Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

To: debian-devel@lists.debian.org, 754513@bugs.debian.org
Subject: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
From: Thomas Goirand <zigo@debian.org>
Date: Sun, 13 Jul 2014 22:32:54 +0800
Message-id: <[🔎] 53C29896.9050303@debian.org>
In-reply-to: <[🔎] 20140713134837.GA18474@glandium.org>
References: <[🔎] 20140711220627.24261.14073.reportbug@spruce.wiehl.oeko.net> <20140712112547.GA17955@roeckx.be> <20140712115345.GA10308@spruce.wiehl.oeko.net> <[🔎] 20140712121513.GA18849@roeckx.be> <[🔎] 20140712124645.GB10308@spruce.wiehl.oeko.net> <[🔎] 53C20278.1010605@debian.org> <[🔎] 20140713061751.GA15420@smurf.noris.de> <[🔎] 20140713105459.GA16846@glandium.org> <[🔎] 20140713111133.GA6806@client.brlink.eu> <[🔎] 20140713120217.GB15420@smurf.noris.de> <[🔎] 20140713134837.GA18474@glandium.org>

On 07/13/2014 09:48 PM, Mike Hommey wrote:
> On Sun, Jul 13, 2014 at 02:02:18PM +0200, Matthias Urlichs wrote:
>> Hi,
>>
>> Bernhard R. Link:
>>> * Mike Hommey <mh@glandium.org> [140713 12:55]:
>>>> Contrary to what you seem to believe, this only really works if *both*
>>>> libraries have versioned symbols. Otherwise, you can end up with
>>>> libraries linked against the unversioned one using symbols from the
>>>> versioned one at run time when both are loaded in the same address
>>>> space.
>>>
>>> Actually, "both having versioned symbols" is not enough.
>>> It is either "both must always have had versioned symbols" or
>>> "both must have versioned symbols now and every binary linked against
>>> either must have been built (or rebuilt) after the symbols got
>>> versioned".
>>>
>> Bah. Thanks for the correction.
>>
>> However, it seems that the current OpenSSL package _does_ have
>> fully-versioned symbols, at least if I understand "objdump -T"
>> correctly.
>>
>> So the situation may not be as dire as this thread suggests.
> 
> Well, it kind of is. Because those versioned symbols in openssl come
> from a debian patch, afaict. So while debian may be fine (as long as all
> build-rdeps have been rebuilt since openssl got those versioned
> symbols), other distros aren't covered, as well as binaries not
> compiled on debian.

Why should we care about other distros? Do they have an impact on us?

Thomas

Reply to:

Follow-Ups:
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Steve McIntyre <steve@einval.com>

References:
- Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <support@oeko.net>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <toni@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Thomas Goirand <zigo@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Mike Hommey <mh@glandium.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: "Bernhard R. Link" <brlink@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Mike Hommey <mh@glandium.org>

Prev by Date: Bug#754703: ITP: python-vertica -- native Python client for the Vertica database
Next by Date: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Previous by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Index(es):
- Date
- Thread