tags 592361 + patch
thanks
On Mon, 09 Aug 2010 at 17:01:52 +0200, Kurt Roeckx wrote:
> On Mon, Aug 09, 2010 at 08:29:48AM -0600, Bruce Sass wrote:
> > /usr on my "unstable" box is an NFS import.
> >
> > When networking is being brought up /sbin/dhclient fails because it can't
> > find libcrypto.so.0.9.8--which lives under /usr/lib--consequently eth0
> > doesn't appear, none of the NFS imports get mounted and the system is left
> > without a /usr hierarchy.
>
> You'll probably also have this problem with libz.so.1
It seems that's only there because libcrypto requires it, so it can be fixed
at the same time.
> As far as I can see, it's trying to use MD5 functions. But those
> functions are already provided by the binary itself
I can confirm that with -lcrypto removed, it still seems to link fine, and
the client works (at least in simple cases).
It gets a little more involved for the LDAP'ified version of the server, which
indirectly links to OpenSSL already. I haven't tested that part.
A possible patch follows.
S
>From 2be4b780c6ddf8724860f237c7987e8b6c3f0a6c Mon Sep 17 00:00:00 2001
From: Simon McVittie <s...@debian.org>
Date: Wed, 20 Oct 2010 22:32:34 +0100
Subject: [PATCH] no libcrypto
---
debian/changelog | 10 ++++++++++
debian/patches/00list | 4 ++++
debian/patches/dhcp-4.1.0-ldap-code.dpatch | 26 +++++++++++---------------
debian/patches/no-libcrypto.dpatch | 21 +++++++++++++++++++++
4 files changed, 46 insertions(+), 15 deletions(-)
create mode 100755 debian/patches/no-libcrypto.dpatch
diff --git a/debian/changelog b/debian/changelog
index 36f8c84..8bc0331 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+isc-dhcp (4.1.1-P1-9.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * Don't link against -lcrypto in the normal build (Closes: #592361)
+ * Adjust the LDAP patch to link OpenSSL explicitly: OpenSSL isn't strictly
+ needed, but it causes us to link -lcrypto, which is needed because this
+ build omits the internal MD5 implementation
+
+ -- Simon McVittie <s...@debian.org> Wed, 20 Oct 2010 22:46:14 +0100
+
isc-dhcp (4.1.1-P1-9) unstable; urgency=high
* debian/control: really don't make the new packages conflict with the
diff --git a/debian/patches/00list b/debian/patches/00list
index 1c26643..6efcd93 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -4,6 +4,10 @@ dhclient-script-exit-status
fix_groff_warnings
# I think this has been independently emailed upstream
no_loopback_checksum
+
+# must be applied before the LDAP stuff
+no-libcrypto
+
#ldap backend for dhcp server (docs and code)
dhcp-4.1.0-ldap-docs
dhcp-4.1.0-ldap-code
diff --git a/debian/patches/dhcp-4.1.0-ldap-code.dpatch
b/debian/patches/dhcp-4.1.0-ldap-code.dpatch
index d3993a5..b230caf 100644
--- a/debian/patches/dhcp-4.1.0-ldap-code.dpatch
+++ b/debian/patches/dhcp-4.1.0-ldap-code.dpatch
@@ -2751,20 +2751,13 @@ diff -urNad isc-dhcp.orig/server/Makefile.am
isc-dhcp/server/Makefile.am
man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
EXTRA_DIST = $(man_MANS)
-diff -urNad isc-dhcp.orig/configure.ac isc-dhcp/configure.ac
---- isc-dhcp.orig/configure.ac 2009-12-30 10:56:15.000000000 +0100
-+++ isc-dhcp/configure.ac 2009-12-30 12:34:28.000000000 +0100
-@@ -389,8 +389,78 @@ AC_TRY_LINK(
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git'
'--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr'
isc-dhcp-4.1.1-P1~/configure.ac isc-dhcp-4.1.1-P1/configure.ac
+--- isc-dhcp-4.1.1-P1~/configure.ac 2010-10-20 22:14:33.694570303 +0100
++++ isc-dhcp-4.1.1-P1/configure.ac 2010-10-20 22:17:15.682086336 +0100
+@@ -419,6 +419,74 @@
+ # Look for optional headers.
AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
- # find an MD5 library
-+saved_LIBS="$LIBS"
-+LIBS=""
- AC_SEARCH_LIBS(MD5_Init, [crypto])
- AC_SEARCH_LIBS(MD5Init, [crypto])
-+CRYPTO_LIBS="$LIBS"
-+LIBS="$saved_LIBS"
-+
+AC_ARG_ENABLE(ldap-conf,
+ AS_HELP_STRING([--enable-ldap-conf],
+ [enable ldap configuration support (default is no)]))
@@ -2806,7 +2799,10 @@ diff -urNad isc-dhcp.orig/configure.ac
isc-dhcp/configure.ac
+ # should be possible to just link against libldap...
+ # All this at least in case of openldap-2.4.x.
+ #
-+ #PKG_CHECK_MODULES(OPENSSL, [openssl])
++ # However, if we're using something that uses libssl anyway,
++ # we should use libcrypto's MD5, not our own. So link libssl
++ # after all.
++ PKG_CHECK_MODULES(OPENSSL, [openssl])
+ #if test "x$OPENSSL_LIBS" != x ; then
+ # # reset it, libcrypto is in OPENSSL_LIBS
+ # CRYPTO_LIBS=""
@@ -2825,14 +2821,14 @@ diff -urNad isc-dhcp.orig/configure.ac
isc-dhcp/configure.ac
+ ])
+ fi
+fi
-+AC_SUBST(CRYPTO_LIBS)
+AC_SUBST(LDAP_LIBS)
+AC_SUBST(LDAP_CPPFLAGS)
+AC_SUBST(OPENSSL_LIBS)
+AC_SUBST(OPENSSL_CFLAGS)
-
++
# Solaris needs some libraries for functions
AC_SEARCH_LIBS(socket, [socket])
+ AC_SEARCH_LIBS(inet_ntoa, [nsl])
diff -urNad isc-dhcp.orig/server/ldap_casa.c isc-dhcp/server/ldap_casa.c
--- isc-dhcp.orig/server/ldap_casa.c 2009-12-30 10:56:15.000000000 +0100
+++ isc-dhcp/server/ldap_casa.c 2009-12-30 12:34:28.000000000 +0100
diff --git a/debian/patches/no-libcrypto.dpatch
b/debian/patches/no-libcrypto.dpatch
new file mode 100755
index 0000000..1bc1fb8
--- /dev/null
+++ b/debian/patches/no-libcrypto.dpatch
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## no-libcrypto.dpatch by Simon McVittie <s...@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+...@dpatch@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git'
'--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr'
isc-dhcp-4.1.1-P1~/configure.ac isc-dhcp-4.1.1-P1/configure.ac
+--- isc-dhcp-4.1.1-P1~/configure.ac 2010-10-20 22:01:22.000000000 +0100
++++ isc-dhcp-4.1.1-P1/configure.ac 2010-10-20 22:06:38.046156633 +0100
+@@ -419,10 +419,6 @@
+ # Look for optional headers.
+ AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
+
+-# find an MD5 library
+-AC_SEARCH_LIBS(MD5_Init, [crypto])
+-AC_SEARCH_LIBS(MD5Init, [crypto])
+-
+ # Solaris needs some libraries for functions
+ AC_SEARCH_LIBS(socket, [socket])
+ AC_SEARCH_LIBS(inet_ntoa, [nsl])
--
1.7.2.3
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
