| Summary: | sys-libs/glibc-2.26-r6 patchset-7 carries patches not upstreamed | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Ulenrich <ulenrich> |
| Component: | Current packages | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | leio |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://sourceware.org/ml/libc-alpha/2018-02/msg00060.html | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Ulenrich
2018-02-11 04:21:23 UTC
(In reply to Ulenrich from comment #0) > These two fixes used in Gentoo patchset-7 > are not gonna seemingly upstreamed > (I cannot see them in glibc-2.27 nor applied by Debian libc6-2.26) > - > 0057_all_lib-punycode.c-decode_digit-Fix-integer-overflow.patch > 0058_all_libidn-punycode.c-decode_digit-Really-fix-integer-ov.patch > 0077_all_libidn-Fix-out-of-bounds-stack-read.-Report-and-patc.patch > -- Upstream can't take them without difficulty because of a) license change of libidn and b) libidn not requiring fsf copyright assignment. That said they will be gone in 2.28, as the problem is fixed in a different way. (And yes there is an upstream bug filed. Just search this bugzilla here to find a link.) Very thanks for explanation. I stumbled about them because I investigated something else. I thought they might be hidden from you, but it is not. Thanx Here's the relevant discussion upstream. Effectively, the code will be removed from glibc, loading libidn2 dynamically instead. |
