[Secure-testing-team] Static linking LLVM
Seo Sanghyeon
tinuviel at sparcs.kaist.ac.kr
Mon Aug 29 04:06:36 UTC 2011
Recently Mesa DRI started to use LLVM. (I noticed this because of
sudden increase in package size.) According to the changelog of
Debian source package mesa:
"Build r300 classic (through DRI_DRIVERS) everywhere, since r300g comes
with a few additional requirements: LLVM is needed for this driver,
and apparently only works fine on x86 platform. As a consequence, only
build r300g on amd and i386, and add llvm-2.9-dev build-dep on those
platforms accordingly. Disable it explicitly on other platforms."
>From what I can tell, r300_dri.so and r600_dri.so under
/usr/lib/i386-linux-gnu/dri in libgl1-mesa-dri package statically link
LLVM 2.9. Since LLVM is a complex software and it is not inconceivable
that security issues will be found, I think this should be noted in
embedded-code-copies file.
CC'ing Debian X Strike Force who may have some ideas.
Seo Sanghyeon
More information about the Secure-testing-team
mailing list