[arch-dev-public] [signoff] bzip2 1.0.5-1

Aaron Griffin aaronmgriffin at gmail.com
Tue Apr 15 12:48:14 EDT 2008

On Mon, Apr 14, 2008 at 6:59 PM,  <dpmcgee at gmail.com> wrote:
> On 4/14/08, Dan McGee <dpmcgee at gmail.com> wrote:
>  > On Mon, Apr 14, 2008 at 4:04 PM, Tom K <tom at archlinux.org> wrote:
>  > > Upstream vulnerability fix, our ref FS#10121, additional info here:
>  > > https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
>  > >  Also, man path amended.
>  > >
>  > >  In testing now for both arches.
>  >
>  > Looks good on i686.
>  Maybe I spoke too soon. The program itself works fine, but linking
>  against it is doing some really weird things. It seems that things are
>  getting statically included now or something? I'm not completely sure
>  what is going on, but my binaries for my pacman-git build went from
>  14K to 140K, and the strings output on the old vs. the new is showing
>  a lot of BZ2 crud, which I've attached below (I sorted it so
>  before/after would be as similar as possible).

I don't see how this could relate, really, unless it has pkgconfig
files that suddenly have "-static" added to the CFLAGS. As far as I'm
aware, a library can't control how things link to it.

Would you mind comparing to something else that makes use of bzip2?

More information about the arch-dev-public mailing list