On Sun, Jul 23, 2006 at 13:16:07 -0500, Mumia W. wrote:
> On 07/23/2006 08:01 AM, Florian Kulzer wrote:
> >
> >Regarding the libcairo2 problem: You are right, it is not
> >available in Sarge. (I did not really check before.) It is
> >also not possible to just install the version from testing
> >since they require a different version of libc6. I
> >downloaded gimp 2.2.6-1sarge1 and checked it with ldd: It
> >also links against libcairo.so.2. So it seems that we have
> >a bug here, probably introduced when the maintainer
> >recompiled the gimp package after incorporating the
> >security fix. You should file a bug report against gimp. It
> >is very easy if you use the package "reportbug" which will
> >automatically include the relevant information about your
> >system. Give it a title like "2.2.6-1sarge1 links against
> >libraries from testing" and include the output of "ldd
> >$(which gimp) | grep 'not found'" in the bug report. The
> >maintainer can probably fix it quickly.
> >
> >If you need to work with gimp in the meantime then you can
> >downgrade to an older version which is most likely still in
> >your package cache. Just do not open any .xcf files from
> >untrusted sources since the older version is vulnerable to
> >the buffer overflow exploit.
> >
>
> I just started reading this thread, so I hope I'm not asking
> anyone to rehash a lot of the discussion.
>
> I'm using Sarge, and I recently upgraded my gimp to
> 2.2.6-1sarge1 per the security recommendation. I used
> "aptitude --download-only upgrade" followed later by "aptitude
> upgrade."
>
> The upgrade went through without any problems, and I'm able to
> launch gimp normally. When I do 'ldd `which gimp`' I don't see
> any reference to libcairo2. My sources.list only contains
> Sarge repositories, and I haven't done any apt-pinning.
>
> My current gimp and gimp-data packages were automatically
> downloaded from security.debian.org by aptitude. Gimp works
> here and is not dependent upon libcairo2 here.
Thanks for the information. Now I am really confused: I just downloaded
gimp_2.2.6-1sarge1_i386.deb again, unpacked it in my tmp directory and
then ran ldd on the gimp-2.2 executable. I still see a reference to
libcairo.so.2. (I am on Sid and I do not have the problem at all. OP
seems to have a pure Sarge system just like you. His gimp does not run
anymore and ldd reports that it can't find libcairo.so.2.)
Maybe we should do a sanity check first. Can you tell me what the md5sum
is for your /usr/bin/gimp-2.2? Here is what I get for the file which I
extracted from the -1sarge1 package:
$ md5sum -b /home/florian/tmp/gimp/usr/bin/gimp-2.2
0caee141d51fbd869c571eaa871ccfda */home/florian/tmp/gimp/usr/bin/gimp-2.2
The file prints the right version when I run it with "-v":
$ /home/florian/tmp/gimp/usr/bin/gimp-2.2 -v
GIMP version 2.2.6
My apt-file claims that the only "libcairo.so.2" that is currently
available in Debian comes from the libcairo2 package. (I have stable,
testing, unstable and experimental in my sources.list.)
--
Regards,
Florian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
