Hi folks, openssl has evolved to a very important library in Linux distribution. A lot of cryptographic applications link to it including system libraries like pam modules and apache modules. Now it becomes more and more difficult to get all the binaries and libraries to link to the same version of openssl. This leads to situations where an application uses some libraries where on links to openssl 0.9.7 and another one to version 0.9.8. Since the symbols of the libraries are not yet versioned this leads to severe segfaults.
For the Debian project we want to introduce symbol versioning like it is
done not only in glibc. Since we want to maintain binary compatibility
with as much other distributions we want to coordinate this work with
you. At this time I only have contact addresses to a few maintainers.
We propose that we version all exported symbols for openssl 0.9.8 with
with the label OPENSSL_0.9.8, like glibc has the label GLIBC_2.0 etc.
For that to happen I introduced a version script openssl.ld with the
following contents:
OPENSSL_0.9.8 {
global:
*;
};
It has to be in the toplevel directory and in the engines directory.
The SHARED_LDFLAGS get the additional options
-Wl,--version-script=openssl.ld
I will come with a proper patch soon.
Please lets discuss this proposal and some detailed questions.
What do you think of it? Would you include this change in you
distribution? Does upstream include it too?
Is it ok to tag all (*) symbols with this version or should there be a
more complex version script?
What about symbol versioning of openssl 0.9.7? (Debian includes both
versions for compatibility reasons in the current unstable distro.)
Christoph
--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: [EMAIL PROTECTED]
Telefon: +49-6131-3926337
signature.asc
Description: OpenPGP digital signature
