[SOLVED] Re: Tor fails to build connections after FreeBSD security update

Hans Schnehl torvallenator at gmail.com
Sun Dec 6 13:13:14 UTC 2009


On Sun, Dec 06, 2009 at 04:37:51AM -0600, Scott Bennett wrote:


>      Hmm.  I have 0.9.8l installed, too, but I guess I don't know which
> version (i.e., base system vs. port) the build procedure for tor links in.

BINGO. Thanks, Scott.

According to this (it makes sense to read the whole thread, though):
http://lists.freebsd.org/pipermail/freebsd-ports/2009-December/058074.html


I rebuilt Tor version 0.2.2.6-alpha (git-1ee580407ccb9130) 
available in the portstree and compiled against openssl  0.9.8l .
I did that in a buildjail, but nevertheless should it should work on the
main system, if desired.

I added  'WITH_OPENSSL_PORT=YES' to /etc/make.conf and let FreeBSD do the
rest with 'make install clean' in the tor-devel directory.

Out comes a perfectly compiled binary doing what it is supposed to.

The jail Tor is running in now actually has both, base and ports openssl
but Tor doesn't care. Building a system without base openssl, see
the documentation.
Removing the formerly set LD_LIBRARY_PATH does now have no effect, there
are two openssl binaries: /usr/bin/openssl (base) and
/usr/local/bin/openssl ( ports) which shows no negative impact on Tor.

this is what it looks like if compiled with the appropriate setting in
/etc/make.conf:
root at ato# ldd /usr/local/bin/tor
/usr/local/bin/tor:
	libz.so.4 => /lib/libz.so.4 (0x8817f000)
	libm.so.5 => /lib/libm.so.5 (0x88191000)
	libevent-1.4.so.3 => /usr/local/lib/libevent-1.4.so.3 (0x881a6000)
	libssl.so.5 => /usr/local/lib/libssl.so.5 (0x881bb000)
	libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x881ff000)
	libthr.so.3 => /lib/libthr.so.3 (0x88346000)
	libc.so.7 => /lib/libc.so.7 (0x8835a000)
	librt.so.1 => /usr/lib/librt.so.1 (0x88449000)



> until you provided the search string.  The low rate of occurrence may be
> due to the relatively small portion of FreeBSD-based routers that have been
> updated and rebooted out of the relatively small fraction of the router
> population that is FreeBSD-based.
> 


So if the operators of the committedly small portion of FreeBSD Tornodes
encounter similar, just leave the base openssl.
This is untested yet on other than the 7.2-Stable platform.

Tor 0.2.2.6-alpha runs fine against openssl 0.9.8l on FreeBSD. Sorry for the
noise and thanks to all.

Regards

Hans 



More information about the tor-relays mailing list