Bug#854923: busybox: "sed -i" bug corrected in version 1.23.0
Hi, Cyril Chaboisseau(2017-02-18): > Fine, but busybox will eventually be upgraded to a newer stable version > at some point, or it will suffer from old/buggy version with potential > security holes > if not, it means that on the long run it will be very difficult to > cherry-pick those security patches and the project wil not benefit from > new features and improvements I'm not disputing that, and that's why I mentioned in my first reply that I called for help so that others give a hand and get a new upstream packaged. > as for bug #854924, don't you think it would have never occured if a > newer version of busybox were installed? (after 1.23 at least) With a newer sed (that is: including the fix you linked to), sed -i would fail because of a missing file to work on, and would have broken the installation process instead of generating a file with strange permissions. That's why I mentioned we need to guard the sed call with a test on its existence. In other words, the fix pushed for #854924 was needed either way. KiBi. signature.asc Description: Digital signature
Bug#854923: busybox: "sed -i" bug corrected in version 1.23.0
Hi Cyril, Fine, but busybox will eventually be upgraded to a newer stable version at some point, or it will suffer from old/buggy version with potential security holes if not, it means that on the long run it will be very difficult to cherry-pick those security patches and the project wil not benefit from new features and improvements as for bug #854924, don't you think it would have never occured if a newer version of busybox were installed? (after 1.23 at least) Le 18 février vers 18:38, Cyril Brulebois écrivait: > > this bug https://bugs.busybox.net/show_bug.cgi?id=7484 is corrected in > > version 1.23.0 > > Thanks for the link. Given the patch, we need to be careful about the > sed -i call anyway (https://bugs.debian.org/854924), since we would be > setting exitcode to EXIT_FAILURE (and most code has set -e). > > > busybox should be upgrade to a newer stable version 1.23.2 (or newer : > > 1.26.2) -- Cyril Chaboisseau
Bug#854923: busybox: "sed -i" bug corrected in version 1.23.0
Hi Cyril, Cyril Chaboisseau(2017-02-16): > this bug https://bugs.busybox.net/show_bug.cgi?id=7484 is corrected in > version 1.23.0 Thanks for the link. Given the patch, we need to be careful about the sed -i call anyway (https://bugs.debian.org/854924), since we would be setting exitcode to EXIT_FAILURE (and most code has set -e). > busybox should be upgrade to a newer stable version 1.23.2 (or newer : > 1.26.2) Feel free to join and give a hand! See my call for help: https://bugs.debian.org/854181 KiBi. signature.asc Description: Digital signature
Bug#854923: busybox: "sed -i" bug corrected in version 1.23.0
Package: busybox Version: 1:1.22.0-19+b1 Followup-For: Bug #854923 this bug https://bugs.busybox.net/show_bug.cgi?id=7484 is corrected in version 1.23.0 busybox should be upgrade to a newer stable version 1.23.2 (or newer : 1.26.2) -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (101, 'stable'), (99, 'experimental'), (9, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages busybox depends on: ii libc6 2.24-9 busybox recommends no packages. busybox suggests no packages. -- no debconf information