58944 – configure script breaks openssl static library dependencies by removing duplicates from LIBS

Bug 58944 - configure script breaks openssl static library dependencies by removing duplicates from LIBS

Summary: configure script breaks openssl static library dependencies by removing dupli...

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	Build (show other bugs)
Version:	2.4.18
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-30 00:05 UTC by robert_s
Modified:	2016-02-02 15:28 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description robert_s 2016-01-30 00:05:13 UTC

Trying to compile httpd with openssl with zlib for TLS compression support (yes, I'm aware of CRIME and consider it no threat to my application), the httpd configure script always bombs out on the test compiles with openssl.

Closer inspection reveals that the required openssl libs are correctly retrieved in line 25273 of the configure script:

      ap_openssl_libs="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-l --silence-errors openssl`"

yielding:

-lssl -ldl -lz -lcrypto -ldl -lz

which would work, but then the script strips duplicates from libs, yielding

-lssl -ld -lz -lcrypto

which will fail to link since the dependencies inside lcrypto cannot be resolved.

The script code in question appears buggy, too:

  if test "x$MOD_LDFLAGS" = "x"; then
    test "x$silent" != "xyes" && echo "  setting MOD_LDFLAGS to \"$ap_openssl_libs\""
    MOD_LDFLAGS="$ap_openssl_libs"
  else
    apr_addto_bugger="$ap_openssl_libs"
    for i in $apr_addto_bugger; do
      apr_addto_duplicate="0"
      for j in $MOD_LDFLAGS; do
        if test "x$i" = "x$j"; then
          apr_addto_duplicate="1"
          break
        fi
      done
      if test $apr_addto_duplicate = "0"; then
        test "x$silent" != "xyes" && echo "  adding \"$i\" to MOD_LDFLAGS"
        MOD_LDFLAGS="$MOD_LDFLAGS $i"
      fi
    done
  fi

If the variable in question is initially empty, duplicates are _not_ stripped from the new value it is set to.

Is this actually a bug in GNU autoconf...? Or is it just not being used correctly?

Comment 1 Rainer Jung 2016-02-02 10:48:18 UTC

This code comes form APACHE_CHECK_OPENSSL in acinclude.m4, which in turn uses APR_ADDTO to add the flags.

APR_ADDTO is part of APR and defined in apr_common.m4. It adds all tokens given in the second argument to the variable which name is given in the first argument. It does this by processing tokens fromleft to right.

Unfortunately for redundant library dependencies this can lead to a result that doesn't work, because ordering is relevant for library dependencies (-l...).

It looks to me as we would need a version of APR_ADDTO that works from right to left:

- combine original token and full list of new tokens in new token list
- create a new empty token result list
- work through new list from right to left, copy any token to the front of the result list that is not already part of the result list.

Because of APR versioning I guess we can't rely on such a new macro in httpd 2.4 and thus would have to add it to APR for future use but use a private copy in httpd.

The same problem might occur in any place we use APR_ADDTo to handle "-l" flags and where the libraries might have complex dependencies themselves. I don't have another concrete example than openssl in my mind though.

Comment 2 Rainer Jung 2016-02-02 15:28:22 UTC

Since fixing this might break subtle build config, can you please try as a workaround setting and exporting the environment variable

  MOD_SSL_LDADD="-lssl -lcrypto -ldl -lz"

before running configure?

Thanks!