Bug#434499: balsa: Workaround found : downgrade gmime2.2 to 2.9

Sven Arvidsson sa at whiz.se
Tue Aug 28 21:36:50 UTC 2007 

On Mon, 2007-08-27 at 21:37 +0200, Loïc Minier wrote:
>  It's an ABI change, but it's more a bug fix than an ABI breakage;
>  these functions should never have been exported, and I can imagine they
>  would have caused bugs in the past.  Perhaps some programs actually use
>  strncasecmp and strcasecmp and were linked against libgmime instead of
>  libc and started crashing when libgmime didn't have the symbols
>  anymore?  In this case, we should rebuild such packages.
> 
>  Do you think you could build a list of such packages?  Any package with
>  a -lgmime and a binary referencing strncasecmp or strcasecmp is a
>  candidate, so you could for example write a small shell script to:
>  1) search packages build-depending on libgmime-dev (recursively, that
>  is packages build-depending on something depending on libgmime-dev
>  should be included)
>  2) download the .deb files of such packages for i386
>  3) run objdump on all binaries of the .deb files and search for
>  strcasecmp or strncasecmp
> 
>  The results could be sent to the release team to schedule bin NMUs
>  (rebuilds).
> 
>  If the list in 1) is small, you could skip the next steps and request
>  all packages to be rebuilt.

Hi,

I have found four likely candidates. Balsa, dbmail, pan and tracker all
build-depends on libgmime-dev, links against libgmime and contain
strcasecmp and/or strncasecmp. 

Consequently, these are the packages I should request a binNMU for?


Just to be sure, following your advice, these are the steps I took to
find these packages:

      * I used grep-dctrl to find everything build-depending on
        libgmime-dev. And checked recursively, only nautilus
        build-depends on one of these, but doesn't link with libgmime.

      * I used "ldd foo | grep gmime" to investigate library
        dependencies.

      * I used "objdump -T foo | grep 'str[n]*casecmp'" too see if any
        binary or library included these functions.

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 760BDD22
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20070828/b7fb9d03/attachment-0001.pgp

More information about the pkg-gnome-maintainers mailing list