This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: glibc-2.9 CVE-2015-7547 fix
- From: Darcy Watkins <dwatkins at sierrawireless dot com>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: "libc-help at sourceware dot org" <libc-help at sourceware dot org>
- Date: Fri, 11 Mar 2016 13:15:37 -0800
- Subject: Re: glibc-2.9 CVE-2015-7547 fix
- Authentication-results: sourceware.org; auth=none
- Authentication-results: spf=pass (sender IP is 208.81.121.44) smtp.mailfrom=sierrawireless.com; sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=bestguesspass action=none header.from=sierrawireless.com;
- References: <1457455604 dot 7751 dot 15 dot camel at sierrawireless dot com> <56E30B31 dot 8090603 at redhat dot com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:23
On Fri, 2016-03-11 at 10:15 -0800, Florian Weimer wrote:
> On 03/08/2016 05:46 PM, Darcy Watkins wrote:
>
> > Someone who understands what is going on in this part of the library
>
> > please comment to give me some insight, particularly if this change may
>
> > be a bad idea for other reasons.
>
>
> Are you actually dealing with an unpatched glibc 2.9?
I patched it with backports of a number of Red Hat patches from glibc
2.12 (that is used in el6 and centos6). I had to cherry pick from some
200+ patches (it wasn't easy).
> That seems to be fairly unlikely because the resolver in that release
> was fairly broken because it was the first one which had the parallel
> lookup feature.
Maybe I am missing some fixes that went in via 2.10 ... 2.12 rather than
via post-release patches. I'll have to take a look at the git logs to
find these.
> If it's in fact pristine 2.9, it is likely easier to go the other
> direction and patch out the parallel lookup feature.
It was pretty close to pristine 2.9. That version was released from CVS
rather than GIT. Do you know how good the CVS history conversion into
GIT was? If the GIT history conversion was good, I should be able to
find where and how this was added.
>
> Florian
Thanks!!!
--
Regards,
Darcy
---
Darcy Watkins
Staff Engineer, Firmware
Sierra Wireless
13811 Wireless Way, Richmond, BC
Canada, V6V 3A4
[P1]