| 1 |
Quoting Piotr Kalinowski: |
| 2 |
>The point is that apps are linked against libcrypt.so.0.9.6 for |
| 3 |
instance. |
| 4 |
>So when you replace it with *.so.0.9.7, the linker cannot find 0.9.6 |
| 5 |
>version. Dynamic linking makes it unnecessary for you to recompile |
| 6 |
>everything after upgrading from 0.9.7 to 0.9.7d, because even though |
| 7 |
the |
| 8 |
>file version changes, it's name (or at least a name of symbolic link |
| 9 |
and |
| 10 |
>binary interface) doesn't change and the linker can find it, load it |
| 11 |
and |
| 12 |
>app can use it. |
| 13 |
|
| 14 |
Right. So therefore the revdep-rebuild command is only useful (as |
| 15 |
relates to the openssl update) if one updates from openssl-0.9.6x to the |
| 16 |
0.9.7x series. And as I recall, the ebuild tells you as much. |
| 17 |
|
| 18 |
The question I was trying to ask, though, is how to tell what is |
| 19 |
*statically* compiled with a given library, openssl in this case. Those |
| 20 |
will need to be recompiled *every* time there is an upgrade to the |
| 21 |
library, if you want the newer version to be used. And in the case of |
| 22 |
security related upgrades, you do :). An example is that people who use |
| 23 |
apache-1.x with mod_ssl. Mod_ssl needs to be recompiled to use the |
| 24 |
newer openssl. What else does? |
| 25 |
|
| 26 |
-Joel Osburn |
| 27 |
|
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-security@g.o mailing list |
Archives