Please see https://irclogs.ubuntu.com/2017/02/22/%23ubuntu-
release.html#t14:35 for some further discussion on this with another
~ubuntu-sru member.
Following that discussion:
1) The problem appears to be theoretical at this point, since libscrypt
has never been updated in an existing stable rele
> If there's any update to the library, other packages don't pick it up.
Right, but as you point out, this upload won't fix this.
> In the end it's mostly to help people building their own packages on
Ubuntu against libscrypt to do it correct and in the manner you'd expect
an Ubuntu system to beh
The implication is that packages built against scrypt on trusty link
against it statically. It's a grave Debian policy violation for one,
it's a terrible thing for a security-related library for another. If
there's any update to the library, other packages don't pick it up. It's
also clear that it
This would changing anything that builds now to building against the
shared library instead of the static library, right? What are the
implications of this? This should really be discussed in Regression
Potential.
Second, what's the real world impact of this? Why is there a need to SRU
this? What
** Changed in: libscrypt (Ubuntu Trusty)
Status: Confirmed => In Progress
** Description changed:
- libscrypt.so is a broken symlink:
+ [ Impact ]
- $ file /usr/lib/libscrypt.so
- /usr/lib/libscrypt.so: broken symbolic link to
`debian/tmp/usr/lib/libscrypt.so.0'
+ libscrypt-dev ships a
Debdiff to fix this in trusty attached.
** Patch added: "libscrypt_1-2ubuntu2_1-2ubuntu2.14.04.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libscrypt/+bug/1313311/+attachment/4811710/+files/libscrypt_1-2ubuntu2_1-2ubuntu2.14.04.1.debdiff
** Changed in: libscrypt (Ubuntu Trusty)
As it turns out the side-effect of this is that binaries linking against
scrypt are picking it up statically because there's a libscrypt.a that
works.
** Also affects: libscrypt (Ubuntu Trusty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a me
This is still broken in Ubuntu 14.04 (1-2ubuntu2). Was that an
oversight?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313311
Title:
Broken libscrypt.so symlink
To manage notifications about this
This bug was fixed in the package libscrypt - 1.20-1
---
libscrypt (1.20-1) experimental; urgency=low
* ACK NMUs, thanks for the fixes.
* New upstream release (Closes: #746041).
- Drop patches from NMUs due to inclusion of equivalent changes upstream.
* Add myself as co-main
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libscrypt (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313311
Title:
** Changed in: libscrypt (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313311
Title:
Broken libscrypt.so symlink
To manage notifications about this
11 matches
Mail list logo