[arch-dev-public] [signoff] bzip2 1.0.5-1
aaronmgriffin at gmail.com
Tue Apr 15 12:48:14 EDT 2008
On Mon, Apr 14, 2008 at 6:59 PM, <dpmcgee at gmail.com> wrote:
> On 4/14/08, Dan McGee <dpmcgee at gmail.com> wrote:
> > On Mon, Apr 14, 2008 at 4:04 PM, Tom K <tom at archlinux.org> wrote:
> > > Upstream vulnerability fix, our ref FS#10121, additional info here:
> > > https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
> > > Also, man path amended.
> > >
> > > In testing now for both arches.
> > Looks good on i686.
> Maybe I spoke too soon. The program itself works fine, but linking
> against it is doing some really weird things. It seems that things are
> getting statically included now or something? I'm not completely sure
> what is going on, but my binaries for my pacman-git build went from
> 14K to 140K, and the strings output on the old vs. the new is showing
> a lot of BZ2 crud, which I've attached below (I sorted it so
> before/after would be as similar as possible).
I don't see how this could relate, really, unless it has pkgconfig
files that suddenly have "-static" added to the CFLAGS. As far as I'm
aware, a library can't control how things link to it.
Would you mind comparing to something else that makes use of bzip2?
More information about the arch-dev-public