Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 647272

Summary: sys-libs/glibc-2.26-r6 patchset-7 carries patches not upstreamed
Product: Gentoo Linux Reporter: Ulenrich <ulenrich>
Component: Current packagesAssignee: Gentoo Toolchain Maintainers <toolchain>
Status: RESOLVED INVALID    
Severity: normal CC: leio
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://sourceware.org/ml/libc-alpha/2018-02/msg00060.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Ulenrich 2018-02-11 04:21:23 UTC
These two fixes used in Gentoo patchset-7
are not gonna seemingly upstreamed 
(I cannot see them in glibc-2.27 nor applied by Debian libc6-2.26) 
-
0057_all_lib-punycode.c-decode_digit-Fix-integer-overflow.patch
0058_all_libidn-punycode.c-decode_digit-Really-fix-integer-ov.patch
0077_all_libidn-Fix-out-of-bounds-stack-read.-Report-and-patc.patch
--
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2018-02-11 08:59:50 UTC
(In reply to Ulenrich from comment #0)
> These two fixes used in Gentoo patchset-7
> are not gonna seemingly upstreamed 
> (I cannot see them in glibc-2.27 nor applied by Debian libc6-2.26) 
> -
> 0057_all_lib-punycode.c-decode_digit-Fix-integer-overflow.patch
> 0058_all_libidn-punycode.c-decode_digit-Really-fix-integer-ov.patch
> 0077_all_libidn-Fix-out-of-bounds-stack-read.-Report-and-patc.patch
> --

Upstream can't take them without difficulty because of a) license change of libidn and b) libidn not requiring fsf copyright assignment. 

That said they will be gone in 2.28, as the problem is fixed in a different way.

(And yes there is an upstream bug filed. Just search this bugzilla here to find a link.)
Comment 2 Ulenrich 2018-02-11 13:10:10 UTC
Very thanks for explanation. I stumbled about them because I investigated something else. I thought they might be hidden from you, but it is not. Thanx
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2018-02-11 14:37:31 UTC
Here's the relevant discussion upstream. 

Effectively, the code will be removed from glibc, loading libidn2 dynamically instead.