Bug#191369: marked as done ([AMENDMENT 02/05/2003] encourage packagers to systematically prevent mis-linked libraries)
Your message dated Wed, 09 Jul 2003 13:32:32 -0400
with message-id <E19aInw-0007DT-00@auric.debian.org>
and subject line Bug#191369: fixed in debian-policy 3.6.0
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Apr 2003 03:20:18 +0000
>From vorlon@netexpress.net Tue Apr 29 22:20:17 2003
Return-path: <vorlon@netexpress.net>
Received: from quetzlcoatl.dodds.net [64.22.202.19]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 19Ai8n-0000PQ-00; Tue, 29 Apr 2003 22:20:17 -0500
Received: by quetzlcoatl.dodds.net (Postfix, from userid 1000)
id 57BCA3AE0; Tue, 29 Apr 2003 22:20:14 -0500 (CDT)
Date: Tue, 29 Apr 2003 22:20:13 -0500
From: Steve Langasek <vorlon@netexpress.net>
To: submit@bugs.debian.org
Subject: [PROPOSAL] encourage packagers to systematically prevent mis-linked libraries
Message-ID: <20030430032011.GB475@quetzlcoatl.dodds.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="6zdv2QT/q3FMhpsV"
Content-Disposition: inline
User-Agent: Mutt/1.5.4i
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-24.9 required=4.0
tests=BAYES_01,HAS_PACKAGE,PATCH_UNIFIED_DIFF,PGP_SIGNATURE_2,
USER_AGENT_MUTT
autolearn=ham version=2.53-bugs.debian.org_2003_04_23
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_04_23 (1.174.2.15-2003-03-30-exp)
--6zdv2QT/q3FMhpsV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: debian-policy
Severity: wishlist
It happens with unfortunate frequency that a shared library in the
archive will be built without linking against all the other libraries it
uses symbols from. Although the glibc runtime linker is fairly
robust and can usually cope with this lack so long as the application
itself is linked against the libraries in question, there are two
specific cases where this fails.
- The library has gained a dependency without changing sonames. If the
shared library does not correctly link to the new library, existing
binaries that use the primary library will be unaware of the new
dependency and will fail to run. Bug #186042 is a recent example of
this.
- The library is dynamically loaded using dlopen(), or is linked to by
another object that is dlopen()ed. In this case, the safeguards
against unresolved symbols are not available at the time the
application is linked. In some cases, this can result in an inability
to load the DSO (#179886, which shows the problem but doesn't include
much of the diagnosis); in others, it causes segfaults (#165960).
Not linking shared libraries against the other libraries they use also
subverts the effectiveness of the shlibs system. Therefore, I believe
Policy should both be explicit about the need for such linking, and
provide recommendations to packagers that help prevent mislinked
libraries.
Below is the proposed text change to Policy. This may fit better in
chapter 9, but chapter 11 is where compile-time options are currently
discussed.
Regards,
--=20
Steve Langasek
postmodern programmer
Index: policy.sgml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/debian-policy/debian-policy/policy.sgml,v
retrieving revision 1.118
diff -u -r1.118 policy.sgml
--- policy.sgml 19 Apr 2003 10:33:14 -0000 1.118
+++ policy.sgml 30 Apr 2003 03:17:36 -0000
@@ -5731,6 +5731,19 @@
</p>
=20
<p>
+ Although not enforced by the build tools, shared libraries
+ must be linked against all libraries that they use symbols from
+ in the same way that binaries are. This ensures the correct
+ functioning of the <ref id=3D"sharedlibs-shlibdeps">shlibs</ref>
+ system and guarantees that all libraries can be safely opened
+ with <tt>dlopen()</tt>. Packagers may wish to use the gcc
+ option <tt>-Wl,-z,defs</tt> when building a shared library.
+ Since this option enforces symbol resolution at build time,
+ a missing library reference will be caught early as a fatal
+ build error.
+ </p>
+
+ <p>
All installed shared libraries should be stripped with
<example compact=3D"compact">
strip --strip-unneeded <var>your-lib</var>
--6zdv2QT/q3FMhpsV
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+r0DrKN6ufymYLloRApf8AJ9Ed4pXJXUSnJOZEgjxjtp47/9XMACeOIkQ
b1SHrcSoX6Vt8mw+c71dY+k=
=3MuT
-----END PGP SIGNATURE-----
--6zdv2QT/q3FMhpsV--
---------------------------------------
Received: (at 191369-close) by bugs.debian.org; 9 Jul 2003 17:34:51 +0000
>From katie@auric.debian.org Wed Jul 09 12:34:51 2003
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19aIqB-0005Hn-00; Wed, 09 Jul 2003 12:34:51 -0500
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
id 19aInw-0007DT-00; Wed, 09 Jul 2003 13:32:32 -0400
From: Josip Rodin <joy-packages@debian.org>
To: 191369-close@bugs.debian.org
X-Katie: $Revision: 1.34 $
Subject: Bug#191369: fixed in debian-policy 3.6.0
Message-Id: <E19aInw-0007DT-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Wed, 09 Jul 2003 13:32:32 -0400
Delivered-To: 191369-close@bugs.debian.org
We believe that the bug you reported is fixed in the latest version of
debian-policy, which is due to be installed in the Debian FTP archive:
debian-policy_3.6.0.dsc
to pool/main/d/debian-policy/debian-policy_3.6.0.dsc
debian-policy_3.6.0.tar.gz
to pool/main/d/debian-policy/debian-policy_3.6.0.tar.gz
debian-policy_3.6.0_all.deb
to pool/main/d/debian-policy/debian-policy_3.6.0_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 191369@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Josip Rodin <joy-packages@debian.org> (supplier of updated debian-policy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 9 Jul 2003 18:01:35 +0200
Source: debian-policy
Binary: debian-policy
Architecture: source all
Version: 3.6.0
Distribution: unstable
Urgency: low
Maintainer: Debian Policy List <debian-policy@lists.debian.org>
Changed-By: Josip Rodin <joy-packages@debian.org>
Description:
debian-policy - Debian Policy Manual and related documents
Closes: 169744 174982 178809 183195 187615 189306 189516 191369 191411 193903 194972 194974
Changes:
debian-policy (3.6.0) unstable; urgency=low
.
Josip:
* Restructured Policy, closes: #189306.
+ Many packaging manual appendices that were integrated into policy
sections are now empty, and replaced with links to the Policy.
In particular, the appendices that included the list of control
fields were updated (new fields like Closes, Changed-By were added)
and the list of fields for each of control, .changes and .dsc files
is now in Policy, and they're marked mandatory, recommended or
optional based on the current practice and the behaviour of the
deb-building toolchain.
+ Elimination of needlessly deep section levels, primarily in the
chapter Debian Archive, from which two new chapters were split out,
Binary packages and Source packages. What remained was reordered
properly, that is, some sect1s became sects etc.
+ Several sections that were redundant, crufty or simply not designed
with any sort of vision, were rearranged according to the formula that
everything should be either in the same place or properly interlinked.
Some things remained split up between different chapters when they
talked about different aspects of files: their content, their syntax,
and their placement in the file system. In particular, see the new
sections about changelog files.
Manoj:
* Added Games/Simulation to menu subpolicy closes: Bug#194974
* Added Apps/Education to menu subpolicy closes: Bug#194972
* [ACCEPTED]: Debian changelogs should be UTF-8 encoded. Changed the
wording from a should to a may; since a should would make an unknown
number of packages insta buggy. A reuest makes all these wishlist
bugs; we can raise the severity in a later version of policy.
closes: Bug#174982
* Added LANG=C before the debiandoc2X invocations, this ensures that the
resulting documents do not get converted to the locale on the building
machine. This answers some of the issues mentioned in Bug#175064
* [AMENDMENT 02/05/2003] encourage packagers to systematically prevent
mis-linked libraries closes: Bug#191369
* [AMENDMENT 6/6/2003] build-depends-indep need not be satisfied
during clean target. closes: Bug#191411, Bug#178809
* Fixed the fact that section 7.5.1 does not describe dpkg's true
behavior. Now added a footnote that explains that replaces is a one
way relationship. closes: Bug#183195
* Could no longer find the misspelling "seciton", thus this must have
been fixed in a previous change in the manual. closes: Bug#193903
* Fixed an incorect /usr/share/common-licences/GPL reference, ensured a
consistent spelling across the manuals. closes: Bug#189516
* Removed an extraneous > in menu policy. closes: Bug#187615
* Fixed typos, and part of the report that was deemed valid; the other
changes suggested were incorrect, or style issues. closes: Bug#169744
* updated the section numbers in the upgrading checklist
for the restructuring
Files:
0b15bf1611f90d47ad33b3cc8d7571af 795 doc optional debian-policy_3.6.0.dsc
2dff15b4752390c6e926e36485e58765 1583897 doc optional debian-policy_3.6.0.tar.gz
35e4c741ad40db4cc20e97ebaa378059 1216054 doc optional debian-policy_3.6.0_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/DEBWC1RHoiANFZYRAgh8AKCJvDJxwkYFtZCiJqEjMOKlWBig2wCgtu3p
6cyqEFQbbB0fzyeewGi+y7E=
=WloH
-----END PGP SIGNATURE-----
Reply to: