Package: libgraphicsmagick++-q16-12
Version: 1.3.31-1
Severity: important
Important due to RC Policy "Shared library packages must include correct shlibs
files".
There was an ABI change between libgraphicsmagick++-q16-12 versions
1.3.30+hg15796-1~deb9u2 and 1.3.31-1 but the shlibs file was not changed. As a
result, some dependent packages like python3-pgmagick don't get strict-enough
dependency from dpkg-shlibdeps and can end up in a broken state when built with
the newer library but installed with the older.
Steps to reproduce:
1. Ensure you have the stable repo in your apt sources.
2. Install the older library:
apt install libgraphicsmagick++-q16-12=1.3.30+hg15796-1~deb9u2
3. Install python3-pgmagick from testing/unstable:
apt install python3-pgmagick=0.7.4-1+b2
4. Try to load the library (which has an unconstrained dependency on
libgraphicsmagick++-q16-12):
echo 'import pgmagick' | python3
Observation: failure to load libGraphicsMagick++-Q16.so due to missing symbol:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3/dist-packages/pgmagick/__init__.py", line 1, in
<module>
from pgmagick import _pgmagick
ImportError:
/usr/lib/python3/dist-packages/pgmagick/_pgmagick.cpython-36m-x86_64-linux-gnu.so:
undefined symbol:
_ZNK6Magick5ColorcvNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEv
This is because the python3-pgmagick library was built with the newer GM++
library, which declares the same soname/shlibs as the older library, but the
exported symbols differ because of the libstdc++ C++11 ABI change
<https://wiki.debian.org/GCC5#libstdc.2B-.2B-_ABI_transition>.
You can compare the exported symbols from each version of
libgraphicsmagick++-q16-12:
readelf -s -W /usr/lib/libGraphicsMagick++-Q16.so.12 | awk '{ print $8 }' |
sort -u
Diffing the symbol lists, you can see some changes related to the C++11 ABI
change:
-_ZNK6Magick5ColorcvNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEB5cxx11Ev
+_ZNK6Magick5ColorcvNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEv
There are also some other changes not necessarily related to the libstdc++ ABI
change.
So I think the soname should have been incremented in version 1.3.31-1 to
prevent packages getting dependencies that are too weak and allow broken
installations. Incrementing it now and rebuilding all dependent packages would
fix them.
-- System Information:
Debian Release: 9.6
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'),
(500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.18.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libgraphicsmagick++-q16-12 depends on:
ii libc6 2.27-8
ii libgcc1 1:8.2.0-10
ii libgomp1 8.2.0-10
ii libgraphicsmagick-q16-3 1.3.30+hg15796-1~deb9u2
ii libstdc++6 8.2.0-10
libgraphicsmagick++-q16-12 recommends no packages.
Versions of packages libgraphicsmagick++-q16-12 suggests:
pn graphicsmagick-dbg <none>
-- no debconf information
