This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] DoS in RPC implementation (CVE-2011-4069)


On Wed, Nov 28, 2012 at 3:38 PM, Jeff Law <law@redhat.com> wrote:
> On 11/28/2012 12:14 PM, Carlos O'Donell wrote:
>>>
>>> Here's the updated version with the patch to sunrpc/Versions eliminated.
>>
>>
>> Please inline your patches (see the contribution checklist please) it
>> makes it much easier to carry out the reply/review cycle :-)
>
> I haven't found a way to make thunderbird do that yet :(

Go into Tools > Options > Advanced > General and click on Config Editor...
Edit mailnews.wraplength and set the value to zero.
This prevents patches from wrapping.
Then cut-and-paste your patches from your favourite editor into the composition.

>> ~~~
>>
>> Which is the reason for the update in the contribution checklist here:
>>
>> http://sourceware.org/glibc/wiki/Contribution%20checklist#Update_Copyright_Information
>>
>> Please add a new copyright notice to the files in addition to the oracle
>> one.
>
> Sorry, I must have mis-remembered the rules WRT files from external sources.
> I'll fix up the copyrights.  If I read the rules correctly, I'll need to add
> a separate FSF copyright prior to the Oracle copyright notice.  Correct?

Yes, that is correct. You didn't mis-remember, it's also what I
thought, but Pedro Alves recently asked for an FSF legal answer
regarding this behaviour and their response indicated that we were
wrong.

> Also, I don't see a line in the NEWS file for CVEs without associated BZs.
> I could create a BZ and add it to the NEWS file or I could just have a
> separate entry for this CVE.  I don't have a strong opinion here.

I'd like both actually. The BZ is a place for people to put comments
and perhaps reopen the issue, while the CVE fix should have a distinct
NEWS entry.

Cheers,
Carlos.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]