From: "Denys Dmytriyenko" <denis@denix.org>
To: Anatol Belski <anbelski@linux.microsoft.com>
Cc: "Jamaluddin,
Khairul Rohaizzat" <khairul.rohaizzat.jamaluddin@intel.com>,
Khem Raj <raj.khem@gmail.com>,
Patches and discussions about the oe-core layer
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH] glibc: Fix CVE-2021-27645
Date: Tue, 16 Mar 2021 13:44:33 -0400 [thread overview]
Message-ID: <20210316174433.GF18041@denix.org> (raw)
In-Reply-To: <dd23f3e8-0db6-3f8b-466a-e9c9207c6604@linux.microsoft.com>
On Tue, Mar 16, 2021 at 01:56:43PM +0100, Anatol Belski wrote:
> Hi,
>
> On 3/15/2021 10:36 PM, Denys Dmytriyenko wrote:
> >https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS#Stable.2FLTS_Patch_Acceptance_Policies
> >
> >Stable/LTS Patch Acceptance Policies
> >
> >Potentially Acceptable:
> >* Bug fix only version upgrades for upstreams with a good stable process
> >
> >Unacceptable:
> >* General version upgrades
> >
> >
> >So, unless there's a bugfix-only minor release of glibc, e.g. 2.31.1,
> >upgrading to 2.32 or 2.33 in stable branches is highly unlikely, as both
> >2.32 and 2.33 have long lists of major changes:
> >
> >https://sourceware.org/pipermail/libc-announce/2020/000029.html
> >https://sourceware.org/pipermail/libc-announce/2021/000030.html
>
> thanks for linking the LTS doc.
>
> My suggestion was to pull the latest upstream from 2.31 actually,
> not upgrading the glibc version. As per
>
> http://git.yoctoproject.org/clean/cgit.cgi/poky/tree/meta/recipes-core/glibc/glibc-version.inc?h=dunfell
>
> we consume from the branch release/2.31/master. It already contains
> the backported patch fixing this CVE.
>
> There doesn't seem to be a release process in terms of versions, but
> it regularly receives backports. In fact,
>
> there are already some bug and CVE fixes between the current SRCREV
> used and HEAD.
Thanks for clarifying. In this case HEAD of release/2.31/master might make
sense.
--
Regards,
Denys Dmytriyenko <denis@denix.org>
PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964
Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964
next prev parent reply other threads:[~2021-03-16 17:44 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-11 15:21 [PATCH] glibc: Fix CVE-2021-27645 Jamaluddin, Khairul Rohaizzat
2021-03-11 23:55 ` [OE-core] " Khem Raj
2021-03-12 19:34 ` Jamaluddin, Khairul Rohaizzat
2021-03-12 23:15 ` Jamaluddin, Khairul Rohaizzat
2021-03-13 23:20 ` Anatol Belski
2021-03-15 21:36 ` Denys Dmytriyenko
2021-03-16 12:56 ` Anatol Belski
2021-03-16 15:45 ` Steve Sakoman
2021-03-16 20:23 ` Anatol Belski
2021-03-18 18:31 ` Jamaluddin, Khairul Rohaizzat
2021-03-18 19:15 ` Khem Raj
2021-03-18 19:29 ` Steve Sakoman
2021-03-18 19:31 ` Khem Raj
2021-03-16 17:44 ` Denys Dmytriyenko [this message]
2021-03-16 17:46 ` Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210316174433.GF18041@denix.org \
--to=denis@denix.org \
--cc=anbelski@linux.microsoft.com \
--cc=khairul.rohaizzat.jamaluddin@intel.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=raj.khem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox