Re: Does removal of global variables from a library break C ABI?

[Paul Wise]

On Wed, 2023-01-18 at 09:33 -0500, Scott Talbert wrote:

> Thanks Russ and Peter.  I didn't find any usage of these symbols, but I 
> did sadly find a lot of bundled copies of this library in the archive.  :(

It might be worth asking the upstreams to remove the copies and
registering the existing copies with the Debian security team.

https://wiki.debian.org/EmbeddedCopies

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: Does removal of global variables from a library break C ABI?

[Scott Talbert]

On Wed, 18 Jan 2023, Peter Pentchev wrote:


On Tue, Jan 17, 2023 at 08:03:18PM -0800, Russ Allbery wrote:

Scott Talbert  writes:


In one of the library packages I maintain (hidapi), upstream removed a
couple of global variables (my .symbols file noticed this).  See
abipkgdiff below.



Does this break ABI?  My assessment is that it does NOT, but I would
like to confirm.  These variables were not declared in a header file, so
I can't see how external user code would have referenced them.


It does technically, but if the variables were never declared in a header
file, it's equivalent to hiding private functions that were previously
exposed by mistake but never prototyped for users.  Traditionally, we
don't consider that an ABI break worth bumping the soname unless we have
some reason to believe that software is using those symbols.


JFTR (I'm pretty sure that both Scott and Russ know this),
https://sources.debian.org/ can help one figure out whether some other
Debian package uses them.


Thanks Russ and Peter.  I didn't find any usage of these symbols, but I 
did sadly find a lot of bundled copies of this library in the archive.  :(


Scott

Re: Does removal of global variables from a library break C ABI?

[Peter Pentchev]

On Tue, Jan 17, 2023 at 08:03:18PM -0800, Russ Allbery wrote:
> Scott Talbert  writes:
> 
> > In one of the library packages I maintain (hidapi), upstream removed a
> > couple of global variables (my .symbols file noticed this).  See
> > abipkgdiff below.
> 
> > Does this break ABI?  My assessment is that it does NOT, but I would
> > like to confirm.  These variables were not declared in a header file, so
> > I can't see how external user code would have referenced them.
> 
> It does technically, but if the variables were never declared in a header
> file, it's equivalent to hiding private functions that were previously
> exposed by mistake but never prototyped for users.  Traditionally, we
> don't consider that an ABI break worth bumping the soname unless we have
> some reason to believe that software is using those symbols.

JFTR (I'm pretty sure that both Scott and Russ know this),
https://sources.debian.org/ can help one figure out whether some other
Debian package uses them.

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.net r...@debian.org p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature

Re: Does removal of global variables from a library break C ABI?

[Russ Allbery]

Scott Talbert  writes:

> In one of the library packages I maintain (hidapi), upstream removed a
> couple of global variables (my .symbols file noticed this).  See
> abipkgdiff below.

> Does this break ABI?  My assessment is that it does NOT, but I would
> like to confirm.  These variables were not declared in a header file, so
> I can't see how external user code would have referenced them.

It does technically, but if the variables were never declared in a header
file, it's equivalent to hiding private functions that were previously
exposed by mistake but never prototyped for users.  Traditionally, we
don't consider that an ABI break worth bumping the soname unless we have
some reason to believe that software is using those symbols.

-- 
Russ Allbery (r...@debian.org)