Spotify Community

The Spotify client depends on libssl to start a webserver that Spotify Play Button can talk to.

https://developer.spotify.com/technologies/widgets/spotify-play-button/

Unfortunately, the way the library is linked means it is the same version of the library that it builds with, which is libssl.so.1.0.0.

The Spotify client also depends libcurl. Libcurl in turn, depends on the libssl, the same version of the library that it was built with, which is libssl.1.0.2

So, on systems that only has libssl.1.0.0 (like Ubuntu, which decided to not change the so-name of the library, while still make sure it has all the security fixes) Spotify only depends on one version of the library.

$ ldd /usr/bin/spotify | grep -e ssl -e curl
	libcurl.so.4 => /usr/lib/x86_64-linux-gnu/libcurl.so.4 (0x00007f1829b29000)
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f18298c0000)
$ ldd /usr/lib/x86_64-linux-gnu/libcurl.so.4 | grep ssl
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f46dd25d000)

This is a big problem that needs to be solved.