Package: cracklib-runtime Version: 2.9.6-2 Severity: normal Dear Maintainer,
your package has an install dependency on the file package, and checking the sources it seems file is called with one of the -z/--uncompress-noreport or -Z/--uncompress options. Now that the file program has seccomp support enabled, the code as seen in cracklib.conf:54 | if $(file -z -b ${file} | grep -q "text") will break if the input file is compressed with something different from gzip, bzip, lzma, or xz - file will just terminate then. Please check whether this might happen in your package. There are a few options to deal with this situation: * Disable seccomp, by adding --no-sandbox to the file invocation. At the cost of not benefitting from the seccomp protection. Plase versionize the dependency on file to ">= 1:5.37-3~" to avoid other trouble. * Use external compression, i.e. "$UNPACK $FILE | file -" * Convince your fellow file packager and/or upstream to add support for more compressions (lrzip, lh4, zstd). Cheers, Christoph
signature.asc
Description: PGP signature