Package: cracklib-runtime Version: 2.9.6-2 Severity: normal Dear Maintainer,
your package has an install dependency on the file package, and
checking the sources it seems file is called with one of the
-z/--uncompress-noreport or -Z/--uncompress options.
Now that the file program has seccomp support enabled, the code as
seen in
cracklib.conf:54
| if $(file -z -b ${file} | grep -q "text")
will break if the input file is compressed with something different
from gzip, bzip, lzma, or xz - file will just terminate then. Please
check whether this might happen in your package.
There are a few options to deal with this situation:
* Disable seccomp, by adding --no-sandbox to the file invocation. At the
cost of not benefitting from the seccomp protection. Plase versionize
the dependency on file to ">= 1:5.37-3~" to avoid other trouble.
* Use external compression, i.e. "$UNPACK $FILE | file -"
* Convince your fellow file packager and/or upstream to add support for
more compressions (lrzip, lh4, zstd).
Cheers,
Christoph
signature.asc
Description: PGP signature
