Package: gsoap Version: 2.8.12-1 Severity: normal Tags: upstream gsoap installs stdsoap2.h (it is in package libgsoap-dev), with no changes from the sources. This file contains many #ifdef ... #endif constructs to select features.
This file is used at build time of libgsoap.so; one of the datastructures in this library is called struct SOAP_STD_API soap. Depending on the use of the WITH_IPV6 flag, the size of one of its fields differs: #ifdef WITH_IPV6 struct sockaddr_storage peer; /* IPv6: set by soap_accept and by UDP recv */ #else struct sockaddr_in peer; /* IPv4: set by soap_connect/soap_accept and by UDP recv */ #endif Applications that build and link to libgsoap *must* match this choice exactly, at the risk of misaligning the fields of struct soap which could result in crashes. This also leads to potential security vulnerabilities. It is particulary unsafe to forget -DWITH_IPV6 when building against libgsoap.so. The choices for libgsoap are recorded in the pkgconfig files (gsoap.pc), but rather than relying on pkgconfig, it would seem safer to install a version of stdsoap2.h that fixes all such choices according to what was chosen for libgsoap.so. If pkgconfig is the only way to go, a dependency on pkg-config should probably be included. Best, Dennis van Dok -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gsoap depends on: ii libc6 2.13-38 ii libgcc1 1:4.7.2-5 ii libgsoap-dev 2.8.12-1 ii libgsoap3 2.8.12-1 ii libstdc++6 4.7.2-5 gsoap recommends no packages. gsoap suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
