[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#706286: marked as done (pu: libpng/1.2.49-1+deb7u1)

Your message dated Wed, 4 Dec 2013 15:09:13 +0100
with message-id <20131204140913.GJ4822@betterave.cristau.org>
and subject line Re: Bug#706286: pre-approve: libpng/1.2.49-4
has caused the Debian Bug report #706286,
regarding pu: libpng/1.2.49-1+deb7u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
706286: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706286
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

I identified three packages that don't ship a SONAME symlink and cause
spurious creation and removal of this link by ldconfig. Spurious since
the packages themselves don't call ldconfig, so another installation
will trigger the ldconfig run - 2 seconds or 2 months later.

As this makes the (dis-)appearance nondeterministic, this could produce
heisenbugs that will be hard to debug. So better ship the link in the
package and let dpkg instead of ldconfig manage creation/removal.

libpng12-dev is one of them (#706181), due to the
/usr/lib/<triplet>/libpng12.so -> /lib/<triplet>/libpng12.so.0
link. ldconfig would create 
/usr/lib/<triplet>/libpng12.so.0 -> libpng.so

The attached patch changes the symlinks in the -dev package to
/usr/lib/<triplet>/libpng12.so -> libpng12.so.0 -> /lib/<triplet>/libpng12.so.0

Anibal has already signaled to prepare an updated package, so I filed an
unblock versioned as a new maintainer upload.

This fix could go via unstable, the only difference between sid and
wheezy are some changelog entries.

Andreas

unblock libpng/1.2.49-4

diff -Nru libpng-1.2.49/debian/changelog libpng-1.2.49/debian/changelog
--- libpng-1.2.49/debian/changelog	2012-04-09 04:14:09.000000000 +0200
+++ libpng-1.2.49/debian/changelog	2013-04-27 20:04:03.000000000 +0200
@@ -1,3 +1,27 @@
+libpng (1.2.49-3.1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * libpng12-dev: Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 ->
+    /lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink, too, to prevent ldconfig
+    from playing ping-pong with the SONAME link.  (Closes: #706181)
+
+ -- Andreas Beckmann <anbe@debian.org>  Fri, 26 Apr 2013 00:33:36 +0200
+
+libpng (1.2.49-3) unstable; urgency=low
+
+  * Remove patches/02-681408-CVE-2012-3386-Makefile.in.patch.
+    This patch is unnecessary. This issue is already fixed in automake.
+
+ -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Tue, 28 Aug 2012 16:22:51 +0900
+
+libpng (1.2.49-2) unstable; urgency=high
+
+  * Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
+    Add 02-681408-CVE-2012-3386-Makefile.in.patch
+    Closes: #681408
+
+ -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 13 Jul 2012 12:31:39 +1000
+
 libpng (1.2.49-1) unstable; urgency=high
 
   * New upstream version 1.2.49
diff -Nru libpng-1.2.49/debian/libpng12-dev.links.in libpng-1.2.49/debian/libpng12-dev.links.in
--- libpng-1.2.49/debian/libpng12-dev.links.in	2011-07-18 13:52:43.000000000 +0200
+++ libpng-1.2.49/debian/libpng12-dev.links.in	2013-04-26 00:32:55.000000000 +0200
@@ -1,3 +1,4 @@
 /usr/share/man/man1/libpng12-config.1.gz /usr/share/man/man1/libpng-config.1.gz
 /usr/include/libpng12 /usr/include/libpng
-/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
+/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0
+/usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so

[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second .deb but not in first
-------------------------------------
lrwxrwxrwx  root/root   /usr/lib/x86_64-linux-gnu/libpng12.so -> libpng12.so.0
lrwxrwxrwx  root/root   /usr/lib/x86_64-linux-gnu/libpng12.so.0 -> /lib/x86_64-linux-gnu/libpng12.so.0

Files in first .deb but not in second
-------------------------------------
lrwxrwxrwx  root/root   /usr/lib/x86_64-linux-gnu/libpng12.so -> /lib/x86_64-linux-gnu/libpng12.so.0

Control files: lines which differ (wdiff format)
------------------------------------------------
Depends: libpng12-0 (= [-1.2.49-1),-] {+1.2.49-3.1),+} zlib1g-dev
Installed-Size: [-588-] {+589+}
Version: [-1.2.49-1-] {+1.2.49-3.1+}

--- End Message ---
--- Begin Message --- 
On Wed, May 22, 2013 at 01:59:21 +0200, Cyril Brulebois wrote:

> Control: tag -1 moreinfo
> 
> Andreas Beckmann <anbe@debian.org> (27/04/2013):
> > I identified three packages that don't ship a SONAME symlink and cause
> > spurious creation and removal of this link by ldconfig. Spurious since
> > the packages themselves don't call ldconfig, so another installation
> > will trigger the ldconfig run - 2 seconds or 2 months later.
> > 
> > As this makes the (dis-)appearance nondeterministic, this could produce
> > heisenbugs that will be hard to debug. So better ship the link in the
> > package and let dpkg instead of ldconfig manage creation/removal.
> 
> See my reply to libusb (#706281), the same applies.
> 
As for libusb, closing per KiBi.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: