[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wine MinGW system libraries

On Sat, Sep 04, 2021 at 08:17:53PM -0500, Zebediah Figura wrote:
> Hello all,
> I'm a contributor to the Wine project. To summarize the following mail, Wine
> needs special versions of some of its normal dependencies, such as
> libfreetype and libgnutls, built using the MinGW cross-compiler, and I'm
> sending out a mail to major distributions in order to get some feedback from
> our packagers on how these should be built and packaged.
> For a long time Wine has built all of its Win32 libraries (DLLs and EXEs) as
> ELF binaries. For various reasons related to application compatibility, we
> have started building our binaries as PE instead, using the MinGW
> cross-compiler. It is our intent to expand this to some of our dependencies
> as well. The list of dependencies that we intend to build using MinGW is not
> quite fixed yet, but we expect it to include and be mostly limited to the
> following:
> * libvkd3d
> * libFAudio
> * libgnutls
> * zlib (currently included via manual source import)
> * libmpg123
> * libgsm
> * libpng
> * libjpeg-turbo
> * libtiff
> * libfreetype
> * liblcms2
> * jxrlib
> and dependencies of the above packages (not including CRT dependencies,
> which Wine provides).
> Accordingly, although static linking and source imports are generally
> disprefered, it may quite likely be preferable in our case. We don't get the
> benefits of on-disk deduplication, since Wine is essentially the only piece
> of software which needs these libraries.

How are distributions supposed to provide security support for Wine?

As an example, Debian 10 that is security supported by Debian
until next summer ships Wine 4.0.

The libgnutls in Debian 10 has already been patched several times
by Debian for CVE fixes.

Having to patch several different versions of the same library
in different packages multiplies the effort required to provide
security support for a library.


Reply to: