Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 894536 - dev-libs/libevent changes API based on the presence of arc4random in libc (net-vpn/tor: undefined symbol: evutil_secure_rng_add_bytes)
Summary: dev-libs/libevent changes API based on the presence of arc4random in libc (ne...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Michał Górny
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-15 09:13 UTC by poncho
Modified: 2023-02-17 06:21 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description poncho 2023-02-15 09:13:03 UTC 
Feb 15 04:57:23 systemd[1]: Starting tor.service...
Feb 15 04:57:23 tor[1321]: /usr/bin/tor: symbol lookup error: /usr/bin/tor: undefined symbol: evutil_secure_rng_add_bytes
Feb 15 04:57:23 systemd[1]: tor.service: Control process exited, code=exited, status=127/n/a
Feb 15 04:57:23 systemd[1]: tor.service: Failed with result 'exit-code'.
Feb 15 04:57:23 systemd[1]: Failed to start tor.service.

Tor fails to start after the recent dev-libs/libevent update. A rebuild of net-vpn/tor with the new dev-libs/libevent installed fixes the issue.



emerge --info dev-libs/libevent net-vpn/tor
Portage 3.0.43 (python 3.10.9-final-0, default/linux/amd64/17.1/desktop/gnome/systemd/merged-usr, gcc-12, glibc-2.36-r5, 6.1.11-gentoo-dist x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-6.1.11-gentoo-dist-x86_64-Intel-R-_Core-TM-_i7-9700K_CPU_@_3.60GHz-with-glibc2.36
KiB Mem:    32787084 total,  26491496 free
KiB Swap:   33554428 total,  33554428 free
Head commit of repository gnome-next: 5ba48800caa873a683694a70bc845d788b6a8774

Head commit of repository steam-overlay: 8d074bae13d66a865fe1766a42fdcf2d0c1d2f3d

Timestamp of repository gentoo: Tue, 14 Feb 2023 16:02:21 +0000
Head commit of repository gentoo: f330b5f20e3fbf6795a8f382893c4ae3543e4eed

Head commit of repository poncho: 992a81cd7499a29a9e1aa74f8e865411858dfeb3

Head commit of repository torbrowser: 3cf01ea371a493672df73896490276a68b25a45d

sh bash 5.1_p16-r2
ld GNU ld (Gentoo 2.39 p5) 2.39.0
app-misc/pax-utils:        1.3.5::gentoo
app-shells/bash:           5.1_p16-r2::gentoo
dev-lang/perl:             5.36.0-r1::gentoo
dev-lang/python:           3.10.9-r1::gentoo, 3.11.1-r1::gentoo
dev-lang/rust:             1.66.1::gentoo
dev-util/cmake:            3.25.2::gentoo
dev-util/meson:            0.64.1::gentoo
sys-apps/baselayout:       2.9::gentoo
sys-apps/sandbox:          2.29::gentoo
sys-apps/systemd:          252.4-r1::gentoo
sys-devel/autoconf:        2.13-r7::gentoo, 2.71-r5::gentoo
sys-devel/automake:        1.16.5::gentoo
sys-devel/binutils:        2.39-r4::gentoo
sys-devel/binutils-config: 5.4.1::gentoo
sys-devel/clang:           15.0.7-r1::gentoo
sys-devel/gcc:             12.2.1_p20230121-r1::gentoo
sys-devel/gcc-config:      2.8::gentoo
sys-devel/libtool:         2.4.7-r1::gentoo
sys-devel/lld:             15.0.7::gentoo
sys-devel/llvm:            15.0.7::gentoo
sys-devel/make:            4.3::gentoo
sys-kernel/linux-headers:  5.15-r3::gentoo (virtual/os-headers)
sys-libs/glibc:            2.36-r5::gentoo
Repositories:

gnome-next
    location: /var/db/repos/gnome-next
    sync-type: git
    sync-uri: https://github.com/MeisterP/gnome-overlay.git
    sync-user: poncho
    masters: gentoo
    priority: 50
    volatile: True

steam-overlay
    location: /var/db/repos/steam
    sync-type: git
    sync-uri: https://github.com/anyc/steam-overlay.git
    masters: gentoo
    priority: 50
    volatile: True

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git
    sync-user: poncho
    priority: 1000
    volatile: True
    sync-git-verify-commit-signature: true

poncho
    location: /var/db/repos/poncho
    sync-type: git
    sync-uri: https://github.com/MeisterP/poncho-overlay.git
    sync-user: poncho
    masters: gentoo
    priority: 1050
    volatile: True

torbrowser
    location: /var/db/repos/torbrowser
    sync-type: git
    sync-uri: https://github.com/MeisterP/torbrowser-overlay.git
    sync-user: poncho
    masters: gentoo
    priority: 1050
    volatile: True

