1 |
Quoting Jeremy Huddleston: |
2 |
>They DO need to be recompiled if you have a newer version of the |
3 |
>dynamic lib that breaks binary compatibility but maintains API |
4 |
>compatibility (as we do here, or with libpng as another example). |
5 |
>That is why the -soname was changed. Usually, packages have the |
6 |
>-soname match lib<libname>.so.<major version> and changing |
7 |
>minor/tiny versions won't break binary incompatibility, but |
8 |
>openssl likes to use the tiny version to denote binary |
9 |
>compatibility. |
10 |
|
11 |
Right. And when you upgrade from any openssl-0.9.6x version to the |
12 |
0.9.7x series, the ebuild tells you to run revdep-rebuild to solve that |
13 |
problem. |
14 |
|
15 |
>You can't. That's why you should't use static libraries. |
16 |
|
17 |
The end user doesn't always get to choose; sometimes it's the |
18 |
developer. My understanding (my apologies if it's flawed) is that |
19 |
mod_ssl is statically compiled against openssl, so everyone using |
20 |
apache-1.x and mod_ssl needs to recompile mod_ssl after updating |
21 |
openssl. Is there anything else? And how does one know that? |
22 |
|
23 |
>you could do a 'readelf -s <exec> | grep <symbol>' on executables |
24 |
>to see if that symbol is present in the file... |
25 |
|
26 |
That's a pretty painful thing to do on every executable, but if that's |
27 |
all there is... |
28 |
|
29 |
-Joel Osburn |
30 |
|
31 |
|
32 |
-- |
33 |
gentoo-security@g.o mailing list |