Hi, Chung Jonathan wrote: > Yes, I think the local fix is the way to go.
I wrote: > > (You forgot to Cc: debian-user@lists.debian.org. > > Consider to send your mail to the list address, too. I too would then > > resend my following reply to the list.) Since my "following reply" is quoted in Jonathan Chung's reply to the list i don't have to resend it. (I gave my opinion that the problem is not a bug in the context of Debian 12 or 13 and pointed to https://wiki.debian.org/BuildingTutorial for a private fix of the problem.) Jeffrey Walton wrote: > Your problem is one that plagues Linux. You compile and link against > one version of a library, and then you runtime link against another > version. This should not be a problem with a well maintained library which cares to stay ABI compatible with its older releases. In the present case it was a bug in the loading program pigz which prevented zlib from being usable. > I consider it a > security bug since essentially random libraries are being loaded at > runtime. > To fix the problem yourself, add an RPATH to your LDFLAGS when > building your program: > -Wl,-rpath=/path/to/expected/libz -Wl,--enable-new-dtags Well, this is nearly as unflexible as static compilation but does not seem to prevent the use of a replaced library at the given path. Using .so files has its advantages and disadvantages. For a distro the advantage (without the pigz bug) is that customers of different versions of a library can be consolidated to using the newest available version. An advantage for the user is that bugs in a library can be fixed without the need for re-building all its customers. Have a nice day :) Thomas
