ports/184041: [patch] krb5 from ports can cause build errors in ftp/curl

John Hein jhein at symmetricom.com
Sun Nov 17 22:40:02 UTC 2013 

>Number:         184041
>Category:       ports
>Synopsis:       [patch] krb5 from ports can cause build errors in ftp/curl
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 17 22:40:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     John Hein
>Release:        FreeBSD 8-stable and later
>Organization:
>Environment:

>Description:

As of ftp/curl 7.33.0_1 ...
If security/krb5 is installed and ftp/curl has the GSSAPI option turned
on (it is by default) along with some other option (CARES, LDAP, OPENSSL)
that might add -L${LOCALBASE}/lib to LDFLAGS, then there are build
errors (first noticed at configure time).

These errors arise due to the /usr/bin/krb5-config --libs spelling out a
list of libs in base and -L/usr/local/lib causing curl to link with
/usr/local/lib/libkrb5.so

For instance, see this excerpt from config.log:

configure:26448: gcc -o conftest -O2 -Wno-system-headers  -I/usr/include  -I/usr/local/include  -L/usr/local/lib conftest.c -lssh2 -L/usr/lib -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lroken -lcrypt -lz  >&5
/usr/lib/libhx509.so: undefined reference to `com_right'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_write'
/usr/lib/libheimntlm.so: undefined reference to `krb5_data_free'
/usr/lib/libheimntlm.so: undefined reference to `krb5_ret_uint32'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_set_byteorder'
/usr/lib/libheimntlm.so: undefined reference to `krb5_ret_uint16'
/usr/lib/libhx509.so: undefined reference to `init_error_table'
/usr/lib/libheimntlm.so: undefined reference to `krb5_store_uint32'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_set_flags'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_seek'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_free'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_read'
/usr/lib/libhx509.so: undefined reference to `initialize_error_table_r'
/usr/lib/libheimntlm.so: undefined reference to `krb5_store_int16'
/usr/lib/libhx509.so: undefined reference to `free_error_table'
/usr/lib/libheimntlm.so: undefined reference to `krb5_store_uint16'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_to_data'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_emem'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_from_readonly_mem'

krb5_storage_write, et. al., are referenced in /usr/lib/libheimntlm.so
(part of the heimdal krb from base), but the -L/usr/local/lib pulls
in the /usr/local/lib/libkrb5.so which doesn't define those symbols
like /usr/lib/libkrb5.so does.

>How-To-Repeat:

install security/krb5
build ftp/curl with GSSAPI & LDAP & CARES turned on

>Fix:

The patch in files/patch-m4-curl-confopts.m4 is not strictly necessary
since ftp/curl doesn't currently generate the configure script
with autotools.  So this can be omitted (but possibly fed upstream).

Index: Makefile
===================================================================
--- Makefile	(revision 333855)
+++ Makefile	(working copy)
@@ -14,14 +14,15 @@
 
 LICENSE=	MIT
 
-OPTIONS_DEFINE=	CA_BUNDLE COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES GSSAPI IDN IPV6 LDAP LDAPS LIBSSH2 NTLM PROXY RTMP SPNEGO TLS_SRP
+OPTIONS_DEFINE=	CA_BUNDLE COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES GSSAPI GSSAPI_BASE IDN IPV6 LDAP LDAPS LIBSSH2 NTLM PROXY RTMP SPNEGO TLS_SRP
 OPTIONS_RADIO=	RESOLV SSL
 OPTIONS_RADIO_RESOLV=	CARES THREADED_RESOLVER
 OPTIONS_RADIO_SSL=	CYASSL GNUTLS NSS OPENSSL POLARSSL
-OPTIONS_DEFAULT=CA_BUNDLE COOKIES GSSAPI IPV6 OPENSSL PROXY RESOLV THREADED_RESOLVER SSL TLS_SRP
+OPTIONS_DEFAULT=CA_BUNDLE COOKIES GSSAPI_BASE GSSAPI IPV6 OPENSSL PROXY RESOLV THREADED_RESOLVER SSL TLS_SRP
 CA_BUNDLE_DESC=	Install CA bundle for OpenSSL
 COOKIES_DESC=	Cookies support
 CURL_DEBUG_DESC=cURL debug memory tracking
+GSSAPI_BASE_DESC=Use GSSAPI implementation from base system
 LIBSSH2_DESC=	SCP/SFTP support via libssh2
 RESOLV_DESC=	DNS resolving options
 SPNEGO_DESC=	SPNEGO (RFC 4178) support
@@ -69,8 +70,7 @@
 GNUTLS_CONFIGURE_ON=	--with-gnutls=${LOCALBASE}
 GNUTLS_LIB_DEPENDS=	libgnutls.so:${PORTSDIR}/security/gnutls
 GSSAPI_CONFIGURE_OFF=	--without-gssapi
-GSSAPI_CONFIGURE_ON=	--with-gssapi=/usr
-GSSAPI_CPPFLAGS=	-I${INCLUDEDIR}/gssapi
+GSSAPI_CONFIGURE_ON=	--with-gssapi=${GSSAPI_ROOT}
 IDN_CONFIGURE_OFF=	--without-libidn
 IDN_CONFIGURE_ON=	--with-libidn=${LOCALBASE}
 IDN_LIB_DEPENDS=	libidn.so:${PORTSDIR}/dns/libidn
@@ -116,6 +116,21 @@
 
