Bug#1033065: release-notes: i386 notes should specify minimum CPU requirements
Package: release-notes
Followup-For: Bug #1033065
X-Debbugs-Cc: martin-eric.racine@iki.fi
I've used the following commands to confirm that the i386 sudo/1.9.9-1 package
contains the bugreport-relevant NOPL opcode:
# obtain an archived copy of the affected binary package
$ wget2 http://snapshot.debian.org/archive/debian/20220202T154459Z/pool/main/s/sudo/sudo_1.9.9-1_i386.deb
# unpack the contents of the package into a corresponding directory name
$ dpkg -x sudo_1.9.9-1_i386.deb sudo_1.9.9-1_i386
# iterate over each executable file extracted from the package
# - print each filename so that we can identify potentially-affected files
# - check for the 'NOPL' opcode in all i386 code sections of the file
$ while IFS= read -r -d '' file; do
> echo "$file"
> objdump --architecture=i386 --disassemble-all "$file" | grep -w "nopl"
> done < <(find . -type f -executable -print0)
It should be possible to generalise this further to scan a larger set of
packages.
The 'grep' for the word 'nopl' seems potentially fragile. If there's a
more-precise and/or less-false-positive-prone way to check whether each file
contains the 'nopl' opcode (and I'd expect that there is), then that'd be a
welcome improvement.
Reply to: