On 12/21/25 02:39, Никита Евсиков wrote:
I have two 32-bit *libraries libXp.so.6.2.0*: the first from my old CentOS 6.10
installation and the second from *libXp-1.0.2-2.1.el6.i686.rpm* package
downloaded from https://vault.centos.org/6.10/os/i386/Packages/
libXp-1.0.2-2.1.el6.i686.rpm <https://vault.centos.org/6.10/os/i386/Packages/
libXp-1.0.2-2.1.el6.i686.rpm>. (I need use this library (and other libraries)
because I port old 32-bit application from СentOS 6.10 to Ubuntu 22.04, and I
want «clean libs», downloaded from CentOS repository, not copied them from my
old CentOS 6.10 installation.)
So, when I compare symbols of these two libraries* libXp.so.6.2.0 *with commands
# Get symbols from my CentOS 6.10 (I use cut -c10- to ignore first 8 addr.
symbols and one space like «00001684 »)
nm -D ./CentOS_6.10/libXp.so.6.2.0 | sort | cut -c10- | tee /tmp/CentOS_6.10-
libXp.so.6.2.0.txt
# Get symbols from downloaded package (again I use cut -c10- to ignore first
8 addr. symbols and one space like «00001684 »)
nm -D ./Lib_From_RPM_Package/libXp.so.6.2.0 | sort | cut -c10- | tee /tmp/
Lib_From_RPM_Package-libXp.so.6.2.0.txt
# Compare...
diff /tmp/CentOS_6.10-libXp.so.6.2.0.txt /tmp/Lib_From_RPM_Package-
libXp.so.6.2.0.txt
I have strange difference:
85a86
> U _XEatDataWords
103d103
< U _XIOError
*So, I have two questions to you: how dangerous is this difference for correct
running of my old app and why this difference is on same versions libraries?*
_XEatDataWords is a function introduced in the security patches described on
https://www.x.org/wiki/Development/Security/Advisory-2013-05-23/
The core function was added to libX11 and became a part of the libX11 API/ABI
in the libX11 1.6 release. For the libraries like libXp built on top of libX11
their patches were written to check if the function was exported by libX11 - if
so, they link against the libX11 version; if not, they have a private local
fallback copy they call instead, which may call _XIOError. The fallback was
removed in later releases of those libraries, once libX11 1.6 was out for a
while, as seen in
https://gitlab.freedesktop.org/xorg/lib/libxp/-/commit/2b57a94231238576
from the libXp 1.0.3 release.
So it appears that of the two libraries you have, one was built to call the
function in libX11 1.6 or later, and one was built with the local fallback to
work with older versions of libX11. Both should work fine with libX11 1.6 or
later, but only the one which calls _XIOError instead of _XEatDataWords will
work with older versions of libX11 (which have the security bugs from the
above advisory, so shouldn't be used anyways).
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
