From nobody@FreeBSD.org  Sat Apr  3 04:29:00 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C556B106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  3 Apr 2010 04:29:00 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id B3E708FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  3 Apr 2010 04:29:00 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o334T0Fd073680
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 3 Apr 2010 04:29:00 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o334T0kD073679;
	Sat, 3 Apr 2010 04:29:00 GMT
	(envelope-from nobody)
Message-Id: <201004030429.o334T0kD073679@www.freebsd.org>
Date: Sat, 3 Apr 2010 04:29:00 GMT
From: Alexander Wittig <alexander@wittig.name>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Linking OpenLDAP ports with OpenSSL from ports
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         145337
>Category:       ports
>Synopsis:       net/openldap24-client: Linking OpenLDAP ports with OpenSSL from ports
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr 03 04:30:07 UTC 2010
>Closed-Date:    Wed Jun 30 07:21:44 UTC 2010
>Last-Modified:  Wed Jun 30 07:30:07 UTC 2010
>Originator:     Alexander Wittig
>Release:        8 stable
>Organization:
>Environment:
FreeBSD hotzenplotz.wittig.name 8.0-STABLE FreeBSD 8.0-STABLE #1: Wed Mar 31 03:25:54 CEST 2010     root@hotzenplotz.wittig.name:/usr/obj/usr/src/sys/ALEX  amd64

>Description:
When building openldap (at least openldap24-*) configure will find the
system's libfetch /usr/lib and link against it. However, if FBSD built
with default world options, libfetch is linked dynamically against the
base system openssl library.

At the same time, openldap will try to link against the ports version of
openssl if installed. This leads to library mismatch version warnings
during the build, and also makes all other ports using openldap have the
same problem of linking to two different versions of the same library.
For example apache22 built with LDAP and SSL support also uses the base
version of openssl instead of the ports version.

Since OpenLDAP either directly or indirectly is a common dependency,
this problem effectively prohibits the use of the much more up to date
port version of OpenSSL to be used if OpenLDAP is present in numerous ports.
>How-To-Repeat:
1) Install security/openssl
2) Install net/openldap24-client
   Note the warnings emitted during linking
3) Install e.g. www/apache22 and observe the version of OpenSSL reported
   in the server signature. It will be the base system version, not the
   port version.

>Fix:
Add the configure switch "--without-fetch" in the openldap builds. This
will disable linking to libfetch and thus eliminate the dependency on the
base system openssl.

I do not know if this disables any particular features of openldap, but
it works for me. It explicitly does not disable OpenLDAP's TLS ability,
as OpenLDAP itself links to the OpenSSL library provided by the
security/openssl port.

Maybe this can be made into an option for the openldap port?
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->delphij 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Apr 4 03:47:24 UTC 2010 
Responsible-Changed-Why:  
Fix synopsis and assign. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145337 
State-Changed-From-To: open->feedback 
State-Changed-By: delphij 
State-Changed-When: Tue Jun 29 23:47:45 UTC 2010 
State-Changed-Why:  
Dear submitter, 

I have checked the installed OpenLDAP libraries but have not found 
linkage to libfetch.so from these libraries. 

Could you please confirm whether this is still a problem with latest 
OpenLDAP port? 

Cheers, 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145337 

From: Alexander Wittig <alexander@wittig.name>
To: bug-followup@FreeBSD.org
Cc: delphij@FreeBSD.org
Subject: Re: ports/145337: net/openldap24-client: Linking OpenLDAP ports with
 OpenSSL from ports
Date: Wed, 30 Jun 2010 10:15:36 +0400

   Hello
 
 This still happens with the latest openldap-server 2.4.22. It happens 
 for both the server and the client on my system.
 
 Here is the output from configure finding the system fetch library in 
 the -server build:
 
 [...]
 checking for ICU libraries... no
 configure: WARNING: ICU not available
 configure: WARNING: SASL authentication not supported!
 checking fetch(3) library... yes
 checking for crypt... no
 checking for crypt in -lcrypt... yes
 [...]
 
