On Tue, Aug 2, 2011 at 12:32 PM, Ryan Rix <ry@xxxxxxxx> wrote: > On Tue 2 August 2011 11:36:20 Hans de Goede wrote: >> Hi, >> >> On 08/01/2011 09:44 PM, Ryan Rix wrote: >> > On Mon 1 August 2011 19:43:37 Tomas Mraz wrote: >> >> On Mon, 2011-08-01 at 10:29 -0700, Ryan Rix wrote: >> >>> On Mon 1 August 2011 11:46:00 Jussi Lehtola wrote: >> >>>> Hi, >> >>>> >> >>>> >> >>>> I've just orphaned PokerTH, since I'm trying to free myself some >> >>>> time >> >>>> and I don't use it myself. >> >>>> >> >>>> PokerTH does not currently build on rawhide, since OpenSSL support >> >>>> has >> >>>> been dropped from GnuTLS a week ago (BZ #726697). Getting it to >> >>>> build >> >>>> again would then require building against OpenSSL (and asking >> >>>> upstream >> >>>> for a GPL license exception), or shipping a private copy of >> >>>> GnuTLS. >> >>> >> >>> I picked up rawhide through F-14. If I cant get this building, I'll >> >>> orphan it again in a week's time. >> >> >> >> Shipping a private copy of GnuTLS would have to get an exception I do >> >> not think such exception should/would be granted. I can only recommend >> >> you to look at the NSS OpenSSL compatibility support library and >> >> patching PokerTH to use it instead of the GnuTLS. >> > >> > I've talked to a few people about this now, including some folks at >> > PokerTH about it, and they're confused as to why this change is >> > happening in GnuTLS at all, and your comment in the bug report did not >> > seem to explain it to them; could you (or anyone) explain better why >> > OpenSSL support in gnutls is a Bad Thing? >> >> Ryan, have you read the initial description of: >> https://bugzilla.redhat.com/show_bug.cgi?id=460310 >> >> ? >> >> The problem is that gnutls's openssl compatibility uses the same symbol >> names as openssl itself thus polluting the dynamic linker symbol namespace. >> So if an application uses a library which is linked against openssl (for >> example ldap libs through pam) and uses gnutls-openssl then the ldap >> libraries will end up calling functions inside gnutls-openssl rather then >> inside openssl, since the gnutls-openssl symbols are already present in the >> dynamic linkers symbol namespace. This then goes boom big time, since the 2 >> are not ABI compatible. >> >> Since gnutls-openssl is not ABI compatible it should not be using the same >> function / variable names. >> >> Tomas has chosen to fix this problem by simply disabling the openssl compat >> part of gnutls (which as the above bug shows is broken by design) given that >> only 3 apps use this, this seems like a sane choice to me. >> >> The best way forward is probably to ask PokerTH upstream to add the >> standard openssl license exception boilerplate to their license, I did >> so successfully with gkrellm and switched to simply using the real openssl. > > Makes sense, thanks Hans. :) > > I actually talked to them, and they say that openssl is pulled in only for > linking libcurl, and that PokerTH itself is using gcrypt for the Big Stuff, so > it should be fairly easy to fix/work around. Had any luck with this, Ryan? (Asked the non-programmer guy who really likes using this package.) -- Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
