:: Re: [DNG] [SECURITY] [DSA 5649-1] x…
Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMAmin Bandali at <-
Maitor at ->
Delete this message
Reply to this message
Author: Lorenz
Date:  
To: Jeremy Phelps
CC: dng
Subject: Re: [DNG] [SECURITY] [DSA 5649-1] xz-utils security update
Hi,

Il giorno gio 4 apr 2024 alle ore 14:00 Jeremy Phelps via Dng
<dng@???> ha scritto:
>
> >> "Openssh does not directly use xz-utils/liblzma. However debian and
> >> several other distributions patch openssh to support systemd
> >> notification, and libsystemd does depend o xz-utils/liblzma"
> >
> > So I take it that Devuan is also affected.
> >
>
> I checked with ldd and confirmed that Devuan's sshd is linked with libsystemd.
>
As far as I understand, systems without systemd as PID 1 are not
affected; the linkage
to libsystemd triggers the use of xz-utils only when systemd is active
init (not 100% sure
I got this right though)

> > Would it be an idea to remove the Debian patch to support systemd
> > notification? On the other hand that means another forked package.

Good news: It will likely happen in the Debian package, no need to fork.. see
https://lists.debian.org/debian-devel/2024/04/msg00044.html

Cheers,
Lorenzo

> >
>
> It's easier than that. You just need to add --without-systemd to the flags passed to the configure script
> when building it.
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] eventually: the sbin mergeRe: [DNG] eventually: the sbin merge->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)