[LEDE-DEV] mbedtls: change libmbedcrypto.so soversion back to 0

mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
library, use the old version again to be able to use the new library
with binaries compiled against the old mbedtls library.

Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
which were rebuild for 2.7.0 again.

This should make the libmbedcrypto.so library be compatible with the old
version shipped with 17.01.

Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 package/libs/mbedtls/Makefile                      |  2 +-
 .../patches/300-soversion-compatibility.patch      | 26 ++++++++++++++++++++++
 package/libs/ustream-ssl/Makefile                  |  2 +-
 package/network/services/openvpn/Makefile          |  2 +-
 package/network/utils/curl/Makefile                |  2 +-
 package/utils/px5g/Makefile                        |  2 +-
 6 files changed, 31 insertions(+), 5 deletions(-)
 create mode 100644 package/libs/mbedtls/patches/300-soversion-compatibility.patch

Why? the lib version bump means ABI incompatibility. The correct way
is to bump release to rebuild instead of decreasing it.


Best Regards,
Syrone Wong


On Mon, Apr 16, 2018 at 6:57 AM, Hauke Mehrtens <hauke@hauke-m.de> wrote:
> mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
> library, use the old version again to be able to use the new library
> with binaries compiled against the old mbedtls library.
>
> Some binaries got rebuild to for the 2.7.0 release and are now using
> libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
> Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
> which were rebuild for 2.7.0 again.
>
> This should make the libmbedcrypto.so library be compatible with the old
> version shipped with 17.01.
>
> Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
> ---
>  package/libs/mbedtls/Makefile                      |  2 +-
>  .../patches/300-soversion-compatibility.patch      | 26 ++++++++++++++++++++++
>  package/libs/ustream-ssl/Makefile                  |  2 +-
>  package/network/services/openvpn/Makefile          |  2 +-
>  package/network/utils/curl/Makefile                |  2 +-
>  package/utils/px5g/Makefile                        |  2 +-
>  6 files changed, 31 insertions(+), 5 deletions(-)
>  create mode 100644 package/libs/mbedtls/patches/300-soversion-compatibility.patch
>
> diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
> index 8ac4e3b13e..6b9f6d73bd 100644
> --- a/package/libs/mbedtls/Makefile
> +++ b/package/libs/mbedtls/Makefile
> @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
>
>  PKG_NAME:=mbedtls
>  PKG_VERSION:=2.8.0
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
>  PKG_USE_MIPS16:=0
>
>  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
> diff --git a/package/libs/mbedtls/patches/300-soversion-compatibility.patch b/package/libs/mbedtls/patches/300-soversion-compatibility.patch
> new file mode 100644
> index 0000000000..159257abab
> --- /dev/null
> +++ b/package/libs/mbedtls/patches/300-soversion-compatibility.patch
> @@ -0,0 +1,26 @@
> +mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
> +libmbedcrypto.so library, use the old version again to be able to use
> +the new library with binaries compiled against the old library.
> +
> +--- a/library/CMakeLists.txt
> ++++ b/library/CMakeLists.txt
> +@@ -141,7 +141,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
> +
> + if(USE_SHARED_MBEDTLS_LIBRARY)
> +     add_library(mbedcrypto SHARED ${src_crypto})
> +-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.8.0 SOVERSION 1)
> ++    set_target_properties(mbedcrypto PROPERTIES VERSION 2.8.0 SOVERSION 0)
> +     target_link_libraries(mbedcrypto ${libs})
> +
> +     add_library(mbedx509 SHARED ${src_x509})
> +--- a/library/Makefile
> ++++ b/library/Makefile
> +@@ -33,7 +33,7 @@ endif
> +
> + SOEXT_TLS=so.10
> + SOEXT_X509=so.0
> +-SOEXT_CRYPTO=so.1
> ++SOEXT_CRYPTO=so.0
> +
> + DLEXT=so
> + # OSX shared library extension:
> diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile
> index b5e773ba7f..1a8e0e78b0 100644
> --- a/package/libs/ustream-ssl/Makefile
> +++ b/package/libs/ustream-ssl/Makefile
> @@ -1,7 +1,7 @@
>  include $(TOPDIR)/rules.mk
>
>  PKG_NAME:=ustream-ssl
> -PKG_RELEASE:=2
> +PKG_RELEASE:=3
>
>  PKG_SOURCE_PROTO:=git
>  PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
> diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
> index 552ed158b3..374e14f7bd 100644
> --- a/package/network/services/openvpn/Makefile
> +++ b/package/network/services/openvpn/Makefile
> @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
>  PKG_NAME:=openvpn
>
>  PKG_VERSION:=2.4.5
> -PKG_RELEASE:=3
> +PKG_RELEASE:=4
>
>  PKG_SOURCE_URL:=\
>         https://build.openvpn.net/downloads/releases/ \
> diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile
> index 77af54fae8..e521e99b92 100644
> --- a/package/network/utils/curl/Makefile
> +++ b/package/network/utils/curl/Makefile
> @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
>
>  PKG_NAME:=curl
>  PKG_VERSION:=7.59.0
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
>
>  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
>  PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \
> diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile
> index 8d1f04d60f..4ea495867c 100644
> --- a/package/utils/px5g/Makefile
> +++ b/package/utils/px5g/Makefile
> @@ -8,7 +8,7 @@
>  include $(TOPDIR)/rules.mk
>
>  PKG_NAME:=px5g
> -PKG_RELEASE:=4
> +PKG_RELEASE:=5
>  PKG_LICENSE:=LGPL-2.1
>  PKG_BUILD_DIR:=$(BUILD_DIR)/px5g-$(BUILD_VARIANT)
>
> --
> 2.11.0
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

On 04/16/2018 01:01 AM, Syrone Wong wrote:
> Why? the lib version bump means ABI incompatibility. The correct way
> is to bump release to rebuild instead of decreasing it.
> 
> 
> Best Regards,
> Syrone Wong

Let me explain what happened in mbedtls first.

This change was added on version 2.7.0:
https://github.com/ARMmbed/mbedtls/commit/bee0635b1593d879504e04136c3d10ce36cd6e34
It adds new functions with _ext postfix (renamed to _ret before the
2.7.0 release) and the old functions are replaced with a static inline.
This was a binary incompatible change.
The soversion for the 2.7.0 release was changed to 1.

With version 2.8.0 the static inline of the old functions was replaced
with a real function being implemented in the binary, this way binaries
linked against the old version will still work with the new version, see:
https://github.com/ARMmbed/mbedtls/commit/041039f81e61191581f5112bb8e9d27a95d3d873

2.8.0 still uses the soversion 1.

The version 2.7.2 also contains the changeset which replaced the static
inline and made it binary compatible again, here the soversion was
increased to 2.

After thinking again about this, I would stay with soversion 1 in master
and increase the pkg release of the packages which depend on mbedtls.
On lede 17.01 I decreases the soversion to 0 again and use the mbedtls
version 2.7.2 that should be save.
I hope there are no more ABI changes in the code, then it should be save
to use applications linked against old mbedtls versions in lede 17.01
with a recent mbedtls version.

Hauke

Looks good.


Best Regards,
Syrone Wong


On Tue, Apr 17, 2018 at 5:49 AM, Hauke Mehrtens <hauke@hauke-m.de> wrote:
> On 04/16/2018 01:01 AM, Syrone Wong wrote:
>> Why? the lib version bump means ABI incompatibility. The correct way
>> is to bump release to rebuild instead of decreasing it.
>>
>>
>> Best Regards,
>> Syrone Wong
>
> Let me explain what happened in mbedtls first.
>
> This change was added on version 2.7.0:
> https://github.com/ARMmbed/mbedtls/commit/bee0635b1593d879504e04136c3d10ce36cd6e34
> It adds new functions with _ext postfix (renamed to _ret before the
> 2.7.0 release) and the old functions are replaced with a static inline.
> This was a binary incompatible change.
> The soversion for the 2.7.0 release was changed to 1.
>
> With version 2.8.0 the static inline of the old functions was replaced
> with a real function being implemented in the binary, this way binaries
> linked against the old version will still work with the new version, see:
> https://github.com/ARMmbed/mbedtls/commit/041039f81e61191581f5112bb8e9d27a95d3d873
>
> 2.8.0 still uses the soversion 1.
>
> The version 2.7.2 also contains the changeset which replaced the static
> inline and made it binary compatible again, here the soversion was
> increased to 2.
>
> After thinking again about this, I would stay with soversion 1 in master
> and increase the pkg release of the packages which depend on mbedtls.
> On lede 17.01 I decreases the soversion to 0 again and use the mbedtls
> version 2.7.2 that should be save.
> I hope there are no more ABI changes in the code, then it should be save
> to use applications linked against old mbedtls versions in lede 17.01
> with a recent mbedtls version.
>
> Hauke