| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Nov 2009 12:40:22 +0100 From: Enrico Weigelt <weigelt@...ux.de> To: linux-kernel@...r.kernel.org Subject: Re: package managers [was: FatELF patches...] * Mikulas Patocka <mikulas@...ax.karlin.mff.cuni.cz> wrote: > No, if I compile alpha version of mplayer by hand, it compiles and links > against whatever libraries I have on my system. If I pull it out of some > "testing" repository, it is already compiled and linked against libraries > in the same "testing" repository and it will load the system with crap. You picked the wrong repo. Use one which contains only the wanted package, not tons of other stuff. If there is none, create it. > > Or if you're arguing "you'd give up after seeing it needed an experimental > > libfoo", I'll counter "you'd hopefully think twice if yum said it was > > installing a experimental mplayer, and dragging in a whole chain of pre-reqs". > > ... or use --disable-libfoo if it insists on newer version and I don't > want to upgrade it. Either abdicate the feature requiring libfoo or statically link that new version. In neither way FatELF will help here. > Or maybe the configure scripts detects on its own that the library is > too old will compile without new features. Or it uses libfoo shipped > with the sources. Blame mplayer folks for their crappy configure script. Automatically switching features on presence of some libs (also *against* explicit options), or - even worse - hard coded system lib pathes (!) is simply insane. FatELF can't delete ignorance from jerks like Rich Felker ;-O cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service - http://www.metux.de/ --------------------------------------------------------------------- Please visit the OpenSource QM Taskforce: http://wiki.metux.de/public/OpenSource_QM_Taskforce Patches / Fixes for a lot dozens of packages in dozens of versions: http://patches.metux.de/ --------------------------------------------------------------------- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists