From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: glibc update Date: Wed, 17 Feb 2016 13:27:22 -0500 Message-ID: <497868EA-C201-41A5-BA96-73A7CBD21454@famulari.name> References: <20160216202010.GA21380@jasmine> <20160217161419.GB1666@jasmine> <20160217162833.GA28579@novena-choice-citizen.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55121) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aW6p5-0006SM-LW for guix-devel@gnu.org; Wed, 17 Feb 2016 13:27:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aW6p0-0002Gy-Ma for guix-devel@gnu.org; Wed, 17 Feb 2016 13:27:35 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:50860) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aW6p0-0002GV-DC for guix-devel@gnu.org; Wed, 17 Feb 2016 13:27:30 -0500 In-Reply-To: <20160217162833.GA28579@novena-choice-citizen.lan> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Jookia <166291@gmail.com> Cc: guix-devel@gnu.org No, it doesn't graft. And it produces the same "version" of glibc, but with a patch applied for CVE-2015-7547. Well, you would make sure you cherry-pick the right hash. I can't confirm that from my phone. -------- Original Message -------- From: Jookia <166291@gmail.com> Sent: February 17, 2016 11:28:33 AM EST To: Leo Famulari Cc: guix-devel@gnu.org Subject: Re: glibc update On Wed, Feb 17, 2016 at 11:14:19AM -0500, Leo Famulari wrote: > I tried this. The resulting process downloaded the bootstrap binaries > and appeared to rebuild *everything*. I haven't had time to figure out > what actually got rebuilt and if anything is still using the vulnerable > glibc. This doesn't graft does it? It'd just bump glibc's version.