Installed sets: @fonts, @kernels, @python-modules, @virtualbox
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA FraunhoferFDK NVIDIA-CUDA PUEL-11"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/thumbnailers/ffmpegthumbnailer.thumbnailer"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps=y --ask --jobs=8 --load-average=9 --verbose"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=native -O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live cgroup config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync mount-sandbox multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=native -O2 -pipe"
GENTOO_MIRRORS="https://mirror.init7.net/gentoo/ 	http://distfiles.gentoo.org"
INSTALL_MASK=" /etc/init.d /etc/conf.d"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
LINGUAS="en en_US"
MAKEOPTS="-j8 -l9"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
RUSTFLAGS="-Ctarget-cpu=native"
SHELL="/bin/zsh"
USE="X a52 aac acl acpi aften alsa amd64 argyllcms bluetooth bzip2 cairo cdda cdio cdr cli colord crypt cryptsetup css cuda cups dav1d dbus device-mapper dist-kernel dri drm dts dvd dvdr encode evo exif fdk ffmpeg flac fontconfig fortran gdbm gif gnome gnome-keyring gnome-online-accounts gstreamer gtk gui harfbuzz heif iconv icu id3tag introspection ipv6 jpeg kms lame lcms libass libglvnd libnotify libplacebo libproxy libsecret libtirpc mad mng mp3 mp4 mpeg multilib nautilus ncurses networkmanager nls nptl nss nvenc nvidia ogg opengl openmp opus pam pango pcre pdf pipewire png policykit postscript ppds pulseaudio raw readline rtmp sdl seccomp sndfile sound speex spell ssl startup-notification svg sysprof systemd test-rust theora tiff tracker truetype udev udisks unicode upower usb v4l vaapi vorbis vpx wavpack webp x264 x265 xattr xcb xft xml xmp xps xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en_US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_10" PYTHON_TARGETS="python3_10" RUBY_TARGETS="ruby27 ruby30" SANE_BACKENDS="hp" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, SIZE, STRINGS, STRIP, YACC, YFLAGS

=================================================================
                        Package Settings
=================================================================

dev-libs/libevent-2.1.12-r1::gentoo was built with the following:
USE="clock-gettime ssl -debug -malloc-replacement -static-libs -test -verbose-debug" ABI_X86="(64) -32 (-x32)"
FEATURES="unknown-features-warn strict userfetch pid-sandbox binpkg-logs news unmerge-orphans unmerge-logs cgroup binpkg-docompress qa-unresolved-soname-deps buildpkg-live ipc-sandbox config-protect-if-modified userpriv parallel-fetch usersandbox assume-digests protect-owned preserve-libs distlocks ebuild-locks parallel-install multilib-strict sfperms network-sandbox mount-sandbox sandbox xattr usersync binpkg-dostrip fixlafiles merge-sync"


net-vpn/tor-0.4.7.13::gentoo was built with the following:
USE="man seccomp server systemd -caps -doc -lzma -scrypt (-selinux) -test -tor-hardening -verify-sig -zstd" ABI_X86="(64)"
FEATURES="xattr binpkg-logs cgroup buildpkg-live userpriv parallel-install protect-owned binpkg-dostrip assume-digests multilib-strict unmerge-orphans parallel-fetch sfperms ebuild-locks preserve-libs unmerge-logs strict usersandbox network-sandbox pid-sandbox merge-sync news config-protect-if-modified sandbox qa-unresolved-soname-deps distlocks userfetch binpkg-docompress ipc-sandbox mount-sandbox usersync fixlafiles unknown-features-warn"
Comment 1 Mike Gilbert gentoo-dev 2023-02-15 16:53:22 UTC 
This seems quite strange. Did you have the "threads" USE flag disabled before the dev-libs/libevent update?
Comment 2 Mike Gilbert gentoo-dev 2023-02-15 17:10:02 UTC 
The evutil_secure_rng_add_bytes function is defined behind the following preprocessor check:

#if !defined(EVENT__HAVE_ARC4RANDOM) || defined(EVENT__HAVE_ARC4RANDOM_ADDRANDOM)

In other words, evutil_secure_rng_add_bytes is defined only if libc does not define arc4random or libc defines both arc4random and arc4random_addrandom. 

The arc4random function was added in glibc-2.36. glibc does not currently implement the arc4random_addrandom function.

So, here's what I think happened:

1. libevent was built against an old version of glibc that lacks arc4random.
2. tor was built against libevent with evutil_secure_rng_add_bytes defined.
3. glibc was upgraded to >=2.36.
4. libevent was rebuilt against the new glibc, causing it to lose the evutil_secure_rng_add_bytes symbol.
5. tor was rebuilt, and no longer tries to call since the configure test failed evutil_secure_rng_add_bytes.

I think we could just revbump net-vpn/tor as a workaround.
Comment 3 poncho 2023-02-15 17:41:38 UTC 
(In reply to Mike Gilbert from comment #1)
> This seems quite strange. Did you have the "threads" USE flag disabled
> before the dev-libs/libevent update?

I haven't set the "threads" USE flag manually, no. Neither enabled nor disabled.
Comment 4 Mike Gilbert gentoo-dev 2023-02-15 17:47:48 UTC 
Right, per comment 2, this has nothing to do with the "threads" USE flag change.
Comment 5 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-02-17 05:39:41 UTC 
What a mess.  So to summarize:

1) the function disappears because it's not supported with glibc's ARC4

2) upstream thinks disappearing it is better for security than making it a no-op

3) …so effectively reverse dependencies like net-vpn/tor make the call conditional, and that has exactly the same effect

Sigh.  I'll revbump net-vpn/tor anyway, and add >= dep on revbumped dev-libs/libevent to hopefully force a rebuild.  I think we don't need to assume anyone's still using glibc < 2.36 at this point, right?
Comment 6 Larry the Git Cow gentoo-dev 2023-02-17 06:21:52 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d39311be33fb0888563bb3b1e250f7847ef39c29

commit d39311be33fb0888563bb3b1e250f7847ef39c29
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2023-02-17 05:41:37 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2023-02-17 06:21:18 +0000

    net-vpn/tor: Force rebuild along with libevent due to ABI change
    
    Revbump net-vpn/tor and require revbumped dev-libs/libevent to ensure
    that both are rebuilt with the >=sys-libs/glibc-2.36 as that causes
    libevent to change ABI.
    
    Bug: https://bugs.gentoo.org/894536
    Bug: https://github.com/libevent/libevent/issues/1393
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 net-vpn/tor/{tor-0.4.7.13.ebuild => tor-0.4.7.13-r1.ebuild} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)