Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BIND package built with wrong openssl library on 2.7.0

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 530 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      redm0nster
      last edited by redm0nster

      The BIND DNS server package on pfsense CE 2.7.0 appears to have been built for openssl 3.0 causing "Shared object "libssl.so.30" not found" errors which prevent BIND from starting. I am running pfsense 2.7.0-RELEASE (haven't upgraded to 2.7.1 yet) but the BIND package appears to have been built for openssl 3.0 instead of 1.1.

      BIND fails to start from the GUI. Manually starting it results in:

      [2.7.0-RELEASE][rsh@balsa.home.arpa]/home/rsh: service named onestart
install: chown 53:53 /var/run/named: Operation not permitted
ld-elf.so.1: Shared object "libssl.so.30" not found, required by "rndc-confgen"
ld-elf.so.1: Shared object "libssl.so.30" not found, required by "named-checkconf"

      The libraries for "named-checkconf" show it has been linked with "libssl.so.30" and "libcrypto.so.30" which are not present:

      [2.7.0-RELEASE][rsh@balsa.home.arpa]/home/rsh: ldd /usr/local/sbin/named-checkconf
/usr/local/sbin/named-checkconf:
        libjson-c.so.5 => /usr/local/lib/libjson-c.so.5 (0xc5989c31000)
        libprotobuf-c.so.1 => /usr/local/lib/libprotobuf-c.so.1 (0xc598a8e9000)
        libfstrm.so.0 => /usr/local/lib/libfstrm.so.0 (0xc598b4ca000)
        libssl.so.30 => not found (0)
        libcrypto.so.30 => not found (0)
        libxml2.so.2 => /usr/local/lib/libxml2.so.2 (0xc598ba18000)
        libz.so.6 => /lib/libz.so.6 (0xc598bf71000)
        libuv.so.1 => /usr/local/lib/libuv.so.1 (0xc598c5c5000)
        libexecinfo.so.1 => /usr/lib/libexecinfo.so.1 (0xc598d502000)
        libthr.so.3 => /lib/libthr.so.3 (0xc598e5c3000)
        libc.so.7 => /lib/libc.so.7 (0xc598e6f2000)
        liblzma.so.5 => /usr/lib/liblzma.so.5 (0xc598e350000)
        libm.so.5 => /lib/libm.so.5 (0xc598fdb8000)
        libelf.so.2 => /lib/libelf.so.2 (0xc598ec39000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xc598f5f5000)
        libmd.so.6 => /lib/libmd.so.6 (0xc599037c000)
        [vdso] (0xc598813e620)

      Executable details:

      [2.7.0-RELEASE][rsh@balsa.home.arpa]/home/rsh: ls -l /usr/local/sbin/named-checkconf
-r-xr-xr-x  1 root  wheel  2734192 Nov 17 15:25 /usr/local/sbin/named-checkconf

      It also causes "pkg" to fail, even though that seems to be linked with the correct openssl library version. Heres some details:

      [2.7.0-RELEASE][rsh@balsa.home.arpa]/home/rsh: pkg info
ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pkg"

      [2.7.0-RELEASE][rsh@balsa.home.arpa]/home/rsh: ldd `which pkg`
/usr/sbin/pkg:
        libarchive.so.7 => /usr/lib/libarchive.so.7 (0x151327fe7000)
        libfetch.so.6 => /usr/lib/libfetch.so.6 (0x1513274a3000)
        libprivateucl.so.1 => /usr/lib/libprivateucl.so.1 (0x151328ae2000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x15132a95e000)
        libssl.so.111 => /usr/lib/libssl.so.111 (0x151329aea000)
        libutil.so.9 => /lib/libutil.so.9 (0x15132c50c000)
        libmd.so.6 => /lib/libmd.so.6 (0x15132b64a000)
        libc.so.7 => /lib/libc.so.7 (0x15132cd03000)
        libz.so.6 => /lib/libz.so.6 (0x15132e2b2000)
        libbz2.so.4 => /usr/lib/libbz2.so.4 (0x15132de9d000)
        liblzma.so.5 => /usr/lib/liblzma.so.5 (0x15132edfe000)
        libbsdxml.so.4 => /lib/libbsdxml.so.4 (0x15132f2bd000)
        libprivatezstd.so.5 => /usr/lib/libprivatezstd.so.5 (0x1513301ca000)
        libm.so.5 => /lib/libm.so.5 (0x1513308cb000)
        libthr.so.3 => /lib/libthr.so.3 (0x15133104b000)
        [vdso] (0x1513261e0620)

