pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/45823: net/bind98 links indirectly to base's openssl when PREFER.openssl=pkgsrc is given
>Number: 45823
>Category: pkg
>Synopsis: net/bind98 links indirectly to base's openssl when
>PREFER.openssl=pkgsrc is given
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jan 12 11:00:00 +0000 2012
>Originator: Matthias Kretschmer
>Release: NetBSD 5.1_STABLE
>Organization:
>Environment:
NetBSD cat.cs.uni-bonn.de 5.1_STABLE NetBSD 5.1_STABLE (CAT) #1: Fri Apr 8
09:38:30 CEST 2011
root@fourier.hangelar.local:/home/src/sys/arch/i386/compile/obj/CAT i386
>Description:
net/bind98 links indirectly against base's openssl when PREFER.openssl=pkgsrc
is given. Furthermore both pkgsrc's and base's openssl libraries are
referenced and the package won't use pkgsrc's kerberos implementation even if
PREFER.{heimdal,mit-krb5}=pkgsrc is set.
For example for named:
# ldd /usr/pkg/sbin/named
/usr/pkg/sbin/named:
-llwres.80 => not found
-ldns.81 => not found
-lbind9.80 => not found
-lisccfg.82 => not found
-lisccc.80 => not found
-lisc.83 => not found
-lgssapi.7 => /usr/lib/libgssapi.so.7
-lkrb5.22 => /usr/lib/libkrb5.so.22
-lhx509.2 => /usr/lib/libhx509.so.2
-lcrypto.4 => /usr/lib/libcrypto.so.4 <-- base
-lcrypt.0 => /lib/libcrypt.so.0
-lc.12 => /usr/lib/libc.so.12
-lasn1.7 => /usr/lib/libasn1.so.7
-lcom_err.5 => /usr/lib/libcom_err.so.5
-lroken.13 => /usr/lib/libroken.so.13
-lutil.7 => /usr/lib/libutil.so.7
-lheimntlm.1 => /usr/lib/libheimntlm.so.1
-lcrypto.0.9.8 => /usr/pkg/lib/libcrypto.so.0.9.8 <-- pkgsrc
-lpthread.0 => /usr/lib/libpthread.so.0
It is of course not a good thing to link to two versions of the same library.
The reference to base's openssl is an indirect link from the kerberos
implementation. Kerberos is automatically enabled in net/bind98 due to the
configure script checking for it.
>How-To-Repeat:
Just compile net/bind98 with PREFER.openssl=pkgsrc.
>Fix:
The following patch tackles the problem by adding an option for kerberos and if
kerberos is selected it includes mk/krb5.buildlink3.mk for the handling of
kerberos. So with the patch if you select PREFER.{heimdal,mit-krb5}=pkgsrc you
correctly get kerberos from pkgsrc and not base as expected which was not the
case before. Deselecting kerberos just adds the configure parameter
--without-gssapi to disable it. I set kerberos as a suggested option to make
the change as similar to the old behaviour as possible (if one is not using
kerberos from pkgsrc there should be no change in the resulting binary).
Index: options.mk
===================================================================
RCS file: /cvsroot/pkgsrc/net/bind98/options.mk,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 options.mk
--- options.mk 4 Mar 2011 03:52:15 -0000 1.1.1.1
+++ options.mk 12 Jan 2012 10:03:12 -0000
@@ -3,6 +3,7 @@
PKG_OPTIONS_VAR= PKG_OPTIONS.bind98
PKG_SUPPORTED_OPTIONS= bind-dig-sigchase bind-xml-statistics-server
PKG_SUPPORTED_OPTIONS+= inet6 threads mysql pgsql ldap dlz-filesystem
+PKG_SUPPORTED_OPTIONS+= kerberos
.include "../../mk/pthread.buildlink3.mk"
@@ -20,6 +21,8 @@
PKG_SUGGESTED_OPTIONS+= inet6
.endif
+PKG_SUGGESTED_OPTIONS+= kerberos
+
.include "../../mk/bsd.options.mk"
###
@@ -87,3 +90,13 @@
# to be changed so that the two can cooperate.
CONFIGURE_ENV+= STD_CDEFINES=-DDIG_SIGCHASE=1
.endif
+
+###
+### kerberos/gssapi support
+###
+.if !empty(PKG_OPTIONS:Mkerberos)
+CONFIGURE_ARGS+= --with-gssapi=${BUILDLINK_PREFIX.${KRB5_TYPE}}
+.include "../../mk/krb5.buildlink3.mk"
+.else
+CONFIGURE_ARGS+= --without-gssapi
+.endif
Home |
Main Index |
Thread Index |
Old Index