Subject: Serious shared library lossage with OpenSSL and Heimdal
To: None <>
From: Jason Thorpe <>
List: tech-userlevel
Date: 09/23/2003 15:20:34

I have a 3rd-party Krb5-using app (sudo) installed on my system.  I 
recently updated my userland and sudo started failing with:

/usr/lib/ Undefined PLT symbol "DES_set_odd_parity" 
(symnum = 117)

ldd(1) shows:

          -lcrypt.0 => /usr/lib/
          -lkrb5.18 => /usr/lib/
          -lasn1.6 => /usr/lib/
          -lcrypto.1 => /usr/lib/
          -lroken.12 => /usr/lib/
          -lcom_err.4 => /usr/lib/
          -lkrb.5 => /usr/lib/
          -lskey.1 => /usr/lib/
          -lc.12 => /usr/lib/

This is the classic "dependent shared library didn't get its major 
bumped" problem.  In short:

	- libcrypto's version was recently bumped to version 2,
	  due to DES API changes.

	- libkrb5 was changed to use the new DES API present in
	  version 2 of libcrypto.

	- libkrb5's version was NOT changed, i.e. stayed at 18.

	- My sudo binary has recorded dependencies on libcrypto
	  version 1 and libkrb5 version 18.  The libcrypto that
	  sudo sluprs in DOES NOT provide the DES functions that
	  libkrb5 expects, thus the failure.

I suggest we bump libkrb5's major number to 19 ASAP.  We then also need 
to hunt down any other libraries out there that depend on libkrb5 and 
adjust them accordingly.

         -- Jason R. Thorpe <>