[Pkg-utopia-maintainers] Bug#464712: Bug#464712: avahi-daemon needs "Depends libcap2 (>= 2.10)" too

Michael Biebl biebl at debian.org
Thu Jul 10 22:55:40 UTC 2008


reassign 464712 libcap2
retitle 464712 bump shlibs to >= 2.10
thanks

Sven Joachim wrote:
> On 2008-07-09 08:41 +0200, Ted Percival wrote:
> 
>> reopen 464712
>> found avahi-daemon/0.6.23-2
>> thanks
>>
>> The libcap2 dependency is more nuanced than I realised. In order to
>> avoid a similar warning (warning: `avahi-daemon' uses deprecated v2
>> capabilities in a way that may be insecure.") the libcap2 package must
>> be >= 2.10 as well (not just libcap2-dev).
>>
>> I guess this versioned "Depends" should be added explicitly.

I don't think this would be a good idea. There will already be a 
autogenerated dependency on libcap2 from dh_shlibsdeps.

>>
>> For details see
>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/capability.c;h=901e0fdc3fffa3b32fca26e0aa4e1985b244bd10;hb=HEAD#l55
>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ca05a99a54db1db5bca72eccb5866d2a86f8517f
>> https://bugzilla.redhat.com/show_bug.cgi?id=447518
> 
> Would it not be better to fix this in libcap2's shlibs file?  I.e. use
> 
> libcap 2 libcap2 (>= 2.10-1)
> 
> there and let avahi-daemon and other packages build-depend on
> libcap2-dev (>= 2.10-3), assuming that 2.10-3 is the version containing
> that shlibs file.

I'm reassigning this bug to libcap2 and let its maintainer decide.
If he deems the security issue important enough, the shlibs file should 
be bumped and he should request binNMUs for all reverse-dependencies.

Cheers,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20080711/cb0b77fe/attachment.pgp 


More information about the Pkg-utopia-maintainers mailing list