On Wed, Nov 12, 2014 at 02:06:47PM +0100, Jan Engelhardt wrote: > It was possible to combine e.g. conntrackd-1.2.1 with > libnetfilter_conntrack-0.0.101, causing libc to issue an exit from > within conntrackd iff such a conntrackd was promoted to a master and > tried to call nfexp_send, due to lazy symbol resolution in libc. I wonder how you have reached such a situation. I can only think of very broken packaging. > Symbol versions enforce the checks at program startup, so add one. > > $ ldd -r /usr/sbin/conntrackd > undefined symbol: nfexp_cmp (/usr/sbin/conntrackd) > undefined symbol: nfexp_send (/usr/sbin/conntrackd) > libnetfilter_conntrack.so.3 => /usr/lib/libnetfilter_conntrack.so.3 (0x77fe7000) > libnfnetlink.so.0 => /usr/lib/libnfnetlink.so.0 (0x77fdf000) > libc.so.6 => /lib/libc.so.6 (0x77e7b000) > libdl.so.2 => /lib/libdl.so.2 (0x77e76000) > /lib/ld.so.1 (0x55555000) > $ dpkg-query -W conntrackd libnetfilter-conntrack3 > conntrackd 1:1.2.1-1 > libnetfilter-conntrack3 0.0.101-1 Would you also convert libnetfilter_conntrack to use the same EXPORT_SYMBOL() macro that we use in more recent libnetfilter_* libraries for consistency? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
