[pkg-dhcp-devel] Bug#592361: Bug#592361: libcrypto.so.0.9.8 accessed before /usr is mounted

Simon McVittie smcv at debian.org
Thu Oct 21 18:08:08 UTC 2010

On Fri, 22 Oct 2010 at 03:16:59 +1000, Andrew Pollock wrote:
> ../configure: line 5723: syntax error near unexpected token `OPENSSL,'
> ../configure: line 5723: `		PKG_CHECK_MODULES(OPENSSL, openssl)'
> make: *** [patched-ldap/build-stamp] Error 2
> on the face of it, it looks like your patch uncomments
> PKG_CHECK_MODULES(OPENSSL, [openssl]), which was previously commented out in
> the LDAP patch. This seems to be what's angering the build.

Oh, sorry, I've only tried it in an unclean build environment (I'd have used
sbuild if I NMU'd it, but I didn't want to NMU without knowing how to test
the LDAP-patched version). You'll need to build-depend on pkg-config (and
re-run autoconf, but you already do that) for that line to work.

Because the call to PKG_CHECK_MODULES is conditional, that code is actually
wrong (although it's harmless because it's the only pkg-config call);
strictly speaking you ought to add PKG_PROG_PKG_CONFIG earlier in configure.ac,
in a location where it'll always be executed.

Alternatively, you could probably just re-add the -lcrypto check at that
location, and put it in CRYPTO_LIBS; that'd probably be sufficient too.

> I spent a considerable amount of time this evening tweaking patches, until I
> got to the point where I essentially had your patches, but with the above
> line still commented out. The build still failed. It looked like it couldn't
> find the symbols that had previously been found in libcrypto.

Yes, that's why I uncommented that line. The story is:

* the unpatched source tree thinks it needs -lcrypto for MD5, but it also
  contains a copypaste of openssl's MD5 implementation (in dst/), so the
  one in -lcrypto is never actually used (symbols in the executable "win"
  when linking)

* the patched LDAP tree indirectly links -lssl and -lcrypto, as an
  implementation detail of libldap

* using the MD5 implementation in -lcrypto when called via libldap, or the
  one in the executable otherwise, seems like badness, so the LDAP patchset
  builds a version of the "dst" library that lacks MD5 support

* ... but then you need to link against -lcrypto explicitly, or you'll fail
  to find an MD5 implementation

* I uncommented the check for OPENSSL instead of adding one for libcrypto,
  because I couldn't be bothered to devise one for libcrypto (it was getting
  late at night), and they're both in the libssl0.9.8 Debian package anyway

> I have a largish upload pending in the Git repository for this package, I
> just want to address this RC bug in that upload. You can see it at
> http://git.debian.org/?p=pkg-dhcp/isc-dhcp.git;a=summary if you want to try
> any additional patches.

A git repository! I could have done with that (I imported it into git
locally to hack on, in fact). Please add the Vcs-Git and Vcs-Browser fields
to your source package, so any future bug-squashers get a nice hyperlink on
packages.qa.debian.org, and can use debcheckout(1) :-)


More information about the pkg-dhcp-devel mailing list