document APR_DEEPBIND and use secure_getenv() (thanks to mturk)

package additional build/* files in apr-devel (#1945078)

Resolves: rhbz#1945070
This commit is contained in:
Joe Orton 2021-06-18 10:15:13 +01:00
parent 7cb417b18d
commit bdff292e39
2 changed files with 49 additions and 5 deletions

View File

@ -1,6 +1,5 @@
Conflicting e.g. libldap vs libldap_r problems still exist Add $APR_DEEPBIND to enable use of RTLD_DEEPBIND in apr_dso_open().
inside httpd. Use RTLD_DEEPBIND by default.
--- apr-1.7.0/dso/unix/dso.c.deepbind --- apr-1.7.0/dso/unix/dso.c.deepbind
+++ apr-1.7.0/dso/unix/dso.c +++ apr-1.7.0/dso/unix/dso.c
@ -19,10 +18,43 @@ inside httpd. Use RTLD_DEEPBIND by default.
void *os_handle; void *os_handle;
+ +
+ if (use_deepbind == 0) + if (use_deepbind == 0)
+ use_deepbind = getenv("APR_DEEPBIND") != NULL ? 1 : -1; + use_deepbind = secure_getenv("APR_DEEPBIND") != NULL ? 1 : -1;
+ if (use_deepbind == 1) + if (use_deepbind == 1)
+ flags |= RTLD_DEEPBIND; + flags |= RTLD_DEEPBIND;
+ +
#ifdef _AIX #ifdef _AIX
if (strchr(path + 1, '(') && path[strlen(path) - 1] == ')') if (strchr(path + 1, '(') && path[strlen(path) - 1] == ')')
{ {
--- apr-1.7.0/README.deepbind.deepbind
+++ apr-1.7.0/README.deepbind
@@ -0,0 +1,30 @@
+This distribution of APR contains a modification of the behaviour of
+the apr_dso_open() function which allows users enable the
+"RTLD_DEEPBIND" flag when dlopen() is called.
+
+If the "APR_DEEPBIND" environment variable is set at runtime, the
+RTLD_DEEPBIND flag is always added to the flags passed to dlopen().
+
+With normal use of dlopen(), dynamically loaded objects will use
+global symbols in preference to any symbols defined within the object.
+Using RTLD_DEEPBIND reverses this binding order. See the dlopen(3)
+man page for more information.
+
+This can be useful with Apache httpd, where two different modules are
+loaded like:
+
+1. mod_foo.so uses library "libfoo.so"
+ libfoo.so defines a function "SomeSym"
+2. mod_bar.so uses library "libbar.so"
+ libbar.so defines a different "SomeSym" function
+
+By default, mod_bar or mod_foo would use the "SomeSym" definition from
+the "wrong" library depending on the load order. If RTLD_DEEPBIND is
+used, the "SomeSym" definition will always be mapped to the definition
+from the corresponding dependent library. This can avoid symbol
+conflicts.
+
+There are some risks with using RTLD_DEEPBIND, in particular potential
+issues with modules written in C++. It is not recommended to enable
+$APR_DEEPBIND unless it solves a specific problem and after thorough
+testing of the configuration.

View File

@ -6,7 +6,7 @@
Summary: Apache Portable Runtime library Summary: Apache Portable Runtime library
Name: apr Name: apr
Version: 1.7.0 Version: 1.7.0
Release: 9%{?dist} Release: 9.2%{?dist}
# ASL 2.0: everything # ASL 2.0: everything
# ISC: network_io/apr-1.4.6/network_io/unix/inet_?to?.c # ISC: network_io/apr-1.4.6/network_io/unix/inet_?to?.c
# BSD with advertising: strings/apr_snprintf.c, strings/apr_fnmatch.c, # BSD with advertising: strings/apr_snprintf.c, strings/apr_fnmatch.c,
@ -90,6 +90,12 @@ install -c -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_includedir}/apr-%{aprver}/apr.h
rm -f $RPM_BUILD_ROOT%{_libdir}/apr.exp \ rm -f $RPM_BUILD_ROOT%{_libdir}/apr.exp \
$RPM_BUILD_ROOT%{_libdir}/libapr-*.a $RPM_BUILD_ROOT%{_libdir}/libapr-*.a
# Additionally packaged (see https://bugzilla.redhat.com/1669589) --
sed -i '1s,/.*,/usr/bin/python3,' build/gen-build.py
for f in build/gen-build.py build/install.sh build/config.*; do
install -c -m755 $f $RPM_BUILD_ROOT%{_libdir}/apr-%{aprver}/build
done
%check %check
# Fail if LFS support isn't present in a 32-bit build, since this # Fail if LFS support isn't present in a 32-bit build, since this
# breaks ABI and the soname doesn't change: see #254241 # breaks ABI and the soname doesn't change: see #254241
@ -107,7 +113,7 @@ popd
%ldconfig_scriptlets %ldconfig_scriptlets
%files %files
%doc CHANGES LICENSE NOTICE %doc CHANGES LICENSE NOTICE README*
%{_libdir}/libapr-%{aprver}.so.* %{_libdir}/libapr-%{aprver}.so.*
%files devel %files devel
@ -125,6 +131,12 @@ popd
%{_datadir}/aclocal/*.m4 %{_datadir}/aclocal/*.m4
%changelog %changelog
* Fri Jun 18 2021 Joe Orton <jorton@redhat.com> - 1.7.0-9.2
- package additional build/* files in apr-devel (#1945078)
* Fri Jun 18 2021 Joe Orton <jorton@redhat.com> - 1.7.0-9.1
- document APR_DEEPBIND and use secure_getenv() (thanks to mturk)
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.0-9 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.0-9
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937