Your message dated Tue, 17 May 2022 16:04:24 +0000
with message-id <[email protected]>
and subject line Bug#986507: fixed in needrestart 3.6-1
has caused the Debian Bug report #986507,
regarding Fix insecure dependency - use 'grep -a' instead of binutils 
strings|grep
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
986507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986507
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: needrestart
Version: 3.5-2
Severity: wishlist
Tags: patch

I want check-support-status to be happy, but I need needrestart:

    bash5$ check-support-status
    Limited security support for one or more packages

    Unfortunately, it has been necessary to limit security support for some
    packages.

    The following packages found on this system are affected by this:

    * Source:binutils
      Details: Only suitable for trusted content; see 
https://lists.debian.org/msgid-search/[email protected]
      Affected binary packages:
      - binutils (installed version: 2.35.2-2)
      - binutils-common:amd64 (installed version: 2.35.2-2)
      - binutils-x86-64-linux-gnu (installed version: 2.35.2-2)
      - libbinutils:amd64 (installed version: 2.35.2-2)
      - libctf-nobfd0:amd64 (installed version: 2.35.2-2)
      - libctf0:amd64 (installed version: 2.35.2-2)


    bash5$ aptitude why binutils
    i   needrestart Depends binutils

AFAICT needrestart only needs binutils for strings(1), and only in one specific 
place.
The attached patch that allows people to use llvm-strings instead.

I haven't done extensive testing yet.

FYI I also tried another approach here (much messier):

    https://github.com/trentbuck/binutils-is-llvm


-- Package-specific info:
needrestart output:
Your outdated processes:
at-spi-bus-laun[2960], at-spi2-registr[3055], dbus-daemon[2636, 2966], 
dconf-service[3022], emacs[9021], evolution-addre[3039], evolution-alarm[3112], 
evolution-calen[3027], evolution-sourc[3016], gdm-wayland-ses[2738], gjs[3053], 
gnome-session-b[2741, 2878], gnome-session-c[2872], gnome-shell[2959], 
gnome-shell-cal[3010], gnome-terminal-[3854], goa-daemon[2683], 
goa-identity-se[2694], gsd-a11y-settin[3070], gsd-color[3071], 
gsd-datetime[3073], gsd-disk-utilit[3106], gsd-housekeepin[3075], 
gsd-keyboard[3077], gsd-media-keys[3079], gsd-power[3092], 
gsd-print-notif[3095], gsd-printer[3196], gsd-rfkill[3098], 
gsd-screensaver[3100], gsd-sharing[3102], gsd-smartcard[3104], gsd-sound[3105], 
gsd-usb-protect[3117], gsd-wacom[3119], gsd-xsettings[3248], 
gvfs-afc-volume[2701], gvfsd[2658], gvfsd-fuse[2663], gvfsd-metadata[3264], 
gvfs-goa-volume[2679], gvfs-gphoto2-vo[2675], gvfs-mtp-volume[2718], 
gvfs-udisks2-vo[2669], ibus-daemon[3243], ibus-dconf[3272], 
ibus-engine-sim[3324], ibus-extension-[3273], ibus-portal[3289], 
ibus-x11[3279], pipewire[2629], pipewire-media-[2643], pulseaudio[2630], 
screen[3866, 3859], systemd[2608], tail[3867], tracker-miner-f[2632], 
Xwayland[2989]

checkrestart output:


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-security'), (500, 'unstable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-5-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages needrestart depends on:
ii  binutils                   2.35.2-2
ii  dpkg                       1.20.7.1
ii  gettext-base               0.21-4
ii  libintl-perl               1.26-3
ii  libmodule-find-perl        0.15-1
ii  libmodule-scandeps-perl    1.30-1
ii  libproc-processtable-perl  0.59-2+b1
ii  libsort-naturally-perl     1.03-2
ii  libterm-readkey-perl       2.38-1+b2
ii  perl                       5.32.1-3
ii  xz-utils                   5.2.5-2

Versions of packages needrestart recommends:
ii  libpam-systemd  247.3-3

Versions of packages needrestart suggests:
ii  iucode-tool                          2.3.1-1
pn  needrestart-session | libnotify-bin  <none>

-- no debconf information
diff --git i/debian/control w/debian/control
index 8a569b6..5bcf730 100644
--- i/debian/control
+++ w/debian/control
@@ -21,7 +21,7 @@ Depends: ${misc:Depends},
  libmodule-scandeps-perl,
  libterm-readkey-perl,
  libmodule-find-perl,
- binutils,
+ binutils | llvm,
  xz-utils
 Recommends: libpam-systemd | sysvinit-core
 Suggests: needrestart-session | libnotify-bin,
diff --git i/lib/vmlinuz-get-version w/lib/vmlinuz-get-version
index 22a4365..f35b5f8 100755
--- i/lib/vmlinuz-get-version
+++ w/lib/vmlinuz-get-version
@@ -20,7 +20,12 @@
 get_version()
 {
     # search and output version string pattern
-    strings "$1" | grep -m 1 '^Linux version ' && exit 0
+    if llvm-strings --version >/dev/null 2>&1
+    then
+        llvm-strings "$1"
+    else
+        strings "$1"
+    fi | grep -m 1 '^Linux version ' && exit 0
 }
 
 try_decompress()

