[Secure-testing-team] Bug#804276: kamailio-tls-modules: Incompatible with the new openssl (wants an sslv3 object, which is no longer there).

Fri, 06 Nov 2015 13:08:11 -0800 

Package: kamailio-tls-modules
Version: 4.3.3-1+b1
Severity: important
Tags: security

Today's upgrade installs openssl 1.0.2 compiled w/o any ssl3 support
and kamailio compiled against it, but the latter fails when run with:

[FAIL] Not starting Kamailio SIP Server: invalid configuration file! ... failed!
 failed!
 [....] 0(20886) ERROR: <core> [sr_module.c:576]: load_module(): could not open 
module </usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so>: 
/usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so: undefined symbol: 
SSLv3_client_method 0(20886) : <core> [cfg.y:3432]: yyerror_at(): parse error 
in config file /etc/kamailio/kamailio.cfg, line 73, column 12-19: failed to 
load module 0(20886) ERROR: <core> [modparam.c:150]: set_mod_param_regex(): No 
module matching <tls> found 0(20886) : <core> [cfg.y:3435]: yyerror_at(): parse 
error in config file /etc/kamailio/kamailio.cfg, line 148, column 50: Can't set 
module parameter 0(20886) ERROR: <core> [modparam.c:150]: 
set_mod_param_regex(): No module matching <tls> found 0(20886) : <core> 
[cfg.y:3435]: yyerror_at(): parse error in config file 
/etc/kamailio/kamailio.cfg, line 149, column 45: Can't set module parameter 
0(20886) ERROR: <core> [modparam.c:150]: set_mod_param_regex(): No module 
matching <tls> found 0(20886) : <core> [cfg.y:3435]: yyerror_
 at(): parse error in config file /etc/kamailio/kamailio.cfg, line 150, column 
35: Can't set module parameter ERROR: bad config file (4 errors) 0(20886)

As such and kama install with needs tls cannot run.

(All of the errors there are because the tls modules cannot load because of the 
load-time link failure.)

It will need a patch removing things like SSLv3_client_method.

It is unfortunate that this didn't result in a compile time failure but only in 
a dynamic-link-time failure...



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

_______________________________________________
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

Reply via email to