[gnutls-devel] Symbol versioning in gnutls broken -> crashes

Andreas Metzler ametzler at bebt.de
Fri Sep 12 18:22:27 CEST 2014

On 2014-09-11 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Sat, 2014-05-24 at 08:58 +0200, Andreas Metzler wrote:

>> Anyway, this causes hard crashes like in
>> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746641#37> or
>> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748742#37>.

>> Fixing this in gnutls' source is pretty easy: In gnutls.map move the
>> contents of GNUTLS_1_4, GNUTLS_2_8, GNUTLS_2_10 and GNUTLS_2_12 to
>> GNUTLS_3_0_0. However it breaks the ABI, everything linking against
>> gnutls3 will need to be rebuilt after the change. Afaiu a soname bump
>> would therefore be the correct thing.

> Hi Andreas,
>  I get back on that, as I noticed that now applications linked against
> gnutls in fedora wouldn't work in debian and vice-versa. While that may
> not be an issue in software compiled in debian for debian, it will be
> for any other software. For example I use a debian-based docker
> container to test the openconnect server, and that fails to execute the
> server if compiled in any other system. Closed source programs using
> gnutls will have the same issue.


yes, that is exactly as expected. It sucks but afaict it could not be
avoided. Fixing the symbol versioning breaks the ABI.  The arguments
for not breaking the ABI by changing the symbol-versioning in GnuTLS
upstream *now* are are the same ones as in May.

OTOH we in Debian needed to fix the symbol versioning because we
care about partial upgrades.

It will therefore continue to be broken until GnuTLS upstream bumps
the symbol-versioning (and the soname) and Debian picks up this

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list