[Pkg-privacy-maintainers] Bug#1125775: Bug#1125775: torsocks: library not in search path, leaks user IP to endpoint
intrigeri
intrigeri at debian.org
Thu Jan 29 15:08:37 GMT 2026
Hi,
Hefee (2026-01-27):
> The explicit override of dh_makeshlibs was done in 2012
> by intrigeri.
Yup. I thought that was correct at the time, because back then,
torsocks added its library to LD_PRELOAD using a full path, which
worked regardless of ldconfig being called or not beforehand; while
the new ld.so-based approach unfortunately doesn't. Sorry if I'm
getting all this wrong, I'm not an expert at this!
> And I never thought, that a ldconfig trigger is needed for a private
> library. But okay I learnt I needs that. Now I understand more why
> Helumt was telling in #902792, why libtorsocks need to be treated
> like a public library.
>
> Can someone have a look at salsa if my changes makes sense?
> https://salsa.debian.org/pkg-privacy-team/torsocks
I'm by no means an expert at this, but it does make sense to me.
Thank you for working on this important bug!
> I'm a little bit unsure about the move libtorsocks from subdir to normal
> libdir (that was discussed https://bugs.debian.org/cgi-bin/bugreport.cgi?
> bug=902792,#41)
I've skimmed over that conversation and my take away is that I don't
understand what was the expected benefit of using a sub-directory.
So if this newer approach in Vcs-Git works for the major use cases
we're discussing here, I say go for it :)
Cheers,
--
intrigeri
More information about the Pkg-privacy-maintainers
mailing list