This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] DoS in RPC implementation (CVE-2011-4069)
On Wed, Nov 28, 2012 at 3:38 PM, Jeff Law <law@redhat.com> wrote:
> On 11/28/2012 12:14 PM, Carlos O'Donell wrote:
>>>
>>> Here's the updated version with the patch to sunrpc/Versions eliminated.
>>
>>
>> Please inline your patches (see the contribution checklist please) it
>> makes it much easier to carry out the reply/review cycle :-)
>
> I haven't found a way to make thunderbird do that yet :(
Go into Tools > Options > Advanced > General and click on Config Editor...
Edit mailnews.wraplength and set the value to zero.
This prevents patches from wrapping.
Then cut-and-paste your patches from your favourite editor into the composition.
>> ~~~
>>
>> Which is the reason for the update in the contribution checklist here:
>>
>> http://sourceware.org/glibc/wiki/Contribution%20checklist#Update_Copyright_Information
>>
>> Please add a new copyright notice to the files in addition to the oracle
>> one.
>
> Sorry, I must have mis-remembered the rules WRT files from external sources.
> I'll fix up the copyrights. If I read the rules correctly, I'll need to add
> a separate FSF copyright prior to the Oracle copyright notice. Correct?
Yes, that is correct. You didn't mis-remember, it's also what I
thought, but Pedro Alves recently asked for an FSF legal answer
regarding this behaviour and their response indicated that we were
wrong.
> Also, I don't see a line in the NEWS file for CVEs without associated BZs.
> I could create a BZ and add it to the NEWS file or I could just have a
> separate entry for this CVE. I don't have a strong opinion here.
I'd like both actually. The BZ is a place for people to put comments
and perhaps reopen the issue, while the CVE fix should have a distinct
NEWS entry.
Cheers,
Carlos.