[Buildroot] [git commit] netsnmp: fix static build failure due to missing -lssl and -lz

[Buildroot] [git commit] netsnmp: fix static build failure due to missing -lssl and -lz

[Peter Korsgaard]

commit: https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

During configure some checking needing -lssl and -lz don't have them
appended to linker tail. Since we are building static this leads to
configure failure because of mandatory functions lack produces:
"configure: error: The DTLS based transports require the libssl library
from OpenSSL to be available and support DTLS"

- Add 1 patch to fix -lssl lack in configure and .ac modules:
upstreamed: https://sourceforge.net/p/net-snmp/code/ci/bd59be8e4e339870a1400f6866a7b73ca11f6460/
- Add 2 patches to fix -lz lack in configure and .ac modules:
1 upstreamed: https://sourceforge.net/p/net-snmp/code/ci/13da2bcde8e22dd0127a668374fdf79bed04d353/
1 in Merge Request: https://sourceforge.net/p/net-snmp/code/merge-requests/19/
- Add NETSNMP_AUTORECONF = YES

Fixes:
http://autobuild.buildroot.net/results/ece/ece7af756c910f65f618c1d04a5de70cc574b5f4/
http://autobuild.buildroot.net/results/2a7/2a7020de6a4095cf9991d09fbe8f6e364783f63b/
http://autobuild.buildroot.net/results/e27/e2787d15f72949cbb347e8a1d344f5f80b4d7697/
http://autobuild.buildroot.net/results/439/4393ce8ddee294f91bdc3e6fb53e08d56fe52184/
http://autobuild.buildroot.net/results/da6/da6bbbbb3a8d8193ec1389b9d976164181e88ae2/
http://autobuild.buildroot.net/results/cf5/cf57686e7620cc0ec361631a9ff906aa0123fdb4/
http://autobuild.buildroot.net/results/104/1043a958314529240627005d1bf21a76f4e6fcf5/
http://autobuild.buildroot.net/results/885/8855545bd09388e0da451a3cb53b312e13b29c2c/
http://autobuild.buildroot.net/results/a3d/a3dab9618a7ed88f94597418a5892c87adc23c66/
http://autobuild.buildroot.net/results/18e/18e70b88c9bcb3b8ede7308e54bba9417d1fd3fb/
http://autobuild.buildroot.net/results/ee3/ee34f65f26da20c0f2fdb9e86bcbddd389f59a29/
http://autobuild.buildroot.net/results/a1e/a1eb848079080ddf7cf2fc9e554cdd63ade0e9aa/
http://autobuild.buildroot.net/results/4dc/4dc8b53ff9f504c0a3dfc2d72c2609ad4d34559b/
http://autobuild.buildroot.net/results/9cc/9cc19e481de20ea0b4b5163e45c5aee525b81229/
http://autobuild.buildroot.net/results/f15/f15c22e0257d7498456049d8aae195ed6a265d2e/
http://autobuild.buildroot.net/results/1b3/1b30f9813a4605056963bfe4532374f725830fda/
http://autobuild.buildroot.net/results/d02/d02afc174ac4c9888f0a2cf725820cc1f05fc4bf/
http://autobuild.buildroot.net/results/57b/57b3f4663058d728987ef848e4b346656cae21d4/
http://autobuild.buildroot.net/results/ed4/ed4c27bdffccc4374ab7f951c30baba8171d30e1/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...1-configure-static-linking-Fix-SSL-checks.patch | 142 +++++++++++++++++++++
 .../0002-configure-Fix-lcrypto-lz-test.patch       |  41 ++++++
 ...nvert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch |  41 ++++++
 package/netsnmp/netsnmp.mk                         |   1 +
 4 files changed, 225 insertions(+)

