If ldconfig -m adds a new directory to the search path, it is put at the end of the list.
This makes libraries in that directory inaccessible, if an older library of that name has been preserved in a lib/compat directory.
The result can be mismatched libraries, especially after a port upgrade that did not bump library numbers.
And that happened to me repeatedly and prevented server ports from starting, the samba server in this particular case.

But this can also be a severe security issue, if after a port upgrade the vulnerable library in a compat directory is preferred over the fixed one!

The patch put up for review puts paths that contain "/lib/compat" at the end of the search list.
Libraries can still be found in compat directories, but same name libraries in non-compat directories will be preferred.

This is a significant change from long established behavior, but I think there are good reasons to pessimize libraries in compat directories during lookup, especially because of security concerns, if vulnerable libraries are still used after an upgrade!

Compare output of "ldconfig -r" with and without the patch.

Expected result:

• The number of shared libraries listed is unchanged.
• The path list on the 2nd line has the same elements, only in a different order.
• All elements not containing "/lib/compat" precede those containing that string.
• The relative order of elements not containing "/lib/compat" is unchanged within that subset.
• The relative order of elements containing "/lib/compat" is unchanged within that subset.