allow system copy of libevent to be used

[ssuominen]

Transmission 1.61 bundles a copy of libevent, version 1.4.10 with a small change if I'm not mistaken. It doesn't allow the user to select a library installed in system instead, which is a potential security issue for distribution packages and a small overhead.

Please provide a way to use the system library.

Reference, ​http://bugs.gentoo.org/show_bug.cgi?id=269082

[charles]

I think probably we should add an option in configure.in to use the system libraries instead of the ones in third-party. If want to cook up a patch for this, I'd likely put it into the next release.

In the meantime, I'm a little suspicious of the "potential security issue" language here, especially since you used the same boilerplate text in #2070. Is there an actual advisory you're referring to?

[ssuominen]

I meant by "potential security issue" that if the bundled library gets one, we need to track down every application in our Portage tree (thousands of applications) to find out where it's used, instead of patching it only in the system lib. Please try to see the issue from packagers point of view.

I'll try to hack up a patch for this in coming days.

[charles]

ssuominen: any progress on this?

[charles]

ssuominen: ping

[charles]

ssuominen: any news?

[charles]

ssuominen: the reason I keep pinging is that 1.70 is upcoming, and I'd like to get your patch into that release. Can you have the patch ready in the next couple of days?

[charles]

Fixed in r8599 and r8600