Greets,
Forgive me if this has been previously discussed; I could not find
mention of it on -users or -dev. Between 0.9.6c and 0.9.6d (and all
versions since including 0.9.6g), the make install target for shared
libraries was changed from (0.9.6c Makefile.org starting line 598):
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
[snip]
cp -f $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
To (0.9.6d Makefile.org line 658):
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
It looks like this change occurred when some Cygwin-specific install
checks were added. The removal of the -f flag means the destination
won't be unlinked first, if it exists. Since sonames (and shared
library filenames) are not changing during the 0.9.6 cycle, this results
in live, in-use libraries being overwritten with new ones, rather than
old filehandles/mmap'ed libraries keeping their reference to the old
file and new processes seeing the new ones. On systems which ship sshd
dynamically linked[1] against libcrypto, this has... undesirable
consequences :-P
Is there a reason that -f was removed, and/or not to add
rm -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
to the above before the library is cp'ed into place? This fairly
trivial change would fix most[2] cases where doing a remote openssl
upgrade can kill ssh access.
[1] Ignoring the questionable wisdom of dynamically linking sshd
against OpenSSL when OpenSSL's shared library support is
*specifically* still experimental... sigh.
[2] It's understood that the OpenSSL developers can introduce binary
incompatabilities which will break binaries linked to shared
libraries any time they like. I expect though (perhaps incorrectly)
that that happens/will happen less often than overwriting a live
library will crash running processes.
Thanks,
Hank Leininger <[EMAIL PROTECTED]>
E407 AEF4 761E D39C D401 D4F4 22F8 EF11 861A A6F1
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
