I applied "glsa-check -f 200408-18". As the result "glsa-check" emerged "Wed Dec 22 13:54:59 2004 <-- media-libs/xine-lib-1_rc5-r3" After that I recognized, that "Kaboodle" and "Noathun" stopped working. When ran both tools refused to play any *.mov file. Upgrading to "Wed Dec 22 13:55:00 2004 --> media-libs/xine-lib-1_rc8" made no difference. Reproducible: Didn't try Steps to Reproduce: Actual Results: When I ran "kaboodle" from shell, I got the error: "unix_connect: can't connect to server (unix:/tmp/mcop..." After looking in ".xsession-errors" I found the following: "/usr/kde/3.2/bin/artsd: error while loading shared libraries: /usr/kde/3.2/lib/libarts_xine.so: undefined symbol: ao_new_port" When I ran "ldd -r /usr/kde/3.2/lib/libarts_xine.so" I got the error "/usr/kde/3.2/lib/libarts_xine.so: undefined symbol: ao_new_port" Expected Results: It should have not broken the kdemulimedia tools or should have reminded my to reemerge kdemultimedia after the successful merge of "xine-lib-1_rc5-r3". Fortunately I could solve the problem myself. After I had started "emerge -v -D =kdemultimedia-3.2.0" I was able to use "kaboodle" or "noathun" without any problems. Portage 2.0.51-r3 (default-linux/x86/2004.0, gcc-3.3.2, glibc-2.3.3.20040420-r2, 2.4.26-gentoo-r13 i686) ================================================================= System uname: 2.4.26-gentoo-r13 i686 Pentium III (Katmai) Gentoo Base System version 1.4.3.13 Autoconf: sys-devel/autoconf-2.58 Automake: sys-devel/automake-1.7.7 Binutils: sys-devel/binutils-2.14.90.0.7-r4 Headers: sys-kernel/linux-headers-2.4.21 Libtools: sys-devel/libtool-1.4.3-r3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=pentium3 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -march=pentium3 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms" GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage/" USE="X apm arts avi berkdb bitmap-fonts bonobo cdr crypt cups encode esd f77 fam flac foomaticdb fortran gdbm gif gnome gpm gtk gtk2 gtkhtml guile imlib java jpeg junit kde ldap libg++ libwww mad mikmod mmx motif mozilla mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime readline sdl slang spell sse ssl svga tcltk tcpd tiff truetype x86 xml xml2 xmms xv zlib linguas_de"
I would say this is a known shortcoming of portage. When you upgrade a library, you need to run "revdep-rebuild" to rebuild any broken dependency. It's not specific to security upgrades. We could have added in the GLSA that you need to manually do that (as for every library upgrade) but "glsa-check -f" wouldn't have done it for you. So this is by design, and not a bug. You might find portage needs to be improved in the way it handles reverse dependencies, and search bugzilla or file a new bug for the portage team about it. Closing this one as WONTFIX, feel free to reopen if you disagree.
