[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

advice sought for hamlib new upstream vs "embedded ltdl"

tags 559814 + help

I'm looking for advice / testers for #559814 (one of the dreaded
"vulnerable embedded copy of ltdl").

The bug is against hamlib, which is orphaned but has at least one binary
package with high popcon (about 300).

The bug seems to be fixed with new upstream release 1.2.10 which has
recent version of ltdl. Also, with such a recent version come flexible
autoconf macros that make it easy to link against the system ltdl
library, hereby avoiding similar problems in the future.  On the
contrary, the Debian version (1.2.9) has 5-year old autoconf macros
which hinder linking against the system library [1].

I'd like to upload new upstream to fix the security / RC bug, but I
don't intend to take over maintenance of the package, nor I _use_
it. Can please some user of the library get in touch with me with a test
case or something so that we avoid screwing up a lib? dd-list of
maintainers of reverse deps is reported at the bottom of this mail [2].

I'll then take care of doing a QA upload of the new usptream, together
with some misc QA fixes.

Of course it would be even better if someone steps up as a volunteer
maintainer for hamlib (hint, hint).


[1] I've *almost* managed to do that, but the resulting .diff.gz is as
    big as the .orig due to re-autotoolization, ... quite pointless if
    you ask me.

[2] Debian Hamradio Maintainers <debian-hams@lists.debian.org>

    Hamish Moffatt <hamish@debian.org>
       fldigi (U)

    Patrick Ouellette <pouelle@debian.org>
       fldigi (U)

    Jaime Robles <jaime@debian.org>
       fldigi (U)

Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..|  .  |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aime

Attachment: signature.asc
Description: Digital signature

Reply to: