This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Fix nan functions handling of payload strings (bug 16961, bug 16962)
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Carlos O'Donell <carlos at redhat dot com>
- Cc: Florian Weimer <fweimer at redhat dot com>, <libc-alpha at sourceware dot org>
- Date: Fri, 4 Dec 2015 20:44:55 +0000
- Subject: Re: Fix nan functions handling of payload strings (bug 16961, bug 16962)
- Authentication-results: sourceware.org; auth=none
- References: <alpine dot DEB dot 2 dot 10 dot 1511270023120 dot 32583 at digraph dot polyomino dot org dot uk> <565C2142 dot 9080008 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1512020049400 dot 12604 at digraph dot polyomino dot org dot uk> <5661EB3B dot 2060507 at redhat dot com>
On Fri, 4 Dec 2015, Carlos O'Donell wrote:
> The NEWS entry looks good to me.
>
> However, I agree with Florian that we need to call out the security related
> changes in a distinct section e.g. "Security related changes:", though I'm
> open to suggestions for how to name it or if it comes first or last in the
> list of changes.
I've committed the patch with the entry in such a section.
> Additionally I think it would be nice to put security+ bugs in their own
> bug list, which involves enhancing or running a different script with query
> to get the list of those bugs.
If we want to add such an option to list-fixed-bugs.py, we should first
review <https://sourceware.org/ml/libc-alpha/2015-11/msg00191.html> which
makes it use argparse. Then, you can add
&f1=flagtypes.name&o1=substring&v1=security%2B to the URL to get security+
bugs (currently three such bugs are listed, 16962, 18240, and 18928, so a
NEWS entry needs adding for 18240 and that for 18928 (LD_POINTER_GUARD)
needs moving into the new section and updating to list the reporter.
However, if we're giving each such bug its own NEWS item I don't see the
use in also having the abbreviated list of such bugs (making the script
generate it may be helpful, however, in that the release instructions can
say "make sure each bug listed by list-fixed-bugs.py -s <version> has its
own NEWS item in that section, naming the reporter and giving the CVE
identifier"). We can put bug numbers and CVE identifiers in the bugs' own
NEWS items if we wish.
--
Joseph S. Myers
joseph@codesourcery.com