[Date Prev][Date Next] [Chronological] [Thread] [Top]

liblber makefile regresses other libraries (ITS#2798)

To: openldap-its@OpenLDAP.org
Subject: liblber makefile regresses other libraries (ITS#2798)
From: jsdy@center.osis.gov
Date: Mon, 27 Oct 2003 20:41:11 GMT

Full_Name: Joseph S D Yao
Version: 2.1.22
OS: Linux - Red Hat 8.0 w/ patches and Bastille
URL: ftp://ftp.openldap.org/incoming/Joseph-Yao-031027-02.txt
Submission from: (NULL) (204.178.104.233)


This is a security issue, as it regresses previously installed libraries with
fixes back to the less secure forms.

Starting with Red Hat Linux 8.0, after adding patches and Bastille Linux, I
installed OpenSSL 0.9.7c, OpenLDAP 2.1.22, and Sendmail 8.12.10.  When I got to
'sendmail', it declared that some of the libraries in the previous packages were
inconsistent.

It turns out that, while installing OpenLDAP, the liblber Makefile calls
'libtool', which calls 'ldconfig'.  The new OpenLDAP library is NOT entered into
the library configuration by 'ldconfig'.  But the symbolic links in /usr/lib to
libssl.so.0.9.7 and  libcrypto.so.0.9.7 have been removed, and replaced by
symbolic links to the original 0.9.5a files.

Why?

How to fix?

Thanks!

Joe Yao

Prev by Date: Error in 2.1.22 libraries/liblber/Makefile.in (ITS#2797)
Next by Date: Re: Error in 2.1.22 libraries/liblber/Makefile.in (ITS#2797)
Index(es):
- Chronological
- Thread