[pkg-dhcp-devel] Bug#592361: Bug#592361: Bug#592361: libcrypto.so.0.9.8 accessed before /usr is mounted

Fri Oct 22 04:21:35 UTC 2010

On Thu, Oct 21, 2010 at 07:08:08PM +0100, Simon McVittie wrote:
> On Fri, 22 Oct 2010 at 03:16:59 +1000, Andrew Pollock wrote:
> > ../configure: line 5723: syntax error near unexpected token `OPENSSL,'
> > ../configure: line 5723: `		PKG_CHECK_MODULES(OPENSSL, openssl)'
> > make: *** [patched-ldap/build-stamp] Error 2
> > 
> > on the face of it, it looks like your patch uncomments
> > PKG_CHECK_MODULES(OPENSSL, [openssl]), which was previously commented out in
> > the LDAP patch. This seems to be what's angering the build.
> 
> Oh, sorry, I've only tried it in an unclean build environment (I'd have used
> sbuild if I NMU'd it, but I didn't want to NMU without knowing how to test
> the LDAP-patched version). You'll need to build-depend on pkg-config (and
> re-run autoconf, but you already do that) for that line to work.

Aha! Success. Thanks again.

> Because the call to PKG_CHECK_MODULES is conditional, that code is actually
> wrong (although it's harmless because it's the only pkg-config call);
> strictly speaking you ought to add PKG_PROG_PKG_CONFIG earlier in configure.ac,
> in a location where it'll always be executed.

Fortunately upstream has accepted that patch (or a variant of it), so I'll
raise this with them and let them sort it out.

> Alternatively, you could probably just re-add the -lcrypto check at that
> location, and put it in CRYPTO_LIBS; that'd probably be sufficient too.
> 
> > I spent a considerable amount of time this evening tweaking patches, until I
> > got to the point where I essentially had your patches, but with the above
> > line still commented out. The build still failed. It looked like it couldn't
> > find the symbols that had previously been found in libcrypto.
> 
> Yes, that's why I uncommented that line. The story is:
> 
> * the unpatched source tree thinks it needs -lcrypto for MD5, but it also
>   contains a copypaste of openssl's MD5 implementation (in dst/), so the
>   one in -lcrypto is never actually used (symbols in the executable "win"
>   when linking)
> 
> * the patched LDAP tree indirectly links -lssl and -lcrypto, as an
>   implementation detail of libldap
> 
> * using the MD5 implementation in -lcrypto when called via libldap, or the
>   one in the executable otherwise, seems like badness, so the LDAP patchset
>   builds a version of the "dst" library that lacks MD5 support
> 
> * ... but then you need to link against -lcrypto explicitly, or you'll fail
>   to find an MD5 implementation
> 
> * I uncommented the check for OPENSSL instead of adding one for libcrypto,
>   because I couldn't be bothered to devise one for libcrypto (it was getting
>   late at night), and they're both in the libssl0.9.8 Debian package anyway

Wee.

> > I have a largish upload pending in the Git repository for this package, I
> > just want to address this RC bug in that upload. You can see it at
> > http://git.debian.org/?p=pkg-dhcp/isc-dhcp.git;a=summary if you want to try
> > any additional patches.
> 
> A git repository! I could have done with that (I imported it into git
> locally to hack on, in fact). Please add the Vcs-Git and Vcs-Browser fields
> to your source package, so any future bug-squashers get a nice hyperlink on
> packages.qa.debian.org, and can use debcheckout(1) :-)

Ah yes. I'll do that.