Package: libgsl0ldbl
Version: 1.11-1
Severity: serious
Tags: patch
Justification: can make other program buging
Hi,
I see that you rename the package libgsl0 to libgsl0ldbl due to the
"double" transition on some arch.
libgsl0ldbl replaces libgsl0 as both provide /usr/lib/libgsl0.so.0 for
example.
But you also need to conflict.
Without the conflict, here is what can happen (it happens to me) :
libgsl0 is installed
progA is installed and depend on libgsl0 as
/usr/bin/progA is linked to libgsl0.so.0
It use the old version (compiled before the "double" transition)
libgsl0ldbl is installed. It replaces /usr/lib/libgsl0.so.0
libgsl0 is not removed
progA is not removed nor upgraded
/usr/bin/progA then uses the new /usr/lib/libgsl0.so.0 with different
object sizes (whereas /usr/lib/libgsl0.so.0 always has the same list of
symbols)
/usr/bin/progA will probably bug or give wrong results. It is possible
that this can be used to create a security problem (similar to buffer
overflow) but I'm not skilled enough to be sure.
If libgsl0ldbl conflicts with libgsl0, when libgsl0ldbl will be
installed, libgsl0 will be removed and progA will be removed or updated
(if a new version recompiled against the new libgsl0ldbl library is
available)
Best regards,
Vincent
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-trunk-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libgsl0ldbl depends on:
ii libc6 2.7-10 GNU C Library: Shared libraries
libgsl0ldbl recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
