Bug#735133: p11-kit: Do not use __libc_enable_secure

Andreas Metzler ametzler at bebt.de
Mon Jan 13 18:36:29 UTC 2014

On 2014-01-13 Samuel Thibault <sthibault at debian.org> wrote:
> Package: p11-kit
> Version: 0.20.1-3
> Severity: important

> Hello,

> On kfreebsd-any, libp11-kit0 depends on libc0.1 (>> 2.17) and on
> libc0.1 (<< 2.18), i.e. libc0.1 can not be upgraded to 2.18, and
> libp11-kit0 can not be upgraded to a version rebuilt against 2.18 unless
> upgrading libc0.1 to 2.18 too. This is due to p11-kit using
> the __libc_enable_secure internal libc symbol: since this is an internal
> symbol, its presence is not supposed to be guaranteed in newer eglibc
> uploads, and thus the libc symbols file adds such kind of dependencies.
> The same happens on hurd-any with libc0.3.  It doesn't happen on
> linux-any because p11-kit's configure uses getauxval there.

> p11-kit should thus not use __libc_enable_secure to avoid such tight
> dependencies.  This can be done with the attached patch for instance, by
> making kfreebsd-any and hurd-any use getauxval too.

I am currently *patching* p11-kit to prefer issetugid over getauxval
on !linux to fix <http://bugs.debian.org/718285>. See
<http://bugs.debian.org/717912> for some context.

And indeed with the attached patch one gets a test-suite failure on

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list