[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Core updates status
From: |
Efraim Flashner |
Subject: |
Re: Core updates status |
Date: |
Mon, 13 May 2024 11:49:28 +0300 |
On Wed, May 08, 2024 at 11:03:02AM +0200, Josselin Poiret wrote:
>
> The one thing that we need to do right now is update glibc 2.39 with all
> the fixes from the upstream release/2.39/master branch. I don't think
> we've done this before significantly, but since we have an occasion this
> time we might as well. We can't really use git-fetch for glibc, so imo
> the only feasible option is like what Debian does [1], which is keeping
> a diff of the 2.39 tag and the release branch and applying it as a
> patch. We'll then probably need to add autotools to glibc builds, but
> this is doable even in commencement because we have them already
> available at that point.
>
> The own downside of this is that the patch name will not include the
> fixed CVEs, so guix lint won't be aware that the CVEs have been patched.
>
> [1]
> https://salsa.debian.org/glibc-team/glibc/-/blob/sid/debian/patches/git-updates.diff
>
> WDYT?
>
> Best,
> --
> Josselin Poiret
I think that's a good idea, and probably something we should do for the
other copies of glibc we have. We can also use the package-property
lint-hidden-cves to list the CVEs which are covered by the diff, and
that'll hide the CVEs from 'guix lint'.
--
Efraim Flashner <efraim@flashner.co.il> רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
- Re: Core updates status, Josselin Poiret, 2024/05/05
- Re: Core updates status, Andreas Enge, 2024/05/08
- Re: Core updates status, Felix Lechner, 2024/05/08
- Re: Core updates status, Maxim Cournoyer, 2024/05/09
- Re: Core updates status, Andreas Enge, 2024/05/10
- Re: Core updates status, Efraim Flashner, 2024/05/13