[arch-dev-public] [signoff] bzip2 1.0.5-1

Dan McGee dpmcgee at gmail.com
Tue Apr 15 14:09:39 EDT 2008 

On Tue, Apr 15, 2008 at 11:48 AM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
> On Mon, Apr 14, 2008 at 6:59 PM,  <dpmcgee at gmail.com> wrote:
>  >
>  > On 4/14/08, Dan McGee <dpmcgee at gmail.com> wrote:
>  >  > On Mon, Apr 14, 2008 at 4:04 PM, Tom K <tom at archlinux.org> wrote:
>  >  > > Upstream vulnerability fix, our ref FS#10121, additional info here:
>  >  > > https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
>  >  > >  Also, man path amended.
>  >  > >
>  >  > >  In testing now for both arches.
>  >  >
>  >  > Looks good on i686.
>  >
>  >  Maybe I spoke too soon. The program itself works fine, but linking
>  >  against it is doing some really weird things. It seems that things are
>  >  getting statically included now or something? I'm not completely sure
>  >  what is going on, but my binaries for my pacman-git build went from
>  >  14K to 140K, and the strings output on the old vs. the new is showing
>  >  a lot of BZ2 crud, which I've attached below (I sorted it so
>  >  before/after would be as similar as possible).
>
>
>  I don't see how this could relate, really, unless it has pkgconfig
>  files that suddenly have "-static" added to the CFLAGS. As far as I'm
>  aware, a library can't control how things link to it.
>
>  Would you mind comparing to something else that makes use of bzip2?

I mean, what else do you want me to compare? WIthout touching CFLAGS,
if i compile pacman from source with bzip2-1.0.4-3 installed, the
binary is 156KB and does not have the BZ2 symbols in it. If I compile
it from source with bzip2-1.0.5-1 installed, the binary is 290K and
has BZ2 symbols included. Between steps I did a 'make clean all' - no
reconfigure (but I have done a reconfigure and that does nothing
either).

gnupg:
<bzip2 1.0.5-1 is installed here>
./configure --disable-keyserver-helpers --disable-card-support
--disable-photo-viewers
$ make
$ ll g10/gpg
-rwxr-xr-x 1 dmcgee users 2.3M 2008-04-15 13:02 g10/gpg
$ strings g10/gpg | grep BZ2
BZ2_crc32Table
BZ2_rNums
$ ll tools/gpgsplit
-rwxr-xr-x 1 dmcgee users 249K 2008-04-15 13:01 tools/gpgsplit
$ strings tools/gpgsplit | grep BZ2
BZ2_crc32Table
BZ2_rNums
$ make clean
<installed bzip2 1.0.4-3 here>
$ make
$ ll g10/gpg
-rwxr-xr-x 1 dmcgee users 2.2M 2008-04-15 13:07 g10/gpg
$ strings g10/gpg | grep BZ2
BZ2_bzCompressInit
BZ2_bzDecompressEnd
BZ2_bzDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzDecompressInit
$ ll tools/gpgsplit
-rwxr-xr-x 1 dmcgee users 115K 2008-04-15 13:06 tools/gpgsplit
$ strings tools/gpgsplit | grep BZ2
BZ2_bzDecompressEnd
BZ2_bzDecompress
BZ2_bzDecompressInit

I didn't see how it could relate either, and I'm not using pkgconfig
with pacman, I know that for sure. But something weird is going on
here.

-Dan

More information about the arch-dev-public mailing list