On 12 December 2009 at 16:43, Michael Gilbert wrote: | package: jags | version: 1.0.4-1 | severity: important | tags: security | | hi, | | your package embeds source code from libtool, which makes | security updates very cumbersome, difficult, and potentially | error-prone. please update your package to make use of the | shared library. thank you for your attention on this matter.
Good catch. I had been told (by one of the two upstream authors (CC'ed) of the two packages I have / had libtool issues with) that libtool 2.2.6b would auto_magic_ally switch to the system's libtool where available. I guess that did not happen even though I did Build-Depend on the new 2.2.6b. I now added an explicit --without-included-ltdl to configure which do the trick. Ahh, and I needed libltdl3-dev as well. That may have been my mistake in omitting this additional Build-Depends. Ok, that seems to have worked: g++ -DHAVE_CONFIG_H -I. -I../.. -I../../src/include -g -O2 -c -o jags_terminal-ReadData.o `test -f 'ReadData.cc' || echo './'`ReadData.cc /bin/sh ../../libtool --tag=CXX --mode=link g++ -g -O2 -o jags-terminal jags_terminal-parser.o jags_terminal-scanner.o jags_terminal-ReadData.o -lltdl ../../src/lib/libjags.la -dlopen ../../src/modules/base/basemod.la -dlopen ../../src/modules/bugs/bugs.la -dlopen ../../src/modules/dic/dic.la -dlopen ../../src/modules/mix/mix.la -dlopen ../../src/modules/msm/msm.la -lm -ldl libtool: link: rm -f .libs/jags-terminal.nm .libs/jags-terminal.nmS .libs/jags-terminal.nmT libtool: link: (cd .libs && gcc -g -O2 -c -fno-builtin "jags-terminalS.c") libtool: link: rm -f ".libs/jags-terminalS.c" ".libs/jags-terminal.nm" ".libs/jags-terminal.nmS" ".libs/jags-terminal.nmT" libtool: link: g++ -g -O2 -o .libs/jags-terminal jags_terminal-parser.o jags_terminal-scanner.o jags_terminal-ReadData.o .libs/jags-terminalS.o /usr/lib/libltdl.so ../../src/lib/.libs/libjags.so -lm -ldl So the bug will get close with the 1.0.4-2 upload I am making right now. For the record, I think you are overdoing with the severity. This is a wishlist or normal item as Jags 1.0.4-1 __had no libtool issue__. I clearly concede that my build was suboptimal, but was this really 'Important'? Anyway, thanks for the heads-up -- case closed. Dirk PS Michael: Do you think we can work on updating Ggobi to replace its libltdl as Martyn had outlined? -- Three out of two people have difficulties with fractions. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
