[PATCH] no libcrypto

Simon McVittie smcv at debian.org
Wed Oct 20 21:32:34 UTC 2010 

---
 debian/changelog                           |   10 ++++++++++
 debian/patches/00list                      |    4 ++++
 debian/patches/dhcp-4.1.0-ldap-code.dpatch |   26 +++++++++++---------------
 debian/patches/no-libcrypto.dpatch         |   21 +++++++++++++++++++++
 4 files changed, 46 insertions(+), 15 deletions(-)
 create mode 100755 debian/patches/no-libcrypto.dpatch

diff --git a/debian/changelog b/debian/changelog
index 36f8c84..8bc0331 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+isc-dhcp (4.1.1-P1-9.1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * Don't link against -lcrypto in the normal build (Closes: #592361)
+  * Adjust the LDAP patch to link OpenSSL explicitly: OpenSSL isn't strictly
+    needed, but it causes us to link -lcrypto, which is needed because this
+    build omits the internal MD5 implementation
+
+ -- Simon McVittie <smcv at debian.org>  Wed, 20 Oct 2010 22:46:14 +0100
+
 isc-dhcp (4.1.1-P1-9) unstable; urgency=high
 
   * debian/control: really don't make the new packages conflict with the
diff --git a/debian/patches/00list b/debian/patches/00list
index 1c26643..6efcd93 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -4,6 +4,10 @@ dhclient-script-exit-status
 fix_groff_warnings
 # I think this has been independently emailed upstream
 no_loopback_checksum
+
+# must be applied before the LDAP stuff
+no-libcrypto
+
 #ldap backend for dhcp server (docs and code)
 dhcp-4.1.0-ldap-docs
 dhcp-4.1.0-ldap-code
diff --git a/debian/patches/dhcp-4.1.0-ldap-code.dpatch b/debian/patches/dhcp-4.1.0-ldap-code.dpatch
index d3993a5..b230caf 100644
--- a/debian/patches/dhcp-4.1.0-ldap-code.dpatch
+++ b/debian/patches/dhcp-4.1.0-ldap-code.dpatch
@@ -2751,20 +2751,13 @@ diff -urNad isc-dhcp.orig/server/Makefile.am isc-dhcp/server/Makefile.am
  
  man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
  EXTRA_DIST = $(man_MANS)
-diff -urNad isc-dhcp.orig/configure.ac isc-dhcp/configure.ac
---- isc-dhcp.orig/configure.ac	2009-12-30 10:56:15.000000000 +0100
-+++ isc-dhcp/configure.ac	2009-12-30 12:34:28.000000000 +0100
-@@ -389,8 +389,78 @@ AC_TRY_LINK(
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' isc-dhcp-4.1.1-P1~/configure.ac isc-dhcp-4.1.1-P1/configure.ac
+--- isc-dhcp-4.1.1-P1~/configure.ac	2010-10-20 22:14:33.694570303 +0100
++++ isc-dhcp-4.1.1-P1/configure.ac	2010-10-20 22:17:15.682086336 +0100
+@@ -419,6 +419,74 @@
+ # Look for optional headers.
  AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
  
- # find an MD5 library
-+saved_LIBS="$LIBS"
-+LIBS=""
- AC_SEARCH_LIBS(MD5_Init, [crypto])
- AC_SEARCH_LIBS(MD5Init, [crypto])
-+CRYPTO_LIBS="$LIBS"
-+LIBS="$saved_LIBS"
-+
 +AC_ARG_ENABLE(ldap-conf,
 +	AS_HELP_STRING([--enable-ldap-conf],
 +		[enable ldap configuration support (default is no)]))
@@ -2806,7 +2799,10 @@ diff -urNad isc-dhcp.orig/configure.ac isc-dhcp/configure.ac
 +		# should be possible to just link against libldap...
 +		# All this at least in case of openldap-2.4.x.
 +		#
-+		#PKG_CHECK_MODULES(OPENSSL, [openssl])
++		# However, if we're using something that uses libssl anyway,
++		# we should use libcrypto's MD5, not our own. So link libssl
++		# after all.
++		PKG_CHECK_MODULES(OPENSSL, [openssl])
 +		#if test "x$OPENSSL_LIBS" != x ; then
 +		#	# reset it, libcrypto is in OPENSSL_LIBS
 +		#	CRYPTO_LIBS=""
@@ -2825,14 +2821,14 @@ diff -urNad isc-dhcp.orig/configure.ac isc-dhcp/configure.ac
 +		])
 +	fi
 +fi
-+AC_SUBST(CRYPTO_LIBS)
 +AC_SUBST(LDAP_LIBS)
 +AC_SUBST(LDAP_CPPFLAGS)
 +AC_SUBST(OPENSSL_LIBS)
 +AC_SUBST(OPENSSL_CFLAGS)
- 
++
  # Solaris needs some libraries for functions
  AC_SEARCH_LIBS(socket, [socket])
+ AC_SEARCH_LIBS(inet_ntoa, [nsl])
 diff -urNad isc-dhcp.orig/server/ldap_casa.c isc-dhcp/server/ldap_casa.c
 --- isc-dhcp.orig/server/ldap_casa.c	2009-12-30 10:56:15.000000000 +0100
 +++ isc-dhcp/server/ldap_casa.c	2009-12-30 12:34:28.000000000 +0100
diff --git a/debian/patches/no-libcrypto.dpatch b/debian/patches/no-libcrypto.dpatch
new file mode 100755
index 0000000..1bc1fb8
--- /dev/null
+++ b/debian/patches/no-libcrypto.dpatch
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## no-libcrypto.dpatch by Simon McVittie <smcv at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' isc-dhcp-4.1.1-P1~/configure.ac isc-dhcp-4.1.1-P1/configure.ac
+--- isc-dhcp-4.1.1-P1~/configure.ac	2010-10-20 22:01:22.000000000 +0100
++++ isc-dhcp-4.1.1-P1/configure.ac	2010-10-20 22:06:38.046156633 +0100
+@@ -419,10 +419,6 @@
+ # Look for optional headers.
+ AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
+ 
+-# find an MD5 library
+-AC_SEARCH_LIBS(MD5_Init, [crypto])
+-AC_SEARCH_LIBS(MD5Init, [crypto])
+-
+ # Solaris needs some libraries for functions
+ AC_SEARCH_LIBS(socket, [socket])
+ AC_SEARCH_LIBS(inet_ntoa, [nsl])
-- 
1.7.2.3

More information about the pkg-dhcp-devel mailing list