On Mon, 2012-08-27 at 09:32 +0200, Cajus Pollmeier wrote: > Hi, > > while Debian Wheezy is in the freeze process, there was a security > issue found that affects 0.16: > > http://www.openwall.com/lists/oss-security/2012/08/09/6 > > That means that I've to apply the fix to 0.16. The question is: what > should I do with the SONAME of the affected library (libqpidbroker) - > which exposes a method with a changed interface in this case? > > Is there a SONAME proposal to not conflict with later versions of > qpidd?
I don't think that we are currently proposing any upstream library versioning at all. As far as I remember the library versioning in the Fedora and Red Hat Enterprise packages are not the same as the versioning you will get if you just run make install on the upstream package. Similarly we've not been especially careful to change library versions consistent with ABI so I perhaps you should do whatever works for your packaging. I would note that libqpidbroker really exposes only an entirely private interface though so perhaps it's versioning isn't that significant - it's not actually separable from qpidd anyway. Andrew --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
