Debian Bug Tracking System <ow...@bugs.debian.org> (2014-11-12): > Date: Wed, 12 Nov 2014 20:12:21 +0000 > From: Jonathan Wiltshire <j...@debian.org> > To: Michael Tokarev <m...@tls.msk.ru>, 769129-d...@bugs.debian.org > Subject: Re: Bug#769129: unblock: busybox/1:1.22.0-10 > User-Agent: Mutt/1.5.23 (2014-03-12) > Message-ID: <20141112201221.gh21...@lupin.home.powdarrmonkey.net> > > On Tue, Nov 11, 2014 at 08:02:35PM +0300, Michael Tokarev wrote: > > 11.11.2014 18:08, Michael Tokarev wrote: > > > Please unblock package busybox. Last upload has one security bugfix > > > (CVE-2014-4607, #768945), the fix is from upstream stable branch, > > > fixing an integer overflow in lzo decompressor; it adds a Built-Using > > > control field for busybox-static variant (#768926), and also arranges > > > build system to only produce binary or indep .debs (or both), depending > > > on the d/rules target (binary-all vs binary-indep vs binary) -- this > > > is a long-standing lintian bug which I overlooked previously. > > > > > > (The Built-Using field generation is a bit fun here: I asked on IRC > > > how people identify which libc is in use, and got various somewhat- > > > incpmplete replies (the prob is that on different arches, libc package > > > is named differently). So I invented my own way for busybox, because > > > this package allows me to do that -- I took the contents of > > > $shlibs:Depends > > > variable for the dynamically-linked version, and transformed it into > > > a list of sources required for Built-Using using dpkg-query. > > > > So this was a bit preliminary (following the "notify the release team > > early" rule too aggressively) -- this very Built-Using generation was > > broken due to an error on my part (trivial) and due to bug in dpkg, > > #588505. I just uploaded new release fixing this, 1:1.22.0-11, will > > see how it goes first, and will ping this bug if everything is okay. > > (Yes, I verified the fixed release builds on kfreebsd-amd64 where > > the problematic release failed). > > Closing for now, feel free to reopen when you're ready.
Niels still has an unblock for it. FTR, I'm personally scared by d's output. Mraw, KiBi.
signature.asc
Description: Digital signature
