Red Hat Bugzilla – Bug 973315
tnc client in wpa_supplicant does not dlopen with RTLD_GLOBAL
Last modified: 2016-10-19 06:48:35 EDT
Created attachment 759724 [details] Patch to fix IMC loading issue with wpa_supplicant's tnc client Description of problem: when loading plugins (such as IMCs) with wpa_supplicant's tnc client, it causes symbols errors, because tnc client does not dlopen *.so modules with RTLD_GLOBAL. Version-Release number of selected component (if applicable): wpa_supplicant-2.0-3.fc19 How reproducible: always Steps to Reproduce: 1. configure /etc/tnc_config with an IMC from strongswan 2. start wpa_supplicant 3. Observe the output and it shows that the IMC is not loaded correctly because some plugins failed to load. Actual results: IMC does not load properly. Expected results: IMC and it associated plugins should be loaded with out errors. Additional info:
Reflecting comments in bug 1007548, it seems the plugins that fail to load don't link to libstrongswan, and thus don't actually link to the symbols they require. I think if they get libstrongswan.la added to their LIBADD lines in the Makefiles this problem might be solved.
(In reply to Dan Williams from comment #1) > Reflecting comments in bug 1007548, it seems the plugins that fail to load > don't link to libstrongswan, and thus don't actually link to the symbols > they require. I think if they get libstrongswan.la added to their LIBADD > lines in the Makefiles this problem might be solved. Hi Dan, Thanks. I will look into it and test the changes. If the fix works, I will change the component to strongimcv. Thanks for your help.
(In reply to Dan Williams from comment #1) > Reflecting comments in bug 1007548, it seems the plugins that fail to load > don't link to libstrongswan, and thus don't actually link to the symbols > they require. I think if they get libstrongswan.la added to their LIBADD > lines in the Makefiles this problem might be solved. Hello Dan, I looked into the code in depth and this is not the correct way to fix it and here is the reason: libstrongswan "dlopens" all the plugins like libstrongswan-openssl, libstrongswan-nonce etc, so it is not right to link libstrongswan statically into the plugins. The flow is like this: wpa_supplicant "dlopens" imc-os.so (imc-os (or any other imc for that matter) is statically linked to libstrongswan), and then libstrongswan dlopens the other plugins. Since wpa_supplicanr does not dlopen imc-os with RTDL_GLOBAL, the symbols in libstrongswan are not visible to the plugins. So the only correct way to fix this is to have wpa_supplicant dlopen the imc-os (or any other IMC) with RTDL_GLOBAL. Hope it helps.
I have tested a patch with strongswan that addresses this issue so will change the component to strongswan.
Fixed in fedoa rawhide/ 20/19 in the version strongswan-5.1.1-2. so closing this.
I would prefer if you could leave strongswan bugs in MODIFIED state so I can handle the updates. This bug actually be fixed in f20/f19/f18/el6 with an update I'm just issuing.
strongswan-5.1.1-4.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/strongswan-5.1.1-4.fc18
strongswan-5.1.1-4.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/strongswan-5.1.1-4.fc19
strongswan-5.1.1-4.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/strongswan-5.1.1-4.fc20
strongswan-5.1.1-4.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/strongswan-5.1.1-4.el6
strongswan-5.1.1-4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
strongswan-5.1.1-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
strongswan-5.1.1-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Hi all, please look at a related upstream bug report and comment there. http://wiki.strongswan.org/issues/538 I would be happy if we improved the Fedora strongswan upstream/downstream relation and if important changes like that would rather go through upstream. The strongswan upstream is usually rather quick, so there's no need for forking the development in Fedora.
Avesh, could you please update the upstream bug report with requested information? Pavel
My intention is to remove the patches as soon as possible. But before doing so, I would like to make sure appropriate changes are made in the upstream project to keep the already acquired features working.
Please cooperate on upstreaming the strongswan patches. See https://bugzilla.redhat.com/show_bug.cgi?id=1087437
This message is a notice that Fedora 19 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 19. It is Fedora's policy to close all bug reports from releases that are no longer maintained. Approximately 4 (four) weeks from now this bug will be closed as EOL if it remains open with a Fedora 'version' of '19'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 19 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.