Bug#848339: missing fake_dsa symbol makes reverse dependencies FTBFS

Sat, 17 Dec 2016 21:45:45 -0800 

Control: tags -1 + patch

On Sat, Dec 17, 2016 at 08:15:44AM +0100, Helmut Grohne wrote:
> This bug makes gnutls28 fail to build from source (it detects unbound as
> missing and fails installing its dane components). Raising severity to
> prevent testing migration and warn others.

It turns out that the fake_dsa symbol (whose name is too generic to be
used in a shared library imo) is only defined when HAVE_SSL is defined
(because it works around limitations in openssl >= 1.1). The only
remaining place that uses it unconditionally is the configuration
parser. Thus fixing that one, fixes the problem. Please consider
applying the attached patch. I'd appreciate a timely solution as this
bug breaks architecture bootstrap qa.

Helmut

diff --minimal -Nru unbound-1.6.0/debian/changelog 
unbound-1.6.0/debian/changelog
--- unbound-1.6.0/debian/changelog      2016-12-15 21:26:15.000000000 +0100
+++ unbound-1.6.0/debian/changelog      2016-12-18 06:27:37.000000000 +0100
@@ -1,3 +1,10 @@
+unbound (1.6.0-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS: only use fake_dsa when HAVE_SSL is defined (Closes: #848339)
+
+ -- Helmut Grohne <hel...@subdivi.de>  Sun, 18 Dec 2016 06:27:37 +0100
+
 unbound (1.6.0-1) unstable; urgency=medium
 
   [ Robert Edmonds ]
diff --minimal -Nru unbound-1.6.0/debian/patches/debian-changes 
unbound-1.6.0/debian/patches/debian-changes
--- unbound-1.6.0/debian/patches/debian-changes 2016-12-15 21:26:15.000000000 
+0100
+++ unbound-1.6.0/debian/patches/debian-changes 2016-12-18 06:27:37.000000000 
+0100
@@ -85,3 +85,25 @@
        cfg->control_ifs = NULL;
        cfg->control_port = UNBOUND_CONTROL_PORT;
        cfg->remote_control_use_cert = 1;
+--- unbound-1.6.0.orig/util/configparser.y
++++ unbound-1.6.0/util/configparser.y
+@@ -1201,9 +1201,16 @@ server_fake_dsa: VAR_FAKE_DSA STRING_ARG
+               OUTYY(("P(server_fake_dsa:%s)\n", $2));
+               if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+                       yyerror("expected yes or no.");
+-              else fake_dsa = (strcmp($2, "yes")==0);
+-              if(fake_dsa)
+-                      log_warn("test option fake_dsa is enabled");
++              else {
++                      int fake_dsa_val = strcmp($2, "yes")==0;
++                      if(fake_dsa_val)
++#ifdef HAVE_SSL
++                              log_warn("test option fake_dsa is enabled");
++                      fake_dsa = fake_dsa_val;
++#else
++                              log_warn("test option fake_dsa is ignored");
++#endif
++              }
+               free($2);
+       }
+       ;

Reply via email to