Thread: [patch] Please drop the dangerous libssl and libcrypto deps
Dear friends, Loic Minier(CCed) provided a patch to prevent pgadmin3 1.2.2 from being linked to a different libssl version than libpq when dynamically built with an already ssl enabled libpq. The full bug report and original patch by Loic can be found at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341117 Attached is an svn diff for 1.4.1 release that I'm using for the package I'm about to upload to Debian (patch_libpqssl_1.4.1). You'll also find a fully untested patch for trunk (patch_libpqssl_current). Please recheck and apply if eveything's ok with them. Cheers, Raph Index: acinclude.m4 =================================================================== --- acinclude.m4 (revision 4858) +++ acinclude.m4 (working copy) @@ -227,7 +227,10 @@ else if test "$pgsql_ssl_libpq" = "yes" then - LIBS="$LIBS -lssl -lcrypto -lpq" + # no idea why -lssl and -lcrypto were included here, as this + # support is provided via libpq + #LIBS="$LIBS -lssl -lcrypto -lpq + LIBS="$LIBS -lpq" else LIBS="$LIBS -lcrypto -lpq" fi Index: acinclude.m4 =================================================================== --- acinclude.m4 (revision 4858) +++ acinclude.m4 (working copy) @@ -233,7 +233,7 @@ else if test "$PG_SSL" = "yes" then - LIBS="$LIBS -L${PG_LIB} -lssl -lcrypto -lpq" + LIBS="$LIBS -L${PG_LIB} -lpq" else LIBS="$LIBS -L${PG_LIB} -lcrypto -lpq" fi
Raphaël Enrici wrote: > Dear friends, > > Loic Minier(CCed) provided a patch to prevent pgadmin3 1.2.2 from being > linked to a different libssl version than libpq when dynamically built > with an already ssl enabled libpq. The full bug report and original > patch by Loic can be found at > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341117 > > Attached is an svn diff for 1.4.1 release that I'm using for the package > I'm about to upload to Debian (patch_libpqssl_1.4.1). > You'll also find a fully untested patch for trunk (patch_libpqssl_current). > > Please recheck and apply if eveything's ok with them. > > Cheers, > Raph > > > ------------------------------------------------------------------------ > > Index: acinclude.m4 > =================================================================== > --- acinclude.m4 (revision 4858) > +++ acinclude.m4 (working copy) > @@ -227,7 +227,10 @@ > else > if test "$pgsql_ssl_libpq" = "yes" > then > - LIBS="$LIBS -lssl -lcrypto -lpq" > + # no idea why -lssl and -lcrypto were included here, as this > + # support is provided via libpq > + #LIBS="$LIBS -lssl -lcrypto -lpq > + LIBS="$LIBS -lpq" > else > LIBS="$LIBS -lcrypto -lpq" > fi We probably need this with static linking? Regards, Andreas
Andreas Pflug wrote: > Raphaël Enrici wrote: > >>Dear friends, >> >>Loic Minier(CCed) provided a patch to prevent pgadmin3 1.2.2 from being >>linked to a different libssl version than libpq when dynamically built >>with an already ssl enabled libpq. The full bug report and original >>patch by Loic can be found at >>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341117 >> >>Attached is an svn diff for 1.4.1 release that I'm using for the package >>I'm about to upload to Debian (patch_libpqssl_1.4.1). >>You'll also find a fully untested patch for trunk (patch_libpqssl_current). >> >>Please recheck and apply if eveything's ok with them. >> >>Cheers, >>Raph >> >> >>------------------------------------------------------------------------ >> >>Index: acinclude.m4 >>=================================================================== >>--- acinclude.m4 (revision 4858) >>+++ acinclude.m4 (working copy) >>@@ -227,7 +227,10 @@ >> else >> if test "$pgsql_ssl_libpq" = "yes" >> then >>- LIBS="$LIBS -lssl -lcrypto -lpq" >>+ # no idea why -lssl and -lcrypto were included here, as this >>+ # support is provided via libpq >>+ #LIBS="$LIBS -lssl -lcrypto -lpq >>+ LIBS="$LIBS -lpq" >> else >> LIBS="$LIBS -lcrypto -lpq" >> fi > > > We probably need this with static linking? I think so, that's why the static part was not changed in the patch. Cheers, Raphaël
