How can you change the DLL name in the .idata section header of a DLL?

Charles Wilson cygwin@cwilson.fastmail.fm
Wed Sep 29 22:13:00 GMT 2004 

Reini Urban wrote:

> Spoofing is a good point.
> But I might prefer to be able to update dynamic dependencies without 
> breakage. openssl usually gets updated with an security issue.
> e.g curl or postgresql cannot deal with an openssl update which deletes 
> cygssl-0.9.7.dll and replaces that with cygssl-0.9.8.dll.
> If we had just a cygssl.dll we can simply upgrade that and nothing breaks.

That's the way most other DLLs on cygwin are named.  But cygssl is 
different -- as a security/encryption DLL, considerations other that 
"ease of slipstream replacement" are more important.  Usually there is a 
reason when a maintainer chooses to go against the common practice: 
openssl is one of those.

> Anyway, see cygperl.dll:
> DLL api's should stay binary compatible IMHO, unless it's really an 
> issue (such as int32 => int64 on cygwin's switch from 1.3 => 1.5).
> You normally can trust MS DLL backwards compatibility. Newer features 
> are just added, or new versioned DLL's appear - newlib2.dll - but old 
> DLL's must stay. ("contract")
> With our libtool generated DLL names I'm not that happy.

Perl's build system is a nightmare.  We're lucky we have a shared 
version at all.  But if you want to assist Geritt in fixing some of the 
warts in the perl build system, I'm sure he'd welcome patches (and, as I 
indicate below, concentrating on the ACTUAL problems rather than trying 
to wholesale rework libtool/binutils/gcc/etc is probably a quicker path 
to solving your issues).

That name (cygssl-0.9.7.dll) is not libtool's fault.  Libtool uses two 
different mechanisms for setting the name of a DLL:
   -version-info c:r:a
and
   -release x.y.z
There are explicit rules governing how c, r, and a are to be updated, 
and how the dll name is derived from c,r,a in order to insure that (a) 
the library name changes rarely, and only when necessary to indicate 
binary incompatibility, and (b) all dlls with the same name are 
backwards compatible (e.g. old exe's linked against the old DLL will 
still work with the new DLL).  The libtool maintainers STRONGLY suggest 
using the -version-info paradigm.  On cygwin, this results in library 
names like libintl-3.dll (NOT libintl-0.12.1.dll)   Most cygwin packages 
which provide DLLs obey these rules and follow this "suggestion".

But the libtool folks do provide the -release mechanism, which is often 
used to name the DLL using the major.minor.micro revision numbering 
system.  There are sometimes good reasons to do this, but usually it's 
because the package maintainer doesn't understand library versioning, or 
libtool.  cygssl behave this way (even though it doesn't use libtool IIRC).

If libtool names were used "correctly" by the packages, then you would 
be "happy" -- and further, on cygwin we take GREAT PAINS to ensure that 
compatibility DLLs are kept around virtually forever whenever DLL names 
do change.  So what, exactly, is your beef?  Just perl and ssl -- and 
THAT justifies reworking libtool and binutils, and rewriting the 
underlying conventions of DLL names and cygwin's runtime loader?

> Yes, indeed.
> People forget about -no-undefined in their Makefile.am,
> and then on any conflict libtool generates only the static version.
> Which was e.g. the case with having -lgdi32 in the dependencies, for 
> which no syms could be found.

It seems that the problem is NOT, then, libtool or the 
existence/non-existence of a .la file.  The problem is the "conflict" 
(e.g. build errors in the package in question).  Focus your efforts on 
fixing the problem, not band-aiding a "solution".

> ------------------------------
> 
> BTW, a binutils question:
> "How can you change the DLL name in the .idata section header of a DLL?"

Don't do that.

> Rationale:
> DLL's cannot by symlinked on cygwin, unlike on other platforms.
> DLL names are usually quite version specific, which makes perfect sense 
> on those other platforms. DLL names are built in the executable PE 
> header, so on any DLL rename or upgrade, breakage will occur. On MS 
> Win32 old DLL's just stay, so no breakage will occur.
> Not so with the cygwin setup.exe.

Faulty.  DLLs don't often change names, and when they do, the old 
versions stay around.  If not, then THAT is the problem.

For instance, how many versions of libintl*.dll do you have on your 
system?  libncurses*.dll?  cygtiff*.dll?  cygjpeg*.dll?  cyggdbm*.dll? 
cygdb*.dll?

Are you noticing a pattern yet?

It appears that your biggest beef is with the cygssl (and perl) DLL 
naming scheme: it uses -release versioning (even tho it actually doesn't 
use libtool to do it, IIRC).  (perl does something even wierder; I'm not 
going there).

