tech-pkg: Re: OpenSSL upgrade part two

Subject: Re: OpenSSL upgrade part two
To: John Klos <john@ziaspace.com>
From: grant beattie <grant@NetBSD.org>
List: tech-pkg
Date: 12/29/2004 19:17:13
--Q0rSlbzrZN6k9QnT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 28, 2004 at 11:33:04PM -0800, John Klos wrote:

> Hi,
>=20
> When updating Pine after updating OpenSSL to 0.9.7e, I got this problem i=
n=20
> imap-uw:
>=20
> cc -I../c-client -pipe -O2=20
> -I/usr/pkgsrc/mail/imap-uw/work/.buildlink/include -o .libs/mtest mtest.o=
=20
> -Wl,-R/usr/local/lib  ../c-client/.libs/libc-client.so=20
> -L/usr/pkgsrc/mail/imap-uw/work/.buildlink/lib -lcrypt -lgssapi -lkrb5=20
> -lasn1 -lcom_err -lroken -lssl -lcrypto -Wl,--rpath -Wl,/usr/local/lib
> ../c-client/.libs/libc-client.so: warning: tmpnam() possibly used unsafel=
y,=20
> use mkstemp() or mkdtemp()
> mtest.o: In function `prompt':
> mtest.o(.text+0x1978): warning: this program uses gets(), which is unsafe.
> /usr/lib/libkrb5.so: undefined reference to `des_is_weak_key'
> /usr/lib/libkrb5.so: undefined reference to `des_pcbc_encrypt'
> /usr/lib/libkrb5.so: undefined reference to `des_cfb64_encrypt'
> /usr/lib/libgssapi.so: undefined reference to `des_cbc_encrypt'
> /usr/lib/libkrb5.so: undefined reference to `des_set_odd_parity'
> /usr/lib/libkrb5.so: undefined reference to `des_read_pw_string'
> /usr/lib/libgssapi.so: undefined reference to `des_set_key'
> /usr/lib/libkrb5.so: undefined reference to `des_ede3_cbc_encrypt'
> /usr/lib/libgssapi.so: undefined reference to `des_cbc_cksum'
> /usr/lib/libkrb5.so: undefined reference to `des_string_to_key'
> *** Error code 1
>=20
> What's the fix here? Why isn't this using the pkgsrc installed OpenSSL=20
> libraries?
>=20
> (1.6.2 ppc, pkgsrc from today)

and, perhaps more worrying, why The Hell do NetBSD shared libraries
not link against their required dependencies?

expecting end-users/third-party apps to know how to deal with NetBSD
shared library dependencies seems fraught with danger.

it could Just Work if done properly, like everyone else (even Linux
distros have got this right for a while now!)

grant.


--Q0rSlbzrZN6k9QnT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFB0mgJluYOb9yiFXoRAmD7AKCqomUo2wwx32nmD8r5+Tij+9dJfQCggnf3
Ecig6bDmM/VjM2c34x70E5k=
=0TBP
-----END PGP SIGNATURE-----

--Q0rSlbzrZN6k9QnT--