Hey all, There are quite a few bugs that are probably because of the problem I'm about to describe (177868, 178061, 173821, probably others..) so it was felt that this might be something to make other developers aware of. Currently in Debian there are quite a few packages which still link against OpenSSL 0.9.6 (libldap2-tls, ssh-krb5, others). Newer packages are being linked against OpenSSL 0.9.7 (ssh, etc). The problem happens when these two end up getting linked into the same running program. An example of how this can happen is this: ssh starts up and brings in 0.9.7. A user connects and PAM is configured to use libpam-ldap. libpam-ldap loads and brings in libldap2-tls. libldap2-tls loads and brings in 0.9.6. After this point basically anything involving SSL is questionable at best and very likely to give you a segfault. Methods to detect this include: strace the binary and see if it's loading 0.9.6 and 0.9.7 set LD_DEBUG=files and run the binary and watch the output gdb the program, run it and when it segfaults run: info sharedlibrary gdb worked best for me since it gives a nice short list without lots of other information you don't need. The specific library file I've seen is: /usr/lib/i686/cmov/libcrypto.so.0.9.6 /usr/lib/i686/cmov/libcrypto.so.0.9.7 For the record I've heard of similar potential problems with libsasl7 vs. libsasl2 which involves things like sendmail, slapd, etc. I don't have an overall solution to this, though I've heard much about versioned symbols perhaps being an answer. I know that's been discussed on d-d some already though and don't know where that went. Trying to keep this short, just be on alert for these issues when you see bug reports come in about segfaults with these and related packages. Good luck, Stephen
Attachment:
pgpgGasoXucYL.pgp
Description: PGP signature