11.11.2014 18:08, Michael Tokarev wrote: > Please unblock package busybox. Last upload has one security bugfix > (CVE-2014-4607, #768945), the fix is from upstream stable branch, > fixing an integer overflow in lzo decompressor; it adds a Built-Using > control field for busybox-static variant (#768926), and also arranges > build system to only produce binary or indep .debs (or both), depending > on the d/rules target (binary-all vs binary-indep vs binary) -- this > is a long-standing lintian bug which I overlooked previously. > > (The Built-Using field generation is a bit fun here: I asked on IRC > how people identify which libc is in use, and got various somewhat- > incpmplete replies (the prob is that on different arches, libc package > is named differently). So I invented my own way for busybox, because > this package allows me to do that -- I took the contents of $shlibs:Depends > variable for the dynamically-linked version, and transformed it into > a list of sources required for Built-Using using dpkg-query.
So this was a bit preliminary (following the "notify the release team early" rule too aggressively) -- this very Built-Using generation was broken due to an error on my part (trivial) and due to bug in dpkg, #588505. I just uploaded new release fixing this, 1:1.22.0-11, will see how it goes first, and will ping this bug if everything is okay. (Yes, I verified the fixed release builds on kfreebsd-amd64 where the problematic release failed). Thanks, /mjt -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5462412b.7060...@msgid.tls.msk.ru
