Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 573750 - =www-servers/apache-2.2.31[ssl] should be rebuilt after openssl version bump (=dev-libs/openssl-1.0.2e -> openssl-1.0.2f)
Summary: =www-servers/apache-2.2.31[ssl] should be rebuilt after openssl version bump ...
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Lars Wendler (Polynomial-C) (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-03 09:11 UTC by Volkmar Glauche
Modified: 2016-03-03 13:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
emerge --info (emerge-info.txt,5.62 KB, text/plain)
2016-02-03 09:11 UTC, Volkmar Glauche 		Details
apache error_log excerpt (file_573750.txt,494 bytes, text/plain)
2016-02-03 09:12 UTC, Volkmar Glauche 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Volkmar Glauche 2016-02-03 09:11:10 UTC 
Created attachment 424524 [details]
emerge --info

After upgrading dev-libs/openssl from 1.0.2e to 1.0.2f, apache 2.2.31 ceased to serve https:// connections. An excerpt from apache error_log is attached. Note the different OpenSSL versions reported in Lines 1 and 2 (compile time vs runtime). The last line shows a segmentation fault following a https:// connection attempt.

Rebuilding apache against openssl 1.0.2f solves the problem, but the rebuild was not triggered automatically while upgrading openssl.
Comment 1 Volkmar Glauche 2016-02-03 09:12:04 UTC 
Created attachment 424526 [details]
apache error_log excerpt
Comment 2 Pacho Ramos gentoo-dev 2016-02-08 19:20:54 UTC 
This is already solved in apache-2.eclass:
        ssl? (
                !libressl? ( >=dev-libs/openssl-1.0.2:0= )
                libressl? ( dev-libs/libressl:= )
        )

But openssl didn't bump subslot
Comment 3 SpanKY gentoo-dev 2016-02-08 23:24:23 UTC 
1.0.2e should be compatible w/1.0.2f, so bumping the subslot would be incorrect.
i haven't seen the behavior described myself.
Comment 4 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2016-03-03 13:17:46 UTC 
The openssl messages shown in the attached apache logs are only infos/notices. They do not lead to apache refusing to provide https content. The real error here is the segmentation fault in the last line which I doubt it comes from the updated openssl lib.