$
```
What do you recommend, is there a way to use a file with legacy section support?
The developers of heimdal promised to fix it in version 7.8.1,
but it is not known when it will be released.
```
$ pkg -v
1.21.3
$ pkg -vv
Version                 : 1.21.3
PKG_DBDIR = "/var/db/pkg";
PKG_CACHEDIR = "/var/cache/pkg";
PORTSDIR = "/usr/ports";
INDEXDIR = "";
INDEXFILE = "INDEX-14";
HANDLE_RC_SCRIPTS = false;
DEFAULT_ALWAYS_YES = false;
ASSUME_ALWAYS_YES = false;
REPOS_DIR [
    "/etc/pkg/",
    "/usr/local/etc/pkg/repos/",
]
PLIST_KEYWORDS_DIR = "";
SYSLOG = true;
ABI = "FreeBSD:14:amd64";
ALTABI = "freebsd:14:x86:64";
DEVELOPER_MODE = false;
VULNXML_SITE = "http://vuxml.freebsd.org/freebsd/vuln.xml.xz";
FETCH_RETRY = 3;
PKG_PLUGINS_DIR = "/usr/local/lib/pkg/";
PKG_ENABLE_PLUGINS = true;
PLUGINS [
]
DEBUG_SCRIPTS = false;
PLUGINS_CONF_DIR = "/usr/local/etc/pkg/";
PERMISSIVE = false;
REPO_AUTOUPDATE = true;
NAMESERVER = "";
HTTP_USER_AGENT = "pkg/1.21.3";
EVENT_PIPE = "";
FETCH_TIMEOUT = 30;
UNSET_TIMESTAMP = false;
SSH_RESTRICT_DIR = "";
PKG_ENV {
}
PKG_SSH_ARGS = "";
DEBUG_LEVEL = 0;
ALIAS {
    all-depends = "query %dn-%dv";
    annotations = "info -A";
    build-depends = "info -qd";
    cinfo = "info -Cx";
    comment = "query -i \"%c\"";
    csearch = "search -Cx";
    desc = "query -i \"%e\"";
    download = "fetch";
    iinfo = "info -ix";
    isearch = "search -ix";
    prime-list = "query -e '%a = 0' '%n'";
    prime-origins = "query -e '%a = 0' '%o'";
    leaf = "query -e '%#r == 0' '%n-%v'";
    list = "info -ql";
    noauto = "query -e '%a == 0' '%n-%v'";
    options = "query -i \"%n - %Ok: %Ov\"";
    origin = "info -qo";
    orphans = "version -vRl?";
    provided-depends = "info -qb";
    rall-depends = "rquery %dn-%dv";
    raw = "info -R";
    rcomment = "rquery -i \"%c\"";
    rdesc = "rquery -i \"%e\"";
    required-depends = "info -qr";
    roptions = "rquery -i \"%n - %Ok: %Ov\"";
    shared-depends = "info -qB";
    show = "info -f -k";
    size = "info -sq";
    unmaintained = "query -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
    runmaintained = "rquery -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPTS = true;
CASE_SENSITIVE_MATCH = false;
LOCK_WAIT = 1;
LOCK_RETRIES = 5;
SQLITE_PROFILE = false;
WORKERS_COUNT = 0;
READ_LOCK = false;
IP_VERSION = 0;
AUTOMERGE = true;
VERSION_SOURCE = "";
CONSERVATIVE_UPGRADE = true;
PKG_CREATE_VERBOSE = false;
AUTOCLEAN = false;
DOT_FILE = "";
REPOSITORIES {
}
VALID_URL_SCHEME [
    "pkg+http",
    "pkg+https",
    "https",
    "http",
    "file",
    "ssh",
    "tcp",
]
ALLOW_BASE_SHLIBS = false;
WARN_SIZE_LIMIT = 1048576;
METALOG = "";
OSVERSION = 1401000;
IGNORE_OSVERSION = false;
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";
PKG_TRIGGERS_DIR = "/usr/local/share/pkg/triggers";
PKG_TRIGGERS_ENABLE = true;
AUDIT_IGNORE_GLOB [
]
AUDIT_IGNORE_REGEX [
]
COMPRESSION_FORMAT = "";
COMPRESSION_LEVEL = -1;
ARCHIVE_SYMLINK = false;
REPO_ACCEPT_LEGACY_PKG = false;
FILES_IGNORE_GLOB [
]
FILES_IGNORE_REGEX [
]


Repositories:
  FreeBSD: {
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly",
    enabled         : yes,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }

$  lldb -- /usr/ports/ports-mgmt/pkg/work/stage/usr/local/sbin/pkg -d version -vRL=
(lldb) target create "/usr/ports/ports-mgmt/pkg/work/stage/usr/local/sbin/pkg"
Current executable set to '/usr/ports/ports-mgmt/pkg/work/stage/usr/local/sbin/pkg' (x86_64).
(lldb) settings set -- target.run-args  "-d" "version" "-vRL="
(lldb) run
Process 75683 launched: '/usr/ports/ports-mgmt/pkg/work/stage/usr/local/sbin/pkg' (x86_64)
DBG(1)[75683]> pkg initialized
Updating FreeBSD repository catalogue...
DBG(1)[75683]> PkgRepo: verifying update for FreeBSD
DBG(1)[75683]> Pkgrepo, begin update of '/var/db/pkg/repos/FreeBSD/db'
DBG(1)[75683]> Request to fetch pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/meta.conf
DBG(1)[75683]> curl_open
DBG(1)[75683]> Fetch: fetcher used: pkg+https
DBG(1)[75683]> curl> fetching https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/meta.conf

DBG(1)[75683]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pkgmir.geo.freebsd.org in the .netrc file; using defaults
* Host pkgmir.geo.freebsd.org:443 was resolved.
* IPv6: 2a02:80:0:3ffd::50:2, 2604:1380:4091:a001::50:2
* IPv4: 147.28.184.43, 85.30.190.140
*   Trying 147.28.184.43:443...
* Connected to pkgmir.geo.freebsd.org (147.28.184.43) port 443
* ALPN: curl offers http/1.1
*  CAfile: none
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=pkg.freebsd.org
*  start date: Jul 31 20:21:16 2024 GMT
*  expire date: Oct 29 20:21:15 2024 GMT
*  subjectAltName: host "pkgmir.geo.freebsd.org" matched cert's "pkgmir.geo.freebsd.org"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> GET /FreeBSD:14:amd64/quarterly/meta.conf HTTP/1.1
Host: pkgmir.geo.freebsd.org
User-Agent: pkg/1.21.3
Accept: */*
If-Modified-Since: Tue, 06 Aug 2024 13:04:23 GMT

* Request completely sent off
* old SSL session ID is stale, removing
< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Fri, 09 Aug 2024 15:43:05 GMT
< Last-Modified: Tue, 02 Apr 2024 20:59:28 GMT
< Connection: keep-alive
< ETag: "660c71b0-b2"
< Expires: Fri, 09 Aug 2024 15:43:05 GMT
< Cache-Control: max-age=0
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
<
* Connection #0 to host pkgmir.geo.freebsd.org left intact
DBG(1)[75683]> Request to fetch pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/data.pkg
DBG(1)[75683]> curl_open
DBG(1)[75683]> Fetch: fetcher used: pkg+https
DBG(1)[75683]> curl> fetching https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/data.pkg

DBG(1)[75683]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pkgmir.geo.freebsd.org in the .netrc file; using defaults
* Found bundle for host: 0xe42e5825690 [serially]
* Re-using existing connection with host pkgmir.geo.freebsd.org
> GET /FreeBSD:14:amd64/quarterly/data.pkg HTTP/1.1
Host: pkgmir.geo.freebsd.org
User-Agent: pkg/1.21.3
Accept: */*
If-Modified-Since: Tue, 06 Aug 2024 13:04:23 GMT

* Request completely sent off
< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Fri, 09 Aug 2024 15:43:05 GMT
< Last-Modified: Tue, 06 Aug 2024 13:04:23 GMT
< Connection: keep-alive
< ETag: "66b21f57-702648"
< Expires: Fri, 09 Aug 2024 15:43:05 GMT
< Cache-Control: max-age=0
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
<
* Connection #0 to host pkgmir.geo.freebsd.org left intact
FreeBSD repository is up to date.
All repositories are up to date.
Process 75683 stopped
* thread #1, name = 'pkg', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0)
    frame #0: 0x000000082a65183a libthr.so.3`___lldb_unnamed_symbol656 + 26
libthr.so.3`___lldb_unnamed_symbol656:
->  0x82a65183a <+26>: movq   (%rdi), %r14
    0x82a65183d <+29>: cmpq   $0x2, %r14
    0x82a651841 <+33>: jb     0x82a651852    ; <+50>
    0x82a651843 <+35>: movabsq $-0x7fffffffffffffff, %rax ; imm = 0x8000000000000001
(lldb)
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

freebsd 14.0/14.1 pkg 1.21.3 exited on signal 11 (core dumped) #2304

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development