forked from pool/libressl
Jan Engelhardt
73a40de88d
OBS-URL: https://build.opensuse.org/package/show/security:tls/libressl?expand=0&rev=63
77 lines
3.3 KiB
Diff
77 lines
3.3 KiB
Diff
From: Jan Engelhardt <jengelh@inai.de>
|
|
Date: 2020-10-21 10:27:09.816637061 +0200
|
|
|
|
Exports should be _versioned_. Without a version on libressl symbols, this could happen:
|
|
|
|
a) given a function call to libressl SSL_CTX_new in source, the linker
|
|
will emit "SSL_CTX_new" into the executable
|
|
b) assuming the final program somehow loads both libressl and openssl,
|
|
the dynamic loader could resolve "SSL_CTX_new" to SSL_CTX_new@@OPENSSL_1.1.0
|
|
|
|
-> usually crash because something was initialized in one library
|
|
but not in the other
|
|
|
|
If libressl.so has versioned exports,
|
|
|
|
a) the linker emits "SSL_CTX_new@@LIBRESSL"
|
|
b) the dynamic loader is required to look for SSL_CTX_new@@LIBRESSL
|
|
and cannot satisfy it with SSL_CTX_new@@OPENSSL.
|
|
|
|
---
|
|
crypto/Makefile.am | 7 +++++--
|
|
ssl/Makefile.am | 5 +++++
|
|
tls/Makefile.am | 6 +++++-
|
|
3 files changed, 15 insertions(+), 3 deletions(-)
|
|
|
|
Index: libressl-3.8.2/crypto/Makefile.am
|
|
===================================================================
|
|
--- libressl-3.8.2.orig/crypto/Makefile.am
|
|
+++ libressl-3.8.2/crypto/Makefile.am
|
|
@@ -62,8 +62,11 @@ libcrypto_la_objects.mk: Makefile
|
|
| sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \
|
|
>> libcrypto_la_objects.mk
|
|
|
|
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
|
|
-EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym
|
|
+crypto2.sym: crypto_portable.sym
|
|
+ (echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@
|
|
+
|
|
+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -Wl,--version-script=crypto2.sym
|
|
+EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym crypto2.sym
|
|
EXTRA_libcrypto_la_DEPENDENCIES += libcrypto_la_objects.mk
|
|
libcrypto_la_LIBADD = libcompat.la
|
|
if !HAVE_EXPLICIT_BZERO
|
|
Index: libressl-3.8.2/ssl/Makefile.am
|
|
===================================================================
|
|
--- libressl-3.8.2.orig/ssl/Makefile.am
|
|
+++ libressl-3.8.2/ssl/Makefile.am
|
|
@@ -35,6 +35,11 @@ remove_bs_objects: libssl.la
|
|
|
|
libssl_la_CPPFLAGS = -I$(top_srcdir)/ssl/hidden ${AM_CPPFLAGS}
|
|
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym
|
|
+ssl2.sym: ssl.sym
|
|
+ (echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@
|
|
+
|
|
+libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -Wl,--version-script=ssl2.sym
|
|
+EXTRA_libssl_la_DEPENDENCIES += ssl.sym ssl2.sym
|
|
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)
|
|
libssl_la_LIBADD += $(libcompat_la_objects)
|
|
libssl_la_LIBADD += $(libcompatnoopt_la_objects)
|
|
Index: libressl-3.8.2/tls/Makefile.am
|
|
===================================================================
|
|
--- libressl-3.8.2.orig/tls/Makefile.am
|
|
+++ libressl-3.8.2/tls/Makefile.am
|
|
@@ -19,7 +19,11 @@ libtls_la_objects.mk: Makefile
|
|
| sed -e 's/ *$$//' -e 's/ */ $$\(abs_top_builddir\)\/tls\//g' \
|
|
> libtls_la_objects.mk
|
|
|
|
-libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
|
|
+tls2.sym: tls.sym
|
|
+ (echo 'LIBRESSL { global: '; sed -e 's/\(.*\)/\1;/' <$<; echo 'local: *; };') >$@
|
|
+
|
|
+libtls_la_DEPENDENCIES = tls2.sym
|
|
+libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -Wl,--version-script=tls2.sym
|
|
|
|
if ENABLE_LIBTLS_ONLY
|
|
libtls_la_LIBADD = $(libcrypto_la_objects)
|