Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Dear Release Team, Please, unblock bzip2/1.0.6-4 bzip2 1.0.6-4 includes hardening buildflags (one of the release goals) for libbz2.so that were missing in 1.0.6-3. It was a small change and the package has been for 10 days in unstable without problems. So, please let this new revision move into testing. Attached is a diff between both versions. unblock bzip2/1.0.6-4 Thanks for your work! Santiago -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/2 CPU cores) Locale: LANG=es_CO.utf8, LC_CTYPE=es_CO.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru bzip2-1.0.6/debian/changelog bzip2-1.0.6/debian/changelog --- bzip2-1.0.6/debian/changelog 2012-06-08 01:50:12.000000000 +0200 +++ bzip2-1.0.6/debian/changelog 2012-07-27 16:16:03.000000000 +0200 @@ -1,3 +1,10 @@ +bzip2 (1.0.6-4) unstable; urgency=low + + * Updating 30-bzip2-harden.patch, hardening LDFLAGS was missing for + libbz2.so. Thanks to Simon Ruderich. Closes: #655164 + + -- Santiago Ruano Rincón <santi...@debian.org> Fri, 27 Jul 2012 16:14:34 +0200 + bzip2 (1.0.6-3) unstable; urgency=low * Bumped bzip2 priority from optional to standard. Closes: #642657 diff -Nru bzip2-1.0.6/debian/patches/30-bzip2-harden.patch bzip2-1.0.6/debian/patches/30-bzip2-harden.patch --- bzip2-1.0.6/debian/patches/30-bzip2-harden.patch 2012-06-04 13:31:16.000000000 +0200 +++ bzip2-1.0.6/debian/patches/30-bzip2-harden.patch 2012-07-27 10:51:16.000000000 +0200 @@ -1,8 +1,8 @@ -diff --git a/Makefile b/Makefile -index 9754ddf..3169741 100644 ---- a/Makefile -+++ b/Makefile -@@ -18,10 +18,10 @@ SHELL=/bin/sh +Index: bzip2-1.0.6/Makefile +=================================================================== +--- bzip2-1.0.6.orig/Makefile 2012-07-01 15:05:07.000000000 +0200 ++++ bzip2-1.0.6/Makefile 2012-07-01 15:08:45.586377822 +0200 +@@ -20,10 +20,10 @@ CC=gcc AR=ar RANLIB=ranlib @@ -15,3 +15,12 @@ # Where you want it installed when you do 'make install' PREFIX=/usr/local +@@ -61,7 +61,7 @@ + ln -sf $^ $@ + + libbz2.so.$(sominor): $(OBJS:%.o=%.sho) +- $(CC) -o libbz2.so.$(sominor) -shared \ ++ $(CC) $(LDFLAGS) -o libbz2.so.$(sominor) -shared \ + -Wl,-soname,libbz2.so.$(somajor) $^ -lc + + %.sho: %.c