Hi! El 29/03/14 05:13, Samuli Suominen escribió: > I took the liberty to unbreak the tree for you. Don't ever touch my > packages again unless > they are broken. Udev is broken: * They have known off by one string handling errors on their libraries, the developers were warned of that but have chosen to ignore the issue. The issue is still on http://cgit.freedesktop.org/systemd/systemd/tree/src/shared/strxcpyx.c on the function size_t strpcpyf(char **dest, size_t size, const char *src, ...) which can overflow the string boundaries in some case. This issue keeps coming up from time to time thanks to their "nice" efforts for cahnging the whole thing instead of fixing bugs. Also after a year nothing has been done. * They keep losing cohesion (http://en.wikipedia.org/wiki/Cohesion_%28computer_science%29) by inserting more and more unrelated software into Udev/systemd. This helps things like the above happen again. * They have the bad habit of recoding functions that are already provided by their only supported c library. This helps things like the above happen.ç * They keep reengineering everything reintroducing bugs that were fixed on previous iterations.
Thus given the potential security issues udev (and systemd) have, the poor design decissions, and the lack of interest in their maintainers of fixing these, I'd strongly recommend masking it as was done with packets like wordpress or at least putting a big warning to the users.
signature.asc
Description: OpenPGP digital signature
