BIND 9.5.1-P3 compilation problems.

bsfinkel at anl.gov bsfinkel at anl.gov
Tue Aug 11 18:12:05 UTC 2009


Emery <emery.rudolph at gmail.com> wrote:

>I've conducted two maintenance windows to upgrade our BIND primary 
>server to the new code to address the recent security vulnerability, but 
>cannot get past the error below. I have Openssl 9.8.0k installed. I have 
>no problems running tests from the openssl prompt. I have tried 
>exporting the LD_LIBRARY_PATH to include the /usr/local/ssl directory 
>and have run the compilation with the --with-openssl=/usr/local/ssl 
>switch to no avail.
>
>I am running Solaris 10 Sparc -
>
>I know that there is a precompiled version of this BIND release on 
>Sunfreeware, but I am trying to upgrade our primary nameserver and would 
>rather to this than a clean uninstall/install.
>
>Is there any insight into what wall I'm running into?
>
>
>checking for strings.h... yes
>checking for inttypes.h... yes
>checking for stdint.h... yes
>checking for unistd.h... (cached) yes
>checking for size_t... yes
>checking for ssize_t... yes
>checking for uintptr_t... yes
>checking for socklen_t... yes
>checking whether time.h and sys/time.h may both be included... yes
>checking for long long... yes
>checking for struct lifconf... no
>checking for kqueue... no
>checking epoll support... no
>checking sys/devpoll.h usability... yes
>checking sys/devpoll.h presence... yes
>checking for sys/devpoll.h... yes
>checking if unistd.h or sys/types.h defines fd_set... yes
>checking whether byte ordering is bigendian... yes
>checking for OpenSSL library... using OpenSSL from /usr/local/ssl/lib 
>and /usr/local/ssl/include
>checking whether linking with OpenSSL works... no
>configure: error: Could not run test program using OpenSSL from
>/usr/local/ssl/lib and /usr/local/ssl/include.
>Please check the argument to --with-openssl and your
>shared library configuration (e.g., LD_LIBRARY_PATH).

When I built BIND 9.6.1-P1 on Solaris 10 I used the following commands:

unsetenv LD_LIBRARY_PATH

set path=(/usr/sfw/bin/ /usr/sbin /usr/bin /usr/etc /usr/ccs/bin \
 /usr/afsws/local/bin)

./configure --prefix=/export/home/named/bind \
--sysconfdir=/export/home/named --enable-threads --localstatedir=/var \
--with-gssapi=/usr --with-libxml2=/usr

I am not sure what we have in

     /usr/afsws/local/bin

(if anything) that I need.

After the build I ran

     strings /usr/sfw/lib/libcrypto.so.0.9.7 | grep SSL

and I get, in part,

     OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
       CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339
       CVE-2006-4343 CVE-2007-5135 CVE-2008-5077 CVE-2009-0590)

I did this because I got a warning message about a back-level OpenSSL
Crypto library.  The file name has "0.9.7", but that file does contain
fixes for vulnerabilities.  This is on a

     SunOS ... 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V240

system.  Note that I used different commands when building this BIND
on a Solaris 9 system.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list