 And here (some of) the linker warnings during building:
 
 [...]
 /usr/bin/ld: warning: libssl.so.6, needed by /usr/lib/libfetch.so, may 
 conflict with libssl.so.7
 libtool: link: cc -O2 -pipe -DLDAP_DEPRECATED -fno-strict-aliasing 
 -rpath=/usr/local/lib -o .libs/apitest apitest.o  -L/usr/local/lib 
 ./.libs/libldap.so 
 /usr/ports/net/openldap24-server/work/openldap-2.4.22/libraries/liblber/.libs/liblber.so 
 ../../libraries/liblber/.libs/liblber.so 
 ../../libraries/liblutil/liblutil.a -lssl -lcrypto -lfetch -lcom_err 
 -lcrypt -Wl,-rpath -Wl,/usr/local/lib
 /usr/bin/ld: warning: libcrypto.so.6, needed by /usr/lib/libfetch.so, 
 may conflict with libcrypto.so.7
 /usr/bin/ld: warning: libssl.so.6, needed by /usr/lib/libfetch.so, may 
 conflict with libssl.so.7
 /usr/bin/ld: warning: libcrypto.so.6, needed by /usr/lib/libfetch.so, 
 may conflict with libcrypto.so.7
 [...]
 
 In case it matters, this is done with an empty make.conf and 
 WITH_BDB_VER=48 set. The selected options for the port are:
 BDB
 CONSTRAINT
 DEREF
 DYNGROUP
 DYNLIST
 LASTMOD
 REFINT
 SEQMOD
 SYNCPROV
 UNIQUE
 VALSORT
 DYNAMIC_BACKENDS
 
 If you need a full build log, let me know and I can provide the 
 necessary files to you.
 
 Alexander

From: Alexander Wittig <alexander@wittig.name>
To: bug-followup@FreeBSD.org
Cc: delphij@FreeBSD.org
Subject: Re: ports/145337: net/openldap24-client: Linking OpenLDAP ports with
 OpenSSL from ports
Date: Wed, 30 Jun 2010 10:25:27 +0400

   Here is some additional information, showing how the client build 
 creates binaries that are linked to libfetch and thus linking to two 
 different versions of libcrypto:
 
 [/usr/ports/net/openldap24-client/work/openldap-2.4.22/clients/tools/.libs]ldd 
 ldapwhoami
 ldapwhoami:
      libldap-2.4.so.7 => /usr/local/lib/libldap-2.4.so.7 (0x800651000)
      liblber-2.4.so.7 => /usr/local/lib/liblber-2.4.so.7 (0x800790000)
      libssl.so.7 => /usr/local/lib/libssl.so.7 (0x80089d000)
      libcrypto.so.7 => /usr/local/lib/libcrypto.so.7 (0x8009f4000)
      libfetch.so.6 => /usr/lib/libfetch.so.6 (0x800c86000)
      libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x800d95000)
      libc.so.7 => /lib/libc.so.7 (0x800e97000)
      libssl.so.6 => /usr/lib/libssl.so.6 (0x8010d3000)
      libcrypto.so.6 => /lib/libcrypto.so.6 (0x801225000)
      libmd.so.5 => /lib/libmd.so.5 (0x8014c1000)
 
State-Changed-From-To: feedback->closed 
State-Changed-By: delphij 
State-Changed-When: Wed Jun 30 07:21:15 UTC 2010 
State-Changed-Why:  
Fixed with  ports/net/openldap24-server/Makefile,v 1.180. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145337 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/145337: commit references a PR
Date: Wed, 30 Jun 2010 07:20:48 +0000 (UTC)

 delphij     2010-06-30 07:20:39 UTC
 
   FreeBSD ports repository
 
   Modified files:
     net/openldap24-server Makefile 
   Log:
    - SASL is not default since 2007 so remove an unneeded test about WITHOUT_SASL
      which causes confusion that defining WITHOUT_SASL as building
      openldap24-sasl-client would get you openldap24-client.
    - Add an option to build without fetch(3) library, which in turn depends on
      base OpenSSL. [1]
    - Promote SASL and FETCH options to be on both client and library ports.
    - Both SASL and FETCH remains their defaults (no and yes) so no PORTREVISION
      bump.
   
   PR:             ports/145337 [1]
   Feature safe:   yes
   
   Revision  Changes    Path
   1.180     +12 -6     ports/net/openldap24-server/Makefile
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
