tech-userlevel: Serious shared library lossage with OpenSSL and Heimdal

Subject: Serious shared library lossage with OpenSSL and Heimdal
To: None <tech-userlevel@netbsd.org>
From: Jason Thorpe <thorpej@wasabisystems.com>
List: tech-userlevel
Date: 09/23/2003 15:20:34

Folks...

I have a 3rd-party Krb5-using app (sudo) installed on my system.  I 
recently updated my userland and sudo started failing with:

/usr/lib/libkrb5.so.18: Undefined PLT symbol "DES_set_odd_parity" 
(symnum = 117)

ldd(1) shows:

/usr/pkg/bin/sudo:
          -lcrypt.0 => /usr/lib/libcrypt.so.0
          -lkrb5.18 => /usr/lib/libkrb5.so.18
          -lasn1.6 => /usr/lib/libasn1.so.6
          -lcrypto.1 => /usr/lib/libcrypto.so.1
          -lroken.12 => /usr/lib/libroken.so.12
          -lcom_err.4 => /usr/lib/libcom_err.so.4
          -lkrb.5 => /usr/lib/libkrb.so.5
          -lskey.1 => /usr/lib/libskey.so.1
          -lc.12 => /usr/lib/libc.so.12

This is the classic "dependent shared library didn't get its major 
bumped" problem.  In short:

	- libcrypto's version was recently bumped to version 2,
	  due to DES API changes.

	- libkrb5 was changed to use the new DES API present in
	  version 2 of libcrypto.

	- libkrb5's version was NOT changed, i.e. stayed at 18.

	- My sudo binary has recorded dependencies on libcrypto
	  version 1 and libkrb5 version 18.  The libcrypto that
	  sudo sluprs in DOES NOT provide the DES functions that
	  libkrb5 expects, thus the failure.

I suggest we bump libkrb5's major number to 19 ASAP.  We then also need 
to hunt down any other libraries out there that depend on libkrb5 and 
adjust them accordingly.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>