Created attachment 150725 [details]
To avoid hiding runtime issues when dependencies are updated. dlopen is only useful for optional dependencies i.e., those not always pulled with the package. Idea from Gentoo.
Alternatively, LIB_DEPENDS should be replaced with BUILD_DEPENDS.
Auto-assigned to maintainer mva@FreeBSD.org
In reality this should not be an issue, since we advise a rebuild (or do a revision bump on all related ports) or shared library updates.
If we stop using shared libraries, we just need BUILD_DEPENDS. This however may impose security risks (e.g. png vulnerabilities) that may not be covered by a rebuild (as far as I remember, BUILD_DEPENDS are not recorded in a package).
The Makefile is more than once reworked since this time. I think this is overcome by events and coulc be closed.
Yes, I think we can close.
This was rejected in comment #2 by the previous maintainer and has not been
contested by jbeich@ since.
Static linking is definitely not acceptable. However it would make sense to disable dynamic loading of shared library to proper linking in build time. I don't see a way to enable this via build arguments though.
It turns out that these options do just what we want - disable dlopen. These do not involve static linking. So the patch is good, I'm going to commit it after some testing along with port updates.
A commit references this bug:
Date: Fri Mar 1 19:18:57 UTC 2019
New revision: 494313
- Switch sdl_image and sdl2_image from dynamic loading of dependency
libraries to normal shared linking
- While here, add USES=sdl and localbase add LICENSE_FILE and strip library
Submitted by: jbeich