From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 29 Jun 2017 11:49:41 -0400
Message-ID: <87h8yyn696.fsf@netris.org>
References: <20170619222550.GA29289@jasmine.lan>
	<20170620004920.GB31586@jasmine.lan>
	<20170620071857.GA2768@macbook42.flashner.co.il>
	<87shiumj05.fsf@netris.org>
	<20170621084134.GA2870@macbook42.flashner.co.il>
	<20170621095045.GB2870@macbook42.flashner.co.il>
	<20170621235227.GA4510@jasmine.lan>
	<20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org>
	<87mv8rqcuu.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48066)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dQbim-0003HX-3C
	for bug-guix@gnu.org; Thu, 29 Jun 2017 11:51:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dQbig-0003wN-DW
	for bug-guix@gnu.org; Thu, 29 Jun 2017 11:51:08 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:42133)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dQbig-0003wH-93
	for bug-guix@gnu.org; Thu, 29 Jun 2017 11:51:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.27429.B27429.149875140230998@debbugs.gnu.org>
In-Reply-To: <87mv8rqcuu.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Thu, 29 Jun 2017 12:58:49 +0200")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 27429@debbugs.gnu.org

ludo@gnu.org (Ludovic Court=C3=A8s) writes:

> As discussed yesterday on IRC, here=E2=80=99s a patch that applies the gl=
ibc
> patches for CVE-2017-1000366 in =E2=80=98core-updates=E2=80=99.
>
> That=E2=80=99s a rebuild-the-world change but we still have work to do in
> =E2=80=98core-updates=E2=80=99 anyway, notably regarding the Perl dot-in-=
@INC issue.
>
> OK for you?

Sounds good to me, but I've already merged 'master' into 'core-updates'
with this as a graft, so what's remains is to ungraft it there.

Also note that when I merged it, I forgot to add
"glibc-memchr-overflow-i686.patch" to the older variants of 'glibc'.
Unfortunately, this was a case where git merge automatically did the
wrong thing, without any conflict.  I was going to fix this soon by
eliminating the redundant lists of patches, but now I won't have to.

     Thanks,
       Mark