Freeimage 3.10 -> 3.17 upgrade, dealing with library incompatibility

[Sandro Mani]

Hello

I'm looking at updating freeimage from 3.10 to 3.17, also to resolve 
CVE-2015-0852, and I'm wondering how to deal with the following situation:

- The package ships two libraries, libfreeimage (C API) and 
libfreeimageplus (C++ wrapper)
- abi_compliance_checker reports that compatibility was not broken 
between libfreeimage of 3.10 and 3.17. However, in libfreeimageplus, 
various function signatures have changed due to switching from WORD (aka 
unsigned short) to unsigned for various size related parameters. The 
soname was not changed, so this is an upstream error.


So, I see the following options:
- Contact upstream and wait for them to resolve the issue. Could take 
some time
- Patch the C++ API to restore compatibility with 3.10 (i.e. change 
unsigned back to WORD) as a short-term solution, contact upstream and 
notify them about the issue.
- Nothing in Fedora seems to require libfreeimageplus, so just build 
3.17 in rawhide and F23 and have the libfreeimageplus ABI break silently 
sneak in. Probably shouldn't even mention this option.
- Change library versioning from using libfreeimage{plus}.MAJOR to 
libfreeimage-%{version} (i.e. as in libtool -release vs -version-info), 
requiring rebuilds whenever freeimage is updated.

I'm leaning towards the second option. Other opinions?

Thanks,
Sandro