On 07/13/2014 09:48 PM, Mike Hommey wrote: > On Sun, Jul 13, 2014 at 02:02:18PM +0200, Matthias Urlichs wrote: >> Hi, >> >> Bernhard R. Link: >>> * Mike Hommey <m...@glandium.org> [140713 12:55]: >>>> Contrary to what you seem to believe, this only really works if *both* >>>> libraries have versioned symbols. Otherwise, you can end up with >>>> libraries linked against the unversioned one using symbols from the >>>> versioned one at run time when both are loaded in the same address >>>> space. >>> >>> Actually, "both having versioned symbols" is not enough. >>> It is either "both must always have had versioned symbols" or >>> "both must have versioned symbols now and every binary linked against >>> either must have been built (or rebuilt) after the symbols got >>> versioned". >>> >> Bah. Thanks for the correction. >> >> However, it seems that the current OpenSSL package _does_ have >> fully-versioned symbols, at least if I understand "objdump -T" >> correctly. >> >> So the situation may not be as dire as this thread suggests. > > Well, it kind of is. Because those versioned symbols in openssl come > from a debian patch, afaict. So while debian may be fine (as long as all > build-rdeps have been rebuilt since openssl got those versioned > symbols), other distros aren't covered, as well as binaries not > compiled on debian.
Why should we care about other distros? Do they have an impact on us? Thomas -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53c29896.9050...@debian.org
