rawhide report: 20040108 changes
Nalin Dahyabhai
nalin at redhat.com
Thu Jan 8 19:45:57 UTC 2004
On Thu, Jan 08, 2004 at 08:54:44AM -0600, Chris Adams wrote:
> Once upon a time, Build System <buildsys at redhat.com> said:
> > cyrus-sasl-2.1.17-1
> > -------------------
> > * Fri Dec 19 2003 Nalin Dahyabhai <nalin at redhat.com>
> >
> > - use a bundled libdb (#112215)
>
> Question: why add to the list of packages with a private copy of libdb?
> If the system libdb is broken, it should be fixed, right? I'd like to
> see _fewer_ (or even better, zero) packages with their own private copy
> of normally shared libraries (especially libdb).
You have to watch out that shared libraries don't mix. Consider an
application which links with libdb-4.2.so. If libsasl2 links against
libdb-4.1.so (even if it's just because it hasn't been recompiled to use
libdb-4.2.so), and the application uses libsasl2, you can wind up with
more than one version of the library loaded, *providing an overlapping
set of symbols*. The situation is the same if the application uses an
older version of libdb than libsasl2 does. Mismatches break apps.
It gets scarier when you consider something like nss_db, where if you're
using it, every application on the system could end up pulling in
whatever shared libdb it links with, even applications which were built
on earlier releases using an older version of that same library.
Newer versions of Berkeley DB have a compile-time argument you can use
to build a static library which won't conflict in this way with a
library which wasn't built with that switch. Using it adds a measure of
safety. Because the sasldb code in libsasl2 is the only user of the one
file which it reads and writes, possible version skew versus the system
copy of libdb doesn't create a problem here.
Cheers,
Nalin
More information about the fedora-devel-list
mailing list