Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
I identified three packages that don't ship a SONAME symlink and cause
spurious creation and removal of this link by ldconfig. Spurious since
the packages themselves don't call ldconfig, so another installation
will trigger the ldconfig run - 2 seconds or 2 months later.
As this makes the (dis-)appearance nondeterministic, this could produce
heisenbugs that will be hard to debug. So better ship the link in the
package and let dpkg instead of ldconfig manage creation/removal.
libpng12-dev is one of them (#706181), due to the
/usr/lib/<triplet>/libpng12.so -> /lib/<triplet>/libpng12.so.0
link. ldconfig would create
/usr/lib/<triplet>/libpng12.so.0 -> libpng.so
The attached patch changes the symlinks in the -dev package to
/usr/lib/<triplet>/libpng12.so -> libpng12.so.0 -> /lib/<triplet>/libpng12.so.0
Anibal has already signaled to prepare an updated package, so I filed an
unblock versioned as a new maintainer upload.
This fix could go via unstable, the only difference between sid and
wheezy are some changelog entries.
Andreas
unblock libpng/1.2.49-4
diff -Nru libpng-1.2.49/debian/changelog libpng-1.2.49/debian/changelog
--- libpng-1.2.49/debian/changelog 2012-04-09 04:14:09.000000000 +0200
+++ libpng-1.2.49/debian/changelog 2013-04-27 20:04:03.000000000 +0200
@@ -1,3 +1,27 @@
+libpng (1.2.49-3.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * libpng12-dev: Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 ->
+ /lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink, too, to prevent ldconfig
+ from playing ping-pong with the SONAME link. (Closes: #706181)
+
+ -- Andreas Beckmann <a...@debian.org> Fri, 26 Apr 2013 00:33:36 +0200
+
+libpng (1.2.49-3) unstable; urgency=low
+
+ * Remove patches/02-681408-CVE-2012-3386-Makefile.in.patch.
+ This patch is unnecessary. This issue is already fixed in automake.
+
+ -- Nobuhiro Iwamatsu <iwama...@debian.org> Tue, 28 Aug 2012 16:22:51 +0900
+
+libpng (1.2.49-2) unstable; urgency=high
+
+ * Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
+ Add 02-681408-CVE-2012-3386-Makefile.in.patch
+ Closes: #681408
+
+ -- Anibal Monsalve Salazar <ani...@debian.org> Fri, 13 Jul 2012 12:31:39 +1000
+
libpng (1.2.49-1) unstable; urgency=high
* New upstream version 1.2.49
diff -Nru libpng-1.2.49/debian/libpng12-dev.links.in libpng-1.2.49/debian/libpng12-dev.links.in
--- libpng-1.2.49/debian/libpng12-dev.links.in 2011-07-18 13:52:43.000000000 +0200
+++ libpng-1.2.49/debian/libpng12-dev.links.in 2013-04-26 00:32:55.000000000 +0200
@@ -1,3 +1,4 @@
/usr/share/man/man1/libpng12-config.1.gz /usr/share/man/man1/libpng-config.1.gz
/usr/include/libpng12 /usr/include/libpng
-/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
+/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0
+/usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .deb but not in first
-------------------------------------
lrwxrwxrwx root/root /usr/lib/x86_64-linux-gnu/libpng12.so -> libpng12.so.0
lrwxrwxrwx root/root /usr/lib/x86_64-linux-gnu/libpng12.so.0 ->
/lib/x86_64-linux-gnu/libpng12.so.0
Files in first .deb but not in second
-------------------------------------
lrwxrwxrwx root/root /usr/lib/x86_64-linux-gnu/libpng12.so ->
/lib/x86_64-linux-gnu/libpng12.so.0
Control files: lines which differ (wdiff format)
------------------------------------------------
Depends: libpng12-0 (= [-1.2.49-1),-] {+1.2.49-3.1),+} zlib1g-dev
Installed-Size: [-588-] {+589+}
Version: [-1.2.49-1-] {+1.2.49-3.1+}
