From: Simon Matter (no email)
Date: Wed Jan 04 2006 - 03:27:32 EST
> On Tue, 03 Jan 2006, Simon Matter wrote:
>> could not build postfix with SASLv2 _and_ LDAP support if the installed
>> openldap has been built for SASLv1. This has just resulted in segfaults.
>
> You are experienced what I call the "missing versioned symbols hell". We
> have that fixed in Debian by force. If you're interested in the patches to
> fully version SASLv2 (Debian dropped SASLv1), just drop me a note and I
> will
> send them to you. I *think* they were sent to CMU as well, but I am not
> sure, I will revisit this if the Cyrus maintainer team in Debian takes
> over
> Cyrus SASL as well.
Thank you for the detailed explanation. In my case I don't want to touch
anything SASL related.
>
> NOTE: I assume the old problem with SASL using global state that prevented
> it from being used at the same time in client and server mode has been
> fixed. Otherwise, it could be the cause as well, it depends on what has
> the
> chance to break the app first.
>
>> Without understanding what exactly the problem was, I fear the same
>> could
>> be the case with cyrus-imapd as well?
>
> It depends. Without symbol versioning, if you somehow manage to link both
> saslv1 and saslv2 to the same library or application, it goes kaboom.
> This
> can happen if you link to libs linked to different versions of sasl, or if
> glibc nsswitch modules link to sasl (guess what happens if you use LDAP
> passwd maps?).
>
> So, if cyrus-imap is linked to saslv2 (HIGHLY recomended), and *anything*
> else it uses is linked to saslv1 (e.g. openldap libs), and symbols are
> unversioned... bad things _will_ happen. Note that the same crap happens
> if
> anything SASL links to (or dlopen()s, it is the same problem) manages to
> link to other SASL lib (again old openldap libs...).
Okay, so it _will_ break in my case and I'll design the rpm so it detects
whether openldap is linked against SASLv1, and if it's true, it will build
without ldap support.
>
>> BTW: I know that openldap built against SASLv1 is old, but I still want
>> the rpm to be suitable for older platforms. If it's a problem I simply
>> disable ldap pts support for those using openldap/SASLv1.
>
> You cannot fix this, I am afraid. The old libs won't be versioned, thus
> they will still require that the *entire* system use either saslv1 or
> saslv2
> for maximum stability. You need to have at least one of the clashing libs
> with symbols versioned... AND you absolutely *must* have built everything
> using that library against the library with versioned symbols.
>
> Oh, and the symbol version must be the same, too. In Debian, we are using
> "SASL2".
As you said I can't fix this and I don't want. I will just make sure that
on systems with openldap/SASLv1, the cyrus-imapd packages are built
without ldap support.
Thanks for clearing this up,
Simon
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|