Bug#706286: pre-approve: libpng/1.2.49-4
On Sat, Apr 27, 2013 at 08:30:06PM +0200, Andreas Beckmann wrote:
>Package: release.debian.org
>Severity: normal
>User: release.debian.org@packages.debian.org
>Usertags: unblock
>
>I identified three packages that don't ship a SONAME symlink and cause
>spurious creation and removal of this link by ldconfig. Spurious since
>the packages themselves don't call ldconfig, so another installation
>will trigger the ldconfig run - 2 seconds or 2 months later.
>
>As this makes the (dis-)appearance nondeterministic, this could produce
>heisenbugs that will be hard to debug. So better ship the link in the
>package and let dpkg instead of ldconfig manage creation/removal.
>
>libpng12-dev is one of them (#706181), due to the
>/usr/lib/<triplet>/libpng12.so -> /lib/<triplet>/libpng12.so.0
>link. ldconfig would create
>/usr/lib/<triplet>/libpng12.so.0 -> libpng.so
>
>The attached patch changes the symlinks in the -dev package to
>/usr/lib/<triplet>/libpng12.so -> libpng12.so.0 -> /lib/<triplet>/libpng12.so.0
>
>Anibal has already signaled to prepare an updated package, so I filed an
>unblock versioned as a new maintainer upload.
>
>This fix could go via unstable, the only difference between sid and
>wheezy are some changelog entries.
>
>Andreas
>
>unblock libpng/1.2.49-4
The debdiff between 1.2.49-1 (testing) and my new version 1.2.49-4 is
below.
debdiff libpng_1.2.49-1.dsc libpng_1.2.49-4.dsc
diff -Nru libpng-1.2.49/debian/changelog libpng-1.2.49/debian/changelog
--- libpng-1.2.49/debian/changelog 2012-04-09 12:14:09.000000000 +1000
+++ libpng-1.2.49/debian/changelog 2013-04-26 16:49:13.000000000 +1000
@@ -1,3 +1,27 @@
+libpng (1.2.49-4) unstable; urgency=low
+
+ [ Andreas Beckmann ]
+ * libpng12-dev: Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 ->
+ /lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink, too, to prevent ldconfig
+ from playing ping-pong with the SONAME link. (Closes: #706181)
+
+ -- Anibal Monsalve Salazar <anibal@debian.org> Fri, 26 Apr 2013 16:42:23 +1000
+
+libpng (1.2.49-3) unstable; urgency=low
+
+ * Remove patches/02-681408-CVE-2012-3386-Makefile.in.patch.
+ This patch is unnecessary. This issue is already fixed in automake.
+
+ -- Nobuhiro Iwamatsu <iwamatsu@debian.org> Tue, 28 Aug 2012 16:22:51 +0900
+
+libpng (1.2.49-2) unstable; urgency=high
+
+ * Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
+ Add 02-681408-CVE-2012-3386-Makefile.in.patch
+ Closes: #681408
+
+ -- Anibal Monsalve Salazar <anibal@debian.org> Fri, 13 Jul 2012 12:31:39 +1000
+
libpng (1.2.49-1) unstable; urgency=high
* New upstream version 1.2.49
diff -Nru libpng-1.2.49/debian/libpng12-dev.links.in libpng-1.2.49/debian/libpng12-dev.links.in
--- libpng-1.2.49/debian/libpng12-dev.links.in 2011-07-18 21:52:43.000000000 +1000
+++ libpng-1.2.49/debian/libpng12-dev.links.in 2013-04-26 16:41:04.000000000 +1000
@@ -1,3 +1,4 @@
/usr/share/man/man1/libpng12-config.1.gz /usr/share/man/man1/libpng-config.1.gz
/usr/include/libpng12 /usr/include/libpng
-/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
+/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0
+/usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
Reply to: