Bug#702436: Ships and uses an ancient version of libtool
Hi Michael, I've done some digging and the good news is this issue seems to have already been fixed upstream in 2.28, which is sitting in the git archive to be uploaded more or less when unstable reopens for business. It looks like 2.26 should also potentially be patched for wheezy, as security advice DSA-1958-1 may apply to the ltdl version being used. I'll look into this. Cheers, David. On 06/03/13 23:06, Michael Tautschnig wrote: Hi again, [...] Yes, you are correct that upstream ships an ancient libtool version. However I do not believe you are correct when you say that we are linking against it. [...] Here's the proper proof - the error message is produced by our compiler, thus can be safely ignored. The key point is the command line, which includes libltdlc.a (and no -lltdl). root@dkr13:~/graphviz-2.26.3/lib/gvc# make ; make V=1 CCLD libgvc.la file libltdlcS.c line 18: error: conflicting definition for variable `c::lt_libltdlc_LTX_preloaded_symbols' [... error details snipped ...] make: *** [libgvc.la] Error 64 /bin/bash ../../libtool --tag=CC --mode=link x86_64-linux-gnu-gcc -g -O2 -Wno-unknown-pragmas -Wstrict-prototypes -Wpointer-arith -Wall -ffast-math -version-info 5:0:0 -no-undefined -Wl,--as-needed -o libgvc.la -rpath /usr/lib gvrender.lo gvlayout.lo gvdevice.lo gvloadimage.lo gvcontext.lo gvjobs.lo gvevent.lo gvplugin.lo gvconfig.lo gvtextlayout.lo gvusershape.lo gvc.lo ../../lib/pack/libpack_C.la ../../lib/xdot/libxdot_C.la ../../lib/common/libcommon_C.la ../../libltdl/libltdlc.la ../../lib/xdot/libxdot.la ../../lib/cdt/libcdt.la ../../lib/graph/libgraph.la ../../lib/pathplan/libpathplan.la -lexpat -lz -lm -lz -lm libtool: link: rm -fr .libs/libgvc.so.5.0.0.gcc-binary libtool: link: x86_64-linux-gnu-gcc -shared .libs/gvrender.o .libs/gvlayout.o .libs/gvdevice.o .libs/gvloadimage.o .libs/gvcontext.o .libs/gvjobs.o .libs/gvevent.o .libs/gvplugin.o .libs/gvconfig.o .libs/gvtextlayout.o .libs/gvusershape.o .libs/gvc.o -Wl,--whole-archive ../../lib/pack/.libs/libpack_C.a ../../lib/xdot/.libs/libxdot_C.a ../../lib/common/.libs/libcommon_C.a ../../libltdl/.libs/libltdlc.a -Wl,--no-whole-archive -Wl,-rpath -Wl,/home/mictau/build/graphviz/graphviz-2.26.3/lib/xdot/.libs -Wl,-rpath -Wl,/home/mictau/build/graphviz/graphviz-2.26.3/lib/cdt/.libs -Wl,-rpath -Wl,/home/mictau/build/graphviz/graphviz-2.26.3/lib/graph/.libs -Wl,-rpath -Wl,/home/mictau/build/graphviz/graphviz-2.26.3/lib/pathplan/.libs -L/home/mictau/build/graphviz/graphviz-2.26.3/lib/cdt/.libs ../../lib/xdot/.libs/libxdot.so ../../lib/cdt/.libs/libcdt.so ../../lib/graph/.libs/libgraph.so /home/mictau/build/graphviz/graphviz-2.26.3/lib/cdt/.libs/libcdt.so ../../lib/pathplan/.libs/libpathp lan.so -l dl /usr/lib/x86_64-linux-gnu/libexpat.so -lz -lm -Wl,--as-needed -Wl,-soname -Wl,libgvc.so.5 -o .libs/libgvc.so.5.0.0 file libltdlcS.c line 18: error: conflicting definition for variable `c::lt_libltdlc_LTX_preloaded_symbols' Best, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702436: Ships and uses an ancient version of libtool
Package: graphviz Version: 2.26.3-12 Usertags: goto-cc graphviz currently links against a shipped version of libtool that appears to be pre-2009, and at the very least is broken when using type-checking linkers. This was fixed in 2010: http://git.savannah.gnu.org/cgit/libtool.git/commit/libltdl/ltdl.c?id=03feff471901aeaac97b36964f88ed4d694dff99 Furthermore, libtool has even seen security fixes since that time. It may be worth updating the shipped libtool; preferably, however, the packaged version of libtool should be used instead by adding --with-included-ltdl to the configure command line. Best, Michael pgpDWK41Kbvrq.pgp Description: PGP signature
Bug#702436: Ships and uses an ancient version of libtool
On 06/03/13 14:54, Michael Tautschnig wrote: Package: graphviz Version: 2.26.3-12 Usertags: goto-cc graphviz currently links against a shipped version of libtool that appears to be pre-2009, and at the very least is broken when using type-checking linkers. This was fixed in 2010: http://git.savannah.gnu.org/cgit/libtool.git/commit/libltdl/ltdl.c?id=03feff471901aeaac97b36964f88ed4d694dff99 Furthermore, libtool has even seen security fixes since that time. It may be worth updating the shipped libtool; preferably, however, the packaged version of libtool should be used instead by adding --with-included-ltdl to the configure command line. Best, Michael Hi Michael, Yes, you are correct that upstream ships an ancient libtool version. However I do not believe you are correct when you say that we are linking against it. I can't claim to be any kind of great expert in autoconf, but as far as I can see the configure command line option --with-included-ltdl actually does the opposite of what you suggest - below is quoted from the libtool docs ... --with-included-ltdl If there is no installed libltdl, or in any case if the person building your package would rather use the libltdl sources shipped with the package in the subdirectory named by LT_CONFIG_LTDL_DIR, they should pass this option to configure. If the --with-included-ltdl is not passed at configure time, and an installed libltdl is not found, then configure will exit immediately with an error that asks the user to either specify the location of an installed libltdl using the --with-ltdl-include and --with-ltdl-lib options, or to build with the libltdl sources shipped with the package by passing --with-included-ltdl. Cheers, David. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702436: Ships and uses an ancient version of libtool
Hi again, [...] Yes, you are correct that upstream ships an ancient libtool version. However I do not believe you are correct when you say that we are linking against it. [...] Here's the proper proof - the error message is produced by our compiler, thus can be safely ignored. The key point is the command line, which includes libltdlc.a (and no -lltdl). root@dkr13:~/graphviz-2.26.3/lib/gvc# make ; make V=1 CCLD libgvc.la file libltdlcS.c line 18: error: conflicting definition for variable `c::lt_libltdlc_LTX_preloaded_symbols' [... error details snipped ...] make: *** [libgvc.la] Error 64 /bin/bash ../../libtool --tag=CC --mode=link x86_64-linux-gnu-gcc -g -O2 -Wno-unknown-pragmas -Wstrict-prototypes -Wpointer-arith -Wall -ffast-math -version-info 5:0:0 -no-undefined -Wl,--as-needed -o libgvc.la -rpath /usr/lib gvrender.lo gvlayout.lo gvdevice.lo gvloadimage.lo gvcontext.lo gvjobs.lo gvevent.lo gvplugin.lo gvconfig.lo gvtextlayout.lo gvusershape.lo gvc.lo ../../lib/pack/libpack_C.la ../../lib/xdot/libxdot_C.la ../../lib/common/libcommon_C.la ../../libltdl/libltdlc.la ../../lib/xdot/libxdot.la ../../lib/cdt/libcdt.la ../../lib/graph/libgraph.la ../../lib/pathplan/libpathplan.la -lexpat -lz -lm -lz -lm libtool: link: rm -fr .libs/libgvc.so.5.0.0.gcc-binary libtool: link: x86_64-linux-gnu-gcc -shared .libs/gvrender.o .libs/gvlayout.o .libs/gvdevice.o .libs/gvloadimage.o .libs/gvcontext.o .libs/gvjobs.o .libs/gvevent.o .libs/gvplugin.o .libs/gvconfig.o .libs/gvtextlayout.o .libs/gvusershape.o .libs/gvc.o -Wl,--whole-archive ../../lib/pack/.libs/libpack_C.a ../../lib/xdot/.libs/libxdot_C.a ../../lib/common/.libs/libcommon_C.a ../../libltdl/.libs/libltdlc.a -Wl,--no-whole-archive -Wl,-rpath -Wl,/home/mictau/build/graphviz/graphviz-2.26.3/lib/xdot/.libs -Wl,-rpath -Wl,/home/mictau/build/graphviz/graphviz-2.26.3/lib/cdt/.libs -Wl,-rpath -Wl,/home/mictau/build/graphviz/graphviz-2.26.3/lib/graph/.libs -Wl,-rpath -Wl,/home/mictau/build/graphviz/graphviz-2.26.3/lib/pathplan/.libs -L/home/mictau/build/graphviz/graphviz-2.26.3/lib/cdt/.libs ../../lib/xdot/.libs/libxdot.so ../../lib/cdt/.libs/libcdt.so ../../lib/graph/.libs/libgraph.so /home/mictau/build/graphviz/graphviz-2.26.3/lib/cdt/.libs/libcdt.so ../../lib/pathplan/.libs/libpathplan.so -ldl /usr/lib/x86_64-linux-gnu/libexpat.so -lz -lm -Wl,--as-needed -Wl,-soname -Wl,libgvc.so.5 -o .libs/libgvc.so.5.0.0 file libltdlcS.c line 18: error: conflicting definition for variable `c::lt_libltdlc_LTX_preloaded_symbols' Best, Michael pgp8Si_wokWJD.pgp Description: PGP signature
