Beta sqlite3/openssl package updates

Status
Not open for further replies.

af123

Administrator
Staff member
I've just pushed updated beta packages for sqlite3 and openssl. They are both minor updates:

  • openssl 1.1.1.a -> 1.1.1.b
  • sqlite 3.27.1 -> 3.27.2
 
Is it possible that openssl-1.1.1b has broken something?

I get a segmentation fault apparently from an infinite recursion when running wget (1.20): here's it kicking off:
Code:
humax# gdb --args wget https://github.com/openssl/openssl/blob/master/include/openssl/crypto.h
GNU gdb (GDB) 7.1
...
Reading symbols from /mnt/hd2/mod/bin/wget...(no debugging symbols found)...done.
(gdb) b CRYPTO_malloc
Breakpoint 1 at 0x403c60
(gdb) r
Starting program: /mnt/hd2/mod/bin/wget https://github.com/openssl/openssl/blob/master/include/openssl/crypto.h
setpgrp failed in child: No such process

Redirecting output to 'wget-log.3'.

Breakpoint 1, 0x2ad33170 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
(gdb) c
Continuing.

Breakpoint 1, 0x2ad33170 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
(gdb) c
Continuing.

Breakpoint 1, 0x2ad33170 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
(gdb) c
Continuing.

Breakpoint 1, 0x2ad33170 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
(gdb) c
Continuing.

Breakpoint 1, 0x2ad33170 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
(gdb) bt
#0  0x2ad33170 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
#1  0x2ad331b0 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
#2  0x2ad331b0 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
#3  0x2ad331b0 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
#4  0x2ad331b0 in CRYPTO_malloc () from /mod/lib/libcrypto.so.1.1
#5  0x2ad33270 in CRYPTO_zalloc () from /mod/lib/libcrypto.so.1.1
#6  0x2add12ac in CRYPTO_THREAD_lock_new () from /mod/lib/libcrypto.so.1.1
#7  0x2ad27648 in ?? () from /mod/lib/libcrypto.so.1.1

I'm sure wget-1.20 worked fine in the beta test (I'd like to revert to openssl-1.1.1a as a test but opkg seems unhelpful in that respect). My wget-1.19.5 built against LibreSSL also works.

This issue has similar symptoms but the same circumstances don't apply exactly. There's a suggestion that the underlying issue is non-matching malloc initialisation in the executable vs the .so.

As a side issue, I wonder what functionality or build configuration makes these wget builds 2-3 times bigger than 1.12 (given that the fancy crypto is all in the OpenSSL .so)?
 
Last edited:
wget is used by autodecrypt so if there was a general problem I am sure it would have been reported before
 
It might have been if anyone had patched their Humax DLNA server to use https!

The crash only happens when initialising SSL. Confirmed on a second machine with up-to-date beta packages and no history of software development.
 
And fixed by downgrading:
Code:
humax# wget https://hummypkg.org.uk/hdrfoxt2/base/openssl_1.1.1.a-2_mipsel.opk
--2019-04-23 10:05:52--  https://hummypkg.org.uk/hdrfoxt2/base/openssl_1.1.1.a-2_mipsel.opk
Segmentation fault
humax# wget -U "" http://hummypkg.org.uk/hdrfoxt2/base/openssl_1.1.1.a-2_mipsel.opk
...
2019-04-23 10:11:52 (496 KB/s) - 'openssl_1.1.1.a-2_mipsel.opk' saved [5436792/5436792]

humax# opkg --force-downgrade install openssl_1.1.1.a-2_mipsel.opk 
Downgrading openssl on root from 1.1.1.b to 1.1.1.a-2...
Configuring openssl.
humax# wget  https://hummypkg.org.uk/hdrfoxt2/base/openssl_1.1.1.a-2_mipsel.opk
--2019-04-23 10:13:32--  https://hummypkg.org.uk/hdrfoxt2/base/openssl_1.1.1.a-2_mipsel.opk
Resolving hummypkg.org.uk... 2a00:5600:1600::50, 89.248.55.75
Connecting to hummypkg.org.uk|2a00:5600:1600::50|:443... failed: Address family not supported by protocol.
Connecting to hummypkg.org.uk|89.248.55.75|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2019-04-23 10:13:33 ERROR 403: Forbidden.

humax#
The last wget fails (intentionally) because the server rejects the User Agent, but the SSL bit worked. The first wget failed before making the SSL connection.
 
Is it possible that openssl-1.1.1b has broken something?
Yes, thanks for the report. Beta testing works : )
I'll push up a fixed package shortly, as well as an updated wget since 1.20.3 has been released.
 
Incidentally the original failure was trying to download the source package for lynx-2.8.8.

I managed to build Lynx on-box against these OpenSSL libs and was able to browse https://wiki.hummy.tv and download stuff, a more integrated user experience than wget/curl.

Is anyone likely to be interested in this? I could make a package, or provide the build config files. I had to reverse some #if 1 constructs in ncurses.h and term.h IIRC.
 
If you follow the lynk, you can read about it. It's the original text-based browser.

Why might you want it?
  • You're bored with copying links from a graphical web browser window into a telnet window to download them to the Humax disk.
  • You want to download from a server that blocks wget's UA and can't remember how to spoof it.
  • You want to use a browser that's guaranteed not to use JavaScript.
  • Because it's there!
Obvs the last is the key one, although I suppose there might be a use case involving iPlayer and youtube-dl (not yet tested). Also, perhaps a local browser under our control on the box might help in developing the Portal functionality, which AFAIK is currently just a long-winded way to launch the iPlayer app.
 
Even as a text-based browser, there's no way to get its output onto the TV screen (which is where the native browser has the advantage).

Would you propose to run it through WebShell?
 
Re wget - I have two boxes which (I believe) mirror each other. Overnight one updated the wget beta but the other does not have it installed. Can you advise what package(s) use this - I see autodecrypt is mentioned in this thread.
Thanks

Edit: I have used the telnet installed command and they both have the same packages installed except for wget
 
Last edited:
Is it not time to remove libopenssl and polarssl from the repository?
Both are old (ancient/prehistoric), insecure and unnecessary.

And what about tidying up openssl-command and openssl ?
 
Status
Not open for further replies.
Back
Top