From f3cfa3c3df9f8d4354a44ea168de86bf526b7d3f Mon Sep 17 00:00:00 2001 From: "Vladimir D. Seleznev" Date: Sun, 1 Nov 2020 21:37:46 +0300 Subject: [PATCH] SUSE: extra symver From: Jan Engelhardt Date: 2020-10-21 10:27:09.816637061 +0200 Exports should be _versioned_. Without a version on libressl symbols, this could happen: a) given a function call to libressl SSL_CTX_new in source, the linker will emit "SSL_CTX_new" into the executable b) assuming the final program somehow loads both libressl and openssl, the dynamic loader could resolve "SSL_CTX_new" to SSL_CTX_new@@OPENSSL_1.1.0 -> usually crash because something was initialized in one library but not in the other If libressl.so has versioned exports, a) the linker emits "SSL_CTX_new@@LIBRESSL" b) the dynamic loader is required to look for SSL_CTX_new@@LIBRESSL and cannot satisfy it with SSL_CTX_new@@OPENSSL. --- libressl/crypto/Makefile.am | 7 +++++-- libressl/ssl/Makefile.am | 6 +++++- libressl/tls/Makefile.am | 6 +++++- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/libressl/crypto/Makefile.am b/libressl/crypto/Makefile.am index 3939802..0a07f4c 100644 --- a/libressl/crypto/Makefile.am +++ b/libressl/crypto/Makefile.am @@ -126,8 +126,11 @@ libcrypto_la_objects.mk: Makefile | sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \ >> libcrypto_la_objects.mk -libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym -EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym +crypto2.sym: crypto_portable.sym + (echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@ + +libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -Wl,--version-script=crypto2.sym +EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym crypto2.sym EXTRA_libcrypto_la_DEPENDENCIES += libcrypto_la_objects.mk libcrypto_la_LIBADD = libcompat.la if !HAVE_EXPLICIT_BZERO diff --git a/libressl/ssl/Makefile.am b/libressl/ssl/Makefile.am index d27e2af..fa44c02 100644 --- a/libressl/ssl/Makefile.am +++ b/libressl/ssl/Makefile.am @@ -32,7 +32,11 @@ remove_bs_objects: libssl.la bs_ber.o bs_cbb.o bs_cbs.o libssl_la_CPPFLAGS = -I$(top_srcdir)/ssl/hidden ${AM_CPPFLAGS} -libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym +ssl2.sym: ssl.sym + (echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@ + +libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -Wl,--version-script=ssl2.sym +EXTRA_libssl_la_DEPENDENCIES += ssl.sym ssl2.sym libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) libssl_la_LIBADD += libbs.la diff --git a/libressl/tls/Makefile.am b/libressl/tls/Makefile.am index 03fef6b..5c8c3f3 100644 --- a/libressl/tls/Makefile.am +++ b/libressl/tls/Makefile.am @@ -19,7 +19,11 @@ libtls_la_objects.mk: Makefile | sed 's/ */ $$\(abs_top_builddir\)\/tls\//g' \ > libtls_la_objects.mk -libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym +tls2.sym: tls.sym + (echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@ + +libtls_la_DEPENDENCIES = tls2.sym +libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -Wl,--version-script=tls2.sym libtls_la_LIBADD = $(libcrypto_la_objects) libtls_la_LIBADD += $(libcompat_la_objects) libtls_la_LIBADD += $(libcompatnoopt_la_objects) -- 2.33.7