Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Now what? Glibc bug, vulnerability
On Sat, Feb 20, 2016 at 1:59 PM, Carlos E. R.
<robin.listas@xxxxxxxxxxxxxx> wrote:
On 02/20/2016 07:46 PM, John Andersen wrote:

Are there no packages in common usage where the glibc library routines
are linked directly into the executables?

Someone told me this was possible, but I have no clue.

AFAIK, this is only done by proprietary packages, so that they
distribute a single binary package for all the distributions. It may be
done also by some programs intended for rescue operations.

Normally, anything distributed by openSUSE is using dynamic, runtime,
linking. I think there is a policy about this.

A static library is still a library. Shared libs are *.so Statics
are *.a. Look around your system and see if you have a glibc*.a
file anywhere. In theory they should be in one of the lib folders, so
you don't have that many places to look.

Anyway that policy is a "written policy", but as with many policies
there are counter-examples.

For factory (Tumbleweed) at least, glibc does have a formal static lib RPM:


If you look at the below page you can see the couple of packages in
factory that actually link against it officially.

Those packages will see the updated glib-devel-static rpm and will
rebuild and be published automatically.

There could also be packages not in the distro that link against it so
that could be a concern.

If you are concerned, just make sure the older version of the
glibc-devel-static library is uninstalled (ie. updated to the new

I would also do a full search across your machine and make sure you
don't have the static lib if its not needed:

find / -name glibc\*.a

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >