PokerTH orphaned

Paul Frields stickster at gmail.com
Sat Aug 27 19:27:24 UTC 2011 

On Tue, Aug 2, 2011 at 12:32 PM, Ryan Rix <ry at n.rix.si> wrote:
> On Tue 2 August 2011 11:36:20 Hans de Goede wrote:
>> Hi,
>>
>> On 08/01/2011 09:44 PM, Ryan Rix wrote:
>> > On Mon 1 August 2011 19:43:37 Tomas Mraz wrote:
>> >> On Mon, 2011-08-01 at 10:29 -0700, Ryan Rix wrote:
>> >>> On Mon 1 August 2011 11:46:00 Jussi Lehtola wrote:
>> >>>> Hi,
>> >>>>
>> >>>>
>> >>>> I've just orphaned PokerTH, since I'm trying to free myself some
>> >>>> time
>> >>>> and I don't use it myself.
>> >>>>
>> >>>> PokerTH does not currently build on rawhide, since OpenSSL support
>> >>>> has
>> >>>> been dropped from GnuTLS a week ago (BZ #726697). Getting it to
>> >>>> build
>> >>>> again would then require building against OpenSSL (and asking
>> >>>> upstream
>> >>>> for a GPL license exception), or shipping a private copy of
>> >>>> GnuTLS.
>> >>>
>> >>> I picked up rawhide through F-14. If I cant get this building, I'll
>> >>> orphan it again in a week's time.
>> >>
>> >> Shipping a private copy of GnuTLS would have to get an exception I do
>> >> not think such exception should/would be granted. I can only recommend
>> >> you to look at the NSS OpenSSL compatibility support library and
>> >> patching PokerTH to use it instead of the GnuTLS.
>> >
>> > I've talked to a few people about this now, including some folks at
>> > PokerTH about it, and they're confused as to why this change is
>> > happening in GnuTLS at all, and your comment in the bug report did not
>> > seem to explain it to them; could you (or anyone) explain better why
>> > OpenSSL support in gnutls is a Bad Thing?
>>
>> Ryan, have you read the initial description of:
>> https://bugzilla.redhat.com/show_bug.cgi?id=460310
>>
>> ?
>>
>> The problem is that gnutls's openssl compatibility uses the same symbol
>> names as openssl itself thus polluting the dynamic linker symbol namespace.
>> So if an application uses a library which is linked against openssl (for
>> example ldap libs through pam) and uses gnutls-openssl then the ldap
>> libraries will end up calling functions inside gnutls-openssl rather then
>> inside openssl, since the gnutls-openssl symbols are already present in the
>> dynamic linkers symbol namespace. This then goes boom big time, since the 2
>> are not ABI compatible.
>>
>> Since gnutls-openssl is not ABI compatible it should not be using the same
>> function / variable names.
>>
>> Tomas has chosen to fix this problem by simply disabling the openssl compat
>> part of gnutls (which as the above bug shows is broken by design) given that
>> only 3 apps use this, this seems like a sane choice to me.
>>
>> The best way forward is probably to ask PokerTH upstream to add the
>> standard openssl license exception boilerplate to their license, I did
>> so successfully with gkrellm and switched to simply using the real openssl.
>
> Makes sense, thanks Hans. :)
>
> I actually talked to them, and they say that openssl is pulled in only for
> linking libcurl, and that PokerTH itself is using gcrypt for the Big Stuff, so
> it should be fairly easy to fix/work around.

Had any luck with this, Ryan? (Asked the non-programmer guy who really
likes using this package.)

-- 
Paul

More information about the devel mailing list