On Friday, 3 March 2023 08:37:05 CET Otto Kekäläinen wrote: > > I have this now as > https://salsa.debian.org/mariadb-team/mariadb-10.3/-/merge_requests/36
Thanks for looking into this! I saw that the package build pipeline failed with various Lintian errors, so there was no package to download and test as far as I could see. Nevertheless, I tested an equivalent package myself and it resolved the problem, as noted previously. > and I also sent it upstream at > https://github.com/mariadb-corporation/mariadb-connector-c/pull/219. > You can +1 these if you want to increase the odds of them being > merged. I will probably do this and also add a comment. > If somebody wants to make a bug report upstream at jira.mariadb.org it > would help, in particular if you can find any other library than just > libqt5sql5-mysql that is affected by this. "apt-cache rdepends libmariadb3 | wc -l" yields 175 entries on my system, although this is a very crude way of assessing the impact. If I limit myself to "apt-cache rdepends libqt5sql5-mysql", I see the following packages with dependencies on that package: akonadi-backend-mysql digikam There are these packages which recommend it: actiona kraft xca So, the direct exposure to the same problem as reported in the original bug is fairly limited. Had I kept using digiKam, I would probably have encountered problems with that, too, but I stopped using it given various concerns about its behaviour. As for the broader dependencies on libmariadb3, I did a source code search for mysql_get_client_version using sources.debian.org and found a few candidates of note: vtk6 and vtk9 both test for the client version to assess prepared query availability: https://sources.debian.org/src/vtk6/6.3.0+dfsg2-8.1/IO/MySQL/ vtkMySQLDatabase.cxx/?hl=108#L108 https://sources.debian.org/src/vtk9/9.1.0+really9.1.0+dfsg2-5/IO/MySQL/ vtkMySQLDatabase.cxx/?hl=108#L108 paraview appears to embed VTK code and thus exhibits a similar potential issue: https://sources.debian.org/src/paraview/5.11.0+dfsg-1/VTK/IO/MySQL/ vtkMySQLDatabase.cxx/?hl=109#L109 tango has two places with client version testing: https://sources.debian.org/src/tango/9.3.4+dfsg1-2/cppserver/ tangoaccesscontrol/DbUtils.cpp/?hl=137#L137 https://sources.debian.org/src/tango/9.3.4+dfsg1-2/cppserver/database/ DataBaseUtils.cpp/?hl=782#L782 kamailio also seems to have code which might be affected: https://sources.debian.org/src/kamailio/5.6.3-2/src/modules/db_mysql/ db_mysql.c/?hl=133#L133 Obviously, it is entirely possible that relatively few people use these packages and that there are few, if any, reverse dependencies on these packages, so nobody will have noticed any problems. Paul
