NetBSD Problem Report #56838
From dholland@netbsd.org Sun May 15 05:21:15 2022
Return-Path: <dholland@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 7E8381A921F
for <gnats-bugs@gnats.NetBSD.org>; Sun, 15 May 2022 05:21:15 +0000 (UTC)
Message-Id: <20220515052114.EA4A784F45@mail.netbsd.org>
Date: Sun, 15 May 2022 05:21:14 +0000 (UTC)
From: dholland@NetBSD.org
Reply-To: dholland@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: namespace pollution in static libcrypt
X-Send-Pr-Version: 3.95
>Number: 56838
>Category: lib
>Synopsis: namespace pollution in static libcrypt
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: lib-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun May 15 05:25:00 +0000 2022
>Closed-Date: Sun May 15 17:16:58 +0000 2022
>Last-Modified: Sun May 15 17:16:58 +0000 2022
>Originator: David A. Holland
>Release: NetBSD 9.99.96 (20220514)
>Organization:
>Environment:
System: n/a
Architecture: x86_64
Machine: amd64
>Description:
The MKARGON2 files in libcrypt contain unprotected identifier names
that conflict with the application namespace and are fairly likely to
conflict with actual application symbols:
obj.amd64/libcrypt.a:encoding.o:0000000000000b8c T b64len
obj.amd64/libcrypt.a:encoding.o:00000000000002e8 T decode_string
obj.amd64/libcrypt.a:encoding.o:0000000000000537 T encode_string
obj.amd64/libcrypt.a:encoding.o:0000000000000bda T numlen
obj.amd64/libcrypt.a:core.o:0000000000000121 T allocate_memory
obj.amd64/libcrypt.a:core.o:00000000000003de T clear_internal_memory
obj.amd64/libcrypt.a:core.o:000000000000009a T copy_block
obj.amd64/libcrypt.a:core.o:0000000000000811 T fill_first_blocks
obj.amd64/libcrypt.a:core.o:0000000000000624 T fill_memory_blocks
obj.amd64/libcrypt.a:core.o:00000000000003f3 T finalize
obj.amd64/libcrypt.a:core.o:0000000000000184 T free_memory
obj.amd64/libcrypt.a:core.o:0000000000000572 T index_alpha
obj.amd64/libcrypt.a:core.o:000000000000002b T init_block_value
obj.amd64/libcrypt.a:core.o:0000000000000926 T initial_hash
obj.amd64/libcrypt.a:core.o:0000000000000936 T initialize
obj.amd64/libcrypt.a:core.o:0000000000000000 T secure_wipe_memory
obj.amd64/libcrypt.a:core.o:00000000000006cf T validate_inputs
obj.amd64/libcrypt.a:core.o:000000000000010a T xor_block
obj.amd64/libcrypt.a:ref.o:00000000000008b5 T fill_segment
In the shared library these are hidden away with ELF visibility, but
they can't just be left sitting here in the static library. This has
caused at least one package build failure (PR 56684) and will cause
all kinds of havoc for statically-linked programs.
>How-To-Repeat:
make; nm -o
>Fix:
Apply underscores.
Because it only affects the static lib, it's not absolutely critical
to get this fixed before -10 branches, but it would still not be good
to ship -10 this way.
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56838 CVS commit: src/lib/libcrypt
Date: Sun, 15 May 2022 12:25:09 -0400
Module Name: src
Committed By: christos
Date: Sun May 15 16:25:09 UTC 2022
Modified Files:
src/lib/libcrypt: Makefile
Added Files:
src/lib/libcrypt: namespace.h
Log Message:
PR/56838: David A. Holland: namespace pollution in static libcrypt
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/lib/libcrypt/Makefile
cvs rdiff -u -r0 -r1.1 src/lib/libcrypt/namespace.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 15 May 2022 17:16:58 +0000
State-Changed-Why:
fixed, thanks
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.