Summary: | dev-libs/openssl add versioned symbols from Debian | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Karel Kočí <citrisin> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | sam, viklevin2 |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/10568 https://bugs.gentoo.org/show_bug.cgi?id=771621 https://bugs.gentoo.org/show_bug.cgi?id=547444 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Karel Kočí
2018-12-04 20:56:35 UTC
Github pull request: https://github.com/gentoo/gentoo/pull/10568 The patch was created by somebody for openssl-1.0.2d. The patch adds version scripts with 'local: *'. This results in hiding all symbols not hardcoded in global section in version scripts. It would be good to check which (if any) symbols exactly are hidden by this patch. You can see list of symbols in `readelf -sW ${library}`. Beside above, if versioning is made conditional on a USE flag, then after enabling this USE flag and rebuilding of reverse dependencies, disabling of this USE flag breaks ABI for reverse dependencies, so there would have to be a noticeable warning for users. (Something using 'if has_version "dev-libs/openssl[versioned]" check.) Instead of hiding all symbols not hardcoded in other nodes (e.g. OPENSSL_1.0.2), it would be better to create a new node without explicit version (called e.g. OPENSSL) and use 'global: *' there. Example for people not familiar with version scripts: (libA.so represents library not using version script. libB.so represents library using version script with 'local: *'. libC.so represents library using version script with 'global: *' in new node.) $ cat libB.symbols XXX_1.0 { global: myfunction1; local: *; }; $ cat libC.symbols XXX_1.0 { global: myfunction1; }; XXX { global: *; }; $ gcc -shared -fPIC -o libA.so -x c - <<< "int myfunction1() {return 1;} int myfunction2() {return 2;}" $ gcc -shared -fPIC -o libB.so -x c - <<< "int myfunction1() {return 1;} int myfunction2() {return 2;}" -Wl,--version-script=libB.symbols $ gcc -shared -fPIC -o libC.so -x c - <<< "int myfunction1() {return 1;} int myfunction2() {return 2;}" -Wl,--version-script=libC.symbols $ strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version libA.so libB.so libC.so $ readelf -sW libA.so | grep myfunction 6: 000000000000115a 50 FUNC GLOBAL DEFAULT 11 myfunction2 9: 0000000000001128 50 FUNC GLOBAL DEFAULT 11 myfunction1 $ readelf -sW libB.so | grep myfunction 6: 0000000000001128 50 FUNC GLOBAL DEFAULT 12 myfunction1@@XXX_1.0 $ readelf -sW libC.so | grep myfunction 6: 000000000000115a 50 FUNC GLOBAL DEFAULT 12 myfunction2@@XXX 11: 0000000000001128 50 FUNC GLOBAL DEFAULT 12 myfunction1@@XXX_1.0 $ gcc -c -o test.o -x c - <<< "int myfunction1(); int myfunction2(); int main() {return myfunction1() + myfunction2();}" $ gcc -o testA test.o -Wl,-rpath,. -L. -lA $ gcc -o testB test.o -Wl,-rpath,. -L. -lB /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: test.o: in function `main': :(.text+0x2a): undefined reference to `myfunction2' collect2: error: ld returned 1 exit status $ gcc -o testC test.o -Wl,-rpath,. -L. -lC $ strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version testA testC $ readelf -sW testA | grep myfunction 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND myfunction1 6: 0000000000000000 0 FUNC GLOBAL DEFAULT UND myfunction2 $ readelf -sW testC | grep myfunction 5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND myfunction2@XXX (4) 7: 0000000000000000 0 FUNC GLOBAL DEFAULT UND myfunction1@XXX_1.0 (5) I am sorry for my delay. I was busy with christmass and such.. I added check to package pretend phase. I hope that that is what you wanted as a notice. I added new version for slot 1.0.0. I also changed used patch to Ubuntu one. That one is what is really required for games and such and has correct version markings. It was also updated with newer version (g). I changed local to version-less global. It should not break even if patch is updated to new version because if there is some symbol that was not versioned and now is than the old version-less should be still present. That of course require manual edit of Ubuntu patch every time we want to update it but that is future problem. |