[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#706286: pre-approve: libpng/1.2.49-4

On Sat, Apr 27, 2013 at 08:30:06PM +0200, Andreas Beckmann wrote:
>Package: release.debian.org
>Severity: normal
>User: release.debian.org@packages.debian.org
>Usertags: unblock
>
>I identified three packages that don't ship a SONAME symlink and cause
>spurious creation and removal of this link by ldconfig. Spurious since
>the packages themselves don't call ldconfig, so another installation
>will trigger the ldconfig run - 2 seconds or 2 months later.
>
>As this makes the (dis-)appearance nondeterministic, this could produce
>heisenbugs that will be hard to debug. So better ship the link in the
>package and let dpkg instead of ldconfig manage creation/removal.
>
>libpng12-dev is one of them (#706181), due to the
>/usr/lib/<triplet>/libpng12.so -> /lib/<triplet>/libpng12.so.0
>link. ldconfig would create 
>/usr/lib/<triplet>/libpng12.so.0 -> libpng.so
>
>The attached patch changes the symlinks in the -dev package to
>/usr/lib/<triplet>/libpng12.so -> libpng12.so.0 -> /lib/<triplet>/libpng12.so.0
>
>Anibal has already signaled to prepare an updated package, so I filed an
>unblock versioned as a new maintainer upload.
>
>This fix could go via unstable, the only difference between sid and
>wheezy are some changelog entries.
>
>Andreas
>
>unblock libpng/1.2.49-4

The debdiff between 1.2.49-1 (testing) and my new version 1.2.49-4 is
below.

debdiff libpng_1.2.49-1.dsc libpng_1.2.49-4.dsc
diff -Nru libpng-1.2.49/debian/changelog libpng-1.2.49/debian/changelog
--- libpng-1.2.49/debian/changelog	2012-04-09 12:14:09.000000000 +1000
+++ libpng-1.2.49/debian/changelog	2013-04-26 16:49:13.000000000 +1000
@@ -1,3 +1,27 @@
+libpng (1.2.49-4) unstable; urgency=low
+
+  [ Andreas Beckmann ]
+  * libpng12-dev: Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 ->
+    /lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink, too, to prevent ldconfig
+    from playing ping-pong with the SONAME link.  (Closes: #706181)
+
+ -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 26 Apr 2013 16:42:23 +1000
+
+libpng (1.2.49-3) unstable; urgency=low
+
+  * Remove patches/02-681408-CVE-2012-3386-Makefile.in.patch.
+    This patch is unnecessary. This issue is already fixed in automake.
+
+ -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Tue, 28 Aug 2012 16:22:51 +0900
+
+libpng (1.2.49-2) unstable; urgency=high
+
+  * Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
+    Add 02-681408-CVE-2012-3386-Makefile.in.patch
+    Closes: #681408
+
+ -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 13 Jul 2012 12:31:39 +1000
+
 libpng (1.2.49-1) unstable; urgency=high
 
   * New upstream version 1.2.49
diff -Nru libpng-1.2.49/debian/libpng12-dev.links.in libpng-1.2.49/debian/libpng12-dev.links.in
--- libpng-1.2.49/debian/libpng12-dev.links.in	2011-07-18 21:52:43.000000000 +1000
+++ libpng-1.2.49/debian/libpng12-dev.links.in	2013-04-26 16:41:04.000000000 +1000
@@ -1,3 +1,4 @@
 /usr/share/man/man1/libpng12-config.1.gz /usr/share/man/man1/libpng-config.1.gz
 /usr/include/libpng12 /usr/include/libpng
-/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
+/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0
+/usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
Reply to: