Re: lib/58915: openldap libraries leak private symbols

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,campbell+netbsd%mumble.net@localhost
Subject: Re: lib/58915: openldap libraries leak private symbols
From: "Greg A. Woods via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Sat, 6 Dec 2025 05:50:01 +0000 (UTC)

The following reply was made to PR lib/58915; it has been noted by GNATS.

From: "Greg A. Woods" <woods%planix.ca@localhost>
To: NetBSD GNATS <gnats-bugs%NetBSD.org@localhost>
Cc: 
Subject: Re: lib/58915: openldap libraries leak private symbols
Date: Fri, 05 Dec 2025 21:47:02 -0800

 --pgp-sign-Multipart_Fri_Dec__5_21:46:54_2025-1
 Content-Type: text/plain; charset=US-ASCII
 
 For what it's worth the following changes seem to allow openldap to be
 built with MKKERBEROS=no.
 
 They aren't the proper fix for the underlying problem of course.
 
 I took inspiration from similar changes for bind/lib/libdns.
 
 Perhaps the file naming isn't ideal, not following the convention used
 in libdns, but these names helped me avoid renaming an existing source
 file.
 
 I have a bunch more MKDERBEROS=no fixes, but since this PR mentions the
 problem specifically for openldap I thought I might contribute this bit
 here for now.
 
 --
 					Greg A. Woods <gwoods%acm.org@localhost>
 
 Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
 Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>
 
 
 diff --git a/external/bsd/openldap/lib/libldap/Makefile b/external/bsd/openldap/lib/libldap/Makefile
 index 21cb8415f4c8..7a96bc5856cc 100644
 --- a/external/bsd/openldap/lib/libldap/Makefile
 +++ b/external/bsd/openldap/lib/libldap/Makefile
 @@ -132,4 +132,16 @@ MLINKS+=	ldap_url.3 ldap_is_ldap_url.3 \
 
  MAN+=		ldap.conf.5 ldif.5
 
 +EXPSYM_SRCS+=   ldap.expsym
 +.if ${MKKERBEROS:Uno} != "no"
 +EXPSYM_SRCS+=   ldap.kerberos.expsym
 +.endif
 +
 +LIB_EXPSYM=     ldap.actual.expsym
 +ldap.actual.expsym: ${EXPSYM_SRCS}
 +        ${_MKTARGET_CREATE}
 +        LC_ALL=C sort -m ${.ALLSRC} >${.TARGET}.tmp && \
 +        ${MV} ${.TARGET}.tmp ${.TARGET}
 +CLEANFILES+=    ldap.actual.expsym ldap.actual.expsym.tmp
 +
  .include <bsd.lib.mk>
 diff --git a/external/bsd/openldap/lib/libldap/ldap.expsym b/external/bsd/openldap/lib/libldap/ldap.expsym
 index 3b96dc9afcee..c5adf8c3e455 100644
 --- a/external/bsd/openldap/lib/libldap/ldap.expsym
 +++ b/external/bsd/openldap/lib/libldap/ldap.expsym
 @@ -164,10 +164,6 @@ ldap_int_decode_b64_inplace
  ldap_int_error_init
  ldap_int_flush_request
  ldap_int_global_options
 -ldap_int_gssapi_close
 -ldap_int_gssapi_config
 -ldap_int_gssapi_get_option
 -ldap_int_gssapi_set_option
  ldap_int_hostname
  ldap_int_inet4or6
  ldap_int_initialize
 diff --git a/external/bsd/openldap/lib/libldap/ldap.kerberos.expsym b/external/bsd/openldap/lib/libldap/ldap.kerberos.expsym
 new file mode 100644
 index 000000000000..bf434bef4d5e
 --- /dev/null
 +++ b/external/bsd/openldap/lib/libldap/ldap.kerberos.expsym
 @@ -0,0 +1,4 @@
 +ldap_int_gssapi_close
 +ldap_int_gssapi_config
 +ldap_int_gssapi_get_option
 +ldap_int_gssapi_set_option
 diff --git a/external/bsd/openldap/lib/libldap_r/Makefile b/external/bsd/openldap/lib/libldap_r/Makefile
 index 91e1f29f0c42..0f1197a99e27 100644
 --- a/external/bsd/openldap/lib/libldap_r/Makefile
 +++ b/external/bsd/openldap/lib/libldap_r/Makefile
 @@ -7,6 +7,7 @@ CWARNFLAGS.clang=	-Wno-format-extra-args
 
  LIB=		ldap_r
 
 +# xxx nothing actually in there -- just uses libraries/libldap from Makefile.libldap
  .PATH:		${LDAP_DISTDIR}/libraries/libldap_r
 
  SRCS+=		threads.c rdwr.c rq.c \
 @@ -16,4 +17,16 @@ SRCS+=		threads.c rdwr.c rq.c \
  COPTS+=		-pthread
  LIBDPLIBS+=	pthread	${.CURDIR}/../../../../../lib/libpthread
 
 +EXPSYM_SRCS+=   ldap_r.expsym
 +.if ${MKKERBEROS:Uno} != "no"
 +EXPSYM_SRCS+=   ldap_r.kerberos.expsym
 +.endif
 +
 +LIB_EXPSYM=     ldap_r.actual.expsym
 +ldap.actual.expsym: ${EXPSYM_SRCS}
 +        ${_MKTARGET_CREATE}
 +        LC_ALL=C sort -m ${.ALLSRC} >${.TARGET}.tmp && \
 +        ${MV} ${.TARGET}.tmp ${.TARGET}
 +CLEANFILES+=    ldap_r.actual.expsym ldap_r.actual.expsym.tmp
 +
  .include <bsd.lib.mk>
 diff --git a/external/bsd/openldap/lib/libldap_r/ldap_r.expsym b/external/bsd/openldap/lib/libldap_r/ldap_r.expsym
 index 9f5539d510be..798c62d08d21 100644
 --- a/external/bsd/openldap/lib/libldap_r/ldap_r.expsym
 +++ b/external/bsd/openldap/lib/libldap_r/ldap_r.expsym
 @@ -164,11 +164,6 @@ ldap_int_decode_b64_inplace
  ldap_int_error_init
  ldap_int_flush_request
  ldap_int_global_options
 -ldap_int_gssapi_close
 -ldap_int_gssapi_config
 -ldap_int_gssapi_get_option
 -ldap_int_gssapi_mutex
 -ldap_int_gssapi_set_option
  ldap_int_hostname
  ldap_int_hostname_mutex
  ldap_int_inet4or6
 diff --git a/external/bsd/openldap/lib/libldap_r/ldap_r.kerberos.expsym b/external/bsd/openldap/lib/libldap_r/ldap_r.kerberos.expsym
 new file mode 100644
 index 000000000000..0ef5137a79ce
 --- /dev/null
 +++ b/external/bsd/openldap/lib/libldap_r/ldap_r.kerberos.expsym
 @@ -0,0 +1,5 @@
 +ldap_int_gssapi_close
 +ldap_int_gssapi_config
 +ldap_int_gssapi_get_option
 +ldap_int_gssapi_mutex
 +ldap_int_gssapi_set_option
 
 --pgp-sign-Multipart_Fri_Dec__5_21:46:54_2025-1
 Content-Type: application/pgp-signature
 Content-Transfer-Encoding: 7bit
 Content-Description: OpenPGP Digital Signature
 
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQRuK6dmwVAucmRxuh9mfXG3eL/0fwUCaTPDUAAKCRBmfXG3eL/0
 f3KrAJ94kLRoVP7Frsv5S8HuAX36fZkpnACdEreZyQe5o7VJXDpkP3JkkA77+L8=
 =+cHt
 -----END PGP SIGNATURE-----
 
 --pgp-sign-Multipart_Fri_Dec__5_21:46:54_2025-1--

Prev by Date: Re: kern/41121 (<net/dlt.h> needs to be realigned with tcudmp disto)
Next by Date: Re: bin/59587 (ftp client ascii transfers with progress report fail)
Previous by Thread: lib/58915: openldap libraries leak private symbols
Next by Thread: lib/58913: ctype(3) macros fail on (unsigned)EOF
Indexes:

Home | Main Index | Thread Index | Old Index