Andrea (in CC) recently pointed me to libtiff installation warnings on
Fedora/RISCV side:
[..]
Installing : libtiff-4.6.0-2.fc40.riscv64 5/5
Running scriptlet: libtiff-4.6.0-2.fc40.riscv64 5/5
/usr/sbin/ldconfig: /lib64/lp64d/libtiffxx.so.5 is not a symbolic link
/usr/sbin/ldconfig: /lib64/lp64d/libtiff.so.5 is not a symbolic link
[..]
7 months ago libtiff was updated to 4.5.0 [0] with a bunch of CVEs
listed in commit.
This added:
[..]
# Copy old soname %{_libdir}/libtiff.so.5
# Copy old soname %{_libdir}/libtiffxx.so.5
cp %{_libdir}/libtiff.so.5* $RPM_BUILD_ROOT%{_libdir}
cp %{_libdir}/libtiffxx.so.5* $RPM_BUILD_ROOT%{_libdir}
[..]
I assume this was added instead of doing a proper compat package
before SOVERSION bump, or maybe one-time-thing for a side tag while
everything gets rebuilt for a new libtiff.
This is from Fedora Rawhide (today) after installing
libtiff-0:4.6.0-2.fc40.x86_64 (via DNF).
# readelf -p .note.package /usr/lib64/libtiff.so.5
String dump of section '.note.package':
[ 4] |
[ 8] ~^Z�DO
[ 10]
{"type":"rpm","name":"libtiff","version":"4.4.0-8.fc40","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"}
This seems to come from 4.4.0-8.fc40. Random check suggests there are
a bunch of CVEs with "LibTIFF 4.4.0" string.
The old "*.so.5*" should be removed from this package, as we keep
carrying them over to the next build.
david
- - -
[0]
https://src.fedoraproject.org/rpms/libtiff/c/cfa398260d7055fd80951b4c73d9b850aabe2339?branch=rawhide
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
