Bug 135961

Summary: libcrypto.so unnecessarily links to krb5 libs
Product: [Fedora] Fedora Reporter: Alexander Boström <abo>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideKeywords: EasyFix, Patch
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: openssl-0.9.7e-3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-02 01:17:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fixed replacement for openssl-0.9.7a-krb5.patch none

Description Alexander Boström 2004-10-15 21:59:30 UTC
Description of problem:

/lib/libcrypto.so.0.9.7a links to libkrb5 and libgssapi_krb5. I think
this might be unnecessary and believe that it could cause problem if
libcrypto is used by another Kerberos implementation such as Heimdal.


Version-Release number of selected component (if applicable):

openssl-0.9.7a-40


Expected results:

libcrypto.so in upstream openssl-0.9.7 also linked to the krb5 libs,
but in 0.9.7a and onward only libssl.so do so. I suppose it would be
alright for the FC openssl to do the same.


Additional info:

It looks like "${SHLIBDIRS%%*ssl*}" in openssl-0.9.7a-krb5.patch
always evaulates to the empty string. If I comment out that patch in
the spec file and rebuild, ldd output for libcrypto and libssl are the
same as with a manually built openssl without any patches.

The corresponding OpenSSL Request Tracker issue:
http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=418 (login as
guest/guest)

Comment 1 Alexander Boström 2004-10-15 22:50:50 UTC
> "${SHLIBDIRS%%*ssl*}" [...] always evaulates to the empty string

...because it's evaluated in make, not in the shell.


Comment 2 Alexander Boström 2004-11-05 22:55:20 UTC
But using proper escaping in the patch (an extra $ before
${SHLIBDIRS%%*ssl*}) doesn't fix the problem, because SHLIBDIRS is
"crypto ssl" the third time the patched code is run, and that seems to
be the time that matters.

So I propose the following patch, to replace openssl-0.9.7a-krb5.patch.


Comment 3 Alexander Boström 2004-11-05 22:56:44 UTC
Created attachment 106242 [details]
Fixed replacement for openssl-0.9.7a-krb5.patch

Comment 4 Tomas Mraz 2005-03-02 01:17:08 UTC
Slightly modified patch applied to rawhide.