Bug#735133: p11-kit: Do not use __libc_enable_secure

Samuel Thibault sthibault at debian.org
Sun Jan 12 23:45:11 UTC 2014

Package: p11-kit
Version: 0.20.1-3
Severity: important


On kfreebsd-any, libp11-kit0 depends on libc0.1 (>> 2.17) and on
libc0.1 (<< 2.18), i.e. libc0.1 can not be upgraded to 2.18, and
libp11-kit0 can not be upgraded to a version rebuilt against 2.18 unless
upgrading libc0.1 to 2.18 too. This is due to p11-kit using
the __libc_enable_secure internal libc symbol: since this is an internal
symbol, its presence is not supposed to be guaranteed in newer eglibc
uploads, and thus the libc symbols file adds such kind of dependencies.
The same happens on hurd-any with libc0.3.  It doesn't happen on
linux-any because p11-kit's configure uses getauxval there.

p11-kit should thus not use __libc_enable_secure to avoid such tight
dependencies.  This can be done with the attached patch for instance, by
making kfreebsd-any and hurd-any use getauxval too.


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12.0 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages p11-kit depends on:
ii  libc6        2.17-97
ii  libffi6      3.0.13-4
ii  libp11-kit0  0.20.1-3
ii  libtasn1-6   3.4-2

p11-kit recommends no packages.

p11-kit suggests no packages.

-- no debconf information

j'etais en train de nettoyer ma souris et le coup est parti...
 -+- s sur #ens-mim - et en plus c vrai... -+-
-------------- next part --------------
--- configure.ac.orig	2014-01-12 23:04:04.000000000 +0000
+++ configure.ac	2014-01-12 23:05:01.000000000 +0000
@@ -51,11 +51,11 @@
-	*-*-linux*)
+	*-*-linux*|*-*-k*bsd*-gnu|*-*-gnu*)
 		AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix])
-		os_linux=yes
+		os_gnu=yes
 		AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix])
@@ -83,10 +83,10 @@
 	# These are thngs we can work around
 	AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp])
-	if test "$os_linux" = "yes"; then
+	if test "$os_gnu" = "yes"; then
 		AC_CHECK_FUNCS([getauxval issetugid getresuid])
-		# Do not use getauxval on non-linux, e.g BSD.
+		# Do not use getauxval on non-GNU, e.g pure BSD.
 		AC_CHECK_FUNCS([issetugid getresuid])
 	AC_CHECK_FUNCS([strnstr memdup strndup strerror_r])

More information about the Pkg-gnutls-maint mailing list