diff --git a/package/netsnmp/0001-configure-static-linking-Fix-SSL-checks.patch b/package/netsnmp/0001-configure-static-linking-Fix-SSL-checks.patch
new file mode 100644
index 0000000000..8431d46868
--- /dev/null
+++ b/package/netsnmp/0001-configure-static-linking-Fix-SSL-checks.patch
@@ -0,0 +1,142 @@
+From bd59be8e4e339870a1400f6866a7b73ca11f6460 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@micronovasrl.com>
+Date: Wed, 12 Sep 2018 20:16:39 +0200
+Subject: [PATCH 1/3] configure, static linking: Fix SSL checks
+
+During checking of DTLS_method, the stub program is linked only with -ssl
+libssl.a lacks some function from -lcrypto:
+RAND_*()
+ERR_*()
+BUF_MEM_*()
+etc.
+and -lz:
+- inflate()
+- deflate()
+
+Append -lcrypto and -lz to LIBS variable when checking DTLS_method.
+
+See also https://sourceforge.net/p/net-snmp/patches/1374/.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
+[bvanassche: Edited subject / rewrote this patch]
+---
+ configure                   | 52 ++++++++++++++++++++++++++++++++++---
+ configure.d/config_os_libs2 | 14 +++++++---
+ 2 files changed, 58 insertions(+), 8 deletions(-)
+
+diff --git a/configure b/configure
+index 6504a8e58..1116cecaa 100755
+--- a/configure
++++ b/configure
+@@ -23228,16 +23228,60 @@ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_md5" >&5
+ $as_echo "$ac_cv_lib_crypto_EVP_md5" >&6; }
+ if test "x$ac_cv_lib_crypto_EVP_md5" = xyes; then :
+-  CRYPTO="crypto"
++  CRYPTO="crypto"; LIBCRYPTO="-lcrypto"
++else
++
++		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_md5 in -lcrypto" >&5
++$as_echo_n "checking for EVP_md5 in -lcrypto... " >&6; }
++if ${ac_cv_lib_crypto_EVP_md5+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_check_lib_save_LIBS=$LIBS
++LIBS="-lcrypto -lz $LIBS"
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char EVP_md5 ();
++int
++main ()
++{
++return EVP_md5 ();
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_lib_crypto_EVP_md5=yes
++else
++  ac_cv_lib_crypto_EVP_md5=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_md5" >&5
++$as_echo "$ac_cv_lib_crypto_EVP_md5" >&6; }
++if test "x$ac_cv_lib_crypto_EVP_md5" = xyes; then :
++  CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"
+ fi
+ 
+-        fi
++
++fi
++
++	else
++	    LIBCRYPTO="-l${CRYPTO}"
++	fi
+ 
+         if test x$CRYPTO != x; then
+ 
+ $as_echo "#define HAVE_LIBCRYPTO 1" >>confdefs.h
+ 
+-            LIBCRYPTO="-l${CRYPTO}"
+             netsnmp_save_LIBS="$LIBS"
+             LIBS="$LIBCRYPTO"
+             for ac_func in AES_cfb128_encrypt                           EVP_sha224        EVP_sha384                                   EVP_MD_CTX_create EVP_MD_CTX_destroy                           EVP_MD_CTX_new    EVP_MD_CTX_free                              DH_set0_pqg DH_get0_pqg DH_get0_key                           ASN1_STRING_get0_data X509_NAME_ENTRY_get_object                           X509_NAME_ENTRY_get_data X509_get_signature_nid
+@@ -23291,7 +23335,7 @@ _ACEOF
+             LIBS="$netsnmp_save_LIBS"
+         fi
+         netsnmp_save_LIBS="$LIBS"
+-        LIBS="-lssl"
++        LIBS="-lssl $LIBCRYPTO"
+         for ac_func in TLS_method TLSv1_method DTLS_method DTLSv1_method                       SSL_library_init SSL_load_error_strings
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
+index 4a1ad1551..75214cfff 100644
+--- a/configure.d/config_os_libs2
++++ b/configure.d/config_os_libs2
+@@ -306,13 +306,19 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
+         LIBS="$netsnmp_save_LIBS"
+ 
+         if test x$CRYPTO = x; then
+-            AC_CHECK_LIB([crypto], [EVP_md5], [CRYPTO="crypto"])
+-        fi
++            AC_CHECK_LIB([crypto], [EVP_md5],
++			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [
++		AC_CHECK_LIB([crypto], [EVP_md5],
++			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [],
++			     [-lz])
++	    ])
++	else
++	    LIBCRYPTO="-l${CRYPTO}"
++	fi
+ 
+         if test x$CRYPTO != x; then
+             AC_DEFINE(HAVE_LIBCRYPTO, 1,
+                 [Define to 1 if you have the OpenSSL library (-lcrypto or -leay32).])
+-            LIBCRYPTO="-l${CRYPTO}"
+             netsnmp_save_LIBS="$LIBS"
+             LIBS="$LIBCRYPTO"
+             AC_CHECK_FUNCS([AES_cfb128_encrypt]dnl
+@@ -342,7 +348,7 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
+             LIBS="$netsnmp_save_LIBS"
+         fi
+         netsnmp_save_LIBS="$LIBS"
+-        LIBS="-lssl"
++        LIBS="-lssl $LIBCRYPTO"
+         AC_CHECK_FUNCS([TLS_method TLSv1_method DTLS_method DTLSv1_method]dnl
+                        [SSL_library_init SSL_load_error_strings])
+         LIBS="$netsnmp_save_LIBS"
+-- 
+2.17.1
+
diff --git a/package/netsnmp/0002-configure-Fix-lcrypto-lz-test.patch b/package/netsnmp/0002-configure-Fix-lcrypto-lz-test.patch
new file mode 100644
index 0000000000..3ec0c2278f
--- /dev/null
+++ b/package/netsnmp/0002-configure-Fix-lcrypto-lz-test.patch
@@ -0,0 +1,41 @@
+From d8694929b12b47febb0f7f43f46041387874fe52 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Mon, 17 Sep 2018 07:33:34 -0700
+Subject: [PATCH 2/3] configure: Fix -lcrypto -lz test
+
+Avoid that the second crypto library test uses the cached result from
+the first test by explicitly clearing the cached test result.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
+---
+ configure                   | 1 +
+ configure.d/config_os_libs2 | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/configure b/configure
+index 1116cecaa..33b8c93e5 100755
+--- a/configure
++++ b/configure
+@@ -23231,6 +23231,7 @@ if test "x$ac_cv_lib_crypto_EVP_md5" = xyes; then :
+   CRYPTO="crypto"; LIBCRYPTO="-lcrypto"
+ else
+ 
++		unset ac_cv_lib_crypto_EVP_md5
+ 		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_md5 in -lcrypto" >&5
+ $as_echo_n "checking for EVP_md5 in -lcrypto... " >&6; }
+ if ${ac_cv_lib_crypto_EVP_md5+:} false; then :
+diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
+index 75214cfff..81788a209 100644
+--- a/configure.d/config_os_libs2
++++ b/configure.d/config_os_libs2
+@@ -308,6 +308,7 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
+         if test x$CRYPTO = x; then
+             AC_CHECK_LIB([crypto], [EVP_md5],
+ 			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [
++		unset ac_cv_lib_crypto_EVP_md5
+ 		AC_CHECK_LIB([crypto], [EVP_md5],
+ 			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [],
+ 			     [-lz])
+-- 
+2.17.1
+
diff --git a/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch b/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
new file mode 100644
index 0000000000..5cbc35600f
--- /dev/null
+++ b/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
@@ -0,0 +1,41 @@
+From 77062d4a76f5dbd8aee03a25e9eb514b7d924bcc Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@micronovasrl.com>
+Date: Mon, 17 Sep 2018 21:44:20 +0200
+Subject: [PATCH 3/3] configure: Invert AC_CHECK_LIB(EVP_md5,..) without -lz
+ with -lz
+
+First AC_CHECK_LIB(EVP_md5,...) is going to succeed due to
+[other-libraries] fields, but in that case it won't add -lz to LIBCRYPTO
+resulting in failing AC_CHECH_FUNCS() with LIBS=LIBCRYPTO.
+
+Try AC_CHECK_LIB(EVP_md5,..) where LIBS can miss -lz
+and in action-if-not-found try AC_CHECK_LIB(EVP_md5,...) without -lz.
+In the first case append -lz to LIBCRYPTO, in the second don't.
+This is done to check if -lz is present and used in -lcrypto.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
+---
+ configure.d/config_os_libs2 | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
+index 81788a209..bfd14c191 100644
+--- a/configure.d/config_os_libs2
++++ b/configure.d/config_os_libs2
+@@ -307,11 +307,10 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
+ 
+         if test x$CRYPTO = x; then
+             AC_CHECK_LIB([crypto], [EVP_md5],
+-			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [
++			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [
+ 		unset ac_cv_lib_crypto_EVP_md5
+ 		AC_CHECK_LIB([crypto], [EVP_md5],
+-			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [],
+-			     [-lz])
++			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [])
+ 	    ])
+ 	else
+ 	    LIBCRYPTO="-l${CRYPTO}"
+-- 
+2.17.1
+
diff --git a/package/netsnmp/netsnmp.mk b/package/netsnmp/netsnmp.mk
index 6c712ae075..65a3f16a4d 100644
--- a/package/netsnmp/netsnmp.mk
+++ b/package/netsnmp/netsnmp.mk
@@ -36,6 +36,7 @@ NETSNMP_INSTALL_STAGING_OPTS = DESTDIR=$(STAGING_DIR) LIB_LDCONFIG_CMD=true inst
 NETSNMP_INSTALL_TARGET_OPTS = DESTDIR=$(TARGET_DIR) LIB_LDCONFIG_CMD=true install
 NETSNMP_MAKE = $(MAKE1)
 NETSNMP_CONFIG_SCRIPTS = net-snmp-config
+NETSNMP_AUTORECONF = YES
 
 ifeq ($(BR2_ENDIAN),"BIG")
 NETSNMP_CONF_OPTS += --with-endianness=big

[Buildroot] [git commit] netsnmp: fix static build failure due to missing -lssl and -lz

[Thomas Petazzoni]

Hello,

On Thu, 11 Oct 2018 22:26:42 +0200, Peter Korsgaard wrote:
> diff --git a/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch b/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
> new file mode 100644
> index 0000000000..5cbc35600f
> --- /dev/null
> +++ b/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
> @@ -0,0 +1,41 @@
> +From 77062d4a76f5dbd8aee03a25e9eb514b7d924bcc Mon Sep 17 00:00:00 2001
> +From: Giulio Benetti <giulio.benetti@micronovasrl.com>
> +Date: Mon, 17 Sep 2018 21:44:20 +0200
> +Subject: [PATCH 3/3] configure: Invert AC_CHECK_LIB(EVP_md5,..) without -lz
> + with -lz
> +
> +First AC_CHECK_LIB(EVP_md5,...) is going to succeed due to
> +[other-libraries] fields, but in that case it won't add -lz to LIBCRYPTO
> +resulting in failing AC_CHECH_FUNCS() with LIBS=LIBCRYPTO.
> +
> +Try AC_CHECK_LIB(EVP_md5,..) where LIBS can miss -lz
> +and in action-if-not-found try AC_CHECK_LIB(EVP_md5,...) without -lz.
> +In the first case append -lz to LIBCRYPTO, in the second don't.
> +This is done to check if -lz is present and used in -lcrypto.
> +
> +Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
> +---
> + configure.d/config_os_libs2 | 5 ++---
> + 1 file changed, 2 insertions(+), 3 deletions(-)
> +
> +diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
> +index 81788a209..bfd14c191 100644
> +--- a/configure.d/config_os_libs2
> ++++ b/configure.d/config_os_libs2
> +@@ -307,11 +307,10 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
> + 
> +         if test x$CRYPTO = x; then
> +             AC_CHECK_LIB([crypto], [EVP_md5],
> +-			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [
> ++			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [
> + 		unset ac_cv_lib_crypto_EVP_md5
> + 		AC_CHECK_LIB([crypto], [EVP_md5],
> +-			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [],
> +-			     [-lz])
> ++			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [])
> + 	    ])

This patch is really not great, because it means that in a
dynamically-linked scenario, we will be linked against both libcrypto
and libz, while linking against libcrypto is sufficient.

Once again, when you have the situation of an application A that uses
OpenSSL, you have two cases:

 - When dynamic linking, application A only needs to link against
   libssl/libcrypto. The fact that OpenSSL indirectly uses libz is
   totally transparent, and the application A does not need to link
   against libz, and in fact ideally should *not* link against libz.

 - When static linking, application A needs to link against both
   libssl/libcrypto *and* libz, because static linking doesn't take
   care of transitive dependencies.

With your fix, the application A will always be linked against openssl
*and* libz, regardless of whether dynamic linking and static linking is
used.

