[Pkg-rust-maintainers] Bug#1036076: rust-mysqlclient-sys appears to be unsound when used with mariadb.

Matthias Geiger werdahias at riseup.net
Sat Sep 16 12:20:03 BST 2023 

On Mon, 15 May 2023 05:47:10 +0100 Peter Green <plugwash at debian.org> wrote:
 > Package: rust-mysqlclient-sys
 > Severity: serious
 >
 > I was looking at why rust-diesel was not migrating to testing
 > (other than the freeze obviously) and noticed that rust-mysqlclient-sys
 > was not built on 32-bit architectures. As with a bunch of other
 > packages I correctly suspected this was mostly a case of unportable
 > bindgen-generated tests and started preparing fixes for them.
 >
 > However while doing so, I rapidly came to the conclusion that something
 > else was wrong. Specifically I noticed significant discrepancies
 > between the "mysql" (actually mariadb) C headers on my system and the
 > rust bindings in rust-mysqlclient-sys.
 >
 > The tests in the crate only test that the size/alignment of the
 > structures defined in the crate are consistent with what they were
 > when the bindings were generated. They do not check in any way that
 > they are consistent with the structures defined by the C headers on
 > the user's system. There are no functional tests either.
 >
 > My conclusion is that attempting to use this crate with mariadb
 > is highly unsound, though I don't know enough about how the mysql
 > client library is used to determine in what way exactly it will break
 > and whether the breakage is likely to be immediately apparent or more
 > subtle.
 >
 >

 >

Control: severity -1 important

lowering severity so it and rdeps can migrate. I skipped the failing 
tests for now.

-- 
Matthias Geiger (werdahias)
Debian Maintainer
"Freiheit ist immer Freiheit des anders Denkenden" -- Rosa Luxemburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x18BD106B3B6C5475.asc
Type: application/pgp-keys
Size: 4036 bytes
Desc: OpenPGP public key
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20230916/8fdc8d00/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20230916/8fdc8d00/attachment-0001.sig>

More information about the Pkg-rust-maintainers mailing list