[Bug 3530] New: AC_CHECK_FUNCS of libfido2 functions generate wrong results if not using pkg-config

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Feb 1 06:43:57 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3530

            Bug ID: 3530
           Summary: AC_CHECK_FUNCS of libfido2 functions generate wrong
                    results if not using pkg-config
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Build system
          Assignee: unassigned-bugs at mindrot.org
          Reporter: yzhangad at gmail.com

When autoconf uses `AC_CHECK_FUNCS` to test the existence of necessary
libfido2 functions, it appends `$LIBFIDO2` to `$LIBS`:
https://github.com/openssh/openssh-portable/blob/a20b7e999773e6333c8aa9b0a7fa41966e63b037/configure.ac#L3248.
In an environment without `pkg-config`, this makes `-lfido2 -lcbor`
appear at the end of the linker flags.

The problem of this: `libcbor` is not the only dependency of
`libfido2`: it also depends on, e.g. `libcrypto`, which is part of
OpenSSL, and that can be configured via the `--with-ssl-dir` option.
When OpenSSL and `libfido2` are built statically, the existing
`configure.ac` makes `-lcrypto` go before `-lfido2`, making the linkage
break, thus causing false negative results of `AC_CHECK_FUNCS`.

The fix should consist just of replacing `LIBS="$LIBS $LIBFIDO2"` with
`LIBS="$LIBFIDO2 $LIBS"`.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list