Bug 1370065

Summary: curl injects non-threaded libldap into possibly threaded program expecting libldap_r instead
Product: [Fedora] Fedora Reporter: Jan Engelhardt <jengelh>
Component: openldapAssignee: Simon Pichugin <spichugi>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: fweimer, herrold, jorton, kdudka, paul, pkis
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openldap-2.4.56-4.fc34 Doc Type: Enhancement
Doc Text:
Feature: Make libldap library to be a symlink to libldap_r library. Reason: When an application uses libraries that use both libldap or libldap_r, the libraries sometimes happen to use a different function than expected. Result:
Story Points: ---
Clone Of:
: 1626077 (view as bug list) Environment:
Last Closed: 2020-11-26 19:28:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1626077    
Attachments:
Description Flags
testcase none

Description Jan Engelhardt 2016-08-25 08:41:49 UTC
Created attachment 1193914 [details]
testcase

Description of problem:
A given (threaded) program uses libldap_r. It now also wants to make use of libcurl. Because libcurl is linked to libldap (on RHEL 6, Fedora rawhide du jour, openSUSE 42.1, and presumably other distributions), the threaded program starts using the functions from unthreaded ldap and breaks in strange kinds of ways.

Version-Release number of selected component (if applicable):
libcurl-7.50.1-1.fc26.x86_64
libcurl-7.19.7-52.el6.x86_64

How reproducible:
1. git clone git://git.inai.de/ldapmix  OR pick attachment 1 [details]
2. yum install openldap-devel libcurl-devel libtool gcc
3. autoreconf -fi; configure; make; ./server

This is a sample program; it is non-threaded, but it shows the problem that both libldap can end up in the process image, and there is no way to control it, because libcurl "belongs to the distro" and is otherwise an opaque thing to other programs.

Actual results:
[root@v-rawhide ldapmix]# ./server 
ldap_initialize we used was 0x7f505149b420
7f504f0f2000-7f504f146000 r-xp 00000000 08:03 148717                     /usr/lib64/libldap_r-2.4.so.2.10.7
7f504f146000-7f504f346000 ---p 00054000 08:03 148717                     /usr/lib64/libldap_r-2.4.so.2.10.7
7f504f346000-7f504f349000 r--p 00054000 08:03 148717                     /usr/lib64/libldap_r-2.4.so.2.10.7
7f504f349000-7f504f34a000 rw-p 00057000 08:03 148717                     /usr/lib64/libldap_r-2.4.so.2.10.7
7f505148c000-7f50514da000 r-xp 00000000 08:03 148715                     /usr/lib64/libldap-2.4.so.2.10.7
7f50514da000-7f50516d9000 ---p 0004e000 08:03 148715                     /usr/lib64/libldap-2.4.so.2.10.7
7f50516d9000-7f50516dc000 r--p 0004d000 08:03 148715                     /usr/lib64/libldap-2.4.so.2.10.7
7f50516dc000-7f50516dd000 rw-p 00050000 08:03 148715                     /usr/lib64/libldap-2.4.so.2.10.7


Expected results:
ldap_initialize from libldap_r should have been used.


Additional info:
In a sense, this is an issue discussed previously at various levels:
- https://mail-index.netbsd.org/tech-userlevel/2013/05/22/msg007832.html (!)
- http://www.openldap.org/lists/openldap-technical/200801/msg00015.html

What's best to do?

* replace -lldap by -lldap_r in all distribution packages (in principle, the problem is not limited to curl)
* editing the openldap package and in %install, forcing that libldap-2.4.so.2 be exactly the same as libldap_r-2.4.so.2.
* adding symbol versioning to the libraries
* …

Comment 1 Kamil Dudka 2016-08-25 16:16:53 UTC
(In reply to Jan Engelhardt from comment #0)
> Additional info:
> In a sense, this is an issue discussed previously at various levels:
> - https://mail-index.netbsd.org/tech-userlevel/2013/05/22/msg007832.html (!)
> - http://www.openldap.org/lists/openldap-technical/200801/msg00015.html

As far as I understand, the above discussions just describe the problem.  Has there been any solution proposed or reviewed by openldap developers?

> What's best to do?
> 
> * replace -lldap by -lldap_r in all distribution packages (in principle, the
> problem is not limited to curl)

Is it really a solution?  Is not it going to break applications that link with -lcurl -lldap?

> * editing the openldap package and in %install, forcing that
> libldap-2.4.so.2 be exactly the same as libldap_r-2.4.so.2.
> * adding symbol versioning to the libraries
> * …

I believe it would be better to ask openldap developers first...

Comment 2 Jan Engelhardt 2016-08-28 19:04:15 UTC
>ask openldap developers first...

Done. http://www.openldap.org/lists/openldap-technical/201608/msg00093.html

>break applications that link with -lcurl -lldap?

Indeed. While conversing with upstream I found that Debian had implemented a solution which is workable and already deployed. Cf. http://www.openldap.org/lists/openldap-technical/201608/msg00094.html
Therefore reassigning to the Fedora openldap package.

Comment 3 Matus Honek 2016-08-31 13:26:09 UTC
FTR, here's upstream's (Howard Chu's) response:
> The OpenLDAP Project will not make such a change in the 2.x release family. 
> What distributions decide to do is up to them. There are still embedded 
> devices that use libldap, and have no thread support. We have no reason to 
> make it harder for them to build their own projects.

I think we should make the same move as Debian did, starting from rawhide on. That is, making libldap to be a symlink that points to libldap_r.

Comment 4 Fedora End Of Life 2017-02-28 10:09:21 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.

Comment 5 Jan Kurik 2017-08-15 06:52:50 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.

Comment 6 Jan Kurik 2018-08-14 11:08:55 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle.
Changing version to '29'.

Comment 7 Ben Cotton 2019-10-31 20:42:52 UTC
This message is a reminder that Fedora 29 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 29 on 2019-11-26.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '29'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 29 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 8 Ben Cotton 2020-02-11 15:45:40 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle.
Changing version to 32.

Comment 9 Joe Orton 2020-03-04 16:22:15 UTC
Any chance we can revive fixing this problem?

Is there any downside to making libldap.so in -devel a symlink to libldap_r, so newly built objects start using libldap_r everywhere?

Comment 11 Matus Honek 2020-06-29 22:51:48 UTC
I've now re-submitted the (modified) change proposal for Fedora 33.

Comment 12 Fedora Admin user for bugzilla script actions 2020-09-11 14:53:37 UTC
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.