Subject: libdbd-mysql-perl: Machine with latest mysql security update segfaults, rebuild needed?

Automatically imported from Debian bug report #337206 http://bugs.debian.org/337206

Message-Id: <email address hidden>
Date: Thu, 3 Nov 2005 10:32:21 +0100
From: Kjetil Kjernsmo <email address hidden>
To: <email address hidden>
Subject: Subject: libdbd-mysql-perl: Machine with latest mysql security update segfaults,
 rebuild needed?

Package: libdbd-mysql-perl
Version: 2.9006-1
Severity: grave
Justification: causes non-serious data loss

*** Please type your report below this line ***
I have a relatively simple script that segfaults on a machine that has
the latest security updates for sarge, but runs fine on a machine that
has not yet applied them.

There is an strace at http://rafb.net/paste/results/68YHWC13.html

I took it to #debian-devel, and...:
ruoso If one security update touched a library which is used by the
Perl XS module... then this can be the cause of the problem
KjetilK hmmm
ruoso aparently, this is what's happening...
ruoso libdbd-mysql-perl should be rebuilt
KjetilK guess so...
ruoso KjetilK, can you send a bug report on it?
KjetilK Sure

So, here we go!

I used reportbug to submit it, and it looked like it was sent, but
apparently not...

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages libdbd-mysql-perl depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared
ii libdbi-perl 1.46-6 Perl5 database interface by
ii libmysqlclient12 4.0.24-10sarge1 mysql database client
ii perl 5.8.4-8 Larry Wall's Practical
ii perl-base [perlapi-5.8 5.8.4-8 The Pathologically Eclectic
ii zlib1g 1:1.2.2-4.sarge.2 compression library

-- no debconf information

Message-ID: <email address hidden>
Date: Thu, 3 Nov 2005 03:05:18 -0800
From: Steve Langasek <email address hidden>
To: Kjetil Kjernsmo <email address hidden>, <email address hidden>
Subject: Re: Bug#337206: Subject: libdbd-mysql-perl: Machine with latest mysql security update
 segfaults, rebuild needed?

--10jrOL3x2xqLmOsH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 03, 2005 at 10:32:21AM +0100, Kjetil Kjernsmo wrote:
> *** Please type your report below this line ***
> I have a relatively simple script that segfaults on a machine that has
> the latest security updates for sarge, but runs fine on a machine that
> has not yet applied them.=20

> There is an strace at http://rafb.net/paste/results/68YHWC13.html

> I took it to #debian-devel, and...:
> ruoso If one security update touched a library which is used by the
> Perl XS module... then this can be the cause of the problem=09

If this ever happens, it is a release critical bug in the *library*, not in
the packages depending on it. Security updates are not supposed to break
library interfaces, and if they do, they must be coordinated in a way to
protect users against breakage of this sort.

But anyway, as discussed on IRC, it'd really be good to confirm that this
bug does *not* manifest on the same system when using the
pre-security-update version of libmysqlclient12.

--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/

--10jrOL3x2xqLmOsH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDae7uKN6ufymYLloRAtJjAKDOwFf8khxW0oaG5HQgvTVlx4HeXwCfTXhG
txCE/Yu8MBau79vn5ic3Izw=
=dDmU
-----END PGP SIGNATURE-----

--10jrOL3x2xqLmOsH--

Message-Id: <email address hidden>
Date: Thu, 3 Nov 2005 13:35:56 +0100
From: Kjetil Kjernsmo <email address hidden>
To: Steve Langasek <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#337206: Subject: libdbd-mysql-perl: Machine with latest mysql security update
 segfaults, rebuild needed?

On Thursday 03 November 2005 12:05, Steve Langasek wrote:
> But anyway, as discussed on IRC, it'd really be good to confirm that
> this bug does *not* manifest on the same system when using the
> pre-security-update version of libmysqlclient12.

Right, and it was reproducible with the pre-security build.

What turned out, upon closer inspection, was that I have an unofficial
build of librdf-perl (since this is very much a moving target), and
this uses libmysqlclient14, whereas libdbd-mysql-perl uses
libmysqlclient12.

Now, I'm using these in the same script. They both go well on their own,
but not together...

So, that's why a manual rebuild of DBD::mysql from CPAN fixed the
problem: It probably simply used the former library.

I guess this closes the bug, and sorry for the interruption. But at
least I did ask before filing the bug... :-) Thanks to the fine folks
of #debian-devel

Cheers,

Kjetil

Library conflict with home-grown binaries on the user's machine, not a bug for us.