Bug 973315 - tnc client in wpa_supplicant does not dlopen with RTLD_GLOBAL
Summary: tnc client in wpa_supplicant does not dlopen with RTLD_GLOBAL
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: strongswan
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Avesh Agarwal
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1087437
Blocks: 1007548
TreeView+ depends on / blocked
 
Reported: 2013-06-11 16:33 UTC by Avesh Agarwal
Modified: 2016-10-19 10:48 UTC (History)
5 users (show)

Fixed In Version: str
Clone Of:
: 1007548 (view as bug list)
Environment:
Last Closed: 2015-02-18 13:56:07 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Patch to fix IMC loading issue with wpa_supplicant's tnc client (575 bytes, patch)
2013-06-11 16:33 UTC, Avesh Agarwal
no flags Details | Diff

Description Avesh Agarwal 2013-06-11 16:33:02 UTC
Created attachment 759724 [details]
Patch to fix IMC loading issue with wpa_supplicant's tnc client

Description of problem:
when loading plugins (such as IMCs) with wpa_supplicant's tnc client, it causes symbols errors, because tnc client does not dlopen *.so modules with RTLD_GLOBAL.  

Version-Release number of selected component (if applicable):
wpa_supplicant-2.0-3.fc19

How reproducible:
always 

Steps to Reproduce:
1. configure /etc/tnc_config with an IMC from strongswan
2. start wpa_supplicant
3. Observe the output and it shows that the IMC is not loaded correctly because some plugins failed to load.

Actual results:
IMC does not load properly.

Expected results:
IMC and it associated plugins should be loaded with out errors.

Additional info:

Comment 1 Dan Williams 2013-11-05 19:22:21 UTC
Reflecting comments in bug 1007548, it seems the plugins that fail to load don't link to libstrongswan, and thus don't actually link to the symbols they require.  I think if they get libstrongswan.la added to their LIBADD lines in the Makefiles this problem might be solved.

Comment 2 Avesh Agarwal 2013-11-05 19:24:06 UTC
(In reply to Dan Williams from comment #1)
> Reflecting comments in bug 1007548, it seems the plugins that fail to load
> don't link to libstrongswan, and thus don't actually link to the symbols
> they require.  I think if they get libstrongswan.la added to their LIBADD
> lines in the Makefiles this problem might be solved.

Hi Dan,

Thanks. I will look into it and test the changes. If the fix works, I will change the component to strongimcv. Thanks for your help.

Comment 3 Avesh Agarwal 2013-11-06 20:17:55 UTC
(In reply to Dan Williams from comment #1)
> Reflecting comments in bug 1007548, it seems the plugins that fail to load
> don't link to libstrongswan, and thus don't actually link to the symbols
> they require.  I think if they get libstrongswan.la added to their LIBADD
> lines in the Makefiles this problem might be solved.

Hello Dan,

I looked into the code in depth and this is not the correct way to fix it and here is the reason: libstrongswan "dlopens" all the plugins like libstrongswan-openssl, libstrongswan-nonce etc, so it is not right to link libstrongswan statically into the plugins.

The flow is like this:

wpa_supplicant "dlopens"  imc-os.so (imc-os (or any other imc for that matter) is statically linked to libstrongswan), and then libstrongswan dlopens the other plugins. 

Since wpa_supplicanr does not dlopen imc-os with RTDL_GLOBAL, the symbols in libstrongswan are not visible to the plugins. 

So the only correct way to fix this is to have wpa_supplicant dlopen the imc-os (or any other IMC) with RTDL_GLOBAL.

Hope it helps.

Comment 4 Avesh Agarwal 2013-12-02 18:36:52 UTC
I have tested a patch with strongswan that addresses this issue so will change the component to strongswan.

Comment 5 Avesh Agarwal 2013-12-02 21:44:59 UTC
Fixed in fedoa rawhide/ 20/19 in the version  strongswan-5.1.1-2. so closing this.

Comment 6 Pavel Šimerda (pavlix) 2014-01-09 10:37:41 UTC
I would prefer if you could leave strongswan bugs in MODIFIED state so I can handle the updates. This bug actually be fixed in f20/f19/f18/el6 with an update I'm just issuing.

Comment 7 Fedora Update System 2014-01-09 10:39:49 UTC
strongswan-5.1.1-4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/strongswan-5.1.1-4.fc18

Comment 8 Fedora Update System 2014-01-09 10:48:48 UTC
strongswan-5.1.1-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/strongswan-5.1.1-4.fc19

Comment 9 Fedora Update System 2014-01-09 10:50:31 UTC
strongswan-5.1.1-4.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/strongswan-5.1.1-4.fc20

Comment 10 Fedora Update System 2014-01-09 10:54:50 UTC
strongswan-5.1.1-4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/strongswan-5.1.1-4.el6

Comment 11 Fedora Update System 2014-01-25 02:25:47 UTC
strongswan-5.1.1-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2014-01-25 02:26:47 UTC
strongswan-5.1.1-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2014-01-25 05:09:08 UTC
strongswan-5.1.1-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Pavel Šimerda (pavlix) 2014-03-04 07:49:08 UTC
Hi all,

please look at a related upstream bug report and comment there.

http://wiki.strongswan.org/issues/538

I would be happy if we improved the Fedora strongswan upstream/downstream relation and if important changes like that would rather go through upstream. The strongswan upstream is usually rather quick, so there's no need for forking the development in Fedora.

Comment 15 Pavel Šimerda (pavlix) 2014-03-14 22:09:49 UTC
Avesh,

could you please update the upstream bug report with requested information?

Pavel

Comment 16 Pavel Šimerda (pavlix) 2014-03-14 22:29:45 UTC
My intention is to remove the patches as soon as possible. But before doing so, I would like to make sure appropriate changes are made in the upstream project to keep the already acquired features working.

Comment 17 Pavel Šimerda (pavlix) 2014-04-14 10:33:32 UTC
Please cooperate on upstreaming the strongswan patches.

See https://bugzilla.redhat.com/show_bug.cgi?id=1087437

Comment 18 Fedora End Of Life 2015-01-09 22:09:03 UTC
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 19 Fedora End Of Life 2015-02-18 13:56:07 UTC
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.