27.11.2014 19:00, Cyril Brulebois wrote: > (Putting on my d-i RM fedora.)
Thank you for your review. > Michael Tokarev <m...@tls.msk.ru> (2014-11-27): >> Please unblock package busybox. Last upload has one security bugfix >> (CVE-2014-4607, #768945), the fix is from upstream stable branch, >> fixing an integer overflow in lzo decompressor; it adds a Built-Using >> control field for busybox-static variant (#768926), and also arranges >> build system to only produce binary or indep .debs (or both), depending >> on the d/rules target (binary-all vs binary-indep vs binary) -- this >> is a long-standing lintian bug which I overlooked previously. > > #768926 is still not #768876: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768926#28 Yes you're right. I fixed it in the changelog but not in this unblock request. Actual bug fixed here is #768876. [] > #768876 is tagged jessie-ignore so I'm really unconvinced by the > debian/rules changes. It is jessie-ignore just to be non-RC. The fun with static linking and bugs it discovered shows that proper Built-Using field is really necessary (it is what #768876 is about). However, bulk of d/rules changes are due to another build fix, to stop building arch-all package (busybox-syslogd) when building binary-arch. Plus one block of added lines to check whenever libc is able to produce working statically-linked executables. > At this stage, I'd rather see the security fix only. > > Release team people, what's your take on this? Thanks, /mjt -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54774c91.9080...@msgid.tls.msk.ru
