[Slackbuilds-users] Advice needed: no libpng14.la

Didier Spaier didier at slint.fr
Mon Aug 21 17:07:30 UTC 2017


Le 21/08/2017 à 16:24, Rich Shepard a écrit :
>   libpng-1.6.27-i586-1_slack14.2 is installed; locate returns
> /usr/lib/libpng14.so.14
> /usr/lib/libpng14.so.14.18.0
> 
>   However, gnucash-2.6.17 wants a static library, not a shared one:
> 
> /usr/bin/sed: can't read /usr/lib/libpng14.la: No such file or directory
> libtool: link: `/usr/lib/libpng14.la' is not a valid libtool archive
> Makefile:639: recipe for target 'libgncmod-html.la' failed
> 
>   This is a new issue and I need advice on how to proceed to resolve the
> issue.

I don't have the answer, but will take this opportunity for a warning to
users of packages depending on webkitgtk2, directly or indirectly.

Having read this blog post:
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

I assume that all software that depend on a version at risk according
to the most recent security advisory published on
https://webkitgtk.org/security.html
are also at risk.

Today that would mean that version 2.16.6 should be used instead
of 2.4.11 (the default in SBo).

Admittedly the risk level is not the same for all software that depend
on webkitgtk2, as explained by  Michael Catanzaro, and maybe one should
not worry too much about gnucash (although I really don't know) but for
instance there is a big risk for midori users, as stated by Michael.

I am sorry to just bring an issue without a good solution to propose,
as obviously not all SBo users will be happy to recompile their
software that depend on wekitgtk2 8 times a year or so.

But maybe a mention of the issue in the README of the leaf packages
that depend on it could be added, at least in the ones that the admins
consider the more at risk?

Then it would be the responsibility of SBo users to track the security
advisories and rebuild their packages if they think they should.

Best regards,
Didier


More information about the SlackBuilds-users mailing list