Raphaël Enrici wrote: > Andreas Pflug wrote: > >>Raphaël Enrici wrote: >> >> >>>Dear friends, >>> >>>Loic Minier(CCed) provided a patch to prevent pgadmin3 1.2.2 from being >>>linked to a different libssl version than libpq when dynamically built >>>with an already ssl enabled libpq. The full bug report and original >>>patch by Loic can be found at >>>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341117 >>> >>>Attached is an svn diff for 1.4.1 release that I'm using for the package >>>I'm about to upload to Debian (patch_libpqssl_1.4.1). >>>You'll also find a fully untested patch for trunk (patch_libpqssl_current). >>> >>>Please recheck and apply if eveything's ok with them. >>> >>>Cheers, >>>Raph >>> >>> >>>------------------------------------------------------------------------ >>> >>>Index: acinclude.m4 >>>=================================================================== >>>--- acinclude.m4 (revision 4858) >>>+++ acinclude.m4 (working copy) >>>@@ -227,7 +227,10 @@ >>> else >>> if test "$pgsql_ssl_libpq" = "yes" >>> then >>>- LIBS="$LIBS -lssl -lcrypto -lpq" >>>+ # no idea why -lssl and -lcrypto were included here, as this >>>+ # support is provided via libpq >>>+ #LIBS="$LIBS -lssl -lcrypto -lpq >>>+ LIBS="$LIBS -lpq" >>> else >>> LIBS="$LIBS -lcrypto -lpq" >>> fi >> >> >>We probably need this with static linking? > > > I think so, that's why the static part was not changed in the patch. mmmh sorry, replied too fast... I need to recheck. Cheers, Raph
Raphaël Enrici wrote: > Raphaël Enrici wrote: > >>Andreas Pflug wrote: >> >> >>>Raphaël Enrici wrote: >>> >>> >>> >>>>Dear friends, >>>> >>>>Loic Minier(CCed) provided a patch to prevent pgadmin3 1.2.2 from being >>>>linked to a different libssl version than libpq when dynamically built >>>>with an already ssl enabled libpq. The full bug report and original >>>>patch by Loic can be found at >>>>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341117 >>>> >>>>Attached is an svn diff for 1.4.1 release that I'm using for the package >>>>I'm about to upload to Debian (patch_libpqssl_1.4.1). >>>>You'll also find a fully untested patch for trunk (patch_libpqssl_current). >>>> >>>>Please recheck and apply if eveything's ok with them. >>>> >>>>Cheers, >>>>Raph >>>> >>>> >>>>------------------------------------------------------------------------ >>>> >>>>Index: acinclude.m4 >>>>=================================================================== >>>>--- acinclude.m4 (revision 4858) >>>>+++ acinclude.m4 (working copy) >>>>@@ -227,7 +227,10 @@ >>>> else >>>> if test "$pgsql_ssl_libpq" = "yes" >>>> then >>>>- LIBS="$LIBS -lssl -lcrypto -lpq" >>>>+ # no idea why -lssl and -lcrypto were included here, as this >>>>+ # support is provided via libpq >>>>+ #LIBS="$LIBS -lssl -lcrypto -lpq >>>>+ LIBS="$LIBS -lpq" >>>> else >>>> LIBS="$LIBS -lcrypto -lpq" >>>> fi >>> >>> >>>We probably need this with static linking? >> >> >>I think so, that's why the static part was not changed in the patch. > > > mmmh sorry, replied too fast... I need to recheck. So, that was it. The static part of the build should not be affected by the patch. It only concerns the dynamic part of the build. Cheers, Raph
Thanks, (updated) patch applied to SVN trunk. Regards. Dave > -----Original Message----- > From: Raphaël Enrici [mailto:blacknoz@club-internet.fr] > Sent: 26 December 2005 22:58 > To: Dave Page; Adam H.Pendleton; Andreas Pflug; PgAdmin Hackers > Cc: Loïc Minier > Subject: [patch] Please drop the dangerous libssl and libcrypto deps > > Dear friends, > > Loic Minier(CCed) provided a patch to prevent pgadmin3 1.2.2 > from being > linked to a different libssl version than libpq when dynamically built > with an already ssl enabled libpq. The full bug report and original > patch by Loic can be found at > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341117 > > Attached is an svn diff for 1.4.1 release that I'm using for > the package > I'm about to upload to Debian (patch_libpqssl_1.4.1). > You'll also find a fully untested patch for trunk > (patch_libpqssl_current). > > Please recheck and apply if eveything's ok with them. > > Cheers, > Raph >