From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 29 Jun 2017 22:06:08 +0200
Message-ID: <87wp7ulftb.fsf@gnu.org>
References: <20170619222550.GA29289@jasmine.lan>
	<20170620004920.GB31586@jasmine.lan>
	<20170620071857.GA2768@macbook42.flashner.co.il>
	<87shiumj05.fsf@netris.org>
	<20170621084134.GA2870@macbook42.flashner.co.il>
	<20170621095045.GB2870@macbook42.flashner.co.il>
	<20170621235227.GA4510@jasmine.lan>
	<20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org>
	<87mv8rqcuu.fsf@gnu.org> <87h8yyn696.fsf@netris.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37344)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dQfiT-0006m3-AU
	for bug-guix@gnu.org; Thu, 29 Jun 2017 16:07:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dQfiQ-0000GM-LJ
	for bug-guix@gnu.org; Thu, 29 Jun 2017 16:07:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:42374)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dQfiQ-0000GI-He
	for bug-guix@gnu.org; Thu, 29 Jun 2017 16:07:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.27429.B27429.149876678528418@debbugs.gnu.org>
In-Reply-To: <87h8yyn696.fsf@netris.org> (Mark H. Weaver's message of "Thu, 29
	Jun 2017 11:49:41 -0400")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Cc: 27429@debbugs.gnu.org

Mark H Weaver <mhw@netris.org> skribis:

> ludo@gnu.org (Ludovic Court=C3=A8s) writes:
>
>> As discussed yesterday on IRC, here=E2=80=99s a patch that applies the g=
libc
>> patches for CVE-2017-1000366 in =E2=80=98core-updates=E2=80=99.
>>
>> That=E2=80=99s a rebuild-the-world change but we still have work to do in
>> =E2=80=98core-updates=E2=80=99 anyway, notably regarding the Perl dot-in=
-@INC issue.
>>
>> OK for you?
>
> Sounds good to me, but I've already merged 'master' into 'core-updates'
> with this as a graft, so what's remains is to ungraft it there.

Indeed.  I rebased and adjusted the patch and pushed as
503a4df904b8d4b82caebdb17db9c5f76a952418.

Leo, let me know when you feel that we should start a new evaluation.

Thank you,
Ludo=E2=80=99.