Bug#972748: shadowsocks-libev: bullseye: /updates -> -security

Thu, 22 Oct 2020 22:24:48 -0700 

Package: shadowsocks-libev
Version: 3.3.5+ds-1
Severity: normal
File: /usr/share/doc/shadowsocks-libev/scripts/chroot_build.sh
User: debian-de...@lists.debian.org
Usertags: bullseye-security

With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.

In the shadowsocks-libev package there appears to be a script that
generates a Debian chroot/container for building packages and that
script relies on appears to write an apt sources.list that will
not provide security updates for packages installed in the
chroot/container.

I suggest that this script check the version of the Debian release in
question using distro-info and then if the release is 11 or higher,
then use $release-security otherwise use $release/updates as before.

It is much better to use distro-info than to hard-code the release
version numbers. It might even be a good idea to include the security
suite information in distro-info itself and look it up there.

I filed this bug at severity normal since the script in question
doesn't appear to be used and is only in the documentation directory.

   $ grep -B4 -A1 /updates 
/usr/share/doc/shadowsocks-libev/scripts/chroot_build.sh
   case "$OSID" in
   debian)
        echo deb $REPO ${OSVER} main > ${CHROOT}/etc/apt/sources.list
        echo deb $REPO ${OSVER}-updates main >> ${CHROOT}/etc/apt/sources.list
        echo deb $REPO-security ${OSVER}/updates main >> 
${CHROOT}/etc/apt/sources.list
        ;;

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-1-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shadowsocks-libev depends on:
ii  init-system-helpers  1.58
pn  libbloom1            <none>
ii  libc-ares2           1.16.1-1
ii  libc6                2.31-4
ii  libcap2-bin          1:2.44-1
pn  libcork16            <none>
pn  libcorkipset1        <none>
ii  libev4               1:4.33-1
pn  libjsonparser1.1     <none>
ii  libmbedcrypto3       2.16.5-1
ii  libpcre3             2:8.39-13
ii  libsodium23          1.0.18-1
ii  lsb-base             11.1.0

shadowsocks-libev recommends no packages.

Versions of packages shadowsocks-libev suggests:
ii  haveged      1.9.8-4
pn  kcptun       <none>
pn  simple-obfs  <none>

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to