Andrea (in CC) recently pointed me to libtiff installation warnings on Fedora/RISCV side:

[..] Installing : libtiff-4.6.0-2.fc40.riscv64 5/5 Running scriptlet: libtiff-4.6.0-2.fc40.riscv64 5/5 /usr/sbin/ldconfig: /lib64/lp64d/libtiffxx.so.5 is not a symbolic link

/usr/sbin/ldconfig: /lib64/lp64d/libtiff.so.5 is not a symbolic link [..]

7 months ago libtiff was updated to 4.5.0 [0] with a bunch of CVEs listed in commit.

This added:

[..] # Copy old soname %{_libdir}/libtiff.so.5 # Copy old soname %{_libdir}/libtiffxx.so.5 cp %{_libdir}/libtiff.so.5* $RPM_BUILD_ROOT%{_libdir} cp %{_libdir}/libtiffxx.so.5* $RPM_BUILD_ROOT%{_libdir} [..]

I assume this was added instead of doing a proper compat package before SOVERSION bump, or maybe one-time-thing for a side tag while everything gets rebuilt for a new libtiff.

This is from Fedora Rawhide (today) after installing libtiff-0:4.6.0-2.fc40.x86_64 (via DNF).

# readelf -p .note.package /usr/lib64/libtiff.so.5

String dump of section '.note.package': [ 4] | [ 8] ~^Z�DO [ 10] {"type":"rpm","name":"libtiff","version":"4.4.0-8.fc40","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"}

This seems to come from 4.4.0-8.fc40. Random check suggests there are a bunch of CVEs with "LibTIFF 4.4.0" string.

The old "*.so.5*" should be removed from this package, as we keep carrying them over to the next build.

david - - - [0] https://src.fedoraproject.org/rpms/libtiff/c/cfa398260d7055fd80951b4c73d9b85...