This presents a difficulty for packages which depend on cygssl*dll. 
However, this IS one of those times when there is a good reason to 
change the DLL name on every security fix (e.g. micro release version). 
    It means you can't silently slip an SSL bugfix into an older version 
of imapd, but you also can't silently slip in NEW SLL security holes 
possibly introduced by the new library.

Each dependent app can make its own determination that "Yes, the bugfix 
in version+1 outweighs the risk of new bugs, so I will now recompile 
against the latest version".

Downside: on our platform, at present, it appears that "older" versions 
of cygssl*.dll are not retained, because the "openssl" package is not 
"split" into independent "library" and "other" packages: e.g.
    libssl0_9_7 package contains /bin/cygssl-0.9.7.dll
    libssl0_9_8 package contains /bin/cygssl-0.9.8.dll
while
    openssl     package contains every thing else.
That is a maintainer issue, and I'm sure there is a good reason (perhaps 
the openssl package itself is not amenable to this splitup.  For 
instance, suppose that the "everything else" is version-specific, yet 
lives in /usr/share/openssl/.  You'd need multiple versions of 
"everything else" but they all want to own the same directory.  Problems.)

> Solution:
> Use as much generic dll names as possible (such as cygperl58.dll, 
> cygssl-1.dll, ...).

But that IS what we do, *whenever* possible.  When we (cygwin pkg 
maintainers) don't, there is usually a good reason.  One which, quite 
frankly, you obviously haven't done enough research to identify == 
because you're focusing on libtool and binutils issues, when it appears 
the difficulties are much more localized to the specifics of a few 
packages like openssl and perl.

> Provide an objdump option to rename a certain DLL path to fix breakage 
> for older libs, until they get rebuilt.

God no.  If anyone ever does such a thing to any of the DLLs supplied by 
my packages, and then comes complaining to the cygwin list because "tiff 
doesn't work anymore" not only will I not support their bastardization, 
but I will drop the tiff package from the distro like a bad habit.

I do NOT have enough time to support people who take a hexeditor to the 
internals of the packages I supply.  Use them as is, or don't use them 
at all.

> One could also hardcode the DLL path to some /usr/lib; /usr/libexec, 
> /usr/<package>/lib, so that we can rid of /usr/bin cyg*.dll pollution. 
> But this will only work if the cygwin mount will not change. The windows 
> process loader needs the windows path. So "/usr/lib/cygperl.so" might be 
> "c:/cygwin/lib/cygperl.so". No major problem if objcopy will support 
> that. Something like rebaseall.

The windows loader will only load .dlls (and .ax but that's a special 
case for the COM+ architecture AFAIK).  And .dlls follow certain rules. 
  It will not load .so's even if the .so contains pei-386 code.  You 
need a special loader to do this instead; something like libltdl would 
have to be built into cygwin1.dll -- but it wouldn't be exactly libltdl 
for, I hope, obvious reasons.

> Another idea is to make those .idata sections weak and provide a hook to 
> go over cygpath resolution via libltdl. If that will work.
> Weak is rather new I suppose, and I haven't looked at the implementation 
> of lazy linking with ld.

Hell, I don't even know if weak WORKS on cygwin; it was developed over 
in the mingw arena; as far as I know they didn't even test it on our 
side of the fence.  And you want to replace the shared library mechanism 
with it?  Walk before you run...

All of these ideas (like using a cygwin runtime loader instead of 
relying on DLLs and the Windows Runtime Loader) have been brought up 
before.  But nobody has demonstrated any working code, nor demonstrated 
1/10th the amount of thought necessary to forestall the problems 
inherent in those plans.  Show me the code.

Look, I know this message (and my last) have been snippy.  I'm sorry for 
that, but about every three months somebody comes along with a great 
idea to "fix" a problem with DLLs on cygwin.  (Usually -- although not 
in your case -- the problem is actually between the keyboard and the 
chair)  They almost never demonstrate a thorough understanding of the 
issues surrounding dynamic libraries, naming schemes, the Windows 
Loader.  Further, they often approach the current paradigms with faulty 
assumptions (e.g. cygwin DLL names change often; they don't;  DLLs are 
removed by setup willy-nilly; they aren't [current problems with 
cygwin1.dll+setup notwithstanding]) nor do they understand the reasons 
things are done as they are presently.

So please, before you continue on this path, go back to the earlist 
cygwin-apps archives, and read...then, read it again.  We HAVE thought 
about these issues.

--
Chuck

More information about the Cygwin-apps mailing list