I don't understand why you had to invert the test. It should have
worked the way it was: first try with -lcrypto (should work in dynamic
linking case), and if it doesn't try with -lcrypto -lz (should work in
static linking case). Inverting the two cases not good, and in fact
makes no sense: if -lcrypto -lz fails, there is no reason for -lcrypto
to work, so the second test becomes entirely useless.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [git commit] netsnmp: fix static build failure due to missing -lssl and -lz

[Giulio Benetti]

Hello Thomas,

Il 12/10/2018 22:08, Thomas Petazzoni ha scritto:
> Hello,
> 
> On Thu, 11 Oct 2018 22:26:42 +0200, Peter Korsgaard wrote:
>> diff --git a/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch b/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
>> new file mode 100644
>> index 0000000000..5cbc35600f
>> --- /dev/null
>> +++ b/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
>> @@ -0,0 +1,41 @@
>> +From 77062d4a76f5dbd8aee03a25e9eb514b7d924bcc Mon Sep 17 00:00:00 2001
>> +From: Giulio Benetti <giulio.benetti@micronovasrl.com>
>> +Date: Mon, 17 Sep 2018 21:44:20 +0200
>> +Subject: [PATCH 3/3] configure: Invert AC_CHECK_LIB(EVP_md5,..) without -lz
>> + with -lz
>> +
>> +First AC_CHECK_LIB(EVP_md5,...) is going to succeed due to
>> +[other-libraries] fields, but in that case it won't add -lz to LIBCRYPTO
>> +resulting in failing AC_CHECH_FUNCS() with LIBS=LIBCRYPTO.
>> +
>> +Try AC_CHECK_LIB(EVP_md5,..) where LIBS can miss -lz
>> +and in action-if-not-found try AC_CHECK_LIB(EVP_md5,...) without -lz.
>> +In the first case append -lz to LIBCRYPTO, in the second don't.
>> +This is done to check if -lz is present and used in -lcrypto.
>> +
>> +Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
>> +---
>> + configure.d/config_os_libs2 | 5 ++---
>> + 1 file changed, 2 insertions(+), 3 deletions(-)
>> +
>> +diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
>> +index 81788a209..bfd14c191 100644
>> +--- a/configure.d/config_os_libs2
>> ++++ b/configure.d/config_os_libs2
>> +@@ -307,11 +307,10 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
>> +
>> +         if test x$CRYPTO = x; then
>> +             AC_CHECK_LIB([crypto], [EVP_md5],
>> +-			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [
>> ++			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [
>> + 		unset ac_cv_lib_crypto_EVP_md5
>> + 		AC_CHECK_LIB([crypto], [EVP_md5],
>> +-			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [],
>> +-			     [-lz])
>> ++			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [])
>> + 	    ])
> 
> This patch is really not great, because it means that in a
> dynamically-linked scenario, we will be linked against both libcrypto
> and libz, while linking against libcrypto is sufficient.

Yes, you're right.

> Once again, when you have the situation of an application A that uses
> OpenSSL, you have two cases:
> 
>   - When dynamic linking, application A only needs to link against
>     libssl/libcrypto. The fact that OpenSSL indirectly uses libz is
>     totally transparent, and the application A does not need to link
>     against libz, and in fact ideally should *not* link against libz.

Ok

>   - When static linking, application A needs to link against both
>     libssl/libcrypto *and* libz, because static linking doesn't take
>     care of transitive dependencies.

Ok

> With your fix, the application A will always be linked against openssl
> *and* libz, regardless of whether dynamic linking and static linking is
> used.

And that doesn't make sense.

> I don't understand why you had to invert the test. 

It's been a mistake watching it again now.

> It should have
> worked the way it was: first try with -lcrypto (should work in dynamic
> linking case), and if it doesn't try with -lcrypto -lz (should work in
> static linking case).

Yes, you're right.

> Inverting the two cases not good, and in fact
> makes no sense: if -lcrypto -lz fails, there is no reason for -lcrypto
> to work, so the second test becomes entirely useless.

This is right too.

Need to improve this.

Thanks for the perfect explanation.

Best regards
-- 
Giulio Benetti
CTO

MICRONOVA SRL
Sede: Via A. Niedda 3 - 35010 Vigonza (PD)
Tel. 049/8931563 - Fax 049/8931346
Cod.Fiscale - P.IVA 02663420285
Capitale Sociale ? 26.000 i.v.
Iscritta al Reg. Imprese di Padova N. 02663420285
Numero R.E.A. 258642

[Buildroot] [PATCH] netsnmp: improve linking avoiding useless -lz listing in shared build

[Giulio Benetti]

In commit:
https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
Patch "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
was intended to fix AC_CHECK_FUNCS() failure on openssl functions. This
was due to missing -lz during static linking.
But the patch is wrong and results in explicitly linking against -lz in
both shared and static build.
This makes no sense, since shared linking has transitive dependency so
it doesn't need to list -lz after -lssl, -lssl is enough.
Differently static linking needs -lz to be listed after -lssl.

So the real cause of previous build failure:
http://autobuild.buildroot.net/results/881/881139fb049738b16609d39ad5a49bd77ff6b4aa/
is that when AC_CHECK_FUNCS(), $LIBS variable is overwritten with
$LIBCRYPTO without taking into accout previous $LIBS content(i.e. where
-lz is present). This results in AC_CHEC_FUNCS() to fail while trying to
statically link without listing -lz.

Then:
- Remove current "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
- Add patch "0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch"
  where add $LIBS content to tail of new $LIBS variable like this:
  LIBS="$LIBCRYPTO $LIBS"
  NOTE: $LIBS is at the end to ensure static linking to work correctly.
- Add patch 0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
  where add $LIBS content to tail of new $LIBS variable like this:
  LIBS="-lssl $LIBCRYPTO $LIBS"
  NOTE: $LIBS is at the end to ensure static linking to work correctly.

This way AC_CHECK_FUNCS(), when static linking, try to link with -lz too
appending it at the end of linking library list.
And after every AC_CHECK_FUNCS(), previously saved $LIBS variable gets
back to its original value(i.e. containing -lz if present) resulting in
having or not -lz appended to library list according to static or
shared build.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
---
 ...-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch | 41 -------------------
 ..._CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch | 39 ++++++++++++++++++
 ..._CHECK_FUNCS-TLS_method-TLSv1_method.patch | 39 ++++++++++++++++++
 3 files changed, 78 insertions(+), 41 deletions(-)
 delete mode 100644 package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
 create mode 100644 package/netsnmp/0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch
 create mode 100644 package/netsnmp/0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch

diff --git a/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch b/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
deleted file mode 100644
index 5cbc35600f..0000000000
--- a/package/netsnmp/0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 77062d4a76f5dbd8aee03a25e9eb514b7d924bcc Mon Sep 17 00:00:00 2001
-From: Giulio Benetti <giulio.benetti@micronovasrl.com>
-Date: Mon, 17 Sep 2018 21:44:20 +0200
-Subject: [PATCH 3/3] configure: Invert AC_CHECK_LIB(EVP_md5,..) without -lz
- with -lz
-
-First AC_CHECK_LIB(EVP_md5,...) is going to succeed due to
-[other-libraries] fields, but in that case it won't add -lz to LIBCRYPTO
-resulting in failing AC_CHECH_FUNCS() with LIBS=LIBCRYPTO.
-
-Try AC_CHECK_LIB(EVP_md5,..) where LIBS can miss -lz
-and in action-if-not-found try AC_CHECK_LIB(EVP_md5,...) without -lz.
-In the first case append -lz to LIBCRYPTO, in the second don't.
-This is done to check if -lz is present and used in -lcrypto.
-
-Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
----
- configure.d/config_os_libs2 | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
-index 81788a209..bfd14c191 100644
---- a/configure.d/config_os_libs2
-+++ b/configure.d/config_os_libs2
-@@ -307,11 +307,10 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
- 
-         if test x$CRYPTO = x; then
-             AC_CHECK_LIB([crypto], [EVP_md5],
--			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [
-+			 [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [
- 		unset ac_cv_lib_crypto_EVP_md5
- 		AC_CHECK_LIB([crypto], [EVP_md5],
--			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto -lz"], [],
--			     [-lz])
-+			     [CRYPTO="crypto"; LIBCRYPTO="-lcrypto"], [])
- 	    ])
- 	else
- 	    LIBCRYPTO="-l${CRYPTO}"
--- 
-2.17.1
-
diff --git a/package/netsnmp/0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch b/package/netsnmp/0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch
new file mode 100644
index 0000000000..0829042128
--- /dev/null
+++ b/package/netsnmp/0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch
@@ -0,0 +1,39 @@
+From 8e273c688aa235ed9c68570a700d31596bac14df Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@micronovasrl.com>
+Date: Mon, 15 Oct 2018 19:07:05 +0200
+Subject: [PATCH 1/2] configure: fix AC_CHECK_FUNCS(EVP_sha224 EVP_sha384 ...)
+ failure on static linking
+
+If building as static lib, AC_CHECK_FUNCS(EVP_sha224 EVP_sha384 ...)
+fails due to missing -lz in $LIBS.
+At the moment, $LIBS contains $LIBCRYPTO only discarding previous $LIBS
+content.
+
+Add $LIBS to:
+LIBS="$LIBCRYPTO"
+as:
+LIBS="$LIBCRYPTO $LIBS"
+This way $LIBS will contain -lz at the end of linking command that in
+static linking build is mandatory.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
+---
+ configure.d/config_os_libs2 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
+index 81788a209..93044000b 100644
+--- a/configure.d/config_os_libs2
++++ b/configure.d/config_os_libs2
+@@ -321,7 +321,7 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
+             AC_DEFINE(HAVE_LIBCRYPTO, 1,
+                 [Define to 1 if you have the OpenSSL library (-lcrypto or -leay32).])
+             netsnmp_save_LIBS="$LIBS"
+-            LIBS="$LIBCRYPTO"
++            LIBS="$LIBCRYPTO $LIBS"
+             AC_CHECK_FUNCS([AES_cfb128_encrypt]dnl
+                            [EVP_sha224        EVP_sha384        ]dnl
+                            [EVP_MD_CTX_create EVP_MD_CTX_destroy]dnl
+-- 
+2.17.1
+
diff --git a/package/netsnmp/0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch b/package/netsnmp/0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
new file mode 100644
index 0000000000..a731f25761
--- /dev/null
+++ b/package/netsnmp/0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
@@ -0,0 +1,39 @@
+From 1ab6e3fc3cf61fa5a7b7363e59095e868474524b Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@micronovasrl.com>
+Date: Mon, 15 Oct 2018 19:34:26 +0200
+Subject: [PATCH 2/2] configure: fix AC_CHECK_FUNCS(TLS_method TLSv1_method
+ ...) failure on static linking
+
+If building as static lib, AC_CHECK_FUNCS(TLS_method TLSv1_method ...)
+fails due to missing -lz in $LIBS.
+At the moment, $LIBS contains "-lssl $LIBCRYPTO" only discarding
+previous $LIBS content.
+
+Add $LIBS to:
+LIBS="-lssl $LIBCRYPTO"
+as:
+LIBS="-lssl $LIBCRYPTO $LIBS"
+This way $LIBS will contain -lz at the end of linking command that in
+static linking build is mandatory.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
+---
+ configure.d/config_os_libs2 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
+index 93044000b..c811c63ec 100644
+--- a/configure.d/config_os_libs2
++++ b/configure.d/config_os_libs2
+@@ -349,7 +349,7 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then
+             LIBS="$netsnmp_save_LIBS"
+         fi
+         netsnmp_save_LIBS="$LIBS"
+-        LIBS="-lssl $LIBCRYPTO"
++        LIBS="-lssl $LIBCRYPTO $LIBS"
+         AC_CHECK_FUNCS([TLS_method TLSv1_method DTLS_method DTLSv1_method]dnl
+                        [SSL_library_init SSL_load_error_strings])
+         LIBS="$netsnmp_save_LIBS"
+-- 
+2.17.1
+
-- 
2.17.1

[Buildroot] [PATCH] netsnmp: improve linking avoiding useless -lz listing in shared build

[Peter Korsgaard]

>>>>> "Giulio" == Giulio Benetti <giulio.benetti@micronovasrl.com> writes:

 > In commit:
 > https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
 > Patch "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
 > was intended to fix AC_CHECK_FUNCS() failure on openssl functions. This
 > was due to missing -lz during static linking.
 > But the patch is wrong and results in explicitly linking against -lz in
 > both shared and static build.
 > This makes no sense, since shared linking has transitive dependency so
 > it doesn't need to list -lz after -lssl, -lssl is enough.
 > Differently static linking needs -lz to be listed after -lssl.

 > So the real cause of previous build failure:
 > http://autobuild.buildroot.net/results/881/881139fb049738b16609d39ad5a49bd77ff6b4aa/
 > is that when AC_CHECK_FUNCS(), $LIBS variable is overwritten with
 > $LIBCRYPTO without taking into accout previous $LIBS content(i.e. where
 > -lz is present). This results in AC_CHEC_FUNCS() to fail while trying to
 > statically link without listing -lz.

 > Then:
 > - Remove current "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
 > - Add patch "0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch"
 >   where add $LIBS content to tail of new $LIBS variable like this:
 >   LIBS="$LIBCRYPTO $LIBS"
 >   NOTE: $LIBS is at the end to ensure static linking to work correctly.
 > - Add patch 0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
 >   where add $LIBS content to tail of new $LIBS variable like this:
 >   LIBS="-lssl $LIBCRYPTO $LIBS"
 >   NOTE: $LIBS is at the end to ensure static linking to work correctly.

 > This way AC_CHECK_FUNCS(), when static linking, try to link with -lz too
 > appending it at the end of linking library list.
 > And after every AC_CHECK_FUNCS(), previously saved $LIBS variable gets
 > back to its original value(i.e. containing -lz if present) resulting in
 > having or not -lz appended to library list according to static or
 > shared build.

 > Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [git commit] netsnmp: fix static build failure due to missing -lssl and -lz

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > commit: https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
 > branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

 > During configure some checking needing -lssl and -lz don't have them
 > appended to linker tail. Since we are building static this leads to
 > configure failure because of mandatory functions lack produces:
 > "configure: error: The DTLS based transports require the libssl library
 > from OpenSSL to be available and support DTLS"

 > - Add 1 patch to fix -lssl lack in configure and .ac modules:
 > upstreamed: https://sourceforge.net/p/net-snmp/code/ci/bd59be8e4e339870a1400f6866a7b73ca11f6460/
 > - Add 2 patches to fix -lz lack in configure and .ac modules:
 > 1 upstreamed: https://sourceforge.net/p/net-snmp/code/ci/13da2bcde8e22dd0127a668374fdf79bed04d353/
 > 1 in Merge Request: https://sourceforge.net/p/net-snmp/code/merge-requests/19/
 > - Add NETSNMP_AUTORECONF = YES

Committed to 2018.02.x and 2018.08.x, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH] netsnmp: improve linking avoiding useless -lz listing in shared build

[Peter Korsgaard]

>>>>> "Giulio" == Giulio Benetti <giulio.benetti@micronovasrl.com> writes:

 > In commit:
 > https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
 > Patch "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
 > was intended to fix AC_CHECK_FUNCS() failure on openssl functions. This
 > was due to missing -lz during static linking.
 > But the patch is wrong and results in explicitly linking against -lz in
 > both shared and static build.
 > This makes no sense, since shared linking has transitive dependency so
 > it doesn't need to list -lz after -lssl, -lssl is enough.
 > Differently static linking needs -lz to be listed after -lssl.

 > So the real cause of previous build failure:
 > http://autobuild.buildroot.net/results/881/881139fb049738b16609d39ad5a49bd77ff6b4aa/
 > is that when AC_CHECK_FUNCS(), $LIBS variable is overwritten with
 > $LIBCRYPTO without taking into accout previous $LIBS content(i.e. where
 > -lz is present). This results in AC_CHEC_FUNCS() to fail while trying to
 > statically link without listing -lz.

 > Then:
 > - Remove current "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
 > - Add patch "0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch"
 >   where add $LIBS content to tail of new $LIBS variable like this:
 >   LIBS="$LIBCRYPTO $LIBS"
 >   NOTE: $LIBS is at the end to ensure static linking to work correctly.
 > - Add patch 0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
 >   where add $LIBS content to tail of new $LIBS variable like this:
 >   LIBS="-lssl $LIBCRYPTO $LIBS"
 >   NOTE: $LIBS is at the end to ensure static linking to work correctly.

 > This way AC_CHECK_FUNCS(), when static linking, try to link with -lz too
 > appending it at the end of linking library list.
 > And after every AC_CHECK_FUNCS(), previously saved $LIBS variable gets
 > back to its original value(i.e. containing -lz if present) resulting in
 > having or not -lz appended to library list according to static or
 > shared build.

 > Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>

Committed to 2018.02.x and 2018.08.x, thanks.

-- 
Bye, Peter Korsgaard