FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 08-27-2011, 07:27 PM
Paul Frields
 
Default PokerTH orphaned

On Tue, Aug 2, 2011 at 12:32 PM, Ryan Rix <ry@n.rix.si> wrote:
> On Tue 2 August 2011 11:36:20 Hans de Goede wrote:
>> Hi,
>>
>> On 08/01/2011 09:44 PM, Ryan Rix wrote:
>> > On Mon 1 August 2011 19:43:37 Tomas Mraz wrote:
>> >> On Mon, 2011-08-01 at 10:29 -0700, Ryan Rix wrote:
>> >>> On Mon 1 August 2011 11:46:00 Jussi Lehtola wrote:
>> >>>> Hi,
>> >>>>
>> >>>>
>> >>>> I've just orphaned PokerTH, since I'm trying to free myself some
>> >>>> time
>> >>>> and I don't use it myself.
>> >>>>
>> >>>> PokerTH does not currently build on rawhide, since OpenSSL support
>> >>>> has
>> >>>> been dropped from GnuTLS a week ago (BZ #726697). Getting it to
>> >>>> build
>> >>>> again would then require building against OpenSSL (and asking
>> >>>> upstream
>> >>>> for a GPL license exception), or shipping a private copy of
>> >>>> GnuTLS.
>> >>>
>> >>> I picked up rawhide through F-14. If I cant get this building, I'll
>> >>> orphan it again in a week's time.
>> >>
>> >> Shipping a private copy of GnuTLS would have to get an exception I do
>> >> not think such exception should/would be granted. I can only recommend
>> >> you to look at the NSS OpenSSL compatibility support library and
>> >> patching PokerTH to use it instead of the GnuTLS.
>> >
>> > I've talked to a few people about this now, including some folks at
>> > PokerTH about it, and they're confused as to why this change is
>> > happening in GnuTLS at all, and your comment in the bug report did not
>> > seem to explain it to them; could you (or anyone) explain better why
>> > OpenSSL support in gnutls is a Bad Thing?
>>
>> Ryan, have you read the initial description of:
>> https://bugzilla.redhat.com/show_bug.cgi?id=460310
>>
>> ?
>>
>> The problem is that gnutls's openssl compatibility uses the same symbol
>> names as openssl itself thus polluting the dynamic linker symbol namespace.
>> So if an application uses a library which is linked against openssl (for
>> example ldap libs through pam) and uses gnutls-openssl then the ldap
>> libraries will end up calling functions inside gnutls-openssl rather then
>> inside openssl, since the gnutls-openssl symbols are already present in the
>> dynamic linkers symbol namespace. This then goes boom big time, since the 2
>> are not ABI compatible.
>>
>> Since gnutls-openssl is not ABI compatible it should not be using the same
>> function / variable names.
>>
>> Tomas has chosen to fix this problem by simply disabling the openssl compat
>> part of gnutls (which as the above bug shows is broken by design) given that
>> only 3 apps use this, this seems like a sane choice to me.
>>
>> The best way forward is probably to ask PokerTH upstream to add the
>> standard openssl license exception boilerplate to their license, I did
>> so successfully with gkrellm and switched to simply using the real openssl.
>
> Makes sense, thanks Hans.
>
> I actually talked to them, and they say that openssl is pulled in only for
> linking libcurl, and that PokerTH itself is using gcrypt for the Big Stuff, so
> it should be fairly easy to fix/work around.

Had any luck with this, Ryan? (Asked the non-programmer guy who really
likes using this package.)

--
Paul
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 07:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org