[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: libX11

On Thu, 2006-05-04 at 13:14 -0600, Rebecca Bendick wrote:
> Hi.  I'm trying to compile code on FC5, and it wants a static link to  
> libX11.a  I've read through the archives and elsewhere on the web,  
> and it seems like this library doesn't exist in FC5, so I should  
> dynamic link to something else instead.  So, how do I do that, and to  
> what do I link?  Sorry to be so thick, but I can't seem to find the  
> answer anywhere.   I did install xorg-x11-devel, but find doesn't  
> turn up any likely libraries anywhere.

>From what I understand, Fedora is moving away from making static
libraries available. I know this is the case with Extras, I think it is
the case with core too.

This is something I personally disagree with, but here is the reasoning
(well, at least one of them):

User compiles software and it links against static library libfoo.a.
vulnerability is found in libfoo, Fedora releases patched libfoo.

But the user built their software against the vulnerable libfoo.a and
did not rebuild it after the update was installed.

Result: user potentially has software with a vulnerability in it.

If possible, you should ask the upstream source of your code to allow it
to link to a shared library.

An alternative is to rebuilt the src.rpm and change it to install the
static library.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]