From f3cfa3c3df9f8d4354a44ea168de86bf526b7d3f Mon Sep 17 00:00:00 2001

From: "Vladimir D. Seleznev" <vseleznv@altlinux.org>

Date: Sun, 1 Nov 2020 21:37:46 +0300

Subject: [PATCH] SUSE: extra symver

From: Jan Engelhardt <jengelh@inai.de>

Date: 2020-10-21 10:27:09.816637061 +0200

Exports should be _versioned_. Without a version on libressl symbols, this could happen:

a) given a function call to libressl SSL_CTX_new in source, the linker

   will emit "SSL_CTX_new" into the executable

b) assuming the final program somehow loads both libressl and openssl,

   the dynamic loader could resolve "SSL_CTX_new" to SSL_CTX_new@@OPENSSL_1.1.0

   -> usually crash because something was initialized in one library

      but not in the other

If libressl.so has versioned exports,

a) the linker emits "SSL_CTX_new@@LIBRESSL"

b) the dynamic loader is required to look for SSL_CTX_new@@LIBRESSL

   and cannot satisfy it with SSL_CTX_new@@OPENSSL.

---

 libressl/crypto/Makefile.am | 7 +++++--

 libressl/ssl/Makefile.am    | 6 +++++-

 libressl/tls/Makefile.am    | 6 +++++-

 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/libressl/crypto/Makefile.am b/libressl/crypto/Makefile.am

index 3939802..0a07f4c 100644

--- a/libressl/crypto/Makefile.am

+++ b/libressl/crypto/Makefile.am

@@ -126,8 +126,11 @@ libcrypto_la_objects.mk: Makefile

 	  | sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \

 	  >> libcrypto_la_objects.mk

-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym

-EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym

+crypto2.sym: crypto_portable.sym

+	(echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@

+

+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -Wl,--version-script=crypto2.sym

+EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym crypto2.sym

 EXTRA_libcrypto_la_DEPENDENCIES += libcrypto_la_objects.mk

 libcrypto_la_LIBADD = libcompat.la

 if !HAVE_EXPLICIT_BZERO

diff --git a/libressl/ssl/Makefile.am b/libressl/ssl/Makefile.am

index d27e2af..fa44c02 100644

--- a/libressl/ssl/Makefile.am

+++ b/libressl/ssl/Makefile.am

@@ -32,7 +32,11 @@ remove_bs_objects: libssl.la

 	    bs_ber.o bs_cbb.o bs_cbs.o

 libssl_la_CPPFLAGS = -I$(top_srcdir)/ssl/hidden ${AM_CPPFLAGS}

-libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym

+ssl2.sym: ssl.sym

+	(echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@

+

+libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -Wl,--version-script=ssl2.sym

+EXTRA_libssl_la_DEPENDENCIES += ssl.sym ssl2.sym

 libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)

 libssl_la_LIBADD += libbs.la

diff --git a/libressl/tls/Makefile.am b/libressl/tls/Makefile.am

index 03fef6b..5c8c3f3 100644

--- a/libressl/tls/Makefile.am

+++ b/libressl/tls/Makefile.am

@@ -19,7 +19,11 @@ libtls_la_objects.mk: Makefile

 	  | sed 's/  */ $$\(abs_top_builddir\)\/tls\//g' \

 	  > libtls_la_objects.mk

-libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym

+tls2.sym: tls.sym

+	(echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@

+

+libtls_la_DEPENDENCIES = tls2.sym

+libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -Wl,--version-script=tls2.sym

 libtls_la_LIBADD = $(libcrypto_la_objects)

 libtls_la_LIBADD += $(libcompat_la_objects)

 libtls_la_LIBADD += $(libcompatnoopt_la_objects)

-- 

2.33.7