      [2.7.0-RELEASE][rsh@balsa.home.arpa]/home/rsh: truss pkg
mmap(0x0,135168,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 10815225339904 (0x9d61daa2000)
mprotect(0x188ceb6ea000,4096,PROT_READ)          = 0 (0x0)
issetugid()                                      = 0 (0x0)
sigfastblock(0x1,0x188ceb6ed0a0)                 = 0 (0x0)

[snip]

open("/lib/libssl.so.30",O_RDONLY|O_CLOEXEC|O_VERIFY,010524047400) ERR#2 'No such file or directory'
open("/usr/lib/libssl.so.30",O_RDONLY|O_CLOEXEC|O_VERIFY,010524047400) ERR#2 'No such file or directory'
ld-elf.so.1: write(2,"ld-elf.so.1: ",13)                         = 13 (0xd)
Shared object "libssl.so.30" not found, required by "pkg"write(2,"Shared object "libssl.so.30" not"...,57) = 57 (0x39)

write(2,"\n",1)                                  = 1 (0x1)
exit(0x1)
process exit, rval = 1
      1 Reply Last reply Reply Quote 0
      • C
        cmilos
        last edited by

        I had the same issue on my router at home which is vanilla FreeBSD.
        I upgraded from 13.2->14.0 (same as pfSense 2.6.0 -> 2.7.0 I think) and the Bind 9.11 package wasn't working. Removed and re-installed and still not working.
        Installed Bind 9.16 and fixed. I'm guessing that pfSense is still using Bind 9.11 and the package hasn't been upgraded yet.
        FreeBSD upgraded OpenSSL from 1.1.1 to 3.0.12 so I'm guessing the base for pfSense inherited this.

        1 Reply Last reply Reply Quote 0
        • R
          redm0nster
          last edited by

          Manually copying the openssl 3.0 libraries from a pfsense CE 2.7.1 system to /usr/local/lib on the 2.7.0 system fixed the issue for me. This isn't ideal but ISC BIND is working on pfsense CE 2.7.0 now:

          [2.7.0-RELEASE][rsh@balsa.home.arpa]/home/rsh: ls -l /usr/local/lib/lib*.so.30
-rw-r--r--  1 root  wheel  4588560 Nov 23 10:00 /usr/local/lib/libcrypto.so.30
-rw-r--r--  1 root  wheel   694560 Nov 23 10:00 /usr/local/lib/libssl.so.30

          [2.7.0-RELEASE][rsh@balsa.home.arpa]/home/rsh: ldd /usr/local/sbin/named-checkconf
/usr/local/sbin/named-checkconf:
        libjson-c.so.5 => /usr/local/lib/libjson-c.so.5 (0x2fde82caf000)
        libprotobuf-c.so.1 => /usr/local/lib/libprotobuf-c.so.1 (0x2fde83cbc000)
        libfstrm.so.0 => /usr/local/lib/libfstrm.so.0 (0x2fde84396000)
        libssl.so.30 => /usr/local/lib/libssl.so.30 (0x2fde8579e000)
        libcrypto.so.30 => /usr/local/lib/libcrypto.so.30 (0x2fde861d3000)
        libxml2.so.2 => /usr/local/lib/libxml2.so.2 (0x2fde84451000)
        libz.so.6 => /lib/libz.so.6 (0x2fde84ceb000)
        libuv.so.1 => /usr/local/lib/libuv.so.1 (0x2fde86bbb000)
        libexecinfo.so.1 => /usr/lib/libexecinfo.so.1 (0x2fde8711e000)
        libthr.so.3 => /lib/libthr.so.3 (0x2fde87801000)
        libc.so.7 => /lib/libc.so.7 (0x2fde8849e000)
        liblzma.so.5 => /usr/lib/liblzma.so.5 (0x2fde8931d000)
        libm.so.5 => /lib/libm.so.5 (0x2fde894f9000)
        libelf.so.2 => /lib/libelf.so.2 (0x2fde8a3a7000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2fde8be5a000)
        libmd.so.6 => /lib/libmd.so.6 (0x2fde8a578000)
        [vdso] (0x2fde821ab620)
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.