 .include <bsd.port.options.mk>
 
+# If libkrb5 has been installed by ports, point to that gssapi implementation.
+# Otherwise krb5-config from base might get used by configure and an
+# incompatible mix of libs might be used at link time.
+.if ${PORT_OPTIONS:MGSSAPI}
+.if ${PORT_OPTIONS:MGSSAPI_BASE}
+GSSAPI_ROOT=	/usr
+# If using krb from /base, try to make sure we link to libs in /usr/lib
+# before any krb installed in ports
+LDFLAGS=	-L/usr/lib
+.else
+GSSAPI_ROOT=	${LOCALBASE}
+LIB_DEPENDS+=	libkrb5.so:${PORTSDIR}/security/krb5
+.endif
+.endif
+
 .if ${PORT_OPTIONS:MCA_BUNDLE} && !${PORT_OPTIONS:MOPENSSL}
 IGNORE=		only supports CA bundle with OpenSSL
 .endif
Index: files/patch-configure
===================================================================
--- files/patch-configure	(revision 333855)
+++ files/patch-configure	(working copy)
@@ -120,6 +120,17 @@
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
  /* end confdefs.h.  */
  
+@@ -38555,8 +38565,8 @@
+       fi
+     fi
+     #
+-    CPPFLAGS="$ares_CPPFLAGS $clean_CPPFLAGS"
+-    LDFLAGS="$ares_LDFLAGS $clean_LDFLAGS"
++    CPPFLAGS=" $clean_CPPFLAGS $ares_CPPFLAGS"
++    LDFLAGS=" $clean_LDFLAGS $ares_LDFLAGS"
+     LIBS="$ares_LIBS $clean_LIBS"
+     #
+     if test "$embedded_ares" != "yes"; then
 @@ -39180,9 +39190,10 @@
        -I*)
          xc_bad_var_ldflags=yes
Index: files/patch-m4-curl-confopts.m4
===================================================================
--- files/patch-m4-curl-confopts.m4	(revision 0)
+++ files/patch-m4-curl-confopts.m4	(working copy)
@@ -0,0 +1,16 @@
+Currently the port doesn't use autotools to generate the configure
+script, but maybe this could be fed upstream.
+
+--- m4/curl-confopts.m4.orig	2013-09-08 16:11:15.000000000 -0600
++++ m4/curl-confopts.m4	2013-11-17 14:35:35.000000000 -0700
+@@ -484,8 +484,8 @@
+       fi
+     fi
+     #
+-    CPPFLAGS="$ares_CPPFLAGS $clean_CPPFLAGS"
+-    LDFLAGS="$ares_LDFLAGS $clean_LDFLAGS"
++    CPPFLAGS="$clean_CPPFLAGS $ares_CPPFLAGS"
++    LDFLAGS="$clean_LDFLAGS $ares_LDFLAGS"
+     LIBS="$ares_LIBS $clean_LIBS"
+     #
+     if test "$embedded_ares" != "yes"; then
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list