[gnutls-devel] Symbol versioning in gnutls broken -> crashes

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat May 24 09:36:27 CEST 2014 

On Sat, 2014-05-24 at 08:58 +0200, Andreas Metzler wrote:
> Hello,
> 
> GnuTLS symbol versioning apparently does not fullfill its main
> purpose, to allow a binary to link against gnutls 2.x and gnutls 3.x
> without crashing.
> This is a pretty common screnario for distributions in a transition
> period, where you go from:
> scenario1
> application --depends_on--> libgnutls.so.26
>             `-depends_on--> libbar.so.5 --dep_on--> libgnutls.so.26
> to
> scenario2
> application --depends_on--> libgnutls.so.26
>             `-depends_on--> libbar.so.5 --dep_on--> libgnutls.so.28
> at some point of time, since you cannot switch the whole distro at one
> point. Especially for the GnuTLS transition, since this is not just a
> straight rebuild but involves checking the source's gcrypt related
> code.
> Usually symbol-versioning would cause any references to gnutls to be
> resolved to GnuTLS 2.x in both of the abovementioned cases, libbar's
> to GnuTLS 2.x or 3.x respectively. However e.g. gnutls_init() is
> versioned as @1.4 in both gnutls versions, therefore in scenario2
> application could also get gnutls_init() from GnuTLS 3.x.
[...]
> Fixing this in gnutls' source is pretty easy: In gnutls.map move the
> contents of GNUTLS_1_4, GNUTLS_2_8, GNUTLS_2_10 and GNUTLS_2_12 to
> GNUTLS_3_0_0. However it breaks the ABI, everything linking against
> gnutls3 will need to be rebuilt after the change.

I think symbol versioning is pretty good for libc and stateless
functions but cannot do much when there are internal structures involved
like in gnutls. 

I believe nevertheless that the way gnutls uses symbol versioning is the
recommended way for all libraries. As I understand from your suggestion
here, is to change symbol versioning on every major version bump? I
could consider that for the next soname bump (not soon) but
unfortunately the ABI cannot be broken now as there have been quite many
releases in the 3.x series. Is there a reason to keep the old gnutls
version? The API's are compatible and old programs need only to be
recompiled with the new library.

regards,
Nikos

More information about the Gnutls-devel mailing list