Re: bug#41796: Grafts don't handle outputs other than out
(name . Jakub Kądziołka)(address . firstname.lastname@example.org)(address . email@example.com)
Hi! I’m trying to estimate the impact of this bug. As ofa50628bbe0fa4ba3835e311098e4fdf7a1d8a29e, there seems to be only onepackage whose replacement could end up not being grafted (here I’momitting outputs that, if left ungrafted, won’t affect security):
This is because of the “bin” output of ‘nss’. From a quick grep, there 3 packages depending on nss:bin: 389-ds-base,libcacard, and xmlsec-nss. 389-ds-base is affected: it keeps a reference to the ungrafted “bin”:
(name . Jakub Kądziołka)(address . firstname.lastname@example.org)(address . email@example.com)
Hi Jakub, Thanks a lot for the reduced test case, much appreciated! This is fixed with 03a70e4c190420e87c0b535285caf8f77260d4ff, whichincludes a test inspired by yours. ecf92194a55188a9c217d76617378749db063453 adds an nghttp2 replacement, asyou suggested on IRC, which is what prompted you to report this bug.Apparently it works as expected. Same for 389-ds-base. Thanks,Ludo’.