Page MenuHomeSolus

[RFC] Rebuild 3.18.0 to bind freeimage to use internal libraries
ClosedPublic

Authored by css459 on Jan 19 2019, 3:06 AM.

Details

Summary

The offical Readme for freeimage advises against
unbinding the required libraries as this can
introduce version mismatching of dependent libraries,
or unresolved reference errors.

Specific information (including an excerpt of the Readme
addressing this problem) can be found at the following:

Resolves T7515

Changes

  • Removed unbinding patch and files directory
  • Removed needless builddeps which are brought in by system.devel
  • Changed build steps to match Readme specification
  • Rebuilt abi_* and pspec files

Signed-off-by: Cole Smith <cole.s.smith1@gmail.com>

Test Plan

Compile & run an example from FreeImage/Examples/Linux

Diff Detail

Repository
R844 freeimage
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

css459 created this revision.Jan 19 2019, 3:06 AM
css459 requested review of this revision.Jan 19 2019, 3:06 AM
css459 updated this revision to Diff 12455.Jan 19 2019, 3:23 AM
This comment was removed by css459.
css459 retitled this revision from Rebuild 3.18.0 to bind freeimage to use internal libraries to [RFC] Rebuild 3.18.0 to bind freeimage to use internal libraries.Jan 19 2019, 3:24 AM
Jacalz added a subscriber: Jacalz.Jan 19 2019, 7:55 AM

I think that it is using the external libraries for a reason, because It is probably safer security wise knowing that we can control our versions of dependencies to avoid any CVEs and so on. I might be wrong but it is my assessment of the situation...

It looks like Debian also uses a similar patch. I think separating the libraries is more important for non-rolling distros, but since the package is maintained by the Debian Scientific Team, I think you're right in that we should probably keep the unbinding patch for that reason.

Something still remains however: ypkg isn't pulling in the pkg-config libraries as normal dependencies on the system, only libstdc++ glibc libgcc. I think this would work so long as the proper dependent libraries are installed to the system. Would there be a reason for the packaging system leaving these out?

css459 updated this revision to Diff 12461.Jan 19 2019, 9:10 PM

Updating D5097: [RFC] Rebuild 3.18.0 to bind freeimage to use internal libraries

  • Added back dynamic linking
  • Added two new CVE patches from Fedora
  • Dynamically linked pkgconfigs still not exposed as deps

See amended commit message for more info

DataDrake accepted this revision.Apr 13 2020, 2:12 AM
DataDrake added a subscriber: DataDrake.

LGTM. Thanks!

This revision is now accepted and ready to land.Apr 13 2020, 2:12 AM