--- End Message ---
--- Begin Message ---
Source: needrestart
Source-Version: 3.6-1
Done: Patrick Matthäi <[email protected]>

We believe that the bug you reported is fixed in the latest version of
needrestart, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated needrestart package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 17 May 2022 17:38:05 +0200
Source: needrestart
Architecture: source
Version: 3.6-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Closes: 984789 986507 1005953
Changes:
 needrestart (3.6-1) unstable; urgency=high
 .
   * New upstream release.
     - Drop merged patch 02-ruby-relative-path.
     - Drop merged patch 03-fix-wrong-default-comment.
     - Drop merged patch 04-verbose-and-verbosity-confusion.
     - Drop merged patch 05-ignore-nvidia-memfd.
     - Drop merged patch 06-dont-restart-bluetooth.
     - Drop merged patch 07-runit.
     - Fixes CVE-2022-30688: Not anchored regular expressions.
     - Replace strings(1) by GNU grep to drop binutils dependency.
       Closes: #986507
     - Fixes broken detection with cgroupv2.
       Closes: #1005953
     - Fixes microcode warnings without using systemd, also add systemd or
       libimvirt-perl as recommends.
       Closes: #984789
   * Bump Standards-Version to 4.6.1.
   * Merge 3.4-5+deb10u1 and 3.5-4+deb11u1 changelog.
   * Adjust mismatched lintian override.
Checksums-Sha1:
 9f7a4f6bc76ef50a42171533d6e4969146c3dce7 1817 needrestart_3.6-1.dsc
 16e30b8c5ca9fb164587c1a18cbcceec3afa9d40 71159 needrestart_3.6.orig.tar.gz
 b87ebfbc4a20b821cd669b9d7dbb497a484fb5e0 9760 needrestart_3.6-1.debian.tar.xz
 1dede4992c10f35dd40def1b36d48d9bf7ecf866 6622 
needrestart_3.6-1_source.buildinfo
Checksums-Sha256:
 3a311d666f67da2d16ef67f7b6672d50c7cabcf8750d6e5d4796f3683b6e4273 1817 
needrestart_3.6-1.dsc
 3dced40d6116287b163da018d57014b0b7cee04794a95f8602126e2c296ed1a7 71159 
needrestart_3.6.orig.tar.gz
 02fdbe5c924681fb9ecb168d1c825578453948c9683f343f547df8e31ce4bfc4 9760 
needrestart_3.6-1.debian.tar.xz
 667e4295a308c3619b9ffc784679062838b1da82a0014cc0a64248008891f03e 6622 
needrestart_3.6-1_source.buildinfo
Files:
 ddf611a0575a1b5e00d2c92a017c320f 1817 admin optional needrestart_3.6-1.dsc
 8ea62680286b44f7c1ffb8298ed99385 71159 admin optional 
needrestart_3.6.orig.tar.gz
 69de230e89a57d2048cc8349e453e666 9760 admin optional 
needrestart_3.6-1.debian.tar.xz
 cf6521591bab28049b66ceaf85b68f5d 6622 admin optional 
needrestart_3.6-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAmKDwgIACgkQEtmwSpDL
2OSyWA//WXj5zOoVWhjDn9Ij9INWTJvyw4tZyQou/8mJKh9bDRaUcrM6Z46JQUZz
BLyaYKA4YdjShp1gIcjK2l59HmkYk7exLvV+QnXy4g1HhxRGxFHzaq0TWTjnTXCf
Z6S9zKuWCuMUSWgGBt+rJ/D/ZzovZUM+DTTPyunTk/RTxJ3prHI+1wPyZn0BenpP
eHF6enok9aaqgHTzmJFC6RyX4suTK/F31Ym/i+dXQrXST6GsDaS1/LTytkTCbRyI
ub+FV+KPitc/WO94KRgQevAHy8YVY5M3goE9a3q9uZ73d7fdtuJwpTHCrVtTNMbc
i3zAwAfUCFnofasG1zeIz0sMBJ1fKOPnACXNMFZVXdEfj4fAZJbvLjcoGbDoCFDQ
D1N1kshXqtV6aOrfGBZjVKEt7Zgjt+hnfA8wBVea1tPyjS+lTY2/kTkx91bZqjy3
hdAeE5WJYWiktKbTOWqNrYTE/xqVrC3w9XSzIGKlRp+VMOUQBrnj8KDl0IjYHIFl
QbGNqhFjdhM4Z92d24RupBT9zlQl0pRW/m0D9AZ6vL5+nBBo9i9IWEd77beoWDkw
qZALUOZ5I/EUkDQQ7wYXlk2DRgagz/7lFWC17xcbo+PIMOXGB3poSkGjmPdYAfnF
R9VI45ByqmWSk72K0jfyHb4aItuTssMHg73rugO4OMPh8dqzMG8=
=mTwS
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to