Re: libcairo2 and gimp 2.2.6

To: debian-user@lists.debian.org, debian-user-digest@lists.debian.org
Subject: Re: libcairo2 and gimp 2.2.6
From: Florian Kulzer <florian@molphys.leidenuniv.nl>
Date: Sun, 23 Jul 2006 15:01:48 +0200
Message-id: <[🔎] 20060723130148.GB6961@bavaria>
Mail-followup-to: debian-user@lists.debian.org, debian-user-digest@lists.debian.org
In-reply-to: <[🔎] 1153624649l.4339l.0l@vasillica>
References: <20060722160622.9C3B62EB24@murphy.debian.org> <[🔎] 1153624649l.4339l.0l@vasillica>

On Sun, Jul 23, 2006 at 03:17:29 +0000, djhack wrote:

[...]

> >> apt-cash results:gimp:
> >>   Installed: 2.2.6-1
> >>   Candidate: 2.2.6-1
> >>   Version Table:
> >>  *** 2.2.6-1 0
> >>         500 http://ftp.debian.org stable/main Packages
> >>         100 /var/lib/dpkg/status
> >>
> >> ldd results:
> >> ibpangoxft-1.0.so.0 => /usr/lib/libpangoxft-1.0.so.0 (0x404da000)
> >> 	libpangox-1.0.so.0 => /usr/lib/libpangox-1.0.so.0
> >(0x404e1000)
> >> 	libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0
> >> (0x40502000)
> >> 	libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0x40529000)
> >> 	libpangocairo-1.0.so.0 => not found
> >> 	libcairo.so.2 => not found

[...]

> >This should be fixable by a simple
> >
> >apt-get --reinstall install libpango1.0-0 libcairo2

[...]

> Well, I tried to apt-get libcairo2 and was told the following. So it  
> seems that libcairo2 and the other libs are not in sarge stable, but  
> found in "testing" and "unstable".

[...]

> I tried to get libcairo2 with "apt-get install libcairo2/testing" and  
> told that "Release 'testing' for 'libcairo2' was not found" also.  
> Perhaps my sources list is not complete? I don't know. I would prefer  
> not to have to venture out beyond "stable" unless I have too. It seems  
> I have to in this case.

First of all: You should have gimp 2.2.6-1sarge1, since there was a
recent security update to fix a buffer overflow exploit. (I did not
notice this before.) Make sure you have the following line in your
/etc/apt/sources.list:

deb http://security.debian.org/ stable/updates main contrib non-free

then you will get all security updates for stable. (Maybe the security
update was incorporated into version 2.2.6-1 as well, but it is better
to be sure.)

Regarding the libcairo2 problem: You are right, it is not available in
Sarge. (I did not really check before.) It is also not possible to just
install the version from testing since they require a different version
of libc6. I downloaded gimp 2.2.6-1sarge1 and checked it with ldd: It
also links against libcairo.so.2. So it seems that we have a bug here,
probably introduced when the maintainer recompiled the gimp package
after incorporating the security fix. You should file a bug report
against gimp. It is very easy if you use the package "reportbug" which
will automatically include the relevant information about your system.
Give it a title like "2.2.6-1sarge1 links against libraries from
testing" and include the output of "ldd $(which gimp) | grep 'not
found'" in the bug report. The maintainer can probably fix it quickly.

If you need to work with gimp in the meantime then you can downgrade to
an older version which is most likely still in your package cache. Just
do not open any .xcf files from untrusted sources since the older
version is vulnerable to the buffer overflow exploit.

-- 
Regards,
          Florian

Reply to:

Follow-Ups:
- Re: libcairo2 and gimp 2.2.6
  - From: "Mumia W." <mumia.w.18.spam+nospam@earthlink.net>

References:
- libcairo2 and gimp 2.2.6
  - From: djhack <djhack@assisttoweb.com>

Prev by Date: quotYou weirdest werent hellquot
Next by Date: Re: Anybody else seeing this GTK2 bug?
Previous by thread: libcairo2 and gimp 2.2.6
Next by thread: Re: libcairo2 and gimp 2.2.6
Index(es):
- Date
- Thread