[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

On 15/02/2019 13:31, Chris Lamb wrote:
> Hi Mattias,
> 
>> I submitted this jessie update to the release team, but was informed to
>> contact you about it instead. What do I do?
> 
> Indeed, they have sent you to the right place. :) As-per:
> 
>   https://wiki.debian.org/LTS/Development
> 
> … we would fix CVE-2019-7659 via a jessie "LTS" security upload.
> 
> I assume you are not part of the LTS team so you cannot follow the
> procedure outlined above, but would you object if I took your patch
> and did the upload and announcement myself?

Before pushing this, I was wondering if the change is safe. It is changing the
signature of a public symbol. I don't think size_t and int are guaranteed to
have the same size, thus it would be changing the ABI and rdeps would need to be
rebuilt (in those cases where size_t and int have different sizes). And if we go
down that slope, then libgsoap needs to bump the SONAME...

Is that right? If so, would it be possible to just change the type to a ssize_t
instead?

Cheers,
Emilio
Reply to: