[Pkg-dns-devel] Bug#848339: missing fake_dsa symbol makes reverse dependencies FTBFS

Helmut Grohne helmut at subdivi.de
Sun Dec 18 05:40:37 UTC 2016 

Control: tags -1 + patch

On Sat, Dec 17, 2016 at 08:15:44AM +0100, Helmut Grohne wrote:
> This bug makes gnutls28 fail to build from source (it detects unbound as
> missing and fails installing its dane components). Raising severity to
> prevent testing migration and warn others.

It turns out that the fake_dsa symbol (whose name is too generic to be
used in a shared library imo) is only defined when HAVE_SSL is defined
(because it works around limitations in openssl >= 1.1). The only
remaining place that uses it unconditionally is the configuration
parser. Thus fixing that one, fixes the problem. Please consider
applying the attached patch. I'd appreciate a timely solution as this
bug breaks architecture bootstrap qa.

Helmut
-------------- next part --------------
diff --minimal -Nru unbound-1.6.0/debian/changelog unbound-1.6.0/debian/changelog
--- unbound-1.6.0/debian/changelog	2016-12-15 21:26:15.000000000 +0100
+++ unbound-1.6.0/debian/changelog	2016-12-18 06:27:37.000000000 +0100
@@ -1,3 +1,10 @@
+unbound (1.6.0-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS: only use fake_dsa when HAVE_SSL is defined (Closes: #848339)
+
+ -- Helmut Grohne <helmut at subdivi.de>  Sun, 18 Dec 2016 06:27:37 +0100
+
 unbound (1.6.0-1) unstable; urgency=medium
 
   [ Robert Edmonds ]
diff --minimal -Nru unbound-1.6.0/debian/patches/debian-changes unbound-1.6.0/debian/patches/debian-changes
--- unbound-1.6.0/debian/patches/debian-changes	2016-12-15 21:26:15.000000000 +0100
+++ unbound-1.6.0/debian/patches/debian-changes	2016-12-18 06:27:37.000000000 +0100
@@ -85,3 +85,25 @@
  	cfg->control_ifs = NULL;
  	cfg->control_port = UNBOUND_CONTROL_PORT;
  	cfg->remote_control_use_cert = 1;
+--- unbound-1.6.0.orig/util/configparser.y
++++ unbound-1.6.0/util/configparser.y
+@@ -1201,9 +1201,16 @@ server_fake_dsa: VAR_FAKE_DSA STRING_ARG
+ 		OUTYY(("P(server_fake_dsa:%s)\n", $2));
+ 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ 			yyerror("expected yes or no.");
+-		else fake_dsa = (strcmp($2, "yes")==0);
+-		if(fake_dsa)
+-			log_warn("test option fake_dsa is enabled");
++		else {
++			int fake_dsa_val = strcmp($2, "yes")==0;
++			if(fake_dsa_val)
++#ifdef HAVE_SSL
++				log_warn("test option fake_dsa is enabled");
++			fake_dsa = fake_dsa_val;
++#else
++				log_warn("test option fake_dsa is ignored");
++#endif
++		}
+ 		free($2);
+ 	}
+ 	;

More information about the pkg-dns-devel mailing list