qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Stitcher <astitc...@redhat.com>
Subject Re: Backporting security fix
Date Mon, 27 Aug 2012 15:48:24 GMT
On Mon, 2012-08-27 at 09:32 +0200, Cajus Pollmeier wrote:
> Hi,
> 
> while Debian Wheezy is in the freeze process, there was a security 
> issue found that affects 0.16:
> 
> http://www.openwall.com/lists/oss-security/2012/08/09/6
> 
> That means that I've to apply the fix to 0.16. The question is: what 
> should I do with the SONAME of the affected library (libqpidbroker) - 
> which exposes a method with a changed interface in this case?
> 
> Is there a SONAME proposal to not conflict with later versions of 
> qpidd?

I don't think that we are currently proposing any upstream library
versioning at all. As far as I remember the library versioning in the
Fedora and Red Hat Enterprise packages are not the same as the
versioning you will get if you just run make install on the upstream
package.

Similarly we've not been especially careful to change library versions
consistent with ABI so I perhaps you should do whatever works for your
packaging.

I would note that libqpidbroker really exposes only an entirely private
interface though so perhaps it's versioning isn't that significant -
it's not actually separable from qpidd anyway.

Andrew



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message