Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

To: Matthias Urlichs <matthias@urlichs.de>
Cc: debian-devel@lists.debian.org, 754513@bugs.debian.org
Subject: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
From: Mike Hommey <mh@glandium.org>
Date: Sun, 13 Jul 2014 22:48:37 +0900
Message-id: <[🔎] 20140713134837.GA18474@glandium.org>
Mail-followup-to: Matthias Urlichs <matthias@urlichs.de>, debian-devel@lists.debian.org, 754513@bugs.debian.org
In-reply-to: <[🔎] 20140713120217.GB15420@smurf.noris.de>
References: <[🔎] 20140711220627.24261.14073.reportbug@spruce.wiehl.oeko.net> <20140712112547.GA17955@roeckx.be> <20140712115345.GA10308@spruce.wiehl.oeko.net> <[🔎] 20140712121513.GA18849@roeckx.be> <[🔎] 20140712124645.GB10308@spruce.wiehl.oeko.net> <[🔎] 53C20278.1010605@debian.org> <[🔎] 20140713061751.GA15420@smurf.noris.de> <[🔎] 20140713105459.GA16846@glandium.org> <[🔎] 20140713111133.GA6806@client.brlink.eu> <[🔎] 20140713120217.GB15420@smurf.noris.de>

On Sun, Jul 13, 2014 at 02:02:18PM +0200, Matthias Urlichs wrote:
> Hi,
> 
> Bernhard R. Link:
> > * Mike Hommey <mh@glandium.org> [140713 12:55]:
> > > Contrary to what you seem to believe, this only really works if *both*
> > > libraries have versioned symbols. Otherwise, you can end up with
> > > libraries linked against the unversioned one using symbols from the
> > > versioned one at run time when both are loaded in the same address
> > > space.
> > 
> > Actually, "both having versioned symbols" is not enough.
> > It is either "both must always have had versioned symbols" or
> > "both must have versioned symbols now and every binary linked against
> > either must have been built (or rebuilt) after the symbols got
> > versioned".
> > 
> Bah. Thanks for the correction.
> 
> However, it seems that the current OpenSSL package _does_ have
> fully-versioned symbols, at least if I understand "objdump -T"
> correctly.
> 
> So the situation may not be as dire as this thread suggests.

Well, it kind of is. Because those versioned symbols in openssl come
from a debian patch, afaict. So while debian may be fine (as long as all
build-rdeps have been rebuilt since openssl got those versioned
symbols), other distros aren't covered, as well as binaries not
compiled on debian.

Mike

Reply to:

Follow-Ups:
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Thomas Goirand <zigo@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Matthias Urlichs <matthias@urlichs.de>

References:
- Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <support@oeko.net>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <toni@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Thomas Goirand <zigo@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Mike Hommey <mh@glandium.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: "Bernhard R. Link" <brlink@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Matthias Urlichs <matthias@urlichs.de>

Prev by Date: Re: Solutions for the Apache upgrade hell
Next by Date: Bug#754703: ITP: python-vertica -- native Python client for the Vertica database
Previous by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Index(es):
- Date
- Thread