Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Now what? Glibc bug, vulnerability
On 02/20/2016 01:53 PM, Andrei Borzenkov wrote:
21.02.2016 00:47, Greg Freemyer пишет:
On Sat, Feb 20, 2016 at 1:59 PM, Carlos E. R.
<robin.listas@xxxxxxxxxxxxxx> wrote:
On 02/20/2016 07:46 PM, John Andersen wrote:

Are there no packages in common usage where the glibc library routines
are linked directly into the executables?

Someone told me this was possible, but I have no clue.

AFAIK, this is only done by proprietary packages, so that they
distribute a single binary package for all the distributions. It may be
done also by some programs intended for rescue operations.

Normally, anything distributed by openSUSE is using dynamic, runtime,
linking. I think there is a policy about this.

A static library is still a library. Shared libs are *.so Statics
are *.a. Look around your system and see if you have a glibc*.a
file anywhere.

And how does it matter? How having static library on your system is
related to having programs statically linked with this library? Static
library is needed on build system to link with; it is not needed on
target system where program is installed.

And that's the part that is concerning. We might expect updates to packages
from opensuse for those that detect the need to be recompiled.

But I suppose there might be others that continue to operate on their own
linked in copies within binary packages without reference to the libraries.

I only run a few such things where I don't have Opensuse to look for
static linked things. Vmware (paid) Google Earth, Google Chrome are
all that spring to mind. I would expect google to fix their stuff,
but Vmware fired all their main staff in a reorg.

After all is said and done, more is said than done.
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >