From owner-freebsd-ports-bugs@FreeBSD.ORG  Sun Nov 17 22:40:02 2013
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 739585B5
 for <freebsd-ports-bugs@smarthost.ysv.freebsd.org>;
 Sun, 17 Nov 2013 22:40:02 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 54BF229E0
 for <freebsd-ports-bugs@smarthost.ysv.freebsd.org>;
 Sun, 17 Nov 2013 22:40:02 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rAHMe2Mq022563
 for <freebsd-ports-bugs@freefall.freebsd.org>; Sun, 17 Nov 2013 22:40:02 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rAHMe2Uc022562;
 Sun, 17 Nov 2013 22:40:02 GMT (envelope-from gnats)
Resent-Date: Sun, 17 Nov 2013 22:40:02 GMT
Resent-Message-Id: <201311172240.rAHMe2Uc022562@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 John Hein <jhein@symmetricom.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 09A8D5A2;
 Sun, 17 Nov 2013 22:38:38 +0000 (UTC)
Received: from duck.symmetricom.us (duck.symmetricom.us [206.168.13.214])
 by mx1.freebsd.org (Postfix) with ESMTP id DD3B429D4;
 Sun, 17 Nov 2013 22:38:37 +0000 (UTC)
Received: from gromit.timing.com (gromit.timing.com [206.168.13.209])
 by duck.symmetricom.us (8.14.6/8.14.6) with ESMTP id rAHMAf0l098759;
 Sun, 17 Nov 2013 15:10:41 -0700 (MST)
 (envelope-from jhein@symmetricom.com)
Received: from gromit.timing.com (localhost [127.0.0.1])
 by gromit.timing.com (8.14.7/8.14.5) with ESMTP id rAHMAeT5032164;
 Sun, 17 Nov 2013 15:10:40 -0700 (MST)
 (envelope-from jhein@gromit.timing.com)
Received: (from jhein@localhost)
 by gromit.timing.com (8.14.7/8.14.6/Submit) id rAHMAehL032163;
 Sun, 17 Nov 2013 15:10:40 -0700 (MST) (envelope-from jhein)
Message-Id: <201311172210.rAHMAehL032163@gromit.timing.com>
Date: Sun, 17 Nov 2013 15:10:40 -0700 (MST)
From: John Hein <jhein@symmetricom.com>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.114
Subject: ports/184041: [patch] krb5 from ports can cause build errors in
 ftp/curl
Cc: sunpoet@freebsd.org
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2013 22:40:02 -0000


>Number:         184041
>Category:       ports
>Synopsis:       [patch] krb5 from ports can cause build errors in ftp/curl
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 17 22:40:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     John Hein
>Release:        FreeBSD 8-stable and later
>Organization:
>Environment:

>Description:

As of ftp/curl 7.33.0_1 ...
If security/krb5 is installed and ftp/curl has the GSSAPI option turned
on (it is by default) along with some other option (CARES, LDAP, OPENSSL)
that might add -L${LOCALBASE}/lib to LDFLAGS, then there are build
errors (first noticed at configure time).

These errors arise due to the /usr/bin/krb5-config --libs spelling out a
list of libs in base and -L/usr/local/lib causing curl to link with
/usr/local/lib/libkrb5.so

For instance, see this excerpt from config.log:

configure:26448: gcc -o conftest -O2 -Wno-system-headers  -I/usr/include  -I/usr/local/include  -L/usr/local/lib conftest.c -lssh2 -L/usr/lib -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lroken -lcrypt -lz  >&5
/usr/lib/libhx509.so: undefined reference to `com_right'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_write'
/usr/lib/libheimntlm.so: undefined reference to `krb5_data_free'
/usr/lib/libheimntlm.so: undefined reference to `krb5_ret_uint32'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_set_byteorder'
/usr/lib/libheimntlm.so: undefined reference to `krb5_ret_uint16'
/usr/lib/libhx509.so: undefined reference to `init_error_table'
/usr/lib/libheimntlm.so: undefined reference to `krb5_store_uint32'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_set_flags'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_seek'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_free'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_read'
/usr/lib/libhx509.so: undefined reference to `initialize_error_table_r'
/usr/lib/libheimntlm.so: undefined reference to `krb5_store_int16'
/usr/lib/libhx509.so: undefined reference to `free_error_table'
/usr/lib/libheimntlm.so: undefined reference to `krb5_store_uint16'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_to_data'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_emem'
/usr/lib/libheimntlm.so: undefined reference to `krb5_storage_from_readonly_mem'

krb5_storage_write, et. al., are referenced in /usr/lib/libheimntlm.so
(part of the heimdal krb from base), but the -L/usr/local/lib pulls
in the /usr/local/lib/libkrb5.so which doesn't define those symbols
like /usr/lib/libkrb5.so does.

>How-To-Repeat:

install security/krb5
build ftp/curl with GSSAPI & LDAP & CARES turned on

>Fix:

The patch in files/patch-m4-curl-confopts.m4 is not strictly necessary
since ftp/curl doesn't currently generate the configure script
with autotools.  So this can be omitted (but possibly fed upstream).

Index: Makefile
===================================================================
--- Makefile	(revision 333855)
+++ Makefile	(working copy)
@@ -14,14 +14,15 @@
 
 LICENSE=	MIT
 
-OPTIONS_DEFINE=	CA_BUNDLE COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES GSSAPI IDN IPV6 LDAP LDAPS LIBSSH2 NTLM PROXY RTMP SPNEGO TLS_SRP
+OPTIONS_DEFINE=	CA_BUNDLE COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES GSSAPI GSSAPI_BASE IDN IPV6 LDAP LDAPS LIBSSH2 NTLM PROXY RTMP SPNEGO TLS_SRP
 OPTIONS_RADIO=	RESOLV SSL
 OPTIONS_RADIO_RESOLV=	CARES THREADED_RESOLVER
 OPTIONS_RADIO_SSL=	CYASSL GNUTLS NSS OPENSSL POLARSSL
-OPTIONS_DEFAULT=CA_BUNDLE COOKIES GSSAPI IPV6 OPENSSL PROXY RESOLV THREADED_RESOLVER SSL TLS_SRP
+OPTIONS_DEFAULT=CA_BUNDLE COOKIES GSSAPI_BASE GSSAPI IPV6 OPENSSL PROXY RESOLV THREADED_RESOLVER SSL TLS_SRP
 CA_BUNDLE_DESC=	Install CA bundle for OpenSSL
 COOKIES_DESC=	Cookies support
 CURL_DEBUG_DESC=cURL debug memory tracking
+GSSAPI_BASE_DESC=Use GSSAPI implementation from base system
 LIBSSH2_DESC=	SCP/SFTP support via libssh2
 RESOLV_DESC=	DNS resolving options
 SPNEGO_DESC=	SPNEGO (RFC 4178) support
@@ -69,8 +70,7 @@
 GNUTLS_CONFIGURE_ON=	--with-gnutls=${LOCALBASE}
 GNUTLS_LIB_DEPENDS=	libgnutls.so:${PORTSDIR}/security/gnutls
 GSSAPI_CONFIGURE_OFF=	--without-gssapi
-GSSAPI_CONFIGURE_ON=	--with-gssapi=/usr
-GSSAPI_CPPFLAGS=	-I${INCLUDEDIR}/gssapi
+GSSAPI_CONFIGURE_ON=	--with-gssapi=${GSSAPI_ROOT}
 IDN_CONFIGURE_OFF=	--without-libidn
 IDN_CONFIGURE_ON=	--with-libidn=${LOCALBASE}
 IDN_LIB_DEPENDS=	libidn.so:${PORTSDIR}/dns/libidn
@@ -116,6 +116,21 @@
 
 .include <bsd.port.options.mk>
 
+# If libkrb5 has been installed by ports, point to that gssapi implementation.
+# Otherwise krb5-config from base might get used by configure and an
+# incompatible mix of libs might be used at link time.
+.if ${PORT_OPTIONS:MGSSAPI}
+.if ${PORT_OPTIONS:MGSSAPI_BASE}
+GSSAPI_ROOT=	/usr
+# If using krb from /base, try to make sure we link to libs in /usr/lib
+# before any krb installed in ports
+LDFLAGS=	-L/usr/lib
+.else
+GSSAPI_ROOT=	${LOCALBASE}
+LIB_DEPENDS+=	libkrb5.so:${PORTSDIR}/security/krb5
+.endif
+.endif
+
 .if ${PORT_OPTIONS:MCA_BUNDLE} && !${PORT_OPTIONS:MOPENSSL}
 IGNORE=		only supports CA bundle with OpenSSL
 .endif
Index: files/patch-configure
===================================================================
--- files/patch-configure	(revision 333855)
+++ files/patch-configure	(working copy)
@@ -120,6 +120,17 @@
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
  /* end confdefs.h.  */
  
+@@ -38555,8 +38565,8 @@
+       fi
+     fi
+     #
+-    CPPFLAGS="$ares_CPPFLAGS $clean_CPPFLAGS"
+-    LDFLAGS="$ares_LDFLAGS $clean_LDFLAGS"
++    CPPFLAGS=" $clean_CPPFLAGS $ares_CPPFLAGS"
++    LDFLAGS=" $clean_LDFLAGS $ares_LDFLAGS"
+     LIBS="$ares_LIBS $clean_LIBS"
+     #
+     if test "$embedded_ares" != "yes"; then
 @@ -39180,9 +39190,10 @@
        -I*)
          xc_bad_var_ldflags=yes
Index: files/patch-m4-curl-confopts.m4
===================================================================
--- files/patch-m4-curl-confopts.m4	(revision 0)
+++ files/patch-m4-curl-confopts.m4	(working copy)
@@ -0,0 +1,16 @@
+Currently the port doesn't use autotools to generate the configure
+script, but maybe this could be fed upstream.
+
+--- m4/curl-confopts.m4.orig	2013-09-08 16:11:15.000000000 -0600
++++ m4/curl-confopts.m4	2013-11-17 14:35:35.000000000 -0700
+@@ -484,8 +484,8 @@
+       fi
+     fi
+     #
+-    CPPFLAGS="$ares_CPPFLAGS $clean_CPPFLAGS"
+-    LDFLAGS="$ares_LDFLAGS $clean_LDFLAGS"
++    CPPFLAGS="$clean_CPPFLAGS $ares_CPPFLAGS"
++    LDFLAGS="$clean_LDFLAGS $ares_LDFLAGS"
+     LIBS="$ares_LIBS $clean_LIBS"
+     #
+     if test "$embedded_ares" != "yes"; then
>Release-Note:
>Audit-Trail:
>Unformatted: