On Sun, Jul 13, 2014 at 02:02:18PM +0200, Matthias Urlichs wrote: > Hi, > > Bernhard R. Link: > > * Mike Hommey <m...@glandium.org> [140713 12:55]: > > > Contrary to what you seem to believe, this only really works if *both* > > > libraries have versioned symbols. Otherwise, you can end up with > > > libraries linked against the unversioned one using symbols from the > > > versioned one at run time when both are loaded in the same address > > > space. > > > > Actually, "both having versioned symbols" is not enough. > > It is either "both must always have had versioned symbols" or > > "both must have versioned symbols now and every binary linked against > > either must have been built (or rebuilt) after the symbols got > > versioned". > > > Bah. Thanks for the correction. > > However, it seems that the current OpenSSL package _does_ have > fully-versioned symbols, at least if I understand "objdump -T" > correctly. > > So the situation may not be as dire as this thread suggests.
Well, it kind of is. Because those versioned symbols in openssl come from a debian patch, afaict. So while debian may be fine (as long as all build-rdeps have been rebuilt since openssl got those versioned symbols), other distros aren't covered, as well as binaries not compiled on debian. Mike -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140713134837.ga18...@glandium.org
