Bug 1121995 - live555: does not build shared libraries
live555: does not build shared libraries
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Dominique Leuenberger
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-15 12:56 UTC by Andreas Stieger
Modified: 2020-07-07 04:30 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2019-01-15 12:56:26 UTC
live555 is a library but does not build shared libraries. This essentially turns this package into a statically linked into all consumer. The only known direct user of this library is vlc. 


As a consequence, all security fixes to live555 also need a vlc rebuild.
The configuration to build shared libraries is in config.linux-with-shared-libraries.

Noted while looking at securiy issues affecting live555 (bug 1121892 and bug 1114779).
Comment 1 Tomáš Chvátal 2019-01-15 13:48:20 UTC
Looking on the package it seems the upstream does not really build shared libraries, when i just blindly tried it there are quite few unresolvable symbols.
Comment 2 Andreas Stieger 2019-01-15 15:36:09 UTC
Matthias noted in bug 1121892 comment #1 that is is not dealing with the live555 this package in a maintainer capacity. Maybe Gnome/VLC maintainers?
Comment 3 Mathias Homann 2019-01-16 14:32:05 UTC
I am not the right person to assign this to.
Comment 4 Mathias Homann 2019-01-30 08:15:05 UTC
I'm still not the ight person to deal with this, I have no idea what do do about the lack of shared libraries - shouldn't that actually be adressed upstream?
Comment 5 Dominique Leuenberger 2019-06-24 11:31:08 UTC
created request id 711682

since live555 is a 'throw a hot potato in the air' package, I took the liberty to rewrite the .spec file and produce shared libraries.
Comment 6 Swamp Workflow Management 2019-07-15 13:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1121995) was mentioned in
https://build.opensuse.org/request/show/715480 15.0+15.1+Backports:SLE-15 / live555
Comment 7 Swamp Workflow Management 2019-07-23 16:11:34 UTC
openSUSE-SU-2019:1797-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1121995,1124159,1127341
CVE References: CVE-2019-7314,CVE-2019-9215
Sources used:
openSUSE Leap 15.1 (src):    live555-2019.06.28-lp151.2.3.1
openSUSE Leap 15.0 (src):    live555-2019.06.28-lp150.12.1
openSUSE Backports SLE-15 (src):    live555-2019.06.28-bp150.12.1
Comment 8 Swamp Workflow Management 2019-08-14 13:15:37 UTC
openSUSE-SU-2019:1880-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1121995,1124159,1127341
CVE References: CVE-2019-7314,CVE-2019-9215
Sources used:
openSUSE Backports SLE-15-SP1 (src):    live555-2019.06.28-bp151.3.3.1
Comment 9 Swamp Workflow Management 2020-07-07 04:30:43 UTC
openSUSE-SU-2020:0944-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1121995,1124159,1127341
CVE References: CVE-2019-7314,CVE-2019-9215
Sources used:
openSUSE Leap 15.2 (src):    live555-2019.06.28-lp152.3.3.1