Date: Wed, 28 Feb 2018 13:41:13 +0000 From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 226261] www/mod_auth_kerb2 Message-ID: <bug-226261-16115@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226261 Bug ID: 226261 Summary: www/mod_auth_kerb2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: apache@FreeBSD.org Reporter: rocky@herveybayaustralia.com.au Assignee: apache@FreeBSD.org Flags: maintainer-feedback?(apache@FreeBSD.org) This issue has come up in other bug reports but this has failed on 11.1-RELEASE. mod_auth_kerb2 builds and install ok, but fails at runtime causing apache to fail to start. httpd: Syntax error on line 169 of /usr/local/etc/apache24/httpd.conf: Cann= ot load libexec/apache24/mod_auth_kerb.so into server: /usr/local/libexec/apache24/mod_auth_kerb.so: Undefined symbol "krb5_rc_dfl_init" ldd /usr/local/libexec/apache24/mod_auth_kerb.so /usr/local/libexec/apache24/mod_auth_kerb.so: libgssapi_krb5.so.10 =3D> /usr/lib/libgssapi_krb5.so.10 (0x801208000) libkrb5.so.11 =3D> /usr/lib/libkrb5.so.11 (0x801427000) libk5crypto.so.3.1 =3D> /usr/local/lib/libk5crypto.so.3.1 (0x8016a5000) libcom_err.so.5 =3D> /usr/lib/libcom_err.so.5 (0x8018d9000) libc.so.7 =3D> /lib/libc.so.7 (0x800824000) libgssapi.so.10 =3D> /usr/lib/libgssapi.so.10 (0x801adb000) libcrypto.so.8 =3D> /lib/libcrypto.so.8 (0x801e00000) libroken.so.11 =3D> /usr/lib/libroken.so.11 (0x802269000) libasn1.so.11 =3D> /usr/lib/libasn1.so.11 (0x80247c000) libcrypt.so.5 =3D> /lib/libcrypt.so.5 (0x80271e000) libhx509.so.11 =3D> /usr/lib/libhx509.so.11 (0x80293d000) libwind.so.11 =3D> /usr/lib/libwind.so.11 (0x802b8a000) libheimbase.so.11 =3D> /usr/lib/libheimbase.so.11 (0x802db2000) libprivateheimipcc.so.11 =3D> /usr/lib/libprivateheimipcc.so.11 (0x802f= b6000) libkrb5support.so.0.1 =3D> /usr/local/lib/libkrb5support.so.0.1 (0x8031= b8000) libintl.so.8 =3D> /usr/local/lib/libintl.so.8 (0x8033c6000) libthr.so.3 =3D> /lib/libthr.so.3 (0x8035d1000) readelf -Ws /usr/local/lib/libkrb5.so | grep krb5_rc_dfl_init 1422: 000000000007c7b0 234 FUNC GLOBAL DEFAULT 11 krb5_rc_dfl_init readelf -Ws /usr/lib/libkrb5.so | grep krb5_rc_dfl_init make debug-krb shows everything works as expected in the ports framework: cc -O2 -pipe -fstack-protector -fno-strict-aliasing -o /tmp/debug-krb.x -I"/usr/local/include" -lkrb5 -lgssapi_krb5 -L"/usr/local/lib" -Wl,-rpath,/usr/local/lib /tmp/debug-krb.c && ldd /tmp/debug-krb.x; /bin= /rm -f /tmp/debug-krb.x /tmp/debug-krb.x: libkrb5.so.3.3 =3D> /usr/local/lib/libkrb5.so.3.3 (0x800822000) libgssapi_krb5.so.2.2 =3D> /usr/local/lib/libgssapi_krb5.so.2.2 (0x800b= 08000) libc.so.7 =3D> /lib/libc.so.7 (0x800d50000) libk5crypto.so.3.1 =3D> /usr/local/lib/libk5crypto.so.3.1 (0x801108000) libcom_err.so.3.0 =3D> /usr/local/lib/libcom_err.so.3.0 (0x80133c000) libkrb5support.so.0.1 =3D> /usr/local/lib/libkrb5support.so.0.1 (0x8015= 3f000) libintl.so.8 =3D> /usr/local/lib/libintl.so.8 (0x80174d000) PREFIX: /usr/local GSSAPIBASEDIR: /usr/local GSSAPIINCDIR: /usr/local/include GSSAPILIBDIR: /usr/local/lib GSSAPILIBS: -lkrb5 -lgssapi_krb5 GSSAPICPPFLAGS: -I/usr/local/include GSSAPILDFLAGS: -L/usr/local/lib GSSAPI_CONFIGURE_ARGS: CFLAGS=3D-I/usr/local/include -O2 -pipe -fstack-prot= ector -fno-strict-aliasing LDFLAGS=3D-L/usr/local/lib -Wl,-rpath,/usr/local/lib:/usr/lib -fstack-protector LIBS=3D-lkrb5 -lgssapi= _krb5 KRB5CONFIG=3D/usr/local/bin/krb5-config KRB5CONFIG: /usr/local/bin/krb5-config CFLAGS: -O2 -pipe -fstack-protector -fno-strict-aliasing LDFLAGS: -Wl,-rpath,/usr/local/lib:/usr/lib -fstack-protector LDADD:=20 Looking through the commands used (little though there is) shows libtool ne= eds -L/usr/local/lib before -o src/mod_auth_kerb.la. Seeing as apxs actually runs libtool, apxs needs to be told to pass this in= fo along. apxs -q reveals LDFLAGS=3D-L/usr/lib -fstack-protector This is builtin when apxs is compiled - which may vary from system to system (which probably explains the hit and miss of functionality). To override this variable apxs needs to be passed: apxs -S LDFLAGS=3D-L/usr/local/lib=20 So, in order to resolve this issue, line 16 on the work/ Makefile ./apxs.sh= arg 4 needs to adjusted to "-S LDFLAGS=3D-L/usr/local/lib -c". No patch is supplied here due to concern with the loss of the the other components of LDFLAGS in apxs (couldn't prepend the -L/usr/local/lib to the other arguments - _needs to be first_), and that this needs to probably ref= lect say GSSAPIBASEDIR or KRB5_HOME or something, but this works: ldd work/stage/usr/local/libexec/apache24/mod_auth_kerb.so=20 work/stage/usr/local/libexec/apache24/mod_auth_kerb.so: libgssapi_krb5.so.2.2 =3D> /usr/local/lib/libgssapi_krb5.so.2.2 (0x801208000) libkrb5.so.3.3 =3D> /usr/local/lib/libkrb5.so.3.3 (0x801450000) libk5crypto.so.3.1 =3D> /usr/local/lib/libk5crypto.so.3.1 (0x801736= 000) libcom_err.so.3.0 =3D> /usr/local/lib/libcom_err.so.3.0 (0x80196a00= 0) libc.so.7 =3D> /lib/libc.so.7 (0x800824000) libkrb5support.so.0.1 =3D> /usr/local/lib/libkrb5support.so.0.1 (0x801b6d000) libintl.so.8 =3D> /usr/local/lib/libintl.so.8 (0x801d7b000) service apache24 restart Performing sanity check on apache24 configuration: AH00548: NameVirtualHost has no effect and will be removed in the next rele= ase /usr/local/etc/apache24/extra/httpd-vhosts.conf:25 Syntax OK Stopping apache24. Waiting for PIDS: 20506. Performing sanity check on apache24 configuration: AH00548: NameVirtualHost has no effect and will be removed in the next rele= ase /usr/local/etc/apache24/extra/httpd-vhosts.conf:25 Syntax OK Starting apache24. AH00548: NameVirtualHost has no effect and will be removed in the next rele= ase /usr/local/etc/apache24/extra/httpd-vhosts.conf:25 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-226261-16115>