[Pkg-openldap-devel] Package status

Steve Langasek vorlon at debian.org
Tue Jun 5 23:21:34 UTC 2007 

On Tue, Jun 05, 2007 at 10:39:12AM -0700, Russ Allbery wrote:
> Steve Langasek <vorlon at debian.org> writes:
> > On Sun, Jun 03, 2007 at 03:04:28PM -0700, Russ Allbery wrote:

> >> We should probably talk about whether it would help anything with all
> >> our important bugs about SSL/TLS problems to add symbol versioning to
> >> libldap, at least the 2.3 version (I don't really want to touch the 2.1
> >> packages very badly).

> > I think that we should, for 2.3.  Adding symbol versioning to libldap2
> > is only going to help if we think libldap2 will still be with us when
> > lenny releases (or if we think it's important enough to resolve right
> > now for unstable), since the symbols will only benefit software that's
> > rebuilt against the new version of libldap2.

> If we add symbol versioning only to 2.3 but not to libldap2, will that
> help at all in resolving the weird problems we're seeing around TLS?  Or
> do both of them have to be versioned to get much benefit?

No, it won't.

Proper symbol resolution is deterministic, although not particularly
obvious.  If you have one library with symbol versioning and one without,
the one without symbol versions has to be loaded first so that it's first in
ld.so's search path, since the users of that library will accept the named
symbol with any or version information.  The first copy to be loaded is the
one that the application links against directly; NSS plugins will be loaded
later.

So for the case of slapd+nss_ldap, libldap-2.3-0 is loaded first at start-up
(so its symbol versions don't matter), then nss_ldap is loaded at the point
of the first NSS call and gets all of its symbol references resolved against
the first, incompatible libldap-2.3-0.

> I'm guessing upstream isn't going to be horribly thrilled with the idea of
> symbol versioning, although I could be wrong.

Well, upstream is using libtool, so it should be a no-fuss matter to drop in
support for symbol versioning on those platforms that support it without
disrupting those that don't.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

More information about the Pkg-openldap-devel mailing list