Your message dated Wed, 22 Mar 2023 08:49:25 +0000
with message-id <e1peu9t-003ikh...@fasolo.debian.org>
and subject line Bug#1031741: fixed in goxel 0.11.0-1.1
has caused the Debian Bug report #1031741,
regarding goxel: usage of sanitizers might introduce vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1031741: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031741
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: goxel
Version: 0.10.6-1
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Package: goxel
Version: 0.10.6-3
Depends: libasan6 (>= 10), ...,libubsan1 (>= 8)
This is a bad idea not only due to slow execution and a factor 20
in binary size, but might even introduce vulnerabilities:
https://www.openwall.com/lists/oss-security/2016/02/17/9
This was likely unintentional due to debug=0 no longer working,
which resulted in a debug build without compiler optimization
and with sanitizers enabled after
https://github.com/guillaumechereau/goxel/commit/44745ead64b63083ccb48e8c7988d080674d795d
Replacing debug=0 with mode=release in debian/rules makes not
using the debug mode working again.
It needs an additional werror=0 due to gcc finding more issues
during compilation when optimization is enabled.
As a side effect, fixing this bug should make the package build
on all architectures again (several architectures no longer built
due to the sanitizers being unavailable or broken).
--- End Message ---
--- Begin Message ---
Source: goxel
Source-Version: 0.11.0-1.1
Done: Adrian Bunk <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
goxel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1031...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <b...@debian.org> (supplier of updated goxel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 20 Mar 2023 09:46:36 +0200
Source: goxel
Architecture: source
Version: 0.11.0-1.1
Distribution: unstable
Urgency: medium
Maintainer: Federico Ceratto <feder...@debian.org>
Changed-By: Adrian Bunk <b...@debian.org>
Closes: 1031741
Changes:
goxel (0.11.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Build without sanitizers. (Closes: #1031741)
* Build on all architectures again.
Checksums-Sha1:
b328934fdfd220bbd318c5b773e0567b817b68c5 1910 goxel_0.11.0-1.1.dsc
aa8e108e0bd9fd71e0fae6a268e837771aef7a14 5296 goxel_0.11.0-1.1.debian.tar.xz
Checksums-Sha256:
30f7ae7a65301bd6f3e517aad3657e1c9db5fdbf99e2947bb36998afe5bc82d5 1910
goxel_0.11.0-1.1.dsc
9b3c6a249ea7870cf3eee67231ddd8b7614bded4fda0170a5f26b102751ab1db 5296
goxel_0.11.0-1.1.debian.tar.xz
Files:
8c7d5c6b87f7de9c420f8d930c6c8d34 1910 graphics optional goxel_0.11.0-1.1.dsc
367e77b33cbc1ad131320b28d039525f 5296 graphics optional
goxel_0.11.0-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmQYEJIACgkQiNJCh6LY
mLFw0BAAq2KYklh2PyIHCygMTtCom4na5JkHYa0dTM8MjSXFOgWovL5xkZ8PptK1
93pKbgC13O+m/SSQ98V/cDGMrBXAV8LmYfeKplQ6bHe3ZC9mBguHx53rCCBBvagZ
gSwqzne8sRYTzuMI0jbzvsF9j7fJOY8t4HgOGGn3rBgjNOeb0ajtGRT8+UyzMChz
Lo3jLGJHxCRw3vwaOHN6BuVMro9I2pW/qINeIpo9PfCCnyWriwvgBJIulIB3gY4D
5ifX1an9vc5BK+iBMEpBsLGHledXA6Uqn6bwpxCj99RocgaEhvDND0hbhV3ENK1r
bBPfZeWVzsAyFoTDQGcYwOJPPcZvLchCswxwkRHe84zLy6+Z0N9iLKVTnbkqMOET
GQKuqKZcxjBBXmKcoZ5ty5RBMxo0DYjBNbZzW4P7E8Pi9EoYM7qG1wCwoyQl7vxj
2v4cx7QRCMKCqstUFQz0j25MVE1iCCJl5n3YxcFSyNKACPVq8MhDB5iAwt2I8MVt
qYdst7mZNDklNoRU5V7Mmp9gROa4oyyYEr5o3DNtFfw+tML8WMNOmPvXEZCzUy8M
DjeOkAGvjcjMtOAHiyl4mcBAYBQrwfeegeCIs72znE5h7aJ48w3X7mjXNPZfec9q
bm4Hi4oCixQn5sLoqfV7PJMZDNlzH9OpVleXQdgKK4C4yWnt+M8=
=BLgU
-----END PGP SIGNATURE-----